OnPrem Deployment (Docker)
Internal.io can be deployed as a Docker container running on your own cloud instance.
Quickstart
Directories
To ensure that your data is persisted between deployments, Internal makes use of Docker volumes. Internal uses one storage volume mounted to the data filesystem path (/srv/internalio/data).
Environment
The on premise deployment of Internal requires several environment variables to be configured prior to running. These can be saved to an env file to be used by Docker directly or passed through as individual environment variables. In the examples below, we'll assume the use of an env file.
Be sure to securely store and backup the INTERNALIO_SECRET_KEY and INTERNALIO_CONNECTOR_SECRET_KEY environment variables. Losing either one of these keys will result in inaccessible audit log data or data sources.
Deployment (with bundled PostgreSQL databases)
The on premise version of Internal can be deployed using Docker:
Deployment (with external PostgreSQL databases)
Ensure that the INTERNALIO_API_DATABASE_URI ****and ****INTERNALIO_CONNECTOR_DATABASE_URI environment variables are set with valid PostgreSQL connection URIs. Once these values are set, you may omit the data volume from the above example to run Internal:
Double check that you are running the latest version of the OnPrem deployment. As seen in the command above, internalio/onprem:2.52.0 is the latest version as of 02/06/2023.
After a few moments, the container should be running with the host port 7080 mapped to the container. You can verify this by running:
You may now navigate to the hostname or IP address on port 7080 (e.g. http://127.0.0.1:7080). Create an account, then you'll be guided through connecting your first datasources.
Horizontal Scaling
When configuring your production deployment for Internal OnPrem, it is a good idea to run multiple containers for availability reasons. OnPrem containers are stateless and can be scaled to run as many instances as needed. In this setup, you will need to configure each container to run against an external PostgreSQL database. Follow the directions in the section directly above this one (Deployment (with external PostgreSQL database)) and be sure to point each of the subsequent containers at the same external DB instance.
Deployment (on Heroku)
For Heroku deployment and container upgrade instructions, see the README.md in our heroku-example repository.
HTTPS Configuration with Custom Certificates
SSL configuration with custom certificates can be accomplished using docker compose to run a reverse proxy container that communicates with the on internalio/onprem container. Here is an example configuration that uses nginx as the reverse proxy (other proxy services such as HAProxy will also work).
First create your docker-compose.yml file:
Copy your certificate and key into in the ./certs directory:
Create an nginx config in your ./nginx directory (let's call it nginx.conf ).
Run docker compose:
You should now be able to access your on premise instance at https://example.com (replace example.com with your domain) in your browser.
Upgrading Internal
To update Internal, simply pull the latest docker image and re-deploy using the existing environment file and config/data volumes.
Using Localhost Proxies to an External Address within a Container
Run the container with the following flag to allow Localhost proxies to communicate with external addresses from inside of a container which is running Internal.
Exporting OnPrem Internal Postgres DB
One can export the Postgres DB that Internal uses for its application for sharing, deployment, or backups by issuing the following commands from CLI via a logged-in user on the server on which OnPrem Internal is running:
Windows Server 2019 Docker for Linux containers installation
Special consideration must be paid to installing our on-prem solution to Windows Machines, in particular Windows Server. Below, you'll find the needed steps to get your solution installed and running.
NOTE: If you are using Azure virtual machines, you will need to select a virtual machine that supports running nested virtualization (Dv3 and Ev3 sizes). Additionally, the server must be able to run Hyper-V.
- Install Docker
- There are many guides for installing docker online, but this is the one that actually works.
NOTE: Make sure you do linuxkit/lcow part or else you will get an error indicating that
"C:\Program Files\Linux Containers\kernel.exe" is missing.
- Install the internalio docker image:
- If you get "Permission Denied" errors while initializing postgres, change the docker data-root directory by adding a key and value for dataroot in "c:\ProgramData\docker\config\daemon.json":
- Restart the docker service.
- Rerun the internalio docker container.
Authorization via OAuth
Internal offers custom OAuth via Okta, Google, and Auth0, and is compatible with any other identity provider which uses OAuth and OAuth2. The following are those authorization tools for which we have documentation: