Admin

Setup Portal

Portals are provided as Docker images, so they can be easily deployed in any environment that supports containers and can be configured with a few environment variables.

You may want to follow the Getting Started guide first, to test the functionality locally and get familiar with the required external services.

Requirements

A Portal requires the following to work:

• a valid Portal License Key

• a PostgreSQL database

• a Redis server

• storage for attachments (Amazon S3, Google Storage or local storage)

• a mailer configuration (any SMTP service or a Mailgun API credentials)

• a valid configuration with enviroment variables (described below)

License Key

Your Portal license key should be set in the ANYROBOT_PORTAL_LICENSE_KEY environment variable.

Any valid Portal License Key can be used, as long as it has available activations. If none are available, the Portal will periodically wait until an activation is available.

Database

It's sufficient to create an empty initial database and the Portal will migrate and add an initial admin user to the database on startup.

Make sure you set a password (ADMIN_PASSWORD), email (ADMIN_FULL_EMAIL) and organization (ADMIN_ORGANIZATION) for your new admin user before you start the Portal for the first time.

Attachment storage

You'll need a persistent storage for job attachments, such as Amazon S3 or Google Storage or even on a volume mounted in the configured location within container.

Deployment

The docker image for the Portal (and the Portal Scheduler) is available here:

docker pull ghcr.io/anyrobotcom/anyrobot-portal:latest

All the required and supported environment variables are described below. Once your configuration is complete, you can launch the Portal for the first time and visit its healthcheck page (at /okcomputer/all) .

Portal configuration options

Here you will find all the configuration fields that you can use when configuring the portal for the first time.

Initial user credentials and info - REQUIRED

• ADMIN_FULL_EMAIL - full name + email, e.g. James Bond <007@mi6.example.org> - If only email is provided, name and surname will be extracted from an email address, e.g. "james.bond@example.org" => "James Bond").

• ADMIN_ORGANIZATION - full organization name (created along with the first user).

• ADMIN_PASSWORD - password to set for the first admin user.

• APP_URL - e.g. https://myrobot.mycloud.example.org:8888 - Normally set to a variable provided by the hosting company, e.g. ${APP_URL} on DigitalOcean. If not, it should point to your reverse proxy, e.g. nginx / traefix / kubernetes cluster / etc.

• DATABASE_URL - e.g. postgres://user1:password123@mydbserver/mydatabasename, A standard database URL pointing to a postgres database. Generally provided as an automatic variable by your hosting company.

• REDIS_URL - e.g. redis://myredishost.mycloud.example.org:6379/1 - generally provided as an automatic variable by your hosting company.

Fields with defaults that you'll likely need to change

• MAILERS_DEFAULT_FROM ='anyportal@example.com' - any "from" value you want in emails sent from the app.

• MAILER_URL - address scheme is basically the same in each case although it will look a little different in different cases, below are examples for mailgun, sendgrid, and gmail:

  • Mailgun:

    • For Mailgun's EU customers, it is required to additionally provide endpoint.

    • EU - mailgun://apikey:some_mailgun_api_key_123@api.eu.mailgun.net/your.domain.example.org

    • other countries (NOTE: include the trailing '@' after your token) - mailgun://apikey:some_mailgun_api_key_123@/your.domain.example.org

  • Sendgrid - plain://apikey:some_api_key_123@smtp.sendgrid.net:587/my.subdomain.example.org

  • Gmail:

    • personal account - plain://user1@gmail.com:mypassword123@smtp.gmail.com:587/smtp.gmail.com

    • business account - plain://user1:secret123@smtp.gmail.com:587/example.com

  • other:

    • The template looks like this - <AUTHENTICATION>://<USER_NAME>:<PASSWORD>@<ADDRESS>:<PORT>/<DOMAIN>?<OTHER_OPTIONS>

Fields that may be required depending on storage type

Storage type. Can be: local, amazon or google.

• STORAGE = local- This storage is used for job attachments. Depending on what you choose as storage you must fill in the additional fields listed below:

  • Required when storage is amazon:

    • AWS_S3_BUCKET_NAME - the bucket name of your S3 resource.

    • AWS_S3_ENDPOINT - the AWS endpoint of your S3 resource (where your bucket is).

    • AWS_S3_REGION - the region where your AWS S3 resources are (generally based on your full S3 resource URL).

    • AWS_ACCESS_KEY_ID - typical access key part of your AWS IAM credentials.

    • AWS_SECRET_ACCESS_KEY - a typical secret key part of your AWS IAM credentials.

  • Required when storage is google:

    • GCP_BUCKET - bucket name.

    • GCP_PROJECT - google project id.

  • Required when storage is local: To avoid storing attachments inside the container (and losing them after an upgrade) make sure you mount a persistent docker volume on /app/storage and have a backup strategy for it.

    If your hosting provider does not allow volumes (like Digital Ocean) use a recommended storage by the provider (DigitalOcean spaces - configured like AWS) or use AWS or GCP.

    • FILE_LOCATION = '/app/storage'

Fields you may want to change under special circumstances

• DEVISE_REGISTERABLE = false- allows the general public to sign up on your website (generally a bad idea).

• REDIRECT_HTTP_STATUS =307 - If you have very old browsers that don't understand 307 and 308 HTTP status codes, you might want to change this.

Fields you generally don't need to change

• RAILS_LOG_TO_STDOUT =true - Do not change this unless you know what you're doing. (I.e. you understand volume persistence, and log forwarding and you have a disk space recovery strategy).