Self-hosting
The sdk connects to an api. The api will store the encrypted user and group keys and will also manage the key rotation and group member.
Docker
You can choose docker to run the api. To get started, download the sentc/hosting repo. It contains basic docker-compose to get the server running.
git clone https://github.com/sentclose/hosting
cd hosting
Next copy and rename .env.sample to .env and sentc.env.sample to sentc.env
The .env file contains config about the used container. You can change the version of each container.
Optional but recommended: Change the mysql env too.
Next you have to create a root key with the sentc key gen tool and paste it into ROOT_KEY in the sentc.env file.
Root key generation
You can use the docker image to generate a key:
docker-compose -f key_gen/docker-compose.yml up
Without the -d flag to get the key output. Copy your key, and then you can down the container:
docker-compose -f key_gen/docker-compose.yml down -v
And delete the image
docker image rm sentc/key_gen
Start
The default is mariadb with redis server.
docker-compose -f mysql/docker-compose.yml up -d
Now everything is running and you can start.
Non default
If you are using an external Database, or a Database which is running native, then use the mysql/docker-compose.stand_alone.yml file.
Before starting set also the both Env: MYSQL_HOST (your host where the db is running), MYSQL_DB (the database name).
docker-compose -f mysql/docker-compose.external_db.yml up -d
Keep in mind that this will use the array cache as default not redis. If you have redis also running, set the Env CACHE to 2 and the Env REDIS_URL to your running redis url instance.
To use the sqlite container use this compose file:
docker-compose -f sqlite/docker-compose.yml up -d
This will start the sqlite version of the api. Make sure to place in the sqlite database in the folder: db/sqlite. You can get it from the api repo.
Server
This hosting approach not be directly access from the outside. Use a reverse proxy like nginx to handle tls. Sentc itself will use http.
server {
client_max_body_size 6m; # to make sure the file upload works
server_name <your_server_name>
location / {
proxy_pass http://localhost:3002; # redirect to your running docker container. Sentc uses port 3002 as default.
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
SDK change
Set the base_url option in your SDK init to your hosted version to make sure that the sentc backend is not used.
import Sentc from "@sentclose/sentc";
//init the javascript client
await Sentc.init({
app_token: "5zMb6zs3dEM62n+FxjBilFPp+j9e7YUFA+7pi6Hi", // <-- your app token
base_url: "<your_api_url>"
});
await Sentc.init(
appToken: "5zMb6zs3dEM62n+FxjBilFPp+j9e7YUFA+7pi6Hi",
baseUrl: "<your_api_url>",
);
For rust sdk set it everywhere in the code where it is asked for the base_url like StdUser::register("base_url",...).
Register a self-hosted app
You can access your dashboard by going to your address where your instance running. Then simply follow the register an app guide for creating an app.
Use your public and secret token from this app.
Disable app creation
Now the registration is still open for everyone. Set the Env CUSTOMER_REGISTER to 0 in your sentc.env file and restart your docker container. Now none can create a new account and register apps except your account.
docker-compose -f mysql/docker-compose.yml stop
And then start again.