Follow this procedure to install Boardgent in your environment: in an on-premise server or your private or public cloud. If you have any questions or found anything unclear, don't hesitate to contact us.

To follow this tutorial, knowledge of server management is required.

1) Requirements for Boardgent On-Premise installation

A server with at least:

  • 4 GB RAM

  • 64 bits processor with 2 physical cores

  • 40 GB SSD Storage

  • Docker and Docker Compose installed (For more information about how to install Docker please refer to this link).

For detailed requirements for the On-Premise server please refer to this article.

Tip: If you are running Boardgent on your Cloud you can use a pre-installed Docker environment available in most Cloud Providers. In DigitalOcean, for example, you can create a ready to use Droplet with Docker completely pre-installed

2) DNS Configuration

In the DNS service that you manage, please add the following type A records, pointing to the address of the server running Docker for Boardgent On-Premise:

Then please change yourdomain.com with the domain of your company.

  • agent.yourdomain.com: This domain name will be used to access the Boardgent-Agent-Server Docker container.

  • api.yourdomain.com: This domain name will be used to access the Boardgent-API Docker container.

  • app.yourdomain.com: This domain name will be used to access the Boardgent-UI Docker container.

  • mps.yourdomain.com: This domain name will be used for the Intel® AMT technology to access the Boardgent-MPS Docker container.

  • mpswebrelay.yourdomain.com: This domain name will be used to access the Boardgent-MPS Docker container.

  • reverseproxy.yourdomain.com: This domain name will be used to the reverse proxy Docker container.

  • webrtcsignal.yourdomain.com: This domain name will be used to access the Boardgent-WebRTC Signal Doker container.

  • middleware.yourdomain.com: This domain name will be used to access the Boardgent Middleware Doker container.

FYI an A record points a domain to an IPv4 address.

Example:

3) Project structure

In order to create the initial structure of Boardgent On-Premise follow the steps below

  • Create a folder called Boardgent in the location of your preference, inside this folder all the files necessary to run Boardgent On-Premise will be located.

  • Enter in the Boardgent folder and create the following files and folders

boardgent                # Boardgent Folder 
├── boardgent.env # Environment variables file
├── boardgent-db # Database folder
├── mps-private # Mps folder
└── config.json # Mps configuration file
├── traefik.toml # Traefik configuration file
├── docker-compose.yml # Docker configuration file
└── acme.json # certificate archive file

4) Networking

To use Boardgent it is necessary to have two different Docker networks: an internal network and an external network. This allows greater security by isolating some containers from direct internet access and make them pass through a secured reverse proxy.


To create a network in Docker open the command terminal and locate in the Boardgent folder previously described in the project structure section.

  • Internet Network: run the following docker command in the terminal in the Boardgent folder to create a network called "internet".

docker network create internet
  • Internal Network: By default this network is active and for this reason, it is not necessary to create it, you will find this network as root_internal. To validate that both networks are running the following command

docker network ls 

5) Set environment variables

In order to configure the environment variables file please open the boardgent.env file.

This file will store the environment variables that each container will need to work correctly. Below you will see an example of the content of the boardgent.env file please replace the sample data with your environment data.

#Boardgent-db 
POSTGRES_USER=bgdbuser # sample data
POSTGRES_PASSWORD=bgdbpass # sample data
POSTGRES_DB=boardgent
PGDATA=/var/lib/postgresql/data/boardgent

#Boardgent-Agent-Server
AGENT_SERVER_URL=https://agent.yourdomain.com/ # sample data
AGENT_SERVER_PORT=80

#Boardgent-Ui
WEBSITE=app.yourdomain.com # sample data
APP_URL=app.yourdomain.com # sample data
WEBRELAY_URL=mpswebrelay.yourdomain.com # sample data
VUE_APP_WEBRTC_SIGNAL=wss://webrtcsignal.yourdomain.com # sample data

#Boardgent-Api
API_URL=https://api.yourdomain.com/ # sample data
POSTGRES_CONNECT=postgres://bgdbuser:[email protected]:5432/boardgent # sample data
POSTGRES_SSL=FALSE # sample data
AUTHENTICATION_SECRET=XXXXXXXXXXXX # sample data
SERVER_AUTH_VALIDATION_KEY=XXXXXXXXXXXX # sample data
MPS_URL=mps.yourdomain.com # sample data
REDIS_URL=redis://redis:6379
WORKER_MODELS=https://middleware.yourdomain.com/models # sample data
WORKER_GEOLOCATION=https://middleware.yourdomain.com/geolocation # sample data
WORKER_DATE_TIME=https://middleware.yourdomain.com/datetime # sample data
WORKER_NETWORK_INFORMATION=https://middleware.yourdomain.com/networkinformation # sample data
WEB_RTC_SIGNAL=wss://webrtcsignal.yourdomain.com/ # sample data
MIDDLEWARE_SERVER=https://middleware

#Boardgent-wrtc-server
WRTC_SERVER_PORT=80

#middleware-server
EDGE_SERVER=https://edge.boardgent.com
MIDDLEWARE_PORT=80

Environment Variables details

Boardgent-DB Variables

These variables will be used by the container containing the database to place the name of the database, the path where the database will be located, and the user and password that will have access.

  • POSTGRES_USER: Name of the user who will have access to the database

  • POSTGRES_PASSWORD: Password of the database user

  • POSTGRES_DB: Name that the database will have.

  • PGDATA: Path where the database will be stored.

Boardgent Agent-Server variables

These variables will be used by the agent container to put the URL and the port it will use.

  • AGENT_SERVER_URL: This will be the URL used for the Boardgent Agent Server access.

  • AGENT_SERVER_PORT: This will be the port on which Boardgent Agent Server will work

Boardgent-UI variables

  • WEBSITE: This is the landing page where you will be redirected on logout.

  • APP_URL: This is the URL used to access to Boardgent UI.

  • WEBRELAY_URL: This is the URL used to connect the Boardgent-MPS container. Important: Do not put protocol or slashes at the beginning or end of WEBRELAY_URL, E.g. Bad: "https://mpswebrelay.tulpep.com/" | Correct: "mpswebrelay.boardgent.com".

  • VUE_APP_WEBRTC_SIGNAL: This is the URL used to connect to the WebRTC Signal server.

Boardgent-API variables

  • API_URL: This will be the URL used for the API access.

  • POSTGRES_CONNECT: Connection string used for connection to the database. Remember to see the Postgres variables to adjust the connection string.
    Note: for more information about the Postgres connection string, you can visit this link.

  • POSTGRES_SSL: Use "TRUE" if the connection to Postgres Database uses SSL, otherwise use "FALSE" or remove this variable.

  • AUTHENTICATION_SECRET: This is a password that will be the JWT signing secret. Please be sure to enter a strong password with lowercase, uppercase, numbers, special characters, and at least 80 characters in length.

  • SERVER_AUTH_VALIDATION_KEY: This is a password used to validate that a request is being sent from the MPS or from the API. Please be sure to enter a strong password with lowercase, uppercase, numbers, special characters, and at least 20 characters in length.

  • REDIS_URL: This will be the URL used for Redis access.

  • WORKER_MODELS: This will be the URL used for the agents to get the model name of the device.

  • WORKER_GEOLOCATION: This will be the URL used for the agents to get the geolocation of the device.

  • WORKER_DATE_TIME: This will be the URL used for the agents to get the right internet date-time of the device.

  • WORKER_NETWORK_INFORMATION: This will be the URL used for the agents to get the public network information of the device.

  • WEB_RTC_SIGNAL: This will be the URL used for the agents to create a direct connection with the browser.

  • MIDDLEWARE_SERVER: This will be the URL used for the API to talk to the Middleware server.

Boardgent-WebRTC Server variables

  • WRTC_SERVER_PORT: This is the port used for the WebRTC Server.

Boardgent Middleware Server variables

  • EDGE_SERVER: This is the URL used to contact the Boardgent servers to validate the license.

  • MIDDLEWARE_PORT: This is the port to which the Middleware server will be exposed.

6) MPS configuration file

In order to set the initial configuration of the MPS please open the config.json file located inside the "mps-private" folder we created earlier.


boardgent # Boardgent Folder
└── mps-private # Mps folder
└── config.json # Mps configuration file

Please put the following information in the config.json file and replace the sample data with the data that will be in production.

{
"usewhitelist" : true,
"commonName": "mps.yourdomain.com", // Sample value
"mpsport": 4433,
"mpsusername": "",
"mpspass": "",
"country": "US", // Sample value
"company": "Boardgent", // Sample value
"listenany": true,
"https": false,
"port": 80,
"api" : "http://api/",
"debug": true,
"SERVER_AUTH_VALIDATION_KEY": "XXXXXXXX" // Sample value
}

MPS Configuration file variables

These variables will be used by the MPS container

  • commonName: Write the MPS domain name you created in the DNS configuration. Important: Do not put protocol or slashes at the beginning or end of this URL, E.g. Bad: "https://mps.boardgent.com/" | Correct: "mps.tulpep.com".

  • country: Write the country name of your company.

  • company: Write the name of your company.

  • SERVER_AUTH_VALIDATION_KEY: Please verify the boardgent.env file and look for the "SERVER_AUTH_VALIDATION_KEY" key, then copy its value and paste it here.

7) Set up docker-compose

Working with Docker-Compose

In order to configure the docker-compose please open the docker-compose.yml file located at the root of the "boardgent" folder.

boardgent                # Boardgent Folder 
└── docker-compose.yml # Docker configuration file

Please put the below information in the docker-compose.yml file and replace all sample data with the domains you created in the second step of this article (DNS configuration).

version: '3'

networks:
internet:
external: true
internal:
external: false

services:
reverse-proxy:
image: traefik:1.7
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Traefik can listen to the Docker events
- $PWD/traefik.toml:/etc/traefik/traefik.toml
- $PWD/acme.json:/acme.json
networks:
- internet
- internal
labels:
- traefik.frontend.rule=Host:reverseproxy.yourdomain.com # sample data
- traefik.port=8080

redis:
image: redis:6-alpine
networks:
- internal
labels:
- traefik.enable=false

db:
image: postgres:13
env_file:
- /root/boardgent/boardgent.env
networks:
- internal
volumes:
- /root/boardgent/boardgent-db:/var/lib/postgresql/data/boardgent
labels:
- traefik.enable=false

api:
image: boardgent/on-premise-api
env_file:
- /root/boardgent/boardgent.env
networks:
- internal
labels:
- traefik.frontend.rule=Host:api.yourdomain.com # Sample data

ui:
image: boardgent/on-premise-ui
env_file:
- /root/boardgent/boardgent.env
networks:
- internal
labels:
- traefik.frontend.rule=Host:app.yourdomain.com # Sample data

agent:
image: boardgent/on-premise-agent
env_file:
- /root/boardgent/boardgent.env
networks:
- internal
labels:
- traefik.frontend.rule=Host:agent.yourdomain.com # Sample data

mps:
image: boardgent/on-premise-mps
ports:
- 4433:4433 #MPS Port
production.
volumes:
- /root/boardgent/mps-private:/mps-microservice/private
networks:
- internal
- internet
labels:
- traefik.webrelay.frontend.rule=Host:mpswebrelay.yourdomain.com # sample data
- traefik.webrelay.port=80

8) Traefik Configuration

In order to configure the Traefik please open the traefik.toml file located at the root of the "boardgent" folder.

/                            # Root folder 
└── boardgent # Boardgent Folder
└── traefik.toml # Traefik configuration file

Please put the below information in the traefik.toml file and replace the email field with the email which will be in charge of receiving all the information related to the digital certificates that Traefik creates.

defaultEntryPoints = ["http", "https"]

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true

[api]
entryPoint = "traefik"
dashboard = true

[acme]
email = "[email protected]" # Sample data
storage = "acme.json"
onHostRule = true
entryPoint = "https"
# Uncomment next line to use staging let's encrypt for testing
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "https"

[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"

[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]

[entryPoints.traefik]
address = ":8080"
compress = true

The acme.json file will be empty and will be in charge of storing the certificates of LetsEncrypt. This is done automatically, so this file will not be modified.

Note: Traefik is the leading open-source reverse proxy and load balancer for HTTP and TCP-based applications. For more information please see the following link.

9) Pulling images from Docker Hub

In order to get the latest updates for each container used by Boardgent On-Premise, please run the following command in the terminal.

docker-compose pull

10) Initialize the containers.

To initialize the containers it is necessary to run the following command:

docker-compose up -d

After the execution of the previous command, all the containers should be active and running.

If you want to check that all the containers are running you can run the following command:

docker ps

That's all! Now you have Boardgent completely working in your on-premise or private cloud environment!

Did this answer your question?