Use this guide when deploying Threatconnectome in an on-premises environment backed by Supabase.
OSUbuntu 20.04+ or MacOS 12.0.1+
DockerDocker Compose
Node v20+npm v7+
Pipenv
git clone https://github.com/nttcom/threatconnectome.git
Copy the Supabase template, rename it to .env, and edit the values.
cp .env.supabase.example .env
vi .env # update defaultsSUPABASE_POSTGRES_PASSWORD– Password to be set for the Supabase PostgresJWT_SECRET– JSON Web Token secretANON_KEYSERVICE_ROLE_KEY– API key of SupabaseDASHBOARD_USERNAME– Username of Supabase dashboardDASHBOARD_PASSWORD– Password to be set for the Supabase dashboardLOGFLARE_API_KEY- API key of logflare
When preparing a production build of the web UI, copy the Supabase template into the web directory and adjust the values.
cd ./web
cp .env.supabase.example .env.production.local
vi .env.production.localKey values:
VITE_AUTH_SERVICE– Authentication service to be used (fixed to supabase).VITE_SUPABASE_URL– URL which the kong container (not auth container) listens to.VITE_SUPABASE_ANON_KEY– Same value with ANON_KEY in ../.env.
Adjust CORS settings in main.py if required.
cd ./web
npm ci
npm run build # to build what is specified in package.jsonStart the Supabase-based stack and run database migrations.
cd ..
sudo docker compose -f docker-compose-supabase-local.yml up -d --buildRun the database migrations the first time the containers start.
sudo docker compose -f docker-compose-supabase-local.yml exec api sh -c "cd app && alembic upgrade head"Access http://localhost:<your_port_for_threatconnectome> to open the Web UI. Click Sign up to create a new account.
Access http://localhost:<your_port_for_threatconnectome>/api/docs to open the API docs. Expand auth/token Login For Access Token and click Try it out. Fill in the username and password created in the Web UI, copy the access_token returned, and paste it into value area of Authorize to complete the authentication.
🎉🎉🎉 Welcome to Threatconnectome 🎉🎉🎉
Stop Docker Compose when you are done.
For local development environment:
sudo docker compose -f docker-compose-supabase-local.yml down
When developing against Supabase, use the Supabase-specific environment template.
cd ./web
cp .env.supabase.local .env
vi .envIf you want to run it, please type the following command
cd ./web
npm run start # to check operation and launch the webpage when developing Web UIConfirm that the API container is running. Execute sudo docker compose -f docker-compose-supabase-local.yml ps or check http://localhost:<your_port_for_threatconnectome>/api/docs.
Add the container name to the logs command to focus on the failing service. For example, when the API container is restarting:
sudo docker compose -f docker-compose-supabase-local.yml logs api # use -f to follow outputDependency installation may have failed. Remove ./web/node_modules and reinstall.
Run the Supabase-aware API tests.
sh testapi_supabase.shdocker-compose-supabase-test.yml contains the Supabase test configuration.
Docker containers in docker-compose-supabase-local.yml
| Container name | Description |
|---|---|
| supabase-auth | Authentication server |
| supabase-db | PostgreSQL database |
| supabase-studio | Dashboard |
| supabase-kong | API gateway |
| supabase-meta | PostgreSQL API server |
| Name | Description | Docker container to mount |
|---|---|---|
| .github | workflow file for github actions, template file for pull request | - |
| .vscode | vscode settings(format specification, extended functions) | - |
| api | api server created with fastapi | api |
| e2etests | e2e test | e2etests |
| firebase | emulator of firebase authentication | firebase |
| key | credential key to use in the API | api |
| nginx | nginx configuration directory | web |
| scripts | storing scripts that run outside of the server | - |
| traefik | reverse proxy | traefik |
| web | frontend built with React.js | web (only web/build) |