Deployment Configurations
Recommended Specifications
The form.io platform can be set up in any environment that supports Docker Engine. The configuration can be as simple as running our container and pointing a dns entry to it but most of our customers build out a high performance/high available stack. The following information should provide guidelines on how to set that up.
Server requirements
Our architecture is very performant, even on smaller servers. Because our servers are stateless, you can easily run multiple of them in parallel behind a load balancer to increase capacity during times of higher load. Still, we recommend running the following sized servers. These have been stress tested to hundreds of concurrent users without impact.
Requirement
Available Options
Server manufacturer
AWS Azure Google Cloud
Processor make
Intel Xeon Intel Xeon E5 AMD Opteron or compatible
Processor instruction set
X86, AVX2 (AVX is also supported)
Processor architecture
64-bit
Processor speed
1.0 GHz or faster
No. of physical cores
1
Processor cache
2MB or greater
Total RAM
3GB or greater (Example AWS m3.medium)
Hardware allocation
The host server must not be over-committed in terms of either RAM or CPU to other processes besides the Form.io API Server. The Form.io API Server must have dedicated access to its own RAM and CPU cores.
Application Storage
4GB or greater (Example AWS m3.medium)
Blob Storage
128GB
GPU
N/A
Network
> 1 Gigabit
Operating System
Ubuntu > v18.0 Debian > v8.0 Alpine Linux > v3.5.0
The PDF server should have double the amount of RAM than the API server due to creating PDFs within memory. So we would recommend 8 GB RAM for PDF server.
Deployment Diagram
TLS/SSL Setup (https)
What is SSL?
TLS/SSL enables encrypted communication at the container level. This ensures all traffic to and from the running Docker container(s) is encrypted.
Why would I need TLS/SSL?
TLS/SSL is needed if you require a strict communication standard requiring all network traffic to be run through TLS/SSL encryption.
In order to enable TLS/SSL (https) for your environment, there are several options for how to do so. Most Load Balancers in the cloud contain HTTPS listeners that can be configured with proper SSL Certificates. These can then point to the listening ports on the form.io server.
If you are not using a load balancer that has SSL support, it's encouraged to use NGINX to proxy the requests to your server and install your SSL Certificates.
First, you will need certificates. You can either generate your own, use LetsEncrypt, or purchase an SSL certificate. Once you have a certificate you can configure NGINX.
A sample configuration that proxies the server, listens on port 443 and uses your SSL Certificates
If you also have a Minio + PDF Server running on this server, then you will also want to provide them within subdirectories like the following.
For this configuration to work with Minio, you will need to create a subdomain @ http://minio.yourserver.com that points to this server. Minio does not support being hosted outside of the root domain.
Enabling an additional TLS/SSL Layer on top of Docker Containers
In the extremely rare case that terminating TLS/SSL at the load balancer or reverse proxy does not suffice, and an additional container to container TLS/SSL layer is required, a TLS/SSL layer can be configured in your Docker Containers to enable encrypted traffic between them.
This configuration is rarely necessary. Do not use unless absolutely required.
Enabling a TLS/SSL Layer on top of Docker Container encrypts traffic from the container all the way to the Form.io applications and requires additional configuration. The setup requires an SSL certificate. A CA Signed Certificate or self-signed certificate can be used.
To enable SSL on top of Docker container, the following Environment variables must be added to the deployment:
API Server TLS/SSL Environment Variables
ENABLE_SSL
A boolean value indicating whether you wish for the API server be able to terminate TLS/SSL-encrypted traffic
ENABLE_SSL=true
SSL_KEY
The SSL certificate's private key value (not its path in the filesystem!)
SSL_CERT
The SSL certificate's value (not its path in the filesystem!)
PDF Server TLS/SSL Environment Variables
ENABLE_SSL
A boolean value indicating whether you wish for the PDF server to terminate TLS/SSL-encrypted traffic
ENABLE_SSL=true
SSL_KEY
The SSL certificate's private key value (not its path in the filesystem!)
SSL_CERT
The SSL certificate's value (not its path in the filesystem!)
Pay special attention to the settings for the SSL_KEY, SSL_CERT environment variables:
-new lines in the corresponding file should be set to '\n'
-double quotes should be used
For a walkthrough of how to set up this type of environment in AWS, please see the that has been configured with TLS/SSL between containers, please see the Form.io/AWS Elastic Beanstalk E2E Encrypted Environment tutorial.
DNS Configuration
DNS Setup
In order to access your form.io server, a domain name needs to be set up for it and pointed to the server or load balancer. This can be a subdomain of another domain, however, the Form.io subdomain will NOT work with our server so use any other subdomain such as forms.
As an example, you can set “forms-dev” to point to the portal-enabled environment so you would go to https://forms-dev.mydomain.com to access the server.
There are two options for configuring project DNS for your docker server. You can run it using subdomains or run on a single subdomain and have projects as subdirectories of that domain.
Subdirectories
When using Subdirectories to refer to projects, simply set up a single domain and point it to the server. All projects will become subdirectories of that domain instead of subdomains. Be sure to select “Subdirectory” from the Project Path Type in the environment switcher.
For example: https://forms-dev.mydomain.com would result in the following project paths:
https://forms-dev.mydomain.com/myproject1 https://forms-dev.mydomain.com/myproject2
If using subdirectories, skip the Subdomains section.
Subdomains
When using subdomains, the server DNS must have the following three domains set up and an additional one per project OR have a wildcard subdomain entry in the DNS server.
Every deployment needs the following 3 subdomains to function.
HostName
Description
api.yourdomain.com
This subdomain points to the core API of the Form.io platform.
formio.yourdomain.com
This points to the Main Form.io project which is required to login and manage your deployment.
[YOURPROJECT].yourdomain.com
This points to the project within the deployment, which is your applications Form.io project.
PDF
If you are using a pdf server, you will also need to point a subdomain at your pdf server. For example, pdf-dev.myserver.com
can point to the server or load balancer. This will make the server available so that it can serve up the converted PDFs that are the background for Web PDFs in the form.io platform. If you are NOT using Web PDFs and only want to generate PDFs of submissions you do NOT need to make the PDF server available on the internet and only need to have it available to the Form.io Server.
Files
Files are frequently uploaded to the Blob Storage mechanism of your hosting provider. It is not required to have a clean URL like files-dev.myserver.com that points to the blob storage but you may set one up. You can use a raw blob storage URL as well.
Remote Environments
Multiple Environments
When deploying the form.io platform, it is possible to enable the portal application as well. This includes form manager, FormView Pro, and Tenant Manager if applicable. This application is the primary interface into your environments in your On-Premise servers. It is important to understand how to set this up correctly.
You should pick only one of your environments to be the Portal environment. This is typically the “Dev” environment since it will be the place all your developers will use to log in and manage the forms and data. Typically the Pre-prod and Prod environments are partitioned off and only available to certain employees responsible for deployments.
There are a few differences between a Portal environment and a Remote environment.
Portal Environment
The environment variable
PORTAL_ENABLED=true
has been set.The Portal application is served from the root of the environment.
A Portal Base project is automatically created within the database. This project is NOT counted against your license. It is where all of the users and teams will be stored for the Portal application. You should not add additional forms or resources in this project.
An admin user is created in the Portal Base project. You can set the email and password for this in the environment variables
ADMIN_EMAIL
andADMIN_PASSWORD
. This can only be set the first time the server is started withPORTAL_ENABLED
set. Once it has been run, the environment variables can be removed and any subsequent changes to the admin user can be done by going to the Portal Base project and the User resource.
Remote Environment
The environment variable PORTAL_SECRET has been set to a random secure secret.
There is NO application served from the root of the environment. By default, it will respond with
[]
.You will connect a project or stage to this environment by using the “On Premise Environment” option in the project settings. You will need to know the
PORTAL_SECRET
for the remote environment when setting it up.You can set up multiple remote environments and use the portal environment to connect projects and stages to different remote environments.
Moving stages to remote environments
Once you have your Portal and Remote environments set up, create a project in Portal environment and create stages within the project that will go on the remote environments. Next, go to a stage, click Settings and navigate to “On Premise Environment”. Enter the URL for the remote environment and the portal secret from the remote environment. Leave the Project Path Type as “Subdirectories” and click “Continue”. This should connect to the remote environment. Select “New Stage” and then press “Connect Stage”. You can repeat this with other stages and other remote environments.
Last updated