Run pre-built demo app¶
This section shows how to set up the Relock service and to run the pre-built Flask demo application directly from its Docker container.
Set up storage¶
The choice of storage system depends on the deployment’s use case. Relock supports any Redis OSS-compatible solution, such as Valkey, Memcached, or KeyDB. Here, we’ll set up a fresh Valkey Docker container.
$ docker run --name some-valkey \
-d valkey/valkey valkey-server \
--save 60 1 \
--loglevel warning
Start Relock service¶
For ease of access from other containers via Docker networking, by default, “strict access mode” is off. This means that if the port is exposed outside the host (e.g., via -p on docker run), it will be open without a password. However, all information in storage is encrypted by external browser-side cryptographic keys, making stored data useless to an adversary.
$ docker run -d --restart always \
-it relockid/server \
--multiprocessing \
--host 0.0.0.0 \
--cache 172.17.0.2 \
--port 8111
Create local hostname record¶
Add new records for the relock.demo and www.relock.demo domains to the /etc/hosts file. This allows using custom domain names that point to 127.0.0.1 (localhost), which is useful for testing in a local development environment.
$ echo '127.0.0.1 relock.demo' | sudo tee -a /etc/hosts
$ echo '127.0.0.1 www.relock.demo' | sudo tee -a /etc/hosts
Create self-signed certificate¶
The Relock service requires a TLS connection. To create a self-signed SSL certificate for the local domain relock.demo, use OpenSSL to generate the certificate and key files. The following command creates a certificate (cert.pem) and a private key (key.pem) valid for relock.demo and its subdomains.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/CN=$(HOST)" \
-addext "subjectAltName=DNS:relock.demo,DNS:*.relock.demo,IP:127.0.0.1"
To avoid browser warnings and errors when using a self-signed SSL certificate, the certificate must be trusted on the machine. This involves adding the cert.pem file to the operating system’s certificate store so that it is recognized as valid.
Set up demo app storage¶
The demo application requires persistent storage for storing user-related data (e.g., email, passwords, profile information). It is designed to use a MySQL database. To simplify setup and ensure a clean environment, we recommend starting with a fresh MySQL container. For enhanced security, Relock’s cryptographic keys are stored separately in a dedicated in-memory database.
$ docker run --name mysql \
--restart always \
-v ./data/mysql:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=#SupperSecret123 \
-e MYSQL_USER=admin \
-e MYSQL_PASSWORD=#SupperHidden123 \
-e MYSQL_DATABASE=demo \
-d -it mysql \
--character-set-server=utf8mb4
Start demo app container¶
The Relock Flask demo container can be pulled and run directly. The source code is available for exploration or modification in the public GitHub repository (see Run demo app from source for details).
$ docker run -d --restart always \
--user root \
--privileged \
--network host \
-it relockid/demo run \
--host relock.demo \
--multiprocessing \
--ip 0.0.0.0 \
--port 443
To access the demo, open a web browser and navigate to https://relock.demo. Since the SSL certificate was trusted in previous steps, the app should now be accessible over HTTPS without security warnings.