Run gateway app from source¶

This section guides through setting up the Flask gateway application from source. It covers setting up the Relock service, installing dependencies, configuring services, and running the application.

Set up storage¶

The choice of storage system depends on the deployment’s use case. Relock supports any Redis OSS-compatible solution, such as Valkey, Memcached, or KeyDB. Here, we’ll set up a fresh Valkey Docker container.

$ docker run --name some-valkey \
             -d valkey/valkey valkey-server \
             --save 60 1 \
             --loglevel warning

Start Relock service¶

For ease of access from other containers via Docker networking, by default, “strict access mode” is off. This means that if the port is exposed outside the host (e.g., via -p on docker run), it will be open without a password. However, all information in storage is encrypted by external browser-side cryptographic keys, making stored data useless to an adversary.

$ docker run -d --restart always \
             -it relockid/server \
             --multiprocessing \
             --host 0.0.0.0 \
             --cache 172.17.0.2 \
             --port 8111

Create local hostname record¶

Add new records for the relock.gateway and www.relock.gateway domains to the /etc/hosts file. This allows using custom domain names that point to 127.0.0.1 (localhost), which is useful for testing in a local development environment.

$ echo '127.0.0.1        relock.gateway' | sudo tee -a /etc/hosts
$ echo '127.0.0.1        www.relock.gateway' | sudo tee -a /etc/hosts

Create self-signed certificate¶

The Relock service requires a TLS connection. To create a self-signed SSL certificate for the local domain relock.gateway, use OpenSSL to generate the certificate and key files. The following command creates a certificate (cert.pem) and a private key (key.pem) valid for relock.gateway and its subdomains.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/CN=$(HOST)" \
   -addext "subjectAltName=DNS:relock.gateway,DNS:*.relock.gateway,IP:127.0.0.1"

To avoid browser warnings and errors when using a self-signed SSL certificate, the certificate must be trusted on the machine. This involves adding the cert.pem file to the operating system’s certificate store so that it is recognized as valid.

Set up gateway app storage¶

The gateway application requires persistent storage for storing user-related data (e.g., email, passwords, profile information). It is designed to use a MySQL database. To simplify setup and ensure a clean environment, we recommend starting with a fresh MySQL container. For enhanced security, Relock’s cryptographic keys are stored separately in a dedicated in-memory database.

$ docker run --name mysql \
             --restart always \
             -v ./data/mysql:/var/lib/mysql \
             -e MYSQL_ROOT_PASSWORD=#SupperSecret123 \
             -e MYSQL_USER=admin \
             -e MYSQL_PASSWORD=#SupperHidden123 \
             -e MYSQL_DATABASE=gateway \
             -d -it mysql \
             --character-set-server=utf8mb4

Clone gateway repository¶

Obtain the source code for the Flask gateway application from its public GitHub repository.

https://github.com/relockid/flask

Start Python virtual enviroment¶

Create and activate a Python virtual environment to manage dependencies for the Flask application. This isolates project packages from the base Python installation.

python3 -m venv venv
source venv/bin/activate

Install app dependencies¶

Install the necessary Python packages for the Flask gateway application based on its requirements.txt file. In some environments, pip3 may be required instead of pip.

python3 -m pip install -r requirements.txt

Install Relock Python SDK¶

This command installs the latest version of the Relock SDK for Python from the Python Package Index (PyPI).

python3 -m pip install relock

To explore or contribute to the Relock SDK source code, it can be downloaded directly from GitHub. The official Relock SDK repository can be cloned by running:

git clone https://github.com/relockid/python

Configure environment variables¶

Create an .env file in the Flask application’s root directory. This file will contain the configuration settings, allowing the Flask app (running on the host) to connect to the Dockerized services:

DB_USER=admin
DB_PASS=#SupperHidden123
DB_HOST=172.17.0.3
DB_PORT=3306
DB_NAME=gateway

REDIS_HOST=172.17.0.2
REDIS_PORT=6379
REDIS_DB=0

RELOCK_SERVICE_HOST=172.17.0.4
RELOCK_SERVICE_PORT=8111
RELOCK_SERVICE_POOL=8
RELOCK_SERVICE_PING=True
RELOCK_SERVICE_TIMEOUT=60
RELOCK_BLUEPRINT=relock

MAIL_SERVER=
MAIL_PORT=587
MAIL_USE_SSL=False
MAIL_USE_TLS=True
MAIL_DEBUG=1
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_REPORT=False
MAIL_ERRORS=None
MAIL_DEFAULT_SENDER='gateway page <no-reply@relock.gateway>'

NAME=Relock-Gateway
HOST=relock.gateway
MAIN=main
IP=0.0.0.0

Run gateway app¶

Once the necessary setup for Relock is complete, including SSL certificate and local domain configuration, the gateway application server can be run from the source code.

$ python3 main.py gateway

To access the gateway, open a web browser and navigate to https://relock.gateway. Since the SSL certificate was trusted in previous steps, the app should now be accessible over HTTPS without security warnings.

Relock

Navigation

Related Topics