Skip to content

Deploying to production

Prerequisites

Setup

Switch to the user you want to be running the service as. Then clone the repository:

git clone https://gitlab.com/alleles/genepanel-builder.git
cd genepanel-builder

Configure authorization

Provide the configuration for authorization in secrets/oauth.prod.env:

SESSION_FILE =  <LOCATION_OF_SESSION_STORE_DB_FILE>
CALLBACK_ROUTE = <CALLBACK_ENDPOINT_REGISTERED_WITH_PROVIDER>
OIDC_CLIENT_ID = <OIDC_CLIENT_ID>
OIDC_CLIENT_SECRET = <OIDC_CLIENT_SECRET>
CONF_URL = <OIDC_WELL_KNOWN_CONFIGURATION_URL>
SCOPE = <SCOPES>
DEFAULT_SCOPE = <DEFAULT_SCOPES>
LOGIN_REDIRECT_URL = <URL_WHERE_USER_LOGS_IN>

In case you want to use gpbuilder without any authentication (not recommended), simply provide an empty oauth.prod.env file.

See also Authentication and authorization.

Setup coverage and segmental duplications

The files containing coverage and segmental duplications (segdup) information should be generated using the scripts in scripts/genomic-data/. The frontend's configuration is stored in a JSON file under gpbuilder/resources/ (see example_settings.json for an example).

See Coverage and Segmental Duplications for further details.

Build Docker images

You can now build the Docker images:

docker-compose -f docker-compose-prod.yml build

Running the service

Start the service,

docker-compose -f docker-compose-prod.yml up -d

If you opted out of using authentication, you should start the service with the USE_OAUTH environment variable set to False:

USE_OAUTH=False docker-compose -f docker-compose-prod.yml up -d

You now should be able to update coverage and segdup information (follow the instructions in the README).

Exposing the service through a web proxy

You should expose the service through a web proxy. If you use nginx, this is a good starting point (assuming your domain is gpb.your.doma.in):

server {
    listen 80;
    listen [::]:80;

    server_name gpb.your.doma.in;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_pass http://127.0.0.1:3000;
    }

    location ~* ^/(api/auth|api/v1|docs|openapi.json) {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:8000;
    }
}