Self-Hosting

Self-host TofuPilot for scenarios where managed cloud is not an option.

Overview

TofuPilot accounts are hosted on our AWS-powered cloud, managed by our team. This ensures strong security, high performance, automatic updates, and removes the need for your infrastructure management.

For strict IT policies or specific connectivity needs, TofuPilot can also be self-hosted.

Prerequisites

Enterprise trial

Contact our team to sign up for an Enterprise plan trial. We will grant you access to the private self-hosting installation repository along with the TofuPilot docker image.

All the tests stored in your TofuPilot Cloud instance can be seamlessly migrated to your self-hosted version by our team.

System Requirements

Ensure your server meets the minimum specifications.

• OS: Ubuntu 20.04 LTS or later (64-bit)
• CPU: 2 cores or more
• RAM: 4 GB or more
• Storage: 20 GB of free disk space, or more depending on your run attachments needs
• Access: Sudo access to your server.
• Network: Open ports 80 (HTTP) and 443 (HTTPS)

Domains

Ensure your domain and DNS settings are prepared for self-hosting:

• Domain Name: Register a domain or subdomain for TofuPilot (e.g., tofupilot.yourcompany.com).
• Storage Domain Name: Register a subdomain for TofuPilot storage (e.g., storage.tofupilot.yourcompany.com).
• DNS Records: Create two A records in your DNS settings:
  • Point tofupilot.yourcompany.com to your server's public IPv4 address.
  • Point storage.tofupilot.yourcompany.com to the same public IPv4 address.
• SSL Certificate: Ensure you have a valid email address for registering the SSL certificate with Let’s Encrypt.

Authentication

TofuPilot does not store user passwords in its database and offers two secure methods for user sign-up and authentication:

1. Email Authentication: Users sign in by receiving a magic code sent to their email.
2. OAuth Authentication: Users sign in using their Microsoft or Google accounts.

You must enable at least one authentication method based on your requirements.

Email

To enable email-based authentication, retrieve the following SMTP server details:

• SMTP Host: The hostname of your email server (e.g., smtp.yourdomain.com).
• SMTP Port: Typically 587 for TLS or 465 for SSL.
• Email From Address: The email address that will send the magic codes (e.g., auth@yourdomain.com).
• SMTP User: The username for your email account (e.g., auth@yourdomain.com).
• SMTP Password: The password or app-specific password for your email account.

To enable OAuth authentication, create an authorized application in your Google or Microsoft account:

Microsoft OAuth

1. Go to the Microsoft Azure portal.
2. Navigate to Microsoft Entra ID > Manage > App registrations.
3. Register a new application with these details:
   • Redirect URI: e.g. https://tofupilot.yourcompany.com/api/auth/callback/azure-ad
   • Set Supported Account Types to match your needs (e.g., single tenant or multi-tenant).
4. After registration, retrieve the following:
   • Application (client) ID
   • Directory (tenant) ID
   • Client Secret: Create a client secret under Certificates & secrets.

Google OAuth

1. Go to the Google Cloud Console.
2. Create a new OAuth 2.0 Client ID under Credentials.
3. Configure the following:
   • Authorized Redirect URI: https://tofupilot.yourcompany.com/api/auth/callback/google
4. Retrieve the following:
   • Client ID
   • Client Secret

Deploy

Once prerequisites are complete, installation is straightforward.

1. SSH into your server:

   Connect to your server via its IP address using SSH, or Putty on Windows:

   ssh user@your_server_ip
   

   CopyCopied!

2. Install Git, Docker and Docker-Compose

   sudo apt update && sudo apt upgrade -y
   sudo apt install docker.io
   sudo apt-get install docker-compose-plugin
   sudo apt install git
   

   CopyCopied!

3. Clone the installation repository provided by our team.

   git clone https://github.com/tofupilot/self-hosting.git && cd self-hosting
   

   CopyCopied!

4. Run the deployment script:

   chmod +x ./deploy.sh
   sudo bash ./deploy.sh
   

   CopyCopied!

   Answer the following questions when prompted:

   Hostname for your TofuPilot? [tofupilot.example.com]:
   Hostname for your TofuPilot storage? [storage.tofupilot.example.com]:
   Email address associated with your domain (for SSL)? [me@example.com]:
   Google Client ID? (leave blank if not using Google auth):
   Google Client Secret? (leave blank if not using Google auth):
   Azure AD Client ID? (leave blank if not using Azure AD auth):
   Azure AD Client Secret? (leave blank if not using Azure AD auth):
   Azure AD Tenant ID? (leave blank if not using Azure AD auth):
   SMTP server address? (leave blank if not using Email auth):
   SMTP port? (leave blank if not using Email auth):
   SMTP user name? (leave blank if not using Email auth):
   SMTP password? (leave blank if not using Email auth):
   Email address used as 'from' in emails? (leave blank if not using Email auth):
   

   CopyCopied!

Post-Installation

Once the script finishes, access the web app (e.g., https://tofupilot.yourcompany.com) to create an admin account, and set up an organization (we recommend naming it app).

You can upload test runs using the public TofuPilot Python package. Simply set your instance URL with the url parameter as shown below. All features described in the rest of the documentation will function as expected.

import openhtf as htf
from tofupilot.openhtf import TofuPilot

def main():
   test = htf.Test(
         procedure_id="FVT1",
         procedure_name="PCB Testing",
         part_number="PCB1",
   )
   with TofuPilot(test, url="https://tofupilot.yourcompany.com"): # specify URL here
   test.execute(lambda: "PCB1A001")

if __name__ == '__main__':
   main()

Update

To update your self-hosted TofuPilot app to the latest version, follow the following steps:

1. Pull the latest changes:

   git pull origin main
   

   CopyCopied!

2. Restart the docker containers:

   docker-compose down && docker-compose up -d --pull always
   

   CopyCopied!

Backups

Ensure the following Docker volumes are included in your backup routine:

Volumes to Back Up

• database-data:
  Contains all database files, including schema definitions, configurations, and application data. Backup this volume to preserve your database's state and integrity.

• storage-data:
  Stores user-uploaded files such as profile pictures, attachments, and other assets. Backup this volume to safeguard external content and binary data.

Backup Recommendations

Integrate these volumes into your backup process using methods like volume snapshots, off-site replication, or encrypted storage to ensure data durability and smooth recovery in case of failure or migration.