Self-Hosting
Self-host TofuPilot for scenarios where managed cloud is not an option.
Overview
TofuPilot accounts are hosted on our AWS-powered cloud, managed by our team. This ensures strong security, high performance, automatic updates, and removes the need for your infrastructure management.
For strict IT policies or specific connectivity needs, TofuPilot can be self-hosted.
Prerequisites
Enterprise trial
Contact our team to sign up for an Enterprise plan trial. We will grant you access to the private self-hosting installation repository along with the TofuPilot docker image.
All the tests stored in your TofuPilot Cloud instance can be seamlessly migrated to your self-hosted version by our team.
System Requirements
Ensure your server meets the minimum specifications.
- OS: Ubuntu 20.04 LTS or later (64-bit)
- CPU: 2 cores or more
- RAM: 4 GB or more
- Storage: 20 GB of free disk space, or more depending on your run attachments needs
- Access: Sudo access to your server.
- Network: Open ports 80 (HTTP) and 443 (HTTPS)
Domains
Ensure your domain and DNS settings are prepared for self-hosting:
- Domain Name: Register a domain or subdomain for TofuPilot (e.g.,
tofupilot.yourcompany.com
). - Storage Domain Name: Register a subdomain for TofuPilot storage (e.g.,
storage.tofupilot.yourcompany.com
). - DNS Records: Create two A records in your DNS settings:
- Point
tofupilot.yourcompany.com
to your server's public IPv4 address. - Point
storage.tofupilot.yourcompany.com
to the same public IPv4 address.
- Point
- SSL Certificate: Ensure you have a valid email address for registering the SSL certificate with Let’s Encrypt.
Authentication
TofuPilot does not store user passwords in its database and offers two secure methods for user sign-up and authentication:
- Email Authentication: Users sign in by receiving a magic code sent to their email.
- OAuth Authentication: Users sign in using their Microsoft or Google accounts.
You must enable at least one authentication method based on your requirements.
To enable email-based authentication, retrieve the following SMTP server details:
- SMTP Host: The hostname of your email server (e.g.,
smtp.yourdomain.com
). - SMTP Port: Typically
587
for TLS or465
for SSL. - Email From Address: The email address that will send the magic codes (e.g.,
auth@yourdomain.com
). - SMTP User: The username for your email account (e.g.,
auth@yourdomain.com
). - SMTP Password: The password or app-specific password for your email account.
To enable OAuth authentication, create an authorized application in your Google or Microsoft account:
Microsoft OAuth
- Go to the Microsoft Azure portal.
- Navigate to Microsoft Entra ID > Manage > App registrations.
- Register a new application with these details:
- Redirect URI: e.g.
https://tofupilot.yourcompany.com/api/auth/callback/azure-ad
- Set Supported Account Types to match your needs (e.g., single tenant or multi-tenant).
- Redirect URI: e.g.
- After registration, retrieve the following:
- Application (client) ID
- Directory (tenant) ID
- Client Secret: Create a client secret under Certificates & secrets.
Google OAuth
- Go to the Google Cloud Console.
- Create a new OAuth 2.0 Client ID under Credentials.
- Configure the following:
- Authorized Redirect URI:
https://tofupilot.yourcompany.com/api/auth/callback/google
- Authorized Redirect URI:
- Retrieve the following:
- Client ID
- Client Secret
Deploy
Once prerequisites are complete, installation is straightforward.
-
SSH into your server:
Connect to your server via its IP address using SSH, or Putty on Windows:
ssh user@your_server_ip
-
Install Git, Docker and Docker-Compose
sudo apt update && sudo apt upgrade -y sudo apt install docker.io sudo apt-get install docker-compose-plugin sudo apt install git
-
Clone the installation repository provided by our team.
git clone https://github.com/tofupilot/self-hosting.git && cd self-hosting
-
Run the deployment script:
chmod +x ./deploy.sh sudo bash ./deploy.sh
Answer the following questions when prompted:
Hostname for your TofuPilot? [tofupilot.example.com]: Hostname for your TofuPilot storage? [storage.tofupilot.example.com]: Email address associated with your domain (for SSL)? [me@example.com]: Google Client ID? (leave blank if not using Google auth): Google Client Secret? (leave blank if not using Google auth): Azure AD Client ID? (leave blank if not using Azure AD auth): Azure AD Client Secret? (leave blank if not using Azure AD auth): Azure AD Tenant ID? (leave blank if not using Azure AD auth): SMTP server address? (leave blank if not using Email auth): SMTP port? (leave blank if not using Email auth): SMTP user name? (leave blank if not using Email auth): SMTP password? (leave blank if not using Email auth): Email address used as 'from' in emails? (leave blank if not using Email auth):
Post-Installation
Once the script finishes, access the web app (e.g., https://tofupilot.yourcompany.com
) to create an admin account, and set up an organization (we recommend naming it app
).
You can upload test runs using the public TofuPilot Python package. Simply set your instance URL with the url
parameter as shown below. All features described in the rest of the documentation will function as expected.
import openhtf as htf
from tofupilot.openhtf import TofuPilot
def main():
test = htf.Test(
procedure_id="FVT1",
procedure_name="PCB Testing",
part_number="PCB1",
)
with TofuPilot(test, url="https://tofupilot.yourcompany.com"): # specify URL here
test.execute(lambda: "PCB1A001")
if __name__ == '__main__':
main()
Update
To update your self-hosted TofuPilot app to the latest version, follow the following steps:
-
Pull the latest changes:
git pull origin main
-
Restart the docker containers:
docker-compose down && docker-compose up -d --pull always
Backups
Ensure the following Docker volumes are included in your backup routine:
Volumes to Back Up
-
database-data
:
Contains all database files, including schema definitions, configurations, and application data. Backup this volume to preserve your database's state and integrity. -
storage-data
:
Stores user-uploaded files such as profile pictures, attachments, and other assets. Backup this volume to safeguard external content and binary data.
Backup Recommendations
Integrate these volumes into your backup process using methods like volume snapshots, off-site replication, or encrypted storage to ensure data durability and smooth recovery in case of failure or migration.