Installing RIPS

Before starting the installation please make sure that all hardware and software requirements are fulfilled.

Use the following steps to install RIPS On-Premises within a few minutes on your local server with the help of the RIPS installer:

  • Install Docker CE as described in https://docs.docker.com/engine/installation/
    • It is highly recommended to use a recent version from docker.com because most distributions ship very outdated packages by default
  • Download the installer rips3.py from https://files.ripstech.com/installer/rips3.py to a dedicated directory on your server, e.g., /opt/rips and make it executable
  • To install RIPS without any additional configuration, please run sudo ./rips3.py rips:install --api-url http://rips.intranet.example.org:8080. See "Example" and "Advanced" for instructions on how to set up RIPS with TLS encryption (recommended).
    • The parameter --api-url sets the address of the API. Please replace rips.intranet.example.org with the external IP address or domain name of your RIPS server, otherwise the user interface will not be able to contact the API. The parameter is only used to tell the user interface where to find the API, it does not change the port that is opened.
    • The installer will ask for your download credentials. Please refer to your purchase email for your user name and password
    • At the end of the process, the installer creates a new user account and you can set your private account credentials
  • If you have chosen the simple installation you can now access RIPS by visiting http://rips.intranet.example.org. If you have chosen the advanced installation you have to configure a reverse proxy before you can access RIPS at https://ui.rips.intranet.example.org.

Example

# Switch to root shell
sudo -s

# Create installation directory with secure permissions
mkdir -p /opt/rips
chown root:root /opt/rips
chmod 750 /opt/rips

# Download installer and make it executable
wget https://files.ripstech.com/installer/rips3.py -O /opt/rips/rips3.py
chown root:root /opt/rips/rips3.py
chmod 755 /opt/rips/rips3.py

# Offline installation (optional)
# Download the Docker images on a different system with "./rips3.py rips:download"
# and move the file "images.tar" to the current working directory.
#export RIPS_OFFLINE_IMAGES=images.tar

# Install RIPS without TLS (MAKE SURE TO SET THE CORRECT VALUE FOR API-URL)
/opt/rips/rips3.py rips:install --api-url http://rips.intranet.example.org:8080
# Install RIPS with TLS through a reverse proxy (see "Advanced" section)
/opt/rips/rips3.py rips:install --api-url https://api.rips.intranet.example.org --ui-port 9090 --ui-address 127.0.0.1 --api-address 127.0.0.1

Advanced (optional)

For advanced web server configurations (e.g., TLS) we recommend to place a HTTP reverse proxy in front of RIPS. The following diagram represents the intended architecture.

HTTP requests are send to the reverse proxy (e.g., NGINX, Apache, Lighttpd). The reverse proxy forwards them to the UI and API web servers, and sends the responses back to the users. As a result the users do not have to access the UI and API directly anymore. In most cases it makes sense to even disallow direct access. This can be done by binding the UI and API addresses to localhost with the parameters --ui-address 127.0.0.1 and --api-address 127.0.0.1.

If you plan to use a reverse proxy it is recommended to change the UI port from the default value 80 to a different value. In this examples we will assume that --ui-port 9090 was specified when installing or updating RIPS.

If you place a reverse proxy in front of the API make sure to set the address of the reverse proxy as API URL, for example --api-url https://api.rips.intranet.example.org. This address is used by the user interface to connect from the clients browsers to the API. An incorrect API URL will result in connection problems when using the user interface.

To proceed select and install a web server of your choice and add vhosts for both the UI and the API. The following configuration templates can be used. Make sure to increase the timeout settings for the API since certain requests may take longer than the default timeout.

NGINX

server {
    listen 443 ssl;
    include /etc/nginx/ssl.conf;
    server_name ui.rips.intranet.example.org;

    location / {
        proxy_pass http://127.0.0.1:9090;
    }
}
server {
    listen 443 ssl;
    include /etc/nginx/ssl.conf;
    server_name api.rips.intranet.example.org;

    location / {
        proxy_connect_timeout 60;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_pass http://127.0.0.1:8080;
        client_max_body_size 900M;
    }
}

For additional resources please refer to:

Apache

The modules mod_proxy and mod_proxy_http have to be enabled.

<VirtualHost *:443>
  ServerName ui.rips.intranet.example.org
  Include /etc/apache2/ssl.conf

  ProxyPass / http://127.0.0.1:9090/
  ProxyPassReverse / http://127.0.0.1:9090/
</VirtualHost>
<VirtualHost *:443>
  ServerName api.rips.intranet.example.org
  Include /etc/apache2/ssl.conf

  ProxyPass / http://127.0.0.1:8080/ timeout=600
  ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

For additional resources please refer to: