UI Bakery on-premise
Deploy UI Bakery locally to manage your data from your private network
We understand that you might have lots of data accessible from your private network, that’s why you can use UI Bakery self-hosted version for your benefit.
On-premise version grants you:
  • A relatively quick setup process;
  • Custom branding;
  • Custom domain hosting;
  • Google SSO;
  • SAML-based identity providers;
  • Data is stored securely under your own VPS
UI Bakery on-premise version license key can be obtained here
If you have already installed UI Bakery on-premise version, follow this guide to update your version.

Installation

MySQL instance is included into the out of the box container and doesn't require any additional setup. If you need to have a standalone database, read here.
  • Install docker 20.10.11 version or higher and docker-compose 1.29.2 version or higher
  • Start docker daemon
  • Get on-premise package:
1
curl -k -L -o ui-bakery-on-premise_v2.15.0.tar.gz https://storageaccountrguib99d2.blob.core.windows.net/ui-bakery-cloud-on-premise/ui-bakery-on-premise_v2.15.0.tar.gz && mkdir ui-bakery-on-premise && tar -xvf ui-bakery-on-premise_v2.15.0.tar.gz -C ui-bakery-on-premise && cd ui-bakery-on-premise
Copied!
  • Get the license key from UI Bakery team. You'll get a key like of the following format: eyJhbaj8es9fj9aesI6IkpXVCJ9.eyJsjioOHGEFOJeo0JSe98fJEJSEJFImVtYWlsIjoibmlrLnBvbHRvcmF0c2t5QGdtYWlsLmNvbSJ9.2n9q1LmjnBn62KyAM3FlYZ8PzQcxmIK0_mptNv38ufM
  • Run ./setup.sh:
  • Enter the license key
  • Enter the port (leave empty for local installation, 3030 port will be used)
  • Enter the server url (leave empty for local installation)
5. Run docker-compose up -d to start the containers
6. Wait until all containers are up and running
7. Open ports 3030 and 3040 or UI_BAKERY_PORT and UI_BAKERY_WORKBENCH_PORT (if they were modified in .env file or entered in ./setup.sh) to access UI Bakery instance, then you can create a new account.

Running a standalone database instance

In case when a 3rd party MySQL instance is required:
  1. 1.
    Provide the following environment variables:
1
UI_BAKERY_DB_HOST=192.168.0.1
2
UI_BAKERY_DB_PORT=3306
3
UI_BAKERY_DB_DATABASE=bakery
4
UI_BAKERY_DB_USERNAME=username
5
UI_BAKERY_DB_PASSWORD=password
Copied!
2. Run docker-compose -f ./docker-compose-external-db.yml up to start the containers, alternatively, docker-compose -f ./docker-compose-external-db.yml up -d to run containers in the background.

Running on a remote instance

If you would like to run UI Bakery not on localhost, but on a server, you need to provide the following variables:
1
UI_BAKERY_APP_SERVER_NAME=http://YOUR_DOMAIN_OR_IP:3030
2
UI_BAKERY_WORKBENCH_PATH=http://YOUR_DOMAIN_OR_IP:3040
3
UI_BAKERY_PORT=3030
4
UI_BAKERY_WORKBENCH_PORT=3040
Copied!
UI_BAKERY_PORT and UI_BAKERY_WORKBENCH_PORT variables must match ports in UI_BAKERY_APP_SERVER_NAME, UI_BAKERY_WORKBENCH_PATH variables
To run UI Bakery under HTTPS, you need to setup additional subdomain for workbench (part of UI Bakery, where user apps can be securely rendered). In your DNS provider, configure the following records:
  • A or CNAME record with UI Bakery instance host
  • CNAME record for the workbench subdomain with the same host.
Then modify your environment variable with the following values:
1
UI_BAKERY_APP_SERVER_NAME=https://YOUR_DOMAIN
2
UI_BAKERY_WORKBENCH_PATH=https://workbench.YOUR_DOMAIN
3
UI_BAKERY_PORT=80
Copied!

Google OAuth setup

  1. 1.
    Create OAuth Client ID in Google developer console
    a. Create or choose an existing project.
    b. Click on “Create credentials”.
    c. Choose “OAuth Client ID”.
    d. Choose “Web Application” Application type.
    e. Specify http://localhost:3030 or UI_BAKERY_APP_SERVER_NAME for authorized javascript origin.
    f. Specify http://localhost:3030/auth/oauth2/callback or UI_BAKERY_APP_SERVER_NAME/auth/oauth2/callback for authorized redirect URLs.
    g. Click “Create”.
    h. Copy “Your Client ID”.
  2. 2.
    Provide UI_BAKERY_GOOGLE_CLIENT_ID=Your Client ID environment variable.
  3. 3.
    Provide UI_BAKERY_APP_SERVER_NAME=http(s)://youdomain.com environment variable in case you want to run UI Bakery on a custom domain/IP.
  4. 4.
    Run docker-compose up if you want to use the embedded database.
  5. 5.
    Or run docker-compose -f ./docker-compose-external-db.yml up with environment variables described in Running a standalone database instance above in case you want to use an external database.

SAML authentication setup

1. Configure your Identiry provider. In identity provider settings set Sign on URL and Reply URL to https://APP_LOCATION/api/auth/login/saml. Replace APP_LOCATION with UI Bakery instance URL. Configure name and role attributes. You can set claim name in identity provider settings or in UI Bakery env variables UI_BAKERY_SAML_NAME_CLAIM and UI_BAKERY_SAML_ROLE_CLAIM
2. Provide URL of your identity provider metadata and entity ID via following env variables:
1
UI_BAKERY_SAML_METADATA_URL=https://your.identityprovider.com/federationmetadata/2007-06/federationmetadata.xml.
2
UI_BAKERY_SAML_ENTITY_ID=http://appregestry.com/myapp/primary
Copied!
3. Set variable UI_BAKERY_SAML_ENABLED=true 4. You can add a role mapping from identity provider role to UI Bakery role via env variable:
1
UI_BAKERY_ROLE_MAPPING=identityRoleName->bakeryRoleName,identityRoleName2->bakeryRoleName2
Copied!
5. You can set variable UI_BAKERY_SAML_LOGIN_AUTO to true to enable automatical login. Any unauthorized user will be redirected to SAML login flow.

Other authentication settings

  1. 1.
    You can disable email authentication by providing the environment variable UI_BAKERY_GOOGLE_AUTH_ONLY=true
  2. 2.
    Provide UI_BAKERY_AUTH_RESTRICTED_DOMAIN=domain.com environment variable to restrict Google login only to the specified domain.

Limitations

  • Emails won’t be sent from the local instance, although the invitation system works in a way that any invited email can access the organization by creating an account.
  • Google Sheets connection requires additional setup if necessary.