How to run LUY

Running LUY on-premise requires a Docker-ready environment and a relational database. Specific details can be found here: Prerequisites

Reach out to our LUY Support to obtain a ready-made Docker Compose file, complete with sample configuration properties and credentials to pull the image from our repository.

In the aforementioned compose.yml file, configure credentials for your database setup and authentication method in order to start LUY.
Additional settings can be configured using property files, which are mounted within the Docker container by specifying them in the volumes section.

The mapped local files and folders must have write and execute permissions for user 1001, as the Tomcat inside the Docker container runs under this user.

LUY database configuration

Credentials for the used database, along with the corresponding JDBC driver must be specified in the compose.yml file.

See here on how to prepare a database for LUY: Set up database schemes with docker
To connect to the database, a JDBC connector library needs to be specified in the docker compose file:

CODE

      # Replace [jdbc connector] below with the actual name of your JDBC connector jar file
      # Do not change the name on the right, this might break the instance
	  - ./[jdbc-connector].jar:/usr/local/tomcat/lib/jdbc-connector.jar

Database parameters

Here are sample pre-configurations for the database types LUY supports:

MYSQL

In our example, the IP address of the database is '192.168.1.100' with port '3306' and it has the name 'luy_76' and for iTurm 'iturm_76'.

CODE

  # LUY database configuration
  - LUY_DATASOURCE_DRIVERCLASSNAME=com.mysql.cj.jdbc.Driver
  - LUY_DATASOURCE_URL=jdbc:mysql://192.168.1.100:3306/luy_76
  - LUY_DATASOURCE_USERNAME=Username
  - LUY_DATASOURCE_PASSWORD=Password

  # iTurm database configuration
  - ITURM_DATASOURCE_DRIVERCLASSNAME=com.mysql.cj.jdbc.Driver
  - ITURM_DATASOURCE_URL=jdbc:mysql://192.168.1.100:3306/iturm_76
  - ITURM_DATASOURCE_USERNAME=Username
  - ITURM_DATASOURCE_PASSWORD=Password

MSSQL

In our example, the IP Address of the database is '192.168.1.100' with port '1433' and it has the name 'luy_76' and for iTurm 'iturm_76'.

CODE

  # LUY database configuration
  - LUY_DATASOURCE_DRIVERCLASSNAME=com.microsoft.sqlserver.jdbc.SQLServerDriver
  - LUY_DATASOURCE_URL=jdbc:sqlserver://192.168.1.100:1433;databasename=luy_76
  - LUY_DATASOURCE_USERNAME=Username
  - LUY_DATASOURCE_PASSWORD=Password

  # iTurm database configuration
  - ITURM_DATASOURCE_DRIVERCLASSNAME=com.microsoft.sqlserver.jdbc.SQLServerDriver
  - ITURM_DATASOURCE_URL=jdbc:sqlserver://192.168.1.100:1433;databasename=iturm_76
  - ITURM_DATASOURCE_USERNAME=Username
  - ITURM_DATASOURCE_PASSWORD=Password

Authentication methods

The provided LUY Docker zip file includes pre-configuration files for each authentication method, available in the config folder. Ensuring that different authentication mechanisms are readily accessible and easily configurable.

iTurm

The authentication scheme iTurm can be configured as follows:

CODE

    # Authentication method. Possible values are: iturm, ldap, ldap-pre-auth, saml2
    - LUY_AUTH_SCHEME=iturm

Configure and mount luy_iturm_properties.yml to start LUY with “iTurm”:

CODE

      # Custom LUY properties
      # YAML file used to configure LUY properties according to the set authentication method (LUY_AUTH_SCHEME)
      - ./config/luy-iturm-properties.yml:/var/luy/conf/luy.yml

In the luy-iturm-properties.yml file default property values are used.

The default length of passwords ('min-length')

YAML

  # Password policy settings for users created in iturm.
  password:
    min-length: 8

More information on iTurm can be found here.

SAML2

The authentication scheme SAML2 can be configured as follows:

CODE

    # Authentication method. Possible values are: iturm, ldap, ldap-pre-auth, saml2
    - LUY_AUTH_SCHEME=saml2

Configure and mount the luy_saml_properties.yml to start LUY with “SAML2”:

CODE

# Custom LUY properties
      # YAML file used to configure LUY properties according to the set authentication method (LUY_AUTH_SCHEME)
      - ./config/luy-saml2-properties.yml:/var/luy/conf/luy.yml

More information and settings of SAML2 can be found here.

LDAP/S

The authentication scheme LDAP/S can be configured as follows:

CODE

    # Authentication method. Possible values are: iturm, ldap, ldap-pre-auth, saml2
    - LUY_AUTH_SCHEME=ldap

Configure and mount the luy_ldap_properties.yml to start LUY with “LDAP/S”:

CODE

      # Custom LUY properties
      # YAML file used to configure LUY properties according to the set authentication method (LUY_AUTH_SCHEME)
      - ./config/luy-ldap-properties.yml:/var/luy/conf/luy.yml

More information on LDAP/S and settings can be found here.

LDAP Pre Auth (LDAP SSO)

The authentication scheme LDAP Pre Auth can be configured as follows:

CODE

      # Authentication method. Possible values are: iturm, ldap, ldap-pre-auth, saml2
      - LUY_AUTH_SCHEME=ldap-pre-auth

Configure and mount the luy_ldap_pre_properties.yml to start LUY with “LDAP Pre Auth (LDAP SSO)”:

CODE

      # Custom LUY properties
      # YAML file used to configure LUY properties according to the set authentication method (LUY_AUTH_SCHEME)
      - ./config/luy-ldap-pre-auth-properties.yml:/var/luy/conf/luy.yml

More information on LDAP Pre Auth (LDAP SSO) and settings can be found here.

LUY parameters

The included LUY property files offer additional configuration options for mailing, secure sessions and more.

Mailing configuration

Notifications over email can be enabled by uncommenting the relevant lines in the property file and configuring the SMPT-Server details.

`enabled:`	Set to true to enable mailing, false to disable
`from:`	Email sender address
`host:`	SMTP server in use
`port:`	Port of the SMTP server
`username:`	Email account login
`password:`	Email account password
`ssl-enabled:`	Set to true to enable SSL
`starttls-enabled`:	Set to true to enable STARTTLS

Example for mailing configuration

CODE

  # Mailing configuration. If mailing is enabled, make sure all properties are configured.
  notification:
    mail:
      enabled: true
      from: notification@luy.app
      smtp: 
        host: smtp.adress.com
        port: 587
        username: username
        password: password
        ssl-enabled: false
        starttls-enabled: true

Log configuration

The log4j2 configuration is automatically set up and pre-configured by default. Logs will be written outside of the container in the logs folder. However, if adjustments are needed, the log levels can be modified in the log4j2 configuration file. Our LUY support team is available to assist if any modifications are necessary.

Secure session cookie setting

To enable or disable secure session cookie configuration, set the parameter to either true or false.

csrf-protection-enabled:

Set to true so that the session cookie has the property "secure". The default value is false.

For details on how to use secure session cookies, please refer to the documentation provided here.

Session timeout setting

To adjust the session timeout for LUY, specify the desired duration for the session timeout.

timeout:

Set the LUY session timeout duration to
e.g., 15m for a 15-minute timeout.

Setting a high session timeout duration may adversely affect performance. In cases where the timeout is excessively long, it could lead to degradation in system performance and, in the worst-case scenario, cause the instance to crash.

Base URL

Must be configured to start LUY!

It is required to set the web address through which LUY is accessible. This is used to link externally shared reports and diagrams in emails and bookmarks.

base-url:

Set the used URL for your LUY instance, e.g.
https://localhost:8066/

Force HTTPS

To enforce the use of HTTPS within the container, use the following parameter:

require-secure-channel:

When set to false, LUY will accept both unsecured and secured connections. If the value is set to true, LUY will only accept HTTPS connections.

For general troubleshooting take a look at Docker troubleshooting