STRAP User Guide
A user guide for ARCsoft’s STRAP deployment application.
Introduction
The Simplified Technologies for Research Applications Platform (STRAP) is a web application deployment platform developed by ARCsoft that handles the infrastructure complexity of deploying research applications. STRAP takes care of authentication, database provisioning, container hosting, TLS certificates, and more—so you can focus on building your research software instead of managing infrastructure.
Platform Goals
STRAP aims to:
- Lower barriers to deployment: Researchers can deliver data and analysis portals without deep infrastructure knowledge
- Provide enterprise-grade infrastructure: Leverage professional computing and storage infrastructure, identity providers, and database services
- Enhance security and compliance: Built-in authentication, TLS encryption, and vulnerability scanning
- Increase convenience: Automated provisioning and management of common application components
Architecture Overview
STRAP is built on enterprise open-source technologies and consists of several layers. A more detailed overview is available at the STRAP project page:
Infrastructure Layer
- Database service: PostgreSQL database server for persistent data storage
- OpenStack cloud: an open-source cloud solution in which most of the components reside
- Authentication service: Keycloak instance that proxies authentication to multiple identity providers
- Container orchestration: Ubernetes (an opinionated Kubernetes deployment) for running containerized applications
Middleware Services
Inside the container orchestration platform, STRAP provides:
- Ingress and TLS termination: Automatic HTTPS certificate provisioning and management
- Routing: Traffic routing to your application containers
- Authentication forwarding: User identity information passed to your application
- Private image registry: Secure container image storage via Harbor, with automated vulnerability scanning
- Message queue service: RabbitMQ for asynchronous task processing
Services Provided by STRAP
Database Service
STRAP provisions a PostgreSQL database instance for your application. You will have the option to use the PostgreSQL database or just use your own, during the deployment process.
Database connection details are provided to your application via environment variables. STRAP provides preset database variables that you can reference in your container’s runtime command or environment variables:
#POSTGRES_DB#
#POSTGRES_USER#
#POSTGRES_PASSWORD#
#POSTGRES_HOST#
When you type # in the environment variables or runtime command fields, STRAP will auto-suggest these preset variables. At deployment time, STRAP automatically replaces these placeholders with the actual connection details for your provisioned database.
Example usage in environment variables:
DB_PASSWORD=#POSTGRES_PASSWORD#
Note: MySQL support is planned for future releases.
Authentication Service
STRAP uses Keycloak as an authentication proxy, supporting:
- UVic identity: Authentication via University of Victoria credentials using UVic single sign-on (same as other UVic services)
- Social identity providers: Google, GitHub, and GitLab
- No authentication: For public applications or custom authentication implementations
When authentication is enabled, STRAP handles:
- User login and session management
- Secure token management
Container Image Registry
STRAP provides a private image registry via Harbor that:
- Stores your application container images securely
- Automatically scans images for security vulnerabilities
- Requires authentication to push images
- Integrates seamlessly with the deployment process
TLS and DNS
STRAP automatically provisions:
- DNS entries under the
example.comdomain - TLS certificates for secure HTTPS connections
- Certificate renewal and management
Message Queue Service
RabbitMQ is available for applications requiring asynchronous processing, background jobs, or inter-service communication. A primary use case for this is to offload resource-intensive processing to a container separate from the main web application.
Logging
Application and deployment logs are automatically collected and made available for debugging and monitoring through the STRAP interface.
Application Requirements and Conventions
To work with STRAP, your application must follow these conventions:
1. Containerization
Your application must be packaged as a Docker container image. The container should:
- Expose a single HTTP port (default is port 80, but configurable)
- Run as user ID 1000 (ensure file permissions accommodate this)
- Be pushed to the STRAP image registry (instructions are available in the deployment wizard)
2. Authentication Headers
When authentication is enabled, STRAP automatically forwards user identity information to your application via HTTP headers:
X-Forwarded-User: Contains the authenticated user’s email addressX-Forwarded-Id-Token: Contains a JWT token with detailed user information
Your application should read these headers to identify the current user and retrieve their information. This happens automatically—you don’t need to configure anything in STRAP for this forwarding to occur.
3. Route Configuration
Your application must define which routes require authentication:
- Authenticated routes: Paths that require user login (e.g.,
/dashboard,/api/user) - Unauthenticated routes: Paths accessible without login (e.g.,
/,/public,/about)
Routes are specified as URL paths.
4. Database Connection
Your application should read database connection details from the environment variables you configure using STRAP’s preset variables (see Database Service section above). STRAP automatically replaces the #VARIABLE# placeholders with actual values at deployment time. These preset variables can also be used in your container’s runtime command.
5. Environment Variables
Additional configuration can be passed to your application via environment variables, either by:
- Adding individual variables through the deployment wizard
- Importing a
.envfile with multiple variables
6. Runtime Commands
You can specify custom runtime commands for your containers to override the default container entry point. Use STRAP’s preset variables (like #POSTGRES_DB#) in these commands, and they will be automatically replaced with actual values.
DNS and Custom Domains
Default Domain
Applications deployed on STRAP are automatically assigned a URL following this pattern:
<your-identifier>.example.com
Where <your-identifier> is a short, unique name (3-16 characters) you choose during deployment. The example.com domain is configurable for the platform instance. All applications on an instance will have the same default domain.
Custom Domains (coming soon!)
Custom domains are available with STRAP. If you have access to the DNS records governing your domain, map the desired domain to the application’s default domain using a CNAME record. Once activated, this record will direct web traffic to the same destination.
STRAP will manage TLS certificates for custom domains.
For UVic domains or if you need assistance with DNS configuration, please contact the ARCsoft team.
IP Access Restrictions
STRAP allows you to restrict access to your application by IP address or network range. Choose from:
- World-wide accessible: Your app can be accessed from any IP address
- Limited access: Restrict to specific IP addresses or network ranges
This is useful for internal tools or applications with sensitive data.
Deployment Workflow
The deployment process follows these steps:
- Basics: Define your application identifier, name, and description
- Authentication: Choose authentication type and configure routes
- Database: Select database type (currently PostgreSQL or None)
- Image Registry: STRAP provisions a registry project and provides credentials and instructions for pushing your container images. Once your images are pushed to the registry, you can proceed to the next steps.
- Containers: Configure your main container, exposed port, and optional additional containers
- Review: Verify all settings and deploy
Once deployed, STRAP provisions all resources and provides you with:
- Your application URL
- Database credentials
- Image registry credentials
- Deployment status and the ability to terminate and redeploy
You can use the Wizard (accessible by the “+” button on the main page) for a simple and guided deployment process.
Advanced Configurations
Multiple Containers
Applications can deploy multiple containers that work together. Each app must have exactly one main container, and all routes direct to the main container by default unless specified otherwise.
Logout Callback
If your application needs to perform cleanup when users log out, you can specify a logout callback path. The authentication service will send a POST request to this path with a JWT containing session details whenever a user logs out.
Example: /webhook/logout
Terminal Access
STRAP provides terminal access to your deployed containers for debugging and monitoring, if your container image includes a shell or some user environment supporting terminal connections.
Access the terminal feature through the STRAP interface to interact with your running applications.
Note: For security reasons, some container images are built without shells (such as distroless images). Terminal access will not be available for these containers.
Resources
Application Starters
The ARCsoft team provides starter templates and example applications to help you get started quickly with common application frameworks. These templates include pre-configured authentication handling, database connections, and best practices for working with STRAP’s services.
Getting Started
STRAP is currently in the alpha stage. If you’re interested in deploying an application on STRAP:
- Contact the ARCsoft team for access and create an account
- Prepare your application as a Docker container
- Follow the deployment wizard in the STRAP interface
- Push your container images to the provided registry
- Deploy and access your application
Support
For questions, issues, or feature requests, please contact the ARCsoft team at University of Victoria.
This guide is a living document and will be updated as STRAP evolves and new features are added.