Synkzone Organization
The Standard delivery is a docker compose based deployment of a Synkzone Organization using one VPS.
A Synkzone Organization is made up of a combination of components: main (primary organization), api (optional), web (optional) and scim (optional).
The components are distributed via the Synkzone registry: registry.synkzone.com
The installation package is distributed as zip.
Reference installation
The reference installation of the standard delivery is an example on how to set up and run a Synkzone Organization on a single VPS.
The installation requires:
VPS
1 vCPU, 4GB memory, 80GB storage
Ubuntu LTS 24.04
storage:
* main: 40GB (appdata=10GB, storage=30GB)
* api: 20GB (appdata=10GB, storage=10GB)
* bff: 20GB (appdata=10GB, storage=10GB)
Network:
The organization requires TLS passthrough routing (port 443).
For our reference installation, we use nginx in stream mode, with SNI-based routing to forward traffic based on the TLS hostname.
* External-ip:443 -> (nginx) -> VPS:38443 (organization)
* External-ip:443 -> (nginx) -> VPS:8443 (https web/api)
* External-ip:80 -> (nginx) -> VPS:80 (letsencrypt)
* SSH access to the VPS
Remote Storage using Safespring
docker
docker compose
nginx + certbot
Prerequisites
Docker Registry
Access to registry.synkzone.com is needed.
DNS
DNS entries for a Synkzone Organization need to be configured separately before deployment, see DNS.
Ingress and Certificates
The reference installation uses nginx and certbot to handle https traffic.
Network configuration
To enable communication with the organization, an external TCP port must be configured and made reachable.
Deploying a Synkzone Organization
Configuration explanation and requirements
- Name of the world: The name of the world the organization should belong to
- E.g.
world.synkzone.org
- E.g.
- Name of organization: The name of the organization, should be unique in the corresponding world. The name should be FQDN compliant
- E.g.
synkzone.se,internal.synkzone.se
- E.g.
- Main administrator(s) email: Email(s) that belong to the main administrator account, if several emails are used the list should be comma separated
- E.g.
admin.one@customer.com,admin.two@customer.com
- E.g.
- External IP: The IP address where the main component (primary organization) can be reached
- Port for organization: 443 (shared with https using nginx)
- UUIDs for each component: required for main (primary organization), and optionally for api and web if enabled.
- DNS records, see DNS
- Mail and SMTP settings, see Email
- Remote storage settings, see Remote storage
SCIM
If SCIM should be used for an organization to manage users, see separate documentation and instructions.
Installation/Configuration
unzip organization-$version.zip
See docs/INSTALLATION.md.
Main administrator
Main administrator account credentials need to be changed.
The initial value is located at ./main/appdata/admin.txt.
Backup requirements for Standard Delivery
The reference installation requires a complete VPS snapshot as backup.
Remove a Synkzone Organization
To remove a Synkzone Organization that should no longer be used, follow these steps:
- Stop all components
- Remove VPS
- Delete storage bucket belonging to the organization
-
Unregister organization on Synkzone World:
- Make sure instance property OrganizationMonitor is true (OrganizationMonitor=true, default true from release 3.11)
- Create a file: /appdata/removed_organizations (UTF-8 encoded)
- Add the organization name to the file on a single line. Multiple organizations in the same world can be removed at the same time by adding their names on separate lines.
- On the next restart of the world, the organization(s) will be removed
- When the organization is (or all organization specified in removed_organizations are) successfully removed, the file will be removed on the Synkzone World
Note that when the organization is removed, there's no way to restore it or its data.