Graphity - Collaborative Editing Server Setup

Overview

The collaboration feature requires a separate server application. For production use, we strongly recommend to host that server application yourself. Depending on your confluence platform and security requirements, several different configurations are possible. The server component is distributed in the following variants:

A standalone JAR
A Docker image
A Docker compose stack which includes an SSL terminating proxy

Requirements

For the standalone JAR: Java 8 or newer
For the docker image or the compose stack: A working docker setup
Optionally: The ability to open custom ports
Optionally: SSL certificates if you need to provide a secure endpoint
Optionally: A reverse proxy solution that can proxy websockets (e.g. Apache, NGINX...)
The exact hardware requirements depend on the number of simultaneous sessions. For small deployments, a low-end virtual server with one CPU and 512 MB ram will be sufficient. The server doesn't persist any data and thus can also run in diskless environments.

Note that a secure endpoint is required if you use Confluence Cloud.

Enable collaboration step by step

Decide on where to host the server and determine URL for the endpoint
Generate a collaboration server token in the admin page of Graphity in Confluence
Deploy and run the collaboration server with the generated token on the endpoint URL:
- If you use Confluence for DataCenter or Server and you don't need a secure endpoint, follow the Setup without SSL
- If you need a secure endpoint, follow the Setup with SSL. For Cloud, a secure endpoint is mandatory.
Enable the feature in the admin page of Graphity
Enter the endpoint URL to the running collaboration server
Press 'Apply' to save the settings
Page is reloaded and checks server reachability. If all is set up correctly, the indicator turns green.

Now the feature is enabled in Graphity. If multiple users edit the same diagram macro, collaboration starts automatically and is synchronized via the collaboration server.

Setup without SSL

In a setup without a secure endpoint, the Graphity client connects directly to a HTTP port on the collaboration server:

In this setup, Graphity might be configured like this:

Option 1: Use our Docker image

docker run -e SERVER_TOKEN=<TOKEN> -p 9093:9093 -d --restart unless-stopped yworksgmbh/graphity-collaboration-server

The following environment variables are available. Only SERVER_TOKEN must be set.

Variable	Meaning	Default	Required?
`SERVER_TOKEN`	Identification token from the Graphity admin page		Yes
`SERVER_PORT`	The port of the endpoint	9093	No
`SERVER_CONTEXT`	The path component of the endpoint URL	/graphity/rtc	No
`LOGLEVEL`	Verbosity of logging output. One of ALL, FINE, FINER, FINEST, INFO, WARNING, SEVERE, OFF.	WARNING	No

Option 2: Use the standalone JAR

java -jar graphity-collaboration-server-1.0.0.jar -t <TOKEN>

The following commandline options are available:

-c,--context <CONTEXT>       The context URL the server will listen on. Default value is /graphity/rtc.
-disableClientVerification   Disable verification of incoming client connections.
-f,--propertyFile <FILE>     Property file for all command line arguments.
-h,--help                    Print usage.
-i,--interface <INTERFACE>   Interface or hostname the server should listen on.
                             If not set, the server listens on all interfaces.
-keystoreLocation <KEYSTORE> The path to the Java keystore containing the SSL certificates if SSL is enabled.
-keystorePassword <PASSWORD> The password for the Java keystore containing the SSL certificates if SSL is enabled.
-l,--logLevel <LOGLEVEL>     The log level. Default ist WARNING.
-p,--port <PORT>             The port the server will listen on. Default value is 9093.
-q,--quiet                   Hide startup messages.
-s,--useSSL                  Enable SSL for this server.
-t,--serverToken <TOKEN>     The unique token that allows to verify incoming client connections.

Finalize the setup in Graphity

Setup with SSL

If you need to provide a secure endpoint, you have these basic options:

Terminate the SSL connection at an existing reverse proxy that communicates with the collaboration server unencrypted on the same machine or a secure network.
Use our Docker compose stack which includes an SSL terminating proxy or create your own docker stack.
Terminate the SSL connection directly at the collaboration server.

You can also combine these options if the proxy and the collaboration server need to communicate over an insecure network.

Option 1: Integration with an existing reverse proxy solution

In this setup, the Graphity client connects directly to a HTTPS port on the reverse proxy, which then communicates with the collaboration server:

Configuration with SSL and reverse proxy

In this setup, Graphity might be configured like this:

Client configuration with SSL and reverse proxy

First, set up the collaboration server without encryption, as described here: Setup without SSL

Then, configure the reverse proxy to forward requests to the collaboration server:

Sample setup for Apache 2.4:

You will need to enable the following Apache modules (if they are not already enabled):

mod_proxy
mod_proxy_http
proxy_wstunnel
mod_rewrite

In your virtual host definition, you need these directives:

ProxyRequests Off ProxyPreserveHost On

ProxyPass "/graphity/rtc" "http://127.0.0.1:9093/graphity/rtc"

<Location /graphity/rtc>
  Require all granted
  RewriteEngine on
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
  RewriteRule .* ws://127.0.0.1:9093%{REQUEST_URI} [P]
</Location>

Sample setup for NGINX:

location /graphity/rtc {
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass http://localhost:9093//graphity/rtc;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
}

Option 2: Use our Docker compose stack

Clone our git repository:

git clone https://github.com/yWorks/graphity-collaboration-server

Make necessary adjustments to docker-compose.yml. At the very least, you need to provide the correct server token and the hostname where the clients can reach the collaboration server.

Place the certificates in proxy/volumes/certs. They should be named <myserver>.crt for the certificate and <myserver>.key for the private key.

The proxy component of the stack is based on jwilder/nginx-proxy. Consult the documentation there for more advanced scenarios or if you want to create your own compose setup.

Start the stack:

docker-compose up

Option 3: Terminate the SSL connection at the collaboration server

In this setup, the Graphity client connects directly to a HTTPS port on the collaboration server:

In this setup, Graphity might be configured like this:

First, you need to create a Java keystore containing the certificates. Please refer to the Java keytool documentation.

The resulting keystore must contain only one certificate pair, and you must use the same password for the private key and the store itself.

Run the collaboration server with SSL enabled:

java -jar graphity-collaboration-server-1.0.0.jar -t <TOKEN> -keystoreLocation myserver.keystore -keystorePassword changeit -s

(See all command line options here)

Finalize the setup in Graphity

Documentation

Collaborative Editing Server Setup

Quickstart Guide for hosting your own collaboration server instance

Overview

Requirements

Enable collaboration step by step

Setup without SSL

Option 1: Use our Docker image

Option 2: Use the standalone JAR

Setup with SSL

Option 1: Integration with an existing reverse proxy solution

Option 2: Use our Docker compose stack

Option 3: Terminate the SSL connection at the collaboration server