What it takes to run Toucan
Toucan Toco is a web application built “cloud first” : our Docker images are very easy to use self-hosted as long as you are used to running web services.
Toucan Toco Docker images are used in our own cloud deployments hundreds of times a day. That being said, we know that not every organisation we work with is used to web services technologies and Docker, this is why we provide our partners and technical points of contact with a Toucan Toco installer certification. This certification is delivered after a day of training (2x4h) where trainees get to install Toucan Toco several times with different settings for various use cases.
Please contact your Toucan Toco sales representative to organise this training. If you do not have resources to spare for this, we will put you in contact with our certified partners. We also provide a self assessment form to determine your level of familiarity with the Toucan Toco stack and deployment environment.
You can distinguish the requirements for the backend part (cf. the Toucan Toco Docker image) and the data part (cf. the Mongo service) and their sizing should be directly related to your usage:
- CPU: depends on the maximum number of users connected at the same time, the complexity of the preprocessing scripts, whether or not all services are hosted on the same server…
- Memory: depends on the size of all data that will be stored directly in Toucan Toco with each data update (our recommendation is three times this amount to allow indexing and preprocessing scripts to pivot and compute extra data)
- Storage: a typical installation uses around 3GB, but additional space for the database, data sources files and assets should be planned
For single projects where all services are hosted on the same server, our recommendation and typical configuration are:
- CPU: Intel® Xeon® E3 1245 v5 (4C/8T @3.5 Ghz)
- Memory: 32 GB DDR4 ECC
- Storage: 250 GB SSD
Of course our support team could help you estimate the right sizing according to your data and future usage.
Please note the hardware requirements needed by the frontend part are insignificant since it is only a few static HTML CSS and JS files.
You will only need to install Docker, that’s all.
Please refer to the official documentation to know how to install and exploit Docker in your environment.
All the Toucan Toco Docker images are hosted on the official Quay.io registry, we don’t use any other registry.
To be able to retrieve and pull the Toucan Toco Docker images, you will need to have access to this registry.
We will hence need your Quay.io ID to grant you the privileges to do it.
Moreover please give us an email address we could use to inform you about latest releases or security issues.
It is common for Toucan Toco apps to be based on flat files, uploaded using our built-in “Data Source” interface.
To be able to persist these files from one deployment to the next, you
need to share data between the container and its host by mounting a
volume at the
/app/storage location in the backend container. It’s
the user with UID 1000 and GID 1000 who writes data in
so please adapt the permissions of the mounted volume accordingly.
Please also note, if you use the Mongo Docker image as your DB backend,
you will also need to mount a volume to persist the data… and it’s
mandatory! The volume should be mounted as
/data/db and should be
writeable by the user with UID 999. More details are available on the
official Mongo Docker image page.
To be able to reach the Toucan Toco backend and frontend, you will need to have 2 DNS that resolve the nodes where you will install the stack.
- toucantoco.example.com -> resolves to the frontend server
- api-toucantoco.example.com -> resolves to the backend server
Even if the frontend and the backend are hosted on the same node, we strongly recommend to use virtual hosting to expose each part at a specific URL.
The following requirements are not necessary to run the Toucan Toco stack.
However, they could be mandatory to enable specific features or are highly recommended for security reasons.
Please note that the Toucan Toco Docker images expose an HTTP service, which is not over SSL: incoming HTTP traffic should not be encrypted.
Even if it’s not mandatory we strongly recommend setting an SSL reverse proxy ahead of the Toucan Toco containers to encrypt all incoming HTTP requests.
Here’s an idea of an implementation you can use:
Thus you can only expose the HTTP port of the container to the reverse proxy according to your rules and your security policies.
The FAQ provides an example implementation using Caddy as the TLS termination proxy.
Features with Screenshots¶
Features depending on screenshots (like the Annotate and Share) are
based on another service provided by a dedicated container called
The image is also available on the Quay.io Registry: quay.io/toucantoco/screenshot.
This container only needs to expose its HTTP API (listening on port 3000) to the Toucan Toco backend container:
This feature relies on a headless browser that will go to the app’s url, hence it requires that the stack’s domain names are fully configured and resolvable from within the screenshot container.