Pre-requisites

Before you install the Online Notes system, you will need the following:

  • A capable server with modern hardware and software.
  • Available ports 80 and 443 for HTTP and HTTPS traffic.
  • 3 DNS A records pointing to the server’s IP address.
  • A Google Cloud project with billing and Cloud Translation API enabled.
  • An OAuth2 client with accompanying credentials from the University of Ljubljana Identity Provider.
  • Either a self-hosted SMTP server or a managed service like SendGrid/Mailgun, etc., with a valid email address.
  • An email address to provide to Let’s Encrypt for SSL certificate generation. This email address will be used for renewal notifications. Documentation

Provided by the ON team:

  • Access to the docker registry for pulling the required images from $REGISTRY_URL with stored credentials in your credentials store (e.g. $HOME/.docker/config.json)
  • Access to the minio bucket for downloading the required models (PnC and Kaldi): $MINIO_HOST, $MINIO_ACCESS_KEY, $MINIO_SECRET_KEY.

Server requirements

Minimum requirements for the server:

  • 16 GB of RAM
  • 4 CPU cores
  • 140 GB of disk space
    • 50 GB for containers images
    • 5GB for the neural network models
    • 10GB for metrics and logs
    • 75GB for the database and stored audio. Note that 75GB can get quickly filled up in a production environment. Monitor the disk space usage and adjust the storage accordingly.
  • An nVidia GPU with TODO: Jernej Cvek / Speech team of VRAM

Software:

  • bash compatible shell
  • docker version 27.3 or later. This ensures compatibility with more recent syntax used in docker compose files.
  • nvidia-container-toolkit. This is required for running the PnC service on the GPU.
  • htpasswd for generating Traefik dashboard credentials.

DNS records

You will need to set up three DNS A records pointing to the server’s IP address. Some examples:

  • Main on.example.com for the main application (all frontends services and API services).
  • Keycloak on-auth.example.com for the authentication flow and redirects.
  • Managment on-management.example.com for the management interface (system administration).

While the main and management interfaces can be the same, it is recommended to separate them for security reasons and to avoid potential conflicts.

Google translate API

You need to acquire a GoogleTranslation.json file that contains the credentials for the Google Cloud project. The file should look like this:

{
  "type": "service_account",
  "project_id": "",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY-----\n ..... \n-----END PRIVATE KEY-----\n",
  "client_email": "",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/...."
}

To acquire the GoogleTranslation.json file, start by creating a Google Cloud project. Go to the Google Cloud Console, click on the project drop-down, and select “New Project.” Name your project and click “Create.”

Next, enable billing by navigating to “Billing” in the Google Cloud Console and linking your billing account to your project. Then, enable the Cloud Translation API by going to “APIs & Services” > “Library,” searching for “Cloud Translation API,” and clicking “Enable.”

Create a service account by going to “APIs & Services” > “Credentials” in the Google Cloud Console. Click on “Create Credentials” and select “Service account.” Fill in the service account details and click “Create.” After creating the service account, grant it access to the project by selecting the “Project” role and choosing “Owner” or another appropriate role.

To create and download the JSON key, click on the service account email, go to the “Keys” tab, and click on “Add Key” > “Create New Key.” Choose “JSON” and click “Create” to download the file automatically.

Finally, save the downloaded GoogleTranslation.json file securely. This file will be used to authenticate the Main backend service with the Google Cloud project.

University of Ljubljana IDP

Guide on how to acquire OAuth2 client credentials from the University of Ljubljana Identity Provider…

TODO: Jernej Cvek

SMTP server

Before configuring the system, you will need to have the following SMTP configuration details:

  • Hostname
  • Port
  • Username
  • Password
  • Verified email address like no-reply@on.example.com
  • TLS/SSL settings

Recommended services: