Skip to Content
EnterpriseAdministrationSelf-Hosted Portal

Self-Hosted Portal

The self-hosted Customer Portal is a React SPA (frontend) backed by Azure Functions (API). This page covers ongoing operational tasks.

Health Checks

The Function App exposes a health endpoint:

GET /v1/system/health

Returns 200 OK with a JSON status payload when the API and database are reachable. Returns 503 Service Unavailable if any dependency is unhealthy. Configure your load balancer or Azure Health Check probe to call this endpoint every 30 seconds.

Monitoring

  • Configure Application Insights using APPLICATIONINSIGHTS_CONNECTION_STRING in both Function Apps
  • Set up an availability test in Application Insights targeting /v1/system/health
  • Monitor the following key metrics:
    • http_requests_duration_ms — API latency
    • commitment_queue_depth — unsynced session hashes (LocalFirst mode)
    • failed_requests — HTTP 5xx rate

Scaling

The Function Apps on the Flex Consumption plan autoscale. For predictable high-volume workloads, switch to a Premium EP1/EP2 plan for:

  • Pre-warmed instances (no cold start)
  • VNet integration (if your PostgreSQL is in a VNet)
  • Longer timeout support (up to 60 minutes)

Certificate Management

If you serve the portal frontend on a custom domain:

  • Use Azure App Service Managed Certificates for automatic renewal (free)
  • Or provision a certificate from your organization’s CA and upload it to the Static Web App / App Service

Ensure your custom domain DNS record points to the Azure Static Web Apps or CDN endpoint, not to an IP address (IP-based DNS is not stable for Azure Static Web Apps).

Backup and Disaster Recovery

ResourceRecommended backup strategy
PostgreSQL databaseEnable geo-redundant backups with 35-day retention; test PITR monthly
Azure Key Vault pepper keyStore a copy of the pepper key in a separate offline vault per your organization’s key management policy
Deployment config signing keyBack up to a secure offline location alongside the pepper key
deployment-config.jsonStore in your CI/CD artifact store (this file is not secret — it is signed but public)

The one thing that cannot be restored from a backup is a deliberately destroyed pepper key. If the pepper key is lost and you have not backed it up, all encrypted session data is permanently unrecoverable.

Updating the Portal

See the Upgrade Guide for procedures to update the Function App and frontend to new Veriproof releases.

Resetting the Portal Admin Account

If the last CustomerAdmin account is locked out:

  1. Connect directly to your PostgreSQL database with a DBA account
  2. Reset the user’s password hash in the veriproof_customer.users table (using bcrypt)
  3. Alternatively, insert a new user record directly with the CustomerAdmin role

Always document this procedure in your organization’s break-glass runbook and restrict DBA access to your PostgreSQL instance to authorized personnel only.

Last updated on
Enterprise AdministrationUser Management