readme.md 3.33 KB
Newer Older
1
2
3
# Prerequisites
On the machine this project is intended to run you need the following components:
* docker-compose command: It is used to startup the cluster of docker services the project consists of.
4
* A reverse proxy with vaild TLS Certificates connected to a specific domain. The cluster itself knows nothing about TLS. It containes a facade service with an http endpoint only, acting as gateway to the individual services. Most important for the demo is the root path (/) which will lead you to the webui for demo purposes.
5

6
7
8
9
# Howto Setup the project
The setup of the project consists of several steps.

## Configure POSeIDAS on your local machine
10
11
You can use the [configuration-wizard](#use-the-configuration-wizard) or use a pre configured [test configuration](#use-the-pre-configured-template).

Rene Lottes's avatar
Rene Lottes committed
12
### Use the configuration-wizard
Rene Lottes's avatar
Rene Lottes committed
13
14
15
16
To configure the POSeIDAS use the configuration-wizard. Start it with Java8: `java -jar poseidas-configuration/wizard.jar`. Open your browser at http://localhost:8080/config-wizard/ and follow the instructions.

During configuration make sure to use the default path `/opt/poseidas/database` for the database location. This path will be mounted as a volume to `./poseidas/db` for easy access to the database-file.

Rene Lottes's avatar
Rene Lottes committed
17
Save the created `POSeIDAS.xml` and `application.properties` to `./poseidas/config`. This path will be mounted as a volume to `/opt/poseidas/config`. The `eidasmiddleware.properties` is not needed.
Rene Lottes's avatar
Rene Lottes committed
18

Rene Lottes's avatar
Rene Lottes committed
19
20
21
22
### Use the pre configured template
In `./poseidas/config` is a pre configured template for testing purposes. It uses self-signed certificates as trust-anchors.

### Add terminal certificates
23
A emtpy database will be created at first startup. It must be filled after deployment, see [POSeIDAS Database](#POSeIDAS-Database).
24
25
26
27
28
29
30
31
32
33

## Deployment to the hosting server
To deploy the project to a server some preparations are needed first.  

### Edit config for docker-compose
Edit the `docker-compose.yml` file accourding to your environment:
* Replace `TARGET_PORT` with the port your reverse proxy is pointing to. This will be the port the facade will be available. The port should only be reachable form localhost , aka. the server itself.

### Edit config for the SSA service
Edit the `ssa/config/ssa-server.conf` file accourding to your environment:
34
* Replace `TARGET_DOMAIN` with the real domain of the project.
35
36
37

### Edit the deploy script
Edit the `deploy.sh` file accourding to your environment:
38
39
40
* Replace `TARGET_HOST` with the real host of the project.
* Replace `TARGET_USER` with the user for on the host.
* Replace `TARGET_DIR` with the path to the directory the deployment should go to on the host.
41
42
43

### Run the deploy script
Execute the `deploy.sh` script and check the startup of the services on the target host.
Rene Lottes's avatar
Rene Lottes committed
44

45
46
## EJBCA key setup script
Run the following command on the server while sitting in the projects directory:
47

48
49
50
51
52
```bash
docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
  docker cp reqesidta_ejbca:/opt/primekey/bin/p12/sam.docker.reqesidta.de.p12 sam/ && \
  docker-compose up -d --no-deps --build sam
```
Rene Lottes's avatar
Rene Lottes committed
53
54

### POSeIDAS Database
55
To setup the database, the docker container first must be stopped. The Database can be edited for example with [DBeaver](https://dbeaver.io/). Make sure to add the terminal certificate, private-key, sector-id and certificate-chain with the corresponding _REFID_ used in the config file (_CVCRefID_).