readme.md 2.74 KB
Newer Older
1
2
3
4
# Prerequisites
On the machine this project is intended to run you need the following components:
* docker-compose command: It is used to startup the cluster of docker services the project consists of.
* A reverse proxy with vaild TLS Certificates: The cluster itself knows nothing about TLS. It containes a facade service with an http endpoint only, acting as gateway to the individual services.
5

6
7
8
9
# Howto Setup the project
The setup of the project consists of several steps.

## Configure POSeIDAS on your local machine
Rene Lottes's avatar
Rene Lottes committed
10
### Use the configuration-wizard
Rene Lottes's avatar
Rene Lottes committed
11
To configure the POSeIDAS use the configuration-wizard. Start it with Java8: `java -jar poseidas-configuration/wizard.jar`. Open your browser at http://localhost:8080/config-wizard/ and follow the instructions.
12
13
14

During configuration make sure to use the default path `/opt/poseidas/database` for the database location. This path will be mounted as a volume to `./poseidas/db` for easy access to the database-file.

Rene Lottes's avatar
Rene Lottes committed
15
Save the created `POSeIDAS.xml` and `application.properties` to `./poseidas/config`. This path will be mounted as a volume to `/opt/poseidas/config`. The `eidasmiddleware.properties` is not needed.
16

Rene Lottes's avatar
Rene Lottes committed
17
18
19
20
### Use the pre configured template
In `./poseidas/config` is a pre configured template for testing purposes. It uses self-signed certificates as trust-anchors.

### Add terminal certificates
Rene Lottes's avatar
Rene Lottes committed
21
A emtpy database will be created at first startup. Further reading in [POSeIDAS Database](#POSeIDAS-Database)
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

## Deployment to the hosting server
To deploy the project to a server some preparations are needed first.  

### Edit config for docker-compose
Edit the `docker-compose.yml` file accourding to your environment:
* Replace `TARGET_PORT` with the port your reverse proxy is pointing to. This will be the port the facade will be available. The port should only be reachable form localhost , aka. the server itself.

### Edit config for the SSA service
Edit the `ssa/config/ssa-server.conf` file accourding to your environment:
* Replace `DOMAIN` with the real domain of the project.

### Edit the deploy script
Edit the `deploy.sh` file accourding to your environment:
* Replace `YOUR_HOST` with the real host of the project.
* Replace `YOUR_USER` with the user for on the host.
* Replace `YOUR_DIR` with the path to the directory the deployment should go to on the host.

### Run the deploy script
Execute the `deploy.sh` script and check the startup of the services on the target host.
42
43

### EJBCA key setup script
44
45
46

### POSeIDAS Database
To setup the database, the docker container first must be shut down. The Database can be edited for example with [DBeaver](https://dbeaver.io/). Make sure to add the terminal certificate, private-key, sector-id and certificate-chain with the corresponding _REFID_ used in the config file (_CVCRefID_).