Commit 2bb3d3ea authored by Tobias Assmann's avatar Tobias Assmann
Browse files

rm old stage stuff, reworked deploy stuff and readme

parent 34e84461
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
<ServerUrl>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware</ServerUrl>
<sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>500</sessionMaxPendingRequests>
<TimerConfiguration>
<certRenewal length="2" unit="11"/>
<blacklistRenewal length="2" unit="11"/>
<masterAndDefectListRenewal length="2" unit="11"/>
</TimerConfiguration>
<ServiceProvider entityID="providerA" enabled="true">
<EPAConnectorConfiguration updateCVC="false">
<!-- refID of the devDB from 001-->
<CVCRefID>ecsec</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<blackListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</blackListTrustAnchor>
<masterListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</masterListTrustAnchor>
<defectListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</defectListTrustAnchor>
<policyImplementationId>govDvca</policyImplementationId>
<sslKeys id="default">
<serverCertificate>MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI</serverCertificate>
<clientCertificate>MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS</clientCertificate>
<clientKey>MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPl8HZGWC0btxLbblFPPoWLGhIYop0RJ1lNoYzb9+BgBiVdFrdJHyuHEurmxtmYKOZdTlo973I471Bq/HxgLmROLWAhzhv7NVTb9Wv9dkbCOWhRTdupUKAhaFqpzcS+TOdpKy/dhsFJ5L1CVcMmQZVP6qn1EDiDZfjtq4APaTpdGmuBdei5uKYZ8imzCywhs+ARY/DZRsGe6EIVEcPRiDVjagtPAr1nUho2n7t2+C3w+yR+z1qU8HbjH7R+IFzkFdTMpIIsbB4hMaRAqFM5cKZkM7rtoRsJ2VymYJAm5mlL74CWIUyCvXZrEEzbbm5/jC+a0LLEj2M/Ud3NO6zz7W3AgMBAAECggEADd7IaMkyy8DP1EmyWXzKWDqYWc8dDB6yMNs0mpw3dU90lQvPWbuV3wuXR2cs11Qj/4gJvB3iyYOPQiOLHgU+oNmGpbNN4zXnnP8PFTDaft1t0QQvFiP8Q6+/X2u+bh9GF8WIdfRzYrlIWY9JsyxISYrgS/1ju8GHwVhpMNftkbGC4Zn5WnjidImG4aWz20q3GiOqirzayIJZny6a9ch4FuDi+4meuc9qAtGR6xpkRAfxirdYDSgS3P/+Y+0kPAgA1SZXmmsrGsTgoeuKl8HusVRzKCfeQqt0vTKcTUhGP0EEoyA0nC6QH6+Pklqu1wtTQ59RevC6M6rqrG4E5WCEaQKBgQDrHcQ9HoCjPp8Qf5L8dRHbKClb64gBuPyDfJ4tpVvpHHCIf9NTcJ0CBC/5ikoVrzrSwlJvGYtHgxZI+EYzn0MCFC6dxvkHeJA/bylwgw7942KzB4ieQdsmQNnLs/9nTdk06yRNkOMX4GUwQArThWsXiNeByibax4nA1GD/yptLyQKBgQDiCCSqwOoMA9Wsdc110rdQ9Uq6f78Tq0N0uNddvnxh/bY6JWYDHck+EXBvEz4cY6NTtaFqCCoophvrqllryBHEYB/ienual6N+e1XfPoUeLwtOAeqBfVd6IraSyS7jdA6fYErAMjFFgcwr6rqIpDW8AzJZNPCAteSmx7xr+rC1fwKBgGwcQNr1xqLJrayRbM4HKtHCMtpggCaCoCH50GYezhdvi1NIq6yHcLq3oDO3Yf98lqjIz8zkSwX0AfBFsUoVZmNzUkgccO/9gR6aB80DhoY54218/lX+5D0/vqYLO1qOEl1h7kx4XePhu8Wm/RNsGuU0eBvnD1y0OeRgA8Y6rJP5AoGAIdnkW+pOYwREAPMXlTi8mZRS38F4BWMV1CpGntSDXk2X9/dX4smYNQJ5mzj/iVLmyAegp/eXEMVn0xCNGdY5yvY2cD21uz5QjwW7o5aCazXSdJlW3JPAARunyi31Jr1f30CVkVkzBdzdjgo2a3ZkUccMyE1kY3JaTxwEvQsrYdMCgYEArObZilqguFcSPJ/NS4/LxT/XoMWYK7My+5Fpyd+HQchVG/ZDLC+GAhwjhylvSwmXEnJgCEggE1OlfyRqwHi4m2yOFupI4P5jd4kBcm1kM6j/MC/pvCHBu+XJ2/MM2kjqwunsVZt0M3frZ0g6T1LSW0bRC8p2Q4B1jHnmJp7Q8PU=</clientKey>
</sslKeys>
<terminalAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ta-service</url>
</terminalAuthService>
<restrictedIdService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ri-service</url>
</restrictedIdService>
<passiveAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/pa-service</url>
</passiveAuthService>
<dvcaCertDescriptionService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
</EPAConnectorConfiguration>
</ServiceProvider>
<SAMConfig url="http://reqesidta_sam:8080/"></SAMConfig>
</CoreConfiguration>
#!/bin/bash
#
# deployment script for reqesidta eid-server project
# michael rauh, tobias assmann
# tobias.assmann@ecsec.de
#
# This file acts as a template for creating a deploy script
# for a specific target environment. Please setup the env vars
# accourding to your needs:
#
# the target host of the deployment
HOST=YOUR_HOST
# the user on the target host used to copy the files there and run the project
USER=YOUR_USER
USER=TARGET_USER
# the target host of the deployment
HOST=TARGET_HOST
# the directory on the target host where to put the project
DIR=YOUR_DIR
DIR=TARGET_DIR
#
#######################################################################################
echo "check for correct replacement ..."
! grep TARGET_ ./docker-compose.yml || { echo >&2 "Found text to be replaced in docker-compose.yml. Aborting."; exit 1; }
! grep TARGET_ ./ssa/config/ssa-server.conf || { echo >&2 "Found text to be replaced in ssa-server.conf. Aborting."; exit 1; }
! test $HOST = "TARGET_HOST" || { echo >&2 "Found text TARGET_HOST to be replaced in deploy.sh. Aborting."; exit 1; }
! test $USER = "TARGET_USER" || { echo >&2 "Found text TARGET_USER to be replaced in deploy.sh. Aborting."; exit 1; }
! test $DIR = "TARGET_DIR" || { echo >&2 "Found text TARGET_DIR be replaced in deploy.sh. Aborting."; exit 1; }
echo "check target environment ..."
ssh $USER@$HOST "cd $DIR >/dev/null 2>&1" || { echo >&2 "Could not reach $DIR as user $USER on $HOST Aborting."; exit 1; }
echo "check for needed commands ..."
command -v rsync >/dev/null 2>&1 || { echo >&2 "rsync is needed on localhost but it's not installed. Aborting."; exit 1; }
command -v ssh >/dev/null 2>&1 || { echo >&2 "ssh is needed on localhost but it's not installed. Aborting."; exit 1; }
......@@ -29,10 +39,10 @@ rsync -av --delete --progress \
--exclude 'readme.md' \
./ $USER@$HOST:$DIR
# Restart / re-build the services
echo "Start services on server ..."
echo "Build and start services on server ..."
ssh $USER@$HOST "cd $DIR/ && docker-compose up -d --build"
echo $?
echo "Deployment done, please wait until all services are fully running and proceed with EJBCA key setup."
echo "Deployment done, please wait until all services are fully running without heavy load and then proceed with EJBCA key setup."
exit 0
......@@ -11,7 +11,7 @@ services:
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--log.level=error
# change TARGET_PORT to the port your reverse proxy is facing to
# change value to the port your reverse proxy is forwarding to
ports:
- "TARGET_PORT:80"
networks:
......
......@@ -31,13 +31,13 @@ Edit the `docker-compose.yml` file accourding to your environment:
### Edit config for the SSA service
Edit the `ssa/config/ssa-server.conf` file accourding to your environment:
* Replace `DOMAIN` with the real domain of the project.
* Replace `TARGET_DOMAIN` with the real domain of the project.
### Edit the deploy script
Edit the `deploy.sh` file accourding to your environment:
* Replace `YOUR_HOST` with the real host of the project.
* Replace `YOUR_USER` with the user for on the host.
* Replace `YOUR_DIR` with the path to the directory the deployment should go to on the host.
* Replace `TARGET_HOST` with the real host of the project.
* Replace `TARGET_USER` with the user for on the host.
* Replace `TARGET_DIR` with the path to the directory the deployment should go to on the host.
### Run the deploy script
Execute the `deploy.sh` script and check the startup of the services on the target host.
......
ssa-config {
sessionMaxAge: 60,
sessionCheckAgeInterval: 30,
baseUrl: "https://DOMAIN/ssa-server"
baseUrl: "https://TARGET_DOMAIN/ssa-server"
eidUrl: "http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
samUrl: "http://sam.docker.reqesidta.de:8080"
caUrl: "http://ejbca.docker.reqesidta.de:8080/ejbca/publicweb/cmp/ecsecCMP"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment