Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ecsec Public
reqesidta-prototype
eid-server
Commits
2bb3d3ea
Commit
2bb3d3ea
authored
Nov 15, 2019
by
Tobias Assmann
Browse files
rm old stage stuff, reworked deploy stuff and readme
parent
34e84461
Changes
10
Hide whitespace changes
Inline
Side-by-side
docker/poseidas/config/POSeIDAS_stage.xml
deleted
100644 → 0
View file @
34e84461
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration
xmlns=
"http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig"
>
<ServerUrl>
https://reqesidta.openecard.org/POSeIDAS/eidas-middleware
</ServerUrl>
<sessionManagerUsesDatabase>
true
</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>
500
</sessionMaxPendingRequests>
<TimerConfiguration>
<certRenewal
length=
"2"
unit=
"11"
/>
<blacklistRenewal
length=
"2"
unit=
"11"
/>
<masterAndDefectListRenewal
length=
"2"
unit=
"11"
/>
</TimerConfiguration>
<ServiceProvider
entityID=
"providerA"
enabled=
"true"
>
<EPAConnectorConfiguration
updateCVC=
"false"
>
<!-- refID of the devDB from 001-->
<CVCRefID>
ecsec
</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<blackListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</blackListTrustAnchor>
<masterListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</masterListTrustAnchor>
<defectListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</defectListTrustAnchor>
<policyImplementationId>
govDvca
</policyImplementationId>
<sslKeys
id=
"default"
>
<serverCertificate>
MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI
</serverCertificate>
<clientCertificate>
MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS
</clientCertificate>
<clientKey>
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPl8HZGWC0btxLbblFPPoWLGhIYop0RJ1lNoYzb9+BgBiVdFrdJHyuHEurmxtmYKOZdTlo973I471Bq/HxgLmROLWAhzhv7NVTb9Wv9dkbCOWhRTdupUKAhaFqpzcS+TOdpKy/dhsFJ5L1CVcMmQZVP6qn1EDiDZfjtq4APaTpdGmuBdei5uKYZ8imzCywhs+ARY/DZRsGe6EIVEcPRiDVjagtPAr1nUho2n7t2+C3w+yR+z1qU8HbjH7R+IFzkFdTMpIIsbB4hMaRAqFM5cKZkM7rtoRsJ2VymYJAm5mlL74CWIUyCvXZrEEzbbm5/jC+a0LLEj2M/Ud3NO6zz7W3AgMBAAECggEADd7IaMkyy8DP1EmyWXzKWDqYWc8dDB6yMNs0mpw3dU90lQvPWbuV3wuXR2cs11Qj/4gJvB3iyYOPQiOLHgU+oNmGpbNN4zXnnP8PFTDaft1t0QQvFiP8Q6+/X2u+bh9GF8WIdfRzYrlIWY9JsyxISYrgS/1ju8GHwVhpMNftkbGC4Zn5WnjidImG4aWz20q3GiOqirzayIJZny6a9ch4FuDi+4meuc9qAtGR6xpkRAfxirdYDSgS3P/+Y+0kPAgA1SZXmmsrGsTgoeuKl8HusVRzKCfeQqt0vTKcTUhGP0EEoyA0nC6QH6+Pklqu1wtTQ59RevC6M6rqrG4E5WCEaQKBgQDrHcQ9HoCjPp8Qf5L8dRHbKClb64gBuPyDfJ4tpVvpHHCIf9NTcJ0CBC/5ikoVrzrSwlJvGYtHgxZI+EYzn0MCFC6dxvkHeJA/bylwgw7942KzB4ieQdsmQNnLs/9nTdk06yRNkOMX4GUwQArThWsXiNeByibax4nA1GD/yptLyQKBgQDiCCSqwOoMA9Wsdc110rdQ9Uq6f78Tq0N0uNddvnxh/bY6JWYDHck+EXBvEz4cY6NTtaFqCCoophvrqllryBHEYB/ienual6N+e1XfPoUeLwtOAeqBfVd6IraSyS7jdA6fYErAMjFFgcwr6rqIpDW8AzJZNPCAteSmx7xr+rC1fwKBgGwcQNr1xqLJrayRbM4HKtHCMtpggCaCoCH50GYezhdvi1NIq6yHcLq3oDO3Yf98lqjIz8zkSwX0AfBFsUoVZmNzUkgccO/9gR6aB80DhoY54218/lX+5D0/vqYLO1qOEl1h7kx4XePhu8Wm/RNsGuU0eBvnD1y0OeRgA8Y6rJP5AoGAIdnkW+pOYwREAPMXlTi8mZRS38F4BWMV1CpGntSDXk2X9/dX4smYNQJ5mzj/iVLmyAegp/eXEMVn0xCNGdY5yvY2cD21uz5QjwW7o5aCazXSdJlW3JPAARunyi31Jr1f30CVkVkzBdzdjgo2a3ZkUccMyE1kY3JaTxwEvQsrYdMCgYEArObZilqguFcSPJ/NS4/LxT/XoMWYK7My+5Fpyd+HQchVG/ZDLC+GAhwjhylvSwmXEnJgCEggE1OlfyRqwHi4m2yOFupI4P5jd4kBcm1kM6j/MC/pvCHBu+XJ2/MM2kjqwunsVZt0M3frZ0g6T1LSW0bRC8p2Q4B1jHnmJp7Q8PU=
</clientKey>
</sslKeys>
<terminalAuthService
sslKeysId=
"default"
>
<url>
https://dev.governikus-eid.de:9444/gov_dvca/ta-service
</url>
</terminalAuthService>
<restrictedIdService
sslKeysId=
"default"
>
<url>
https://dev.governikus-eid.de:9444/gov_dvca/ri-service
</url>
</restrictedIdService>
<passiveAuthService
sslKeysId=
"default"
>
<url>
https://dev.governikus-eid.de:9444/gov_dvca/pa-service
</url>
</passiveAuthService>
<dvcaCertDescriptionService
sslKeysId=
"default"
>
<url>
https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service
</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>
https://reqesidta.openecard.org/POSeIDAS/eidas-middleware/paosreceiver
</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>
48
</hoursRefreshCVCBeforeExpires>
</EPAConnectorConfiguration>
</ServiceProvider>
<SAMConfig
url=
"http://reqesidta_sam:8080/"
></SAMConfig>
</CoreConfiguration>
docker/poseidas/db/poseidas_stage.mv.db
deleted
100644 → 0
View file @
34e84461
File deleted
docker/sam/sam.docker.reqesidta.de.p12
View file @
2bb3d3ea
No preview for this file type
for-client-delivery/eid-server/deploy.sh
View file @
2bb3d3ea
#!/bin/bash
#
# deployment script for reqesidta eid-server project
#
michael rauh,
tobias
assmann
# tobias
.
assmann
@ecsec.de
#
# This file acts as a template for creating a deploy script
# for a specific target environment. Please setup the env vars
# accourding to your needs:
#
# the target host of the deployment
HOST
=
YOUR_HOST
# the user on the target host used to copy the files there and run the project
USER
=
YOUR_USER
USER
=
TARGET_USER
# the target host of the deployment
HOST
=
TARGET_HOST
# the directory on the target host where to put the project
DIR
=
YOUR
_DIR
DIR
=
TARGET
_DIR
#
#######################################################################################
echo
"check for correct replacement ..."
!
grep
TARGET_ ./docker-compose.yml
||
{
echo
>
&2
"Found text to be replaced in docker-compose.yml. Aborting."
;
exit
1
;
}
!
grep
TARGET_ ./ssa/config/ssa-server.conf
||
{
echo
>
&2
"Found text to be replaced in ssa-server.conf. Aborting."
;
exit
1
;
}
!
test
$HOST
=
"TARGET_HOST"
||
{
echo
>
&2
"Found text TARGET_HOST to be replaced in deploy.sh. Aborting."
;
exit
1
;
}
!
test
$USER
=
"TARGET_USER"
||
{
echo
>
&2
"Found text TARGET_USER to be replaced in deploy.sh. Aborting."
;
exit
1
;
}
!
test
$DIR
=
"TARGET_DIR"
||
{
echo
>
&2
"Found text TARGET_DIR be replaced in deploy.sh. Aborting."
;
exit
1
;
}
echo
"check target environment ..."
ssh
$USER
@
$HOST
"cd
$DIR
>/dev/null 2>&1"
||
{
echo
>
&2
"Could not reach
$DIR
as user
$USER
on
$HOST
Aborting."
;
exit
1
;
}
echo
"check for needed commands ..."
command
-v
rsync
>
/dev/null 2>&1
||
{
echo
>
&2
"rsync is needed on localhost but it's not installed. Aborting."
;
exit
1
;
}
command
-v
ssh
>
/dev/null 2>&1
||
{
echo
>
&2
"ssh is needed on localhost but it's not installed. Aborting."
;
exit
1
;
}
...
...
@@ -29,10 +39,10 @@ rsync -av --delete --progress \
--exclude
'readme.md'
\
./
$USER
@
$HOST
:
$DIR
# Restart / re-build the services
echo
"Start services on server ..."
echo
"Build and start services on server ..."
ssh
$USER
@
$HOST
"cd
$DIR
/ && docker-compose up -d --build"
echo
$?
echo
"Deployment done, please wait until all services are fully running
and
proceed with EJBCA key setup."
echo
"Deployment done, please wait until all services are fully running
without heavy load and then
proceed with EJBCA key setup."
exit
0
for-client-delivery/eid-server/docker-compose.yml
View file @
2bb3d3ea
...
...
@@ -11,7 +11,7 @@ services:
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--log.level=error
# change
TARGET_PORT
to the port your reverse proxy is f
ac
ing to
# change
value
to the port your reverse proxy is f
orward
ing to
ports
:
-
"
TARGET_PORT:80"
networks
:
...
...
for-client-delivery/eid-server/poseidas/db/.gitkeep
deleted
100644 → 0
View file @
34e84461
for-client-delivery/eid-server/poseidas/db/poseidas.mv.db
0 → 100644
View file @
2bb3d3ea
File added
for-client-delivery/eid-server/readme.md
View file @
2bb3d3ea
...
...
@@ -31,13 +31,13 @@ Edit the `docker-compose.yml` file accourding to your environment:
### Edit config for the SSA service
Edit the
`ssa/config/ssa-server.conf`
file accourding to your environment:
*
Replace
`DOMAIN`
with the real domain of the project.
*
Replace
`
TARGET_
DOMAIN`
with the real domain of the project.
### Edit the deploy script
Edit the
`deploy.sh`
file accourding to your environment:
*
Replace
`
YOUR
_HOST`
with the real host of the project.
*
Replace
`
YOUR
_USER`
with the user for on the host.
*
Replace
`
YOUR
_DIR`
with the path to the directory the deployment should go to on the host.
*
Replace
`
TARGET
_HOST`
with the real host of the project.
*
Replace
`
TARGET
_USER`
with the user for on the host.
*
Replace
`
TARGET
_DIR`
with the path to the directory the deployment should go to on the host.
### Run the deploy script
Execute the
`deploy.sh`
script and check the startup of the services on the target host.
...
...
for-client-delivery/eid-server/sam/sam.docker.reqesidta.de.p12
0 → 100644
View file @
2bb3d3ea
File added
for-client-delivery/eid-server/ssa/config/ssa-server.conf
View file @
2bb3d3ea
ssa
-
config
{
sessionMaxAge
:
60
,
sessionCheckAgeInterval
:
30
,
baseUrl
:
"https://DOMAIN/ssa-server"
baseUrl
:
"https://
TARGET_
DOMAIN/ssa-server"
eidUrl
:
"http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
samUrl
:
"http://sam.docker.reqesidta.de:8080"
caUrl
:
"http://ejbca.docker.reqesidta.de:8080/ejbca/publicweb/cmp/ecsecCMP"
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment