Commit b4ef9508 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

merge, remove file check from deploy.sh

parents fb398621 bd37f211
......@@ -16,14 +16,6 @@ DIR=YOUR_DIR
#
#######################################################################################
echo "check for needed files ..."
POSEIDAS_CONF=./poseidas/config/POSeIDAS.xml
POSEIDAS_PROP=./poseidas/config/application.properties
POSEIDAS_DB=./poseidas/db/poseidas.mv.db
test -f $POSEIDAS_CONF >/dev/null 2>&1 || { echo >&2 "$POSEIDAS_CONF not found. Aborting."; exit 1; }
test -f $POSEIDAS_PROP >/dev/null 2>&1 || { echo >&2 "$POSEIDAS_PROP not found. Aborting."; exit 1; }
test -f $POSEIDAS_DB >/dev/null 2>&1 || { echo >&2 "$POSEIDAS_DB not found. Aborting."; exit 1; }
echo "check for needed commands ..."
command -v rsync >/dev/null 2>&1 || { echo >&2 "rsync is needed on localhost but it's not installed. Aborting."; exit 1; }
command -v ssh >/dev/null 2>&1 || { echo >&2 "ssh is needed on localhost but it's not installed. Aborting."; exit 1; }
......@@ -36,7 +28,7 @@ rsync -av --delete --progress \
--exclude 'poseidas-configuration-wizard.jar' \
--exclude 'readme.md' \
./ $USER@$HOST:$DIR
# Restart / re-build the services
echo "Start services on server ..."
#ssh $USER@$HOST "cd $DIR/ && docker-compose up -d --build"
......
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
<ServerUrl>https://docker.reqesidta.de/POSeIDAS/eidas-middleware</ServerUrl>
<sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>500</sessionMaxPendingRequests>
<TimerConfiguration>
<certRenewal length="2" unit="11"/>
<blacklistRenewal length="2" unit="11"/>
<masterAndDefectListRenewal length="2" unit="11"/>
</TimerConfiguration>
<ServiceProvider entityID="providerA" enabled="true">
<EPAConnectorConfiguration updateCVC="false">
<CVCRefID>testid</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<!-- change the certificates accordingly -->
<blackListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</blackListTrustAnchor>
<masterListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</masterListTrustAnchor>
<defectListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</defectListTrustAnchor>
<policyImplementationId>govDvca</policyImplementationId><!--'budru' for Bundesdruckerei -->
<sslKeys id="default">
<serverCertificate>MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI</serverCertificate>
<clientCertificate>MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS</clientCertificate>
<clientKey>MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPl8HZGWC0btxLbblFPPoWLGhIYop0RJ1lNoYzb9+BgBiVdFrdJHyuHEurmxtmYKOZdTlo973I471Bq/HxgLmROLWAhzhv7NVTb9Wv9dkbCOWhRTdupUKAhaFqpzcS+TOdpKy/dhsFJ5L1CVcMmQZVP6qn1EDiDZfjtq4APaTpdGmuBdei5uKYZ8imzCywhs+ARY/DZRsGe6EIVEcPRiDVjagtPAr1nUho2n7t2+C3w+yR+z1qU8HbjH7R+IFzkFdTMpIIsbB4hMaRAqFM5cKZkM7rtoRsJ2VymYJAm5mlL74CWIUyCvXZrEEzbbm5/jC+a0LLEj2M/Ud3NO6zz7W3AgMBAAECggEADd7IaMkyy8DP1EmyWXzKWDqYWc8dDB6yMNs0mpw3dU90lQvPWbuV3wuXR2cs11Qj/4gJvB3iyYOPQiOLHgU+oNmGpbNN4zXnnP8PFTDaft1t0QQvFiP8Q6+/X2u+bh9GF8WIdfRzYrlIWY9JsyxISYrgS/1ju8GHwVhpMNftkbGC4Zn5WnjidImG4aWz20q3GiOqirzayIJZny6a9ch4FuDi+4meuc9qAtGR6xpkRAfxirdYDSgS3P/+Y+0kPAgA1SZXmmsrGsTgoeuKl8HusVRzKCfeQqt0vTKcTUhGP0EEoyA0nC6QH6+Pklqu1wtTQ59RevC6M6rqrG4E5WCEaQKBgQDrHcQ9HoCjPp8Qf5L8dRHbKClb64gBuPyDfJ4tpVvpHHCIf9NTcJ0CBC/5ikoVrzrSwlJvGYtHgxZI+EYzn0MCFC6dxvkHeJA/bylwgw7942KzB4ieQdsmQNnLs/9nTdk06yRNkOMX4GUwQArThWsXiNeByibax4nA1GD/yptLyQKBgQDiCCSqwOoMA9Wsdc110rdQ9Uq6f78Tq0N0uNddvnxh/bY6JWYDHck+EXBvEz4cY6NTtaFqCCoophvrqllryBHEYB/ienual6N+e1XfPoUeLwtOAeqBfVd6IraSyS7jdA6fYErAMjFFgcwr6rqIpDW8AzJZNPCAteSmx7xr+rC1fwKBgGwcQNr1xqLJrayRbM4HKtHCMtpggCaCoCH50GYezhdvi1NIq6yHcLq3oDO3Yf98lqjIz8zkSwX0AfBFsUoVZmNzUkgccO/9gR6aB80DhoY54218/lX+5D0/vqYLO1qOEl1h7kx4XePhu8Wm/RNsGuU0eBvnD1y0OeRgA8Y6rJP5AoGAIdnkW+pOYwREAPMXlTi8mZRS38F4BWMV1CpGntSDXk2X9/dX4smYNQJ5mzj/iVLmyAegp/eXEMVn0xCNGdY5yvY2cD21uz5QjwW7o5aCazXSdJlW3JPAARunyi31Jr1f30CVkVkzBdzdjgo2a3ZkUccMyE1kY3JaTxwEvQsrYdMCgYEArObZilqguFcSPJ/NS4/LxT/XoMWYK7My+5Fpyd+HQchVG/ZDLC+GAhwjhylvSwmXEnJgCEggE1OlfyRqwHi4m2yOFupI4P5jd4kBcm1kM6j/MC/pvCHBu+XJ2/MM2kjqwunsVZt0M3frZ0g6T1LSW0bRC8p2Q4B1jHnmJp7Q8PU=</clientKey>
</sslKeys>
<terminalAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ta-service</url>
</terminalAuthService>
<restrictedIdService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ri-service</url>
</restrictedIdService>
<passiveAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/pa-service</url>
</passiveAuthService>
<dvcaCertDescriptionService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>https://docker.reqesidta.de/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
</EPAConnectorConfiguration>
</ServiceProvider>
<SAMConfig url="http://reqesidta_sam:8080/"></SAMConfig>
</CoreConfiguration>
# Server settings
server.port = 8443
server.ssl.enabled = false
poseidas.admin.username = admin
# Password: testtest
poseidas.admin.hashed.password = $2a$10$CZGhlm6QkqHlDEX89cYtyuGKSx2iftevULiP.gvWETYH7riFIzHSG
# Datasource
spring.datasource.url=jdbc:h2:file:/opt/poseidas/database/poseidas;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
#user/password of the database
spring.datasource.username = admin
spring.datasource.password = testtest
spring.datasource.driver-class-name = org.h2.Driver
spring.jpa.database-platform = org.hibernate.dialect.H2Dialect
# Hibernate ddl auto (create, create-drop, update): with "update" the database
# schema will be automatically updated accordingly to java entities found in
# the project
spring.jpa.hibernate.ddl-auto = update
spring.jpa.hibernate.naming.implicit-strategy = org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
spring.jpa.hibernate.naming.physical-strategy = org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
# Show or not log for each sql query
spring.jpa.show-sql = true
logging.level.org.springframework = DEBUG
logging.level.de.governikus.eumw = DEBUG
......@@ -7,13 +7,18 @@ On the machine this project is intended to run you need the following components
The setup of the project consists of several steps.
## Configure POSeIDAS on your local machine
To configure the POSeIDAS use the configuration-wizard. Start it with Java8: `java -jar poseidas-configuration-wizard.jar`. Open your browser at http://localhost:8080/config-wizard/ and follow the instructions.
### Use the configuration-wizard
To configure the POSeIDAS use the configuration-wizard. Start it with Java8: `java -jar poseidas-configuration/wizard.jar`. Open your browser at http://localhost:8080/config-wizard/ and follow the instructions.
During configuration make sure to use the default path `/opt/poseidas/database` for the database location. This path will be mounted as a volume to `./poseidas/db` for easy access to the database-file.
Save the created `POSeIDAS.xml` and `application.properties` to `./poseidas/config`. This path will be mounted as a volume to `/opt/poseidas/config`.
Save the created `POSeIDAS.xml` and `application.properties` to `./poseidas/config`. This path will be mounted as a volume to `/opt/poseidas/config`. The `eidasmiddleware.properties` is not needed.
A empty database will be created at first startup. It must be filled after the deployment. Further reading in [POSeIDAS Database](#POSeIDAS-Database)
### Use the pre configured template
In `./poseidas/config` is a pre configured template for testing purposes. It uses self-signed certificates as trust-anchors.
### Add terminal certificates
A emtpy database will be created at first startup. Further reading in [POSeIDAS Database](#POSeIDAS-Database)
## Deployment to the hosting server
To deploy the project to a server some preparations are needed first.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment