Commit d1ec58cf authored by Tobias Assmann's avatar Tobias Assmann
Browse files

update readme files, rename package dir

parent 0e4dbb1a
# Governikus eIDAS Middleware
# The ReQESIDTA eID-Server
This repository contains the source code of the ReQESIDTA eID-Server based on the German eIDAS middleware.
This repository contains the source code of the German eIDAS middleware.
# Prerequisites
In order to build and run the eID-Server some additional tools are needed.
## Releases
With every release, the source code of our internal repository will be exported into this repository.
The signed release artifacts will be released on github as well.
Required dependencies are:
## Build
### Building the java sources
We are using maven to build and test the software.
* Java JDK 8
To build the software, execute the following command:
```
maven clean install
```
You can find the compiled JARs in the `target/` directory of each module.
* Maven in the latest version
### Building the documentation
The source for the documentation can be found in the `doc` folder.
* docker in the latest version
To build a pdf file, _sphinx_ is needed. Please see the [sphinx documentation](http://www.sphinx-doc.org/en/master/usage/installation.html)
on how to install sphinx on your system.
* docker-compose in the latest version
To create the pdf file, issue the following commands:
* PersoSim (for local startup using a self-signed certificate, not needed for creating a deployment package!)
# Build Sources
To build the software, execute the following command:
```bash
mvn clean install
```
cd doc && make clean latexpdf
```
The created pdf document can be found at `_build/latex/eIDASMiddleware.pdf`.
## Documentation
The user documentation for each release is available in the release artifacts.
# Run the server locally
The server consits of several docker services which must be run together.
Please see ./docker/README.md for further instructions.
## Contributing
Please see [CONTRIBUTING.md](CONTRIBUTING.md) for more information on how to submit pull requests.
# Create a deployment package to run on a remote machine
Please execute the following command while sitting in the project`s root directory:
```bash
./create_deployment-package.sh
```
## License
Copyright © 2019 Governikus KG
This work is licensed under the EUPL 1.2. See LICENSE.txt for additional information.
The package can be found at:`./for_deployment-package/eid-server.tgz `
The overview of the used third party dependecies and their licenses is available in the release documents.
If you unpack this package (outside of the project directory!) this will result
in a directory `eid-server` containing a README.md.
Please follow instructions in this file for deployment.
......@@ -4,7 +4,7 @@
#
# tobias.assmann@ecsec.de
PCK_DIR=for-client-delivery
PCK_DIR=for_deployment-package
TRG_DIR=eid-server
TRG_ARC=eid-server.tgz
......
# Using Docker Compose
The goal of the Docker Compose file is to provide an environment with both an
instance of the POSeIDAS eid-server and EJBCA.
## Usage
In order to build the POSeIDAS image, you have to package the POSeIDAS server
first (therefore the parent project has to be built once). The output directory
of the artifact is specified in the pom file. After compiling, start Docker
Compose:
# Structure of the project
The goal of the Docker Compose file is to provide an environment with instances
of all needed services for the eid-server:
* ejbca: The CA of the project
* facade: The facade is used as gateway for accessing the services of the project
* poseidas: The internal used eID-Server
* sam: The SAM of the project
* ssa: The SSA of the project
* web-ui: A web-ui used to trigger the process by recieving an document upload
# Local Startup of the project
Please ensure to have the client-signer (eID-Client) and PersoSim running.
Use a Profile found under `../perso_sim_profiles` for PersoSim.
After having built the project, you can now start Docker Compose
While sitting in the current directory run:
```bash
docker-compose up -d
```
The project is setup to use the domain `docker.reqesidta.de`.
Let this domain point to localhost and open it in the browser.
You will then reach the web-ui.
If you ever change files that are located within the Docker containers, you have
## Making changes
If you ever change files that are located within the Docker containers or a dockerfile, you have
to rebuild the image(s). So e.g. after re-compilation of the POSeIDAS server:
```bash
docker-compose up -d --no-deps --build poseidas
```
Please remember to copy your changes to `../for_deployment-package` if needed.
Display all or individual logfiles:
```bash
docker-compose logs --follow
docker-compose logs --follow poseidas
```
## Configuration
### Poseidas
#### POSeIDAS Admin Interface
Visit: <https://localhost:8443/POSeIDAS/admin-interface/login>
username: admin<br>
password: testtest
### POSeIDAS Config
#### POSeIDAS Config
The configuration files are in the docker subdirectory and can be used to modify
the behaviour of the POSeIDAS server.
### POSeIDAS Database
#### POSeIDAS Database
For the database, a named volume is used. The location of the actual data can be
retrieved via '`docker volume inspect docker_eidas-database | grep Mountpoint`'.
The default database credentials can be found
## Debugging
Just attach your Debugger to port 5005.
## Configure EJBCA
### Create CA, CMP settings and keystore
### EJBCA
#### Create CA, CMP settings and keystore
Run the following command (once) in your shell while sitting in the docker directory:
```bash
......@@ -62,8 +61,7 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
Remember to NOT use 'docker-compose down' as it destroys the containers
including the above settings but to use '`docker-compose stop/start`'.
### Adminweb
#### Adminweb
If you want to use the adminweb, you have to enrol a certificate and import it
into your browser. Open the logs with '`docker-compose logs --follow ejbca`' to
display the credentials. Go to <https://localhost:8444/ejbca/enrol/keystore.jsp>
......@@ -77,8 +75,7 @@ For a documentation about how to configure EJBCA manually, see
or the official
[documentation](https://doc.primekey.com/ejbca/ejbca-installation/managing-ejbca-configurations).
### Notes on `TLS_SETUP_ENABLED=simple`
#### Notes on `TLS_SETUP_ENABLED=simple`
This parameter does not disable the need for a client certificate.
Tomas Gustavsson from Primekey: "The ability to not request client certificate
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment