Commit d1ec58cf authored by Tobias Assmann's avatar Tobias Assmann
Browse files

update readme files, rename package dir

parent 0e4dbb1a
# Governikus eIDAS Middleware # The ReQESIDTA eID-Server
This repository contains the source code of the ReQESIDTA eID-Server based on the German eIDAS middleware.
This repository contains the source code of the German eIDAS middleware. # Prerequisites
In order to build and run the eID-Server some additional tools are needed.
## Releases Required dependencies are:
With every release, the source code of our internal repository will be exported into this repository.
The signed release artifacts will be released on github as well.
## Build * Java JDK 8
### Building the java sources
We are using maven to build and test the software.
To build the software, execute the following command: * Maven in the latest version
```
maven clean install
```
You can find the compiled JARs in the `target/` directory of each module.
### Building the documentation * docker in the latest version
The source for the documentation can be found in the `doc` folder.
To build a pdf file, _sphinx_ is needed. Please see the [sphinx documentation](http://www.sphinx-doc.org/en/master/usage/installation.html) * docker-compose in the latest version
on how to install sphinx on your system.
To create the pdf file, issue the following commands: * PersoSim (for local startup using a self-signed certificate, not needed for creating a deployment package!)
# Build Sources
To build the software, execute the following command:
```bash
mvn clean install
``` ```
cd doc && make clean latexpdf
```
The created pdf document can be found at `_build/latex/eIDASMiddleware.pdf`.
## Documentation # Run the server locally
The user documentation for each release is available in the release artifacts. The server consits of several docker services which must be run together.
Please see ./docker/README.md for further instructions.
## Contributing # Create a deployment package to run on a remote machine
Please see [CONTRIBUTING.md](CONTRIBUTING.md) for more information on how to submit pull requests. Please execute the following command while sitting in the project`s root directory:
```bash
./create_deployment-package.sh
```
## License The package can be found at:`./for_deployment-package/eid-server.tgz `
Copyright © 2019 Governikus KG
This work is licensed under the EUPL 1.2. See LICENSE.txt for additional information.
The overview of the used third party dependecies and their licenses is available in the release documents. If you unpack this package (outside of the project directory!) this will result
in a directory `eid-server` containing a README.md.
Please follow instructions in this file for deployment.
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# #
# tobias.assmann@ecsec.de # tobias.assmann@ecsec.de
PCK_DIR=for-client-delivery PCK_DIR=for_deployment-package
TRG_DIR=eid-server TRG_DIR=eid-server
TRG_ARC=eid-server.tgz TRG_ARC=eid-server.tgz
......
# Using Docker Compose # Structure of the project
The goal of the Docker Compose file is to provide an environment with instances
The goal of the Docker Compose file is to provide an environment with both an of all needed services for the eid-server:
instance of the POSeIDAS eid-server and EJBCA. * ejbca: The CA of the project
* facade: The facade is used as gateway for accessing the services of the project
## Usage * poseidas: The internal used eID-Server
* sam: The SAM of the project
In order to build the POSeIDAS image, you have to package the POSeIDAS server * ssa: The SSA of the project
first (therefore the parent project has to be built once). The output directory * web-ui: A web-ui used to trigger the process by recieving an document upload
of the artifact is specified in the pom file. After compiling, start Docker
Compose: # Local Startup of the project
Please ensure to have the client-signer (eID-Client) and PersoSim running.
Use a Profile found under `../perso_sim_profiles` for PersoSim.
After having built the project, you can now start Docker Compose
While sitting in the current directory run:
```bash ```bash
docker-compose up -d docker-compose up -d
``` ```
The project is setup to use the domain `docker.reqesidta.de`.
Let this domain point to localhost and open it in the browser.
You will then reach the web-ui.
If you ever change files that are located within the Docker containers, you have ## Making changes
If you ever change files that are located within the Docker containers or a dockerfile, you have
to rebuild the image(s). So e.g. after re-compilation of the POSeIDAS server: to rebuild the image(s). So e.g. after re-compilation of the POSeIDAS server:
```bash ```bash
docker-compose up -d --no-deps --build poseidas docker-compose up -d --no-deps --build poseidas
``` ```
Please remember to copy your changes to `../for_deployment-package` if needed.
Display all or individual logfiles: ## Configuration
### Poseidas
```bash #### POSeIDAS Admin Interface
docker-compose logs --follow
docker-compose logs --follow poseidas
```
Visit: <https://localhost:8443/POSeIDAS/admin-interface/login> Visit: <https://localhost:8443/POSeIDAS/admin-interface/login>
username: admin<br> username: admin<br>
password: testtest password: testtest
### POSeIDAS Config #### POSeIDAS Config
The configuration files are in the docker subdirectory and can be used to modify The configuration files are in the docker subdirectory and can be used to modify
the behaviour of the POSeIDAS server. the behaviour of the POSeIDAS server.
### POSeIDAS Database #### POSeIDAS Database
For the database, a named volume is used. The location of the actual data can be For the database, a named volume is used. The location of the actual data can be
retrieved via '`docker volume inspect docker_eidas-database | grep Mountpoint`'. retrieved via '`docker volume inspect docker_eidas-database | grep Mountpoint`'.
The default database credentials can be found
## Debugging ### EJBCA
#### Create CA, CMP settings and keystore
Just attach your Debugger to port 5005.
## Configure EJBCA
### Create CA, CMP settings and keystore
Run the following command (once) in your shell while sitting in the docker directory: Run the following command (once) in your shell while sitting in the docker directory:
```bash ```bash
...@@ -62,8 +61,7 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \ ...@@ -62,8 +61,7 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
Remember to NOT use 'docker-compose down' as it destroys the containers Remember to NOT use 'docker-compose down' as it destroys the containers
including the above settings but to use '`docker-compose stop/start`'. including the above settings but to use '`docker-compose stop/start`'.
### Adminweb #### Adminweb
If you want to use the adminweb, you have to enrol a certificate and import it If you want to use the adminweb, you have to enrol a certificate and import it
into your browser. Open the logs with '`docker-compose logs --follow ejbca`' to into your browser. Open the logs with '`docker-compose logs --follow ejbca`' to
display the credentials. Go to <https://localhost:8444/ejbca/enrol/keystore.jsp> display the credentials. Go to <https://localhost:8444/ejbca/enrol/keystore.jsp>
...@@ -77,8 +75,7 @@ For a documentation about how to configure EJBCA manually, see ...@@ -77,8 +75,7 @@ For a documentation about how to configure EJBCA manually, see
or the official or the official
[documentation](https://doc.primekey.com/ejbca/ejbca-installation/managing-ejbca-configurations). [documentation](https://doc.primekey.com/ejbca/ejbca-installation/managing-ejbca-configurations).
### Notes on `TLS_SETUP_ENABLED=simple` #### Notes on `TLS_SETUP_ENABLED=simple`
This parameter does not disable the need for a client certificate. This parameter does not disable the need for a client certificate.
Tomas Gustavsson from Primekey: "The ability to not request client certificate Tomas Gustavsson from Primekey: "The ability to not request client certificate
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment