| ... | ... | @@ -16,7 +16,7 @@ Throughout this process, you will: |
|
|
|
## Variables
|
|
|
|
The instructions in these guidelines use variables that must be replaced with the appropriate values in your context:
|
|
|
|
|
|
|
|
- **`{DOMIBUS_SERVER_NAME}`**: Represents the name of your Domibus server.
|
|
|
|
- **`{DOMIBUS_SERVER_DIRECTORY}`**: This signifies the directory on your server where Domibus will be installed.
|
|
|
|
- **`{DOMIBUS_HOSTNAME}`**: Denotes the public IP address of the server where you intend to install Domibus.
|
|
|
|
- **`{DOMIBUS_PORT}`**: Represents the internet-accessible port that you will open for Domibus.
|
|
|
|
- **`{DOMIBUS_ACCESS_POINT}`**: This is the designated name for your Domibus instance. Choose a clear and descriptive name, such as `france_ap`.
|
| ... | ... | @@ -44,7 +44,7 @@ To begin the setup, ensure you have the following: |
|
|
|
|
|
|
|
# How to setup
|
|
|
|
## 1 - Docker Compose
|
|
|
|
Access your server using SSH and create a directory with a preferred name, for example, **`{DOMIBUS_SERVER_NAME}`**. Inside this directory, create a `compose.yaml` file with the following content:
|
|
|
|
Access your server using SSH and create the **`{DOMIBUS_SERVER_DIRECTORY}`**. Inside this directory, create a `compose.yaml` file with the following content:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
#
|
| ... | ... | @@ -109,7 +109,7 @@ If necessary, change the **18080** port to the port you have opened to the inter |
|
|
|
|
|
|
|
> **Note**: If using a reverse proxy, configure it to forward to the internal port.
|
|
|
|
|
|
|
|
Execute the following commands within the directory identified as **`{DOMIBUS_SERVER_NAME}`**
|
|
|
|
Execute the following commands within the directory identified as **`{DOMIBUS_SERVER_DIRECTORY}`**
|
|
|
|
```shell
|
|
|
|
docker compose up -d
|
|
|
|
```
|
| ... | ... | @@ -139,24 +139,24 @@ rm gateway_keystore.jks gateway_truststore.jks |
|
|
|
|
|
|
|
Upon executing the following command, intended for generating a new `JKS` _Java KeyStore_, you'll be prompted to provide necessary information for the keystore:
|
|
|
|
```shell
|
|
|
|
keytool -genkeypair -alias {DOMIBUS_SERVER_} -keystore gateway_keystore.jks -storetype JKS -keyalg RSA -validity 1461 -keysize 2048 -storepass {KEYSTORE_PASSWORD} -keypass {PRIVATE_KEY_PASSWORD}
|
|
|
|
keytool -genkeypair -alias {DOMIBUS_ACCESS_POINT} -keystore gateway_keystore.jks -storetype JKS -keyalg RSA -validity 1461 -keysize 2048 -storepass {KEYSTORE_PASSWORD} -keypass {PRIVATE_KEY_PASSWORD}
|
|
|
|
```
|
|
|
|
|
|
|
|
Export your certificate from your KeyStore :
|
|
|
|
```shell
|
|
|
|
keytool -export -alias {DOMIBUS_SERVER_NAME} -keystore gateway_keystore.jks -rfc -file {DOMIBUS_SERVER_NAME}.cer -storetype JKS -storepass {KEYSTORE_PASSWORD}
|
|
|
|
keytool -export -alias {DOMIBUS_ACCESS_POINT} -keystore gateway_keystore.jks -rfc -file {DOMIBUS_ACCESS_POINT}.cer -storetype JKS -storepass {KEYSTORE_PASSWORD}
|
|
|
|
```
|
|
|
|
|
|
|
|
Import your certificate into your TrustStore:
|
|
|
|
```shell
|
|
|
|
keytool -import -file {DOMIBUS_SERVER_NAME}.cer -alias {DOMIBUS_SERVER_NAME} -keystore gateway_truststore.jks -storetype JKS -storepass {TRUSTSTORE_PASSWORD}
|
|
|
|
keytool -import -file {DOMIBUS_ACCESS_POINT}.cer -alias {DOMIBUS_ACCESS_POINT} -keystore gateway_truststore.jks -storetype JKS -storepass {TRUSTSTORE_PASSWORD}
|
|
|
|
```
|
|
|
|
|
|
|
|
Contact the WP5 core team and provide them with the following information:
|
|
|
|
```
|
|
|
|
{DOMIBUS_HOSTNAME}:{DOMIBUS_PORT}
|
|
|
|
```
|
|
|
|
Attach the certificate file, `{DOMIBUS_SERVER_NAME}.cer`, generated in your **`keystores`** folder. This step is crucial for the WP5 core team to include your public key in the list of authorized parties on the EU Access Point.
|
|
|
|
Attach the certificate file, `{DOMIBUS_ACCESS_POINT}.cer`, generated in your **`keystores`** folder. This step is crucial for the WP5 core team to include your public key in the list of authorized parties on the EU Access Point.
|
|
|
|
|
|
|
|
## 3 - Domibus Properties
|
|
|
|
In the file **`{DOMIBUS_DOCKER_DIRECTORY}/domibus/domibus.properties`**, locate the section labeled `Keystore/Truststore (Single Tenancy)` and set the passwords you configured on the previous step:
|
| ... | ... | @@ -169,7 +169,7 @@ domibus.security.keystore.password={KEYSTORE_PASSWORD} |
|
|
|
|
|
|
|
#Private key
|
|
|
|
#The alias from the keystore of the private key
|
|
|
|
domibus.security.key.private.alias={DOMIBUS_SERVER_NAME}
|
|
|
|
domibus.security.key.private.alias={DOMIBUS_ACCESS_POINT}
|
|
|
|
|
|
|
|
#The private key password
|
|
|
|
domibus.security.key.private.password={PRIVATE_KEY_PASSWORD}
|
| ... | ... | @@ -191,7 +191,7 @@ domibus.auth.unsecureLoginAllowed=false |
|
|
|
While you might consider creating a `PKCS12` KeyStore, please be aware that it currently appears to be non-functional.
|
|
|
|
|
|
|
|
## 4 - Users Credentials
|
|
|
|
Within the directory or any of its subdirectories of the **`{DOMIBUS_SERVER_NAME}`**, restart your Domibus server by doing the command:
|
|
|
|
Within the directory or any of its subdirectories of the **`{DOMIBUS_SERVER_DIRECTORY}`**, restart your Domibus server by doing the command:
|
|
|
|
```shell
|
|
|
|
docker compose restart
|
|
|
|
```
|
| ... | ... | |
| ... | ... | |
