Code development platform for open source projects from the European Union institutions 🔵 EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content

Changes

Page history
small fixes authored by Oussama MOULANA's avatar Oussama MOULANA
Show whitespace changes
Inline Side-by-side
CrossBorder-Gateway/Domibus/Server-setup-guide.md
View page @ f7f79a0a
...@@ -8,10 +8,10 @@ The deployment and configuration instructions draw inspiration from the official ...@@ -8,10 +8,10 @@ The deployment and configuration instructions draw inspiration from the official
Throughout this process, you will: Throughout this process, you will:
- Establish a single-instance Domibus on your server using Docker. - Establish a single-instance Domibus on your server using Docker.
- Configure the KeyStore and TrustStore to enhance message security with the Central Access Point. - Configure the KeyStore and TrustStore to enable seamless message exchange with Central Access Point.
- Adjust the PMode file to reference the parties you want to exchange with. - Adjust the PMode file to reference the parties you want to exchange with.
- Activate authentication of a Plugin Users for accessing your Domibus through APIs. - Activate authentication of a Plugin Users for accessing your Domibus through APIs.
- Conduct AS4 message exchanges with the eDelivery Domibus Access Point using SoapUI and the Web Service Plugin. - Performing a communication test with the central Domibus Access Point to verify system functionality.
## Variables ## Variables
The instructions in these guidelines use variables that must be replaced with the appropriate values in your context: The instructions in these guidelines use variables that must be replaced with the appropriate values in your context:
...@@ -23,13 +23,13 @@ The instructions in these guidelines use variables that must be replaced with th ...@@ -23,13 +23,13 @@ The instructions in these guidelines use variables that must be replaced with th
- **`{DOMIBUS_ACCESS_POINT}`**: This is the designated name for your Domibus instance. Choose a clear and descriptive name, such as `france_ap`. - **`{DOMIBUS_ACCESS_POINT}`**: This is the designated name for your Domibus instance. Choose a clear and descriptive name, such as `france_ap`.
- **`{CENTRAL_HOSTNAME}`**: Denotes the public IP address/hostname of the central Domibus server. - **`{CENTRAL_HOSTNAME}`**: Denotes the public IP address/hostname of the central Domibus server.
- **`{CENTRAL_PORT}`**: Represents the internet-accessible port of the central Domibus server. - **`{CENTRAL_PORT}`**: Represents the internet-accessible port of the central Domibus server.
- **`{CENTRAL_ACCESS_POINT}`**: This serves as the designated identifier for the central Domibus access point. It may be commonly referred to as `europe_ap` in some screenshots, however, please note that this is not the actual access point name, as we refrain from sharing sensitive information on this wiki. - **`{CENTRAL_ACCESS_POINT}`**: This serves as the designated identifier for the central Domibus Access Point. It may be commonly referred to as `europe_ap` in some screenshots, however, please note that this is not the actual Access Point name, as we refrain from sharing sensitive information on this wiki.
- **`{KEYSTORE_PASSWORD}`**: Refers to the password for your Java KeyStore. - **`{KEYSTORE_PASSWORD}`**: Refers to the password for your Java KeyStore.
- **`{PRIVATE_KEY_PASSWORD}`**: Refers to the password for the private key within your Java KeyStore. - **`{PRIVATE_KEY_PASSWORD}`**: Refers to the password for the private key within your Java KeyStore.
- **`{TRUSTSTORE_PASSWORD}`**: Refers to the password for your Java TrustStore. - **`{TRUSTSTORE_PASSWORD}`**: Refers to the password for your Java TrustStore.
## Requirement: ## Requirement:
Before proceeding with the above steps, ensure that your server environment meets the following prerequisites: Before continuing with the following steps, ensure that your server environment meets the following prerequisites:
Provision a Linux server. As a reference, the National Domibus server is running with the following specifications: Provision a Linux server. As a reference, the National Domibus server is running with the following specifications:
- 3 CPUs - 3 CPUs
...@@ -227,7 +227,7 @@ In return, the central team will provide you with the central certificate and th ...@@ -227,7 +227,7 @@ In return, the central team will provide you with the central certificate and th
- **`{CENTRAL_PORT}`** - **`{CENTRAL_PORT}`**
- **`{CENTRAL_ACCESS_POINT}`** - **`{CENTRAL_ACCESS_POINT}`**
This mutual exchange ensures seamless communication between your Domibus instance and the central server. This mutual exchange ensures seamless communication between your Domibus instance and the central Domibus server.
You may need to use `scp` on your PC to copy your certificate file from the server to your personal computer. For example: You may need to use `scp` on your PC to copy your certificate file from the server to your personal computer. For example:
...@@ -236,8 +236,6 @@ scp {ADMIN_USER}@{DOMIBUS_HOSTNAME}:/opt/{DOMIBUS_SERVER_DIRECTORY}/domibus/keys ...@@ -236,8 +236,6 @@ scp {ADMIN_USER}@{DOMIBUS_HOSTNAME}:/opt/{DOMIBUS_SERVER_DIRECTORY}/domibus/keys
``` ```
>**Note**: We consider you created your **`{DOMIBUS_SERVER_DIRECTORY}`** inside the **`/opt/`** folder like suggested earlier. If not, please adjust the command to reflect the exact location of your **`{DOMIBUS_SERVER_DIRECTORY}`** >**Note**: We consider you created your **`{DOMIBUS_SERVER_DIRECTORY}`** inside the **`/opt/`** folder like suggested earlier. If not, please adjust the command to reflect the exact location of your **`{DOMIBUS_SERVER_DIRECTORY}`**
This step ensures that you have a local copy of the certificate file for further actions.
## 3 - Domibus Properties ## 3 - Domibus Properties
:globe_with_meridians: :globe_with_meridians:
...@@ -272,15 +270,13 @@ domibus.auth.unsecureLoginAllowed=false ...@@ -272,15 +270,13 @@ domibus.auth.unsecureLoginAllowed=false
> **Note**: > **Note**:
While you might consider creating a `PKCS12` KeyStore, please be aware that it currently appears to be non-functional. While you might consider creating a `PKCS12` KeyStore, please be aware that it currently appears to be non-functional.
You might also find it necessary to adjust the password expiration delay within the Domibus console. By default, this expiration period is set to 90 days, but you have the flexibility to customize it according to your preferences. You may also need to modify the password expiration duration for users within the Domibus console, as we will cover in the next step. The default expiration period is set to 90 days, but you can tailor it to suit your specific preferences.
```properties ```properties
#Password expiration policy in days (0 to disable) #Password expiration policy in days (0 to disable)
domibus.passwordPolicy.expiration=90 domibus.passwordPolicy.expiration=90
``` ```
>:warning:**Warning**: Please note that there is no password recovery option available. It's crucial to ensure that you safely retain your password to prevent any loss.
## 4 - Users Credentials ## 4 - Users Credentials
:globe_with_meridians: :globe_with_meridians:
...@@ -294,6 +290,9 @@ From the browser of your PC, access to your Domibus server with the following UR ...@@ -294,6 +290,9 @@ From the browser of your PC, access to your Domibus server with the following UR
```http ```http
http://{DOMIBUS_HOSTNAME}:{DOMIBUS_PORT}/domibus http://{DOMIBUS_HOSTNAME}:{DOMIBUS_PORT}/domibus
``` ```
>:warning:**Attention**: Please note that there is no password recovery option available. It's crucial to ensure that you safely retain your password to prevent any loss.
### A - Dashboard Users ### A - Dashboard Users
:computer: :computer:
...@@ -323,7 +322,7 @@ For the French-Connector, you might create a user named `frc_user`. ...@@ -323,7 +322,7 @@ For the French-Connector, you might create a user named `frc_user`.
## 5 - Processing Modes ## 5 - Processing Modes
:computer: :computer:
Processing Modes _PModes_ configure Access Points by loading parameters via an XML file. Please perform this task from your personal computer _PModes_ configure Access Points by loading parameters via an XML file.
Start by downloading the PMode template file [pmode.xml](https://drive.google.com/file/d/1onmrwqKYcVeTwSZLzzD0WrYd9ndJbLxW/view?usp=drive_link). After downloading, replace the variables in the file with the appropriate values for your configuration. Once modified, proceed to upload the file under: Start by downloading the PMode template file [pmode.xml](https://drive.google.com/file/d/1onmrwqKYcVeTwSZLzzD0WrYd9ndJbLxW/view?usp=drive_link). After downloading, replace the variables in the file with the appropriate values for your configuration. Once modified, proceed to upload the file under:
...@@ -331,7 +330,7 @@ Start by downloading the PMode template file [pmode.xml](https://drive.google.co ...@@ -331,7 +330,7 @@ Start by downloading the PMode template file [pmode.xml](https://drive.google.co
Ensure that you save your modifications. Ensure that you save your modifications.
Similar to sharing our certificate with the Central Access Point previously, we also need to import the **`{CENTRAL_ACCESS_POINT}`** to grant them exchange authorization. To achieve this, follow these steps for each Access Point you wish to authorize. Similar to sharing our certificate with the Central Access Point previously, we also need to import the **`{CENTRAL_ACCESS_POINT}`** to grant them exchange authorization.
Navigate to: Navigate to:
...@@ -347,10 +346,7 @@ http://{CENTRAL_HOSTNAME}:{CENTRAL_PORT}/domibus/services/msh ...@@ -347,10 +346,7 @@ http://{CENTRAL_HOSTNAME}:{CENTRAL_PORT}/domibus/services/msh
``` ```
![party](/img/domibus/image4.png) ![party](/img/domibus/image4.png)
Import the central certificate Import the central certificate, furnished by the central team and then, navigate to the `Identifiers` section, then select `+ New`. Assign the value of `Party Id` as **`{CENTRAL_ACCESS_POINT}`**, ensuring to configure the following properties accordingly:
Navigate to the `Identifiers` section, then select `+ New`. Assign the value of `Party Id` as **`{CENTRAL_ACCESS_POINT}`**, ensuring to configure the following properties accordingly:
``` ```
Party Id Type: partyTypeUrn Party Id Type: partyTypeUrn
...@@ -369,7 +365,7 @@ Verify on the `Parties` tab to ensure that all parties are configured correctly. ...@@ -369,7 +365,7 @@ Verify on the `Parties` tab to ensure that all parties are configured correctly.
# Testing Configuration # Testing Configuration
Congratulations on successfully setting up your Domibus server! Now, for testing, you have two options: Congratulations on successfully setting up your Domibus server! Now, for testing, you have two options:
- **Console Monitoring Test:** Essential for validating basic functionality, specifically to ensure the connection status between your access point and any additional access points added in the pmode. This test focuses on assessing the integrity of the connection. - **Console Monitoring Test:** Essential for validating basic functionality, specifically to ensure the connection status between your Access Point and any additional Access Points added in the pmode. This test focuses on assessing the integrity of the connection.
- **SoapUI Test:** For a deeper understanding of message exchange, you can perform this advanced test. It's entirely optional and recommended for those seeking a more comprehensive validation. - **SoapUI Test:** For a deeper understanding of message exchange, you can perform this advanced test. It's entirely optional and recommended for those seeking a more comprehensive validation.
...@@ -378,7 +374,7 @@ Feel free to choose the testing approach that suits your needs or test both. ...@@ -378,7 +374,7 @@ Feel free to choose the testing approach that suits your needs or test both.
### 1 - Console Monitoring test ### 1 - Console Monitoring test
:computer: :computer:
In the Domibus Console, navigate to the `Connection Monitoring` section and try sending a message to your own access point and to **`{CENTRAL_ACCESS_POINT}`**. If the status shows as green for both, your Domibus server is ready for message exchange. In the Domibus Console, navigate to the `Connection Monitoring` section and try sending a message to your own Access Point and to **`{CENTRAL_ACCESS_POINT}`**. If the status shows as green for both, your Domibus server is ready for message exchange.
![monitoring](/img/domibus/image6.png) ![monitoring](/img/domibus/image6.png)
...@@ -430,7 +426,7 @@ For the `Recipient`, we can set the **`{CENTRAL_ACCESS_POINT}`**: ...@@ -430,7 +426,7 @@ For the `Recipient`, we can set the **`{CENTRAL_ACCESS_POINT}`**:
```xml ```xml
<ns:To> <ns:To>
<ns:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">`{CENTRAL_ACCESS_POINT}`</ns:PartyId> <ns:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">{CENTRAL_ACCESS_POINT}</ns:PartyId>
``` ```
##### E - Send the eDelivery Message: ##### E - Send the eDelivery Message:
... ...
......

For further information about the platform and support, please see https://code.europa.eu/info/about