Versions Compared

Old Version 1

changes.mady.by.user Armin Franke

Saved on

compared with

New Version Current

changes.mady.by.user Armin Franke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

tia Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.

Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.

The following configuration must be made in container environmental variables, e.g. by using -e parameter in docker run command.environment variables.

Info

For conversion of parameter name to environment variable name, see https://kgs-software.atlassian.net/wiki/spaces/DOCUEN/pages/2749628418/Application+wide+settings#Environment-variables .

Application-wide setting

Explanation

server.ssl.key-store-type

Key store format.

Supported are PKCS12 and JKS supported. PKCS12 is preferred.

server.ssl.key-store

Location of the keystore

server.ssl.key-store-password

Password for the keystore

server.ssl.key-alias

Alias for the certificate in the pkcs12 store

server.ssl.enabled

use “true“ to expose the configured port (default 8080) as https port

...

true: Enable HTTPS

Info

As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).

Example

Info

This demonstrates how a self-signed certificate is created using keytool JavaSE utility.

The keystore file is named kgs.p12 and resides at host in directory ./tiacore.

The store password in the keytool command is test1234. Choose a secure password instead.

The parameters to be added into the command to start the container are given for docker run command (see also Deployment using Container (tC)).

  1. Create a keystore with a self signed certificate or skip this step with existing certificate

...

  1. .

Code Block
languagebash
keytool -genkeypair -alias kgs -storepass test1234 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650

  1. Edit the docker run command respective the docker compose file to start the container

If using docker run command:

Map the file in the container:

Code Block
-v ./tiacore/kgs.p12:/application/kgs.p12

Add to environment variables:

Code Block
server.ssl.key-store-type: PKCS12
server.ssl.key-store: /application/kgs.p12
server.ssl.key-store-password: test1234
server.ssl.key-alias: kgs
server.ssl.enabled-e SERVER_SSL_KEYSTORETYPE=PKCS12
-e SERVER_SSL_KEYSTORE=/application/kgs.p12
-e SERVER_SSL_KEYSTOREPASSWORD=test1234
-e SERVER_SSL_KEYALIAS=kgs
-e SERVER_SSL_ENABLED=true
Info

As the image reference must be last in docker run command, insert the parameter before.

If using docker compose file:

Below services > [service name] > volumes add a volume mapping for the directory containing the keystore:

Code Block
      - ./tiacore/ssl: /application/ssl

Below services > [service name] > environment add these parameters:

Code Block
      # HTTPS settings
      SERVER_SSL_KEYSTORETYPE: PKCS12
      SERVER_SSL_KEYSTORE: /application/ssl/kgs.p12
      SERVER_SSL_KEYSTOREPASSWORD: test1234
      SERVER_SSL_KEYALIAS: kgs
      SERVER_SSL_ENABLED: true