Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following configuration must be made in container environmental environment variables.

Info

For conversion of parameter name to environment variable name, see https://kgs-software.atlassian.net/wiki/spaces/DOCUEN/pages/2749628418/Application+wide+settings#Environment-variables .

Application-wide setting

Explanation

server.ssl.key-store-type

Key store format.

Supported are PKCS12 and JKS supported. PKCS12 is preferred.

server.ssl.key-store

Location of the keystore

server.ssl.key-store-password

Password for the keystore

server.ssl.key-alias

Alias for the certificate in the pkcs12 store

server.ssl.enabled

true: Enable HTTPS

Info

As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).

Example

Info

This demonstrates how a self-signed certificate is created using keytool JavaSE utility.

The keystore file is named kgs.p12 and resides at host in directory ./tiacore.

The store password in the keytool command is test1234. Choose a secure password instead.

The parameters to be added into the command to start the container are given for docker run command (see also Deployment using Container (tC)).

  1. Create a keystore with a self signed certificate or skip this step with existing certificate.

Code Block
languagebash
keytool -genkeypair -alias kgs -storepass test1234 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650

  1. Edit the docker run command respective the docker compose file to start the container

...

If using docker run command

...

:

Map the file in the container:

Code Block
-v ./tiacore/kgs.p12:/application/kgs.p12

Add to environment variables:

Code Block
-e SERVER_SSL_KEY-STORE-TYPE:KEYSTORETYPE=PKCS12
-e SERVER_SSL_KEY-STORE:KEYSTORE=/application/kgs.p12
-e SERVER_SSL_KEYSTOREPASSWORD=test1234
-e SERVER_SSL_KEYALIAS=kgs
-e SERVER_SSL_ENABLED=true
Info

As the image reference must be last in docker run command, insert the parameter before.

If using docker compose file:

Below services > [service name] > volumes add a volume mapping for the directory containing the keystore:

Code Block
      - ./tiacore/ssl: /application/ssl

Below services > [service name] > environment add these parameters:

Code Block
      # HTTPS settings
      SERVER_SSL_KEYSTORETYPE: PKCS12
      SERVER_SSL.KEY-STORE-PASSWORD:test1234
-e_KEYSTORE: /application/ssl/kgs.p12
      SERVER_SSL_KEYSTOREPASSWORD: test1234
      SERVER_SSL_KEY-ALIASKEYALIAS: kgs
-e      SERVER_SSL_ENABLED: true