Example - Using docker compose file
This is an example compose file for
docker compose
.
Save it as compose.yml
into the directory to start tia Content Server core from in step 2.
This example contains setup for tia Status UI authentication and SSL setup that require preparation. Review the following topics:
version: '3'
services:
tiacoreAL:
container_name: tiacore-AL
image: images.kgs-cloud.de/tia/core/saphttp:3.13.0
ports:
- "8443:8080"
environment:
# log level
LOGGING_LEVEL_ROOT: INFO
# tia Status UI
TIA_SERVER_DESCRIPTION: tia Content Server Core ArchiveLink
WEBAPP_SECURITY_AUTH_TYPE: basic
WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin
WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e"
# HTTPS settings
SERVER_SSL_KEYSTORETYPE: PKCS12
SERVER_SSL_KEYSTORE: /application/ssl/kgs.p12
SERVER_SSL_KEYSTOREPASSWORD: test1234
SERVER_SSL_KEYALIAS: kgs
SERVER_SSL_ENABLED: true
volumes:
- ./data:/temp/data
- ./tiacore/license:/application/config/license/
- ./tiacore/repository.cfg:/application/config/repository.cfg
- ./tiacore/ssl:/application/ssl
Start tia Content Server Core using this command:
docker compose up -f ./compose.yml -d
Step-by-step example for a HTTPS-Docker container
Excerpt of an existing Docker installation:
Main folder /home/kgs/tiacore/
Subfolder below the folder /home/kgs/tiacore/
is the folder /contentserver/
Subfolders below /home/kgs/tiacore/contentserver
are keystore, license, repository and ssl
Change into the folder
ssl
and create a self-signed certificate
keytool -genkeypair -alias tiacorecs -storepass tiasecret -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore tiacoressl.p12 -validity 3650
Remember the alias
and thestorepass
-password as these information are used in the podman-compose.yaml later
When using a self-signed certificate use the IP-Adress
or localhost
as What is your first and last name?
in your certificate.
Enter the distinguished name. Provide a single dot (.) to leave a sub-component empty or press ENTER to use the default value in braces.
What is your first and last name?
[Unknown]: 192.168.24.135
What is the name of your organizational unit?
[Unknown]: tiacore
What is the name of your organization?
[Unknown]: kgs
What is the name of your City or Locality?
[Unknown]: frankfurt
What is the name of your State or Province?
[Unknown]: he
What is the two-letter country code for this unit?
[Unknown]: de
Is CN=192.168.24.135, OU=tiacore, O=kgs, L=frankfurt, ST=he, C=de correct?
[no]: yes
The self-signed certificate is now stored in the folder /home/kgs/tiacore/contentserver/ssl
Edit your
podman-compose.yaml
-File in folder/home/kgs/tiacore/
Change the external port number to 8443 (or whatever ssl-Port you want to use)
ports:
"8443:8080"
The internal port 8080 can be kept as port 8080
Enhance the
volumes:
with the path:
-./contentserver/ssl:/application/ssl
Enhance the
environment:
with the entries:
# HTTPS settings
SERVER_SSL_KEYSTORETYPE: PKCS12
SERVER_SSL_KEYSTORE: /application/ssl/tiacoressl.p12
SERVER_SSL_KEYSTOREPASSWORD: tiasecret
SERVER_SSL_KEYALIAS: tiacorecs
SERVER_SSL_ENABLED: true
If you also want to use HTTPS-Port 8443 within the docker container just change the ports to
ports:
"8443:8443"
additionally you will have to enhance the environment:
entries with:
SERVER_PORT: 8443
Start your Container (podman-compose up -d) and open the URL https://<yourtiacorecS>:<8443>/info/
If you get the error-message: ERROR 400 Invalid SNI your certificate is not correct.
Adapt the entry What is your first and last name?
in your certificate.
In order to access the tiacore content server via SAP you will first have to convert your certificate from p12 to cer-format. Enter the
storepass
-password when requested.
openssl pkcs12 -in <yourselfsignedcertificate>.p12 -nokeys -out <yourconvertedcertificate>.cer
openssl pkcs12 -in tiacoressl.p12 -nokeys -out tiacoressl.cer
This self signed certificate has to be entered in SAP in order zu communicate with the tiaCore Content Server. Call the transaction
STRUST
and switch to the change mode.
Select SSL client SLL CLient (Standard)
and press button Import certificate
Select the just converted CER-certificate
The certificate is displayed and can be added to the Certificate List
Save the transaction.
Go to transaction OAC0 and select one of your customized archives:
Remove the Port number 8080
and enter the SSL Port number 8443
For the HTTPS on frontend
and HTTPS on backend
parameters select HTTPS required
.
If your don’t see these parameters just enter %HTTPS
in the transaction Window.
Press the button Test connection
to test the network connection between SAP and the tiaCore Content Server
Press the button Send certificates
to send the SAP certificate to the tiaCore Content Server