Example - Using docker compose file

Example - Using docker compose file

  1. This is an example compose file for docker compose.

Save it as compose.yml into the directory to start tia Content Server core from in step 2.

This example contains setup for tia Status UI authentication and SSL setup that require preparation. Review the following topics:

tia® Status UI Authentication

Configuring tia Core container for HTTPS

version: '3' services: tiacoreAL: container_name: tiacore-AL image: images.kgs-cloud.de/tia/core/saphttp:3.13.0 ports: - "8443:8080" environment: # log level LOGGING_LEVEL_ROOT: INFO # tia Status UI TIA_SERVER_DESCRIPTION: tia Content Server Core ArchiveLink WEBAPP_SECURITY_AUTH_TYPE: basic WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" # HTTPS settings SERVER_SSL_KEYSTORETYPE: PKCS12 SERVER_SSL_KEYSTORE: /application/ssl/kgs.p12 SERVER_SSL_KEYSTOREPASSWORD: test1234 SERVER_SSL_KEYALIAS: kgs SERVER_SSL_ENABLED: true volumes: - ./data:/temp/data - ./tiacore/license:/application/config/license/ - ./tiacore/repository.cfg:/application/config/repository.cfg - ./tiacore/ssl:/application/ssl

 

  1. Start tia Content Server Core using this command:

docker compose up -f ./compose.yml -d

 

 

Step-by-step example for a HTTPS-Docker container

 

Excerpt of an existing Docker installation:

Main folder /home/kgs/tiacore/

Subfolder below the folder /home/kgs/tiacore/ is the folder /contentserver/

image-20250423-143722.png

Subfolders below /home/kgs/tiacore/contentserver are keystore, license, repository and ssl

image-20250423-144111.png
  1. Change into the folder ssl and create a self-signed certificate

keytool -genkeypair -alias tiacorecs -storepass tiasecret -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore tiacoressl.p12 -validity 3650

Remember the alias and thestorepass-password as these information are used in the podman-compose.yaml later

 

When using a self-signed certificate use the IP-Adress or localhost as What is your first and last name? in your certificate.

Enter the distinguished name. Provide a single dot (.) to leave a sub-component empty or press ENTER to use the default value in braces. What is your first and last name? [Unknown]: 192.168.24.135 What is the name of your organizational unit? [Unknown]: tiacore What is the name of your organization? [Unknown]: kgs What is the name of your City or Locality? [Unknown]: frankfurt What is the name of your State or Province? [Unknown]: he What is the two-letter country code for this unit? [Unknown]: de Is CN=192.168.24.135, OU=tiacore, O=kgs, L=frankfurt, ST=he, C=de correct? [no]: yes
image-20250423-144631.png

The self-signed certificate is now stored in the folder /home/kgs/tiacore/contentserver/ssl

image-20250423-150150.png

 

  1. Edit your podman-compose.yaml-File in folder /home/kgs/tiacore/

  • Change the external port number to 8443 (or whatever ssl-Port you want to use)

ports:

  • "8443:8080"

The internal port 8080 can be kept as port 8080

 

  • Enhance the volumes: with the path:

-./contentserver/ssl:/application/ssl

 

  • Enhance the environment: with the entries:

# HTTPS settings SERVER_SSL_KEYSTORETYPE: PKCS12 SERVER_SSL_KEYSTORE: /application/ssl/tiacoressl.p12 SERVER_SSL_KEYSTOREPASSWORD: tiasecret SERVER_SSL_KEYALIAS: tiacorecs SERVER_SSL_ENABLED: true

 

image-20250423-145545.png

If you also want to use HTTPS-Port 8443 within the docker container just change the ports to

ports:

  • "8443:8443"

additionally you will have to enhance the environment: entries with:

SERVER_PORT: 8443

 

  1. Start your Container (podman-compose up -d) and open the URL https://<yourtiacorecS>:<8443>/info/

image-20250423-150744.png

If you get the error-message: ERROR 400 Invalid SNI your certificate is not correct.

image-20250423-160502.png

Adapt the entry What is your first and last name? in your certificate.

 

  1. In order to access the tiacore content server via SAP you will first have to convert your certificate from p12 to cer-format. Enter the storepass-password when requested.

openssl pkcs12 -in <yourselfsignedcertificate>.p12 -nokeys -out <yourconvertedcertificate>.cer openssl pkcs12 -in tiacoressl.p12 -nokeys -out tiacoressl.cer
image-20250423-152228.png
  1. This self signed certificate has to be entered in SAP in order zu communicate with the tiaCore Content Server. Call the transaction STRUST and switch to the change mode.

Select SSL client SLL CLient (Standard) and press button Import certificate

 

image-20250423-152906.png

Select the just converted CER-certificate

image-20250423-152951.png

The certificate is displayed and can be added to the Certificate List

image-20250423-153030.png
image-20250423-153147.png

Save the transaction.

 

  1. Go to transaction OAC0 and select one of your customized archives:

Remove the Port number 8080 and enter the SSL Port number 8443

For the HTTPS on frontend and HTTPS on backend parameters select HTTPS required.

If your don’t see these parameters just enter %HTTPS in the transaction Window.

image-20250423-153354.png

 

Press the button Test connectionto test the network connection between SAP and the tiaCore Content Server

image-20250423-153953.png

Press the button Send certificatesto send the SAP certificate to the tiaCore Content Server

image-20250423-153805.png