Skip to content

Latest commit

 

History

History
81 lines (66 loc) · 3.26 KB

README.md

File metadata and controls

81 lines (66 loc) · 3.26 KB

IRMA Docker deployment for GIDS

The project contains the containerized deployment of the irmago server. This project contains:

  1. The entrypoint.bash that configures the server based on the environment variables.
  2. The Dockerfile that builds the irmago server in a Docker container.

Assumptions

  1. SSL offloading is not part of this docker container

Running

Running on Docker and Docker compose

Setting up the .env file for docker and docker compose

This project is configured with environment variables. Default values are provided in the .env.dist file. The following values can be manually generated:

  1. CLIENT_MAP, a JSON map of keys and secrets. For example:
{
  "testsp": {
    "auth_method": "hmac",
    "key": "dGVzdHNw"
  }
}

In the .env file, the JSON should be quoted correctly:

CLIENT_MAP='{"testsp":{"auth_method":"hmac","key": "dGVzdHNw"}}'

Please note that the key must be a base64 encoded value. For example:

echo -n testsp | base64
> dGVzdHNw
   openssl rand -hex 32

  1. JWT_PUBLIC_KEY/JWT_PRIVATE_KEY. Generate a keypair in the ./configuration directory by running

     cd ./configuration
 ../tools/keygen.sh
 cd ..

  2. Copy the .env.dist file to .env and add the following values

    CLIENT_MAP=... the result of 1)
JWT_PUBLIC_KEY_FILE=/configuration/public_key.pem
JWT_PRIVATE_KEY_FILE=/configuration/private_key.pem
DEBUG=1

Docker

To start the server with the default configuration, run.

docker build . -t irma_server
docker run -p 8081:8080 --env-file=.env --name irma_server irma_server

Docker compose

cp .env.dist .env
docker-compose build && docker-compose up

Configuration

Environment variables

Variable default remark
HOST_URL https://localhost:8081/ The external URL on which the container is hosted.
ADMIN_EMAIL Adiminstrator email address.
JWT_ISSUER gids The issuer of the JWT message
JWT_PUBLIC_KEY [generated if absent] If JWT_PRIVATE_KEY not present, and no file is added to the container and set in JWT_PRIVATE_KEY_FILE, this value will be generated on startup of the container. The generated key is printed to the console.
JWT_PUBLIC_KEY_FILE Optional method of referring to a public key file added to the container.
JWT_PRIVATE_KEY [generated if absent] If JWT_PRIVATE_KEY not present, and no file is added to the container and set in JWT_PRIVATE_KEY_FILE, this value will be generated on startup of the container.
JWT_PRIVATE_KEY_FILE Optional method of referring to a private key file added to the container.
CLIENT_MAP testsp The key of the connecting client.
CLIENT_SECRET [generated if absent] The secret of the connecting client, generated and printed to the console if absent.
SCHEMES https://privacybydesign.foundation/schememanager/pbdf Space separated list of scheme URLs
DEBUG 0 If 0 debugging is disabled. To enable debug info: 1=normal, 2=high