...
You can change the port number. If you do, please update the Configuration.conf files accordingly (see Secure Backend - Configuration)
...
Build and run
Note |
---|
Version 1.0.x |
Go to the SAMDistImages directory and run the following commands:
Code Block |
---|
make images make pushtorepository |
SAMDeployment
Go to the SAMDeployment directory and run the following commands:
Code Block |
---|
make initstorage make initdatabase make images |
...
Still in the SAMDeployment directory, simple run the followoing command:
Code Block |
---|
make run |
Note |
---|
Version 1.1.x |
Go to the SAMDistImages directory and run the following command:
Code Block |
---|
make install |
Note |
---|
Version 1.1.x + JFrog |
Once you pulled the images from JFrog (see: Amadis One - JFrog repository), you need to create a docker-compose file to setup the network and components as well as an environment file to set some variables.
Create a docker-compose-prod.yml
file with similar information (can be updated according to your needs):
Code Block |
---|
version: '3.8'
services:
database:
container_name: database
image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-database:${VERSION}
command: --default-authentication-plugin=mysql_native_password
platform: linux/amd64
env_file:
- .env
environment:
MYSQL_ROOT_PASSWORD: ${ROOT_DATABASE_PASSWORD}
DATABASE_IMAGE: ${DATABASE_IMAGE}
ports:
- ${DATABASE_PORT}:3306
networks:
- sambackendnet
restart: always
php:
container_name: php
image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-php:${VERSION}
depends_on:
- database
restart: unless-stopped
volumes:
- php_socket:/var/run/php
env_file:
- .env
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
networks:
- sambackendnet
http:
container_name: http
image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-http:${VERSION}
depends_on:
- php
environment:
SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS 443
- target: 443
published: ${API_PORT}
protocol: tcp
networks:
sambackendnet:
external: true
volumes:
php_socket: |
Then create a .env
file with the following data (can be updated according to your system):
Code Block |
---|
# Version of the SAM backend
VERSION=1.1.4-rc1
SERVER_NAME=dev.amadis.com
# Docker repository
IMAGE_DEPLOYMENT_REPOSITORY=amadis.jfrog.io/aone-secbkd-local
# Permanent storage base directory
STORAGE_BASE_DIRECTORY=./Storage
# Database server address
DATABASE_SERVER=database
# Database server address
DATABASE_PORT=3306
# MUST be sambackend as set in the distribution images
DATABASE_NAME=sambackend
# Database username to use
DATABASE_USER=sambackend
# Database user's password to use
DATABASE_PASSWORD=sambackendpw
# Database root's password for database updates
ROOT_DATABASE_PASSWORD=tryphon1
# arm64v8/mysql:oracle or mysql:8.0-debian
DATABASE_IMAGE=mysql:8.0-debian
# Port the server will listen to.
API_PORT=443 |
Then create the network (if not already existing):
Code Block |
---|
docker network create sambackendnet |
And start the images:
Code Block |
---|
docker-compose -f docker-compose-prod.yml up --build -d http |
Additionally, it might be required to run a few more steps within the php
container (docker exec -it php /bin/sh
):
Code Block |
---|
php artisan db:seed (if the databse needs to be seeded with Amadis defaults)
php artisan passport:keys (macos only?) |
KeyEmbeddingTool
To export the device transport key securely, the server will leverage a tool from Zimperium called KeyEmbeddingTool
. That tools comes in two flavors: development and production.
The server will look for a /var/www/html/app/tools/KeyEmbeddingTool
in the PHP Docker container.
By default, the development version is used. To switch between development and production versions, two additional binaries will be provided in the container: /var/www/html/app/tools/KeyEmbeddingToolDev
and /var/www/html/app/tools/KeyEmbeddingToolProd
. Simply replace /var/www/html/app/tools/KeyEmbeddingTool
by the one to be used.
Update
Note |
---|
Version 1.0.x |
Warning |
---|
This method only works when there is no database table format or element update between 2 versions. |
Assuming there is a folder called secbkd-1.0.x on the server (the currently running version) and that the new package (secbkd-1.0.y) is already present on the same path.
e.g.:
Code Block |
---|
<some_directory>/
|_ secbkd-1.0.x/
|_ secbkd-1.0.10.4/ |
Stop all running containers and remove them:
Code Block |
---|
docker stop samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x
docker rm samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x |
If you can, clean the docker registry:
Code Block |
---|
docker system prune |
Note |
---|
Careful, if you have other containers running, you need to delete them manually, this command will remove all existing containers and networks. |
Go to the new package and build the images:
Code Block |
---|
cd secbkd-1.0.y/SAMDistImages make images && make pushtorepository |
Copy the old 'Storage' dir into the new package (we are still in SAMDistImages directory)
Code Block |
---|
sudo cp -R ../../secbkd-1.0.x/SAMDeployment/Storage ../SAMDeployment/ |
Run the new containers:
Code Block |
---|
cd ../SAMDeployment
make run |
And that should do the trick.