Table of contents
Foreword
It is now time to create the local Docker containers
Installation
Local Docker repository
Start your own local Docker repository with the following command:
docker run -d -p 5000:5000 --restart=always --name registry registry:2
You can change the port number. If you do, please update the Configuration.conf files accordingly (see Secure Backend - Configuration)
Build and run
Version 1.0.x
Go to the SAMDistImages directory and run the following commands:
make images make pushtorepository
Go to the SAMDeployment directory and run the following commands:
make initstorage make initdatabase make images
Still in the SAMDeployment directory, simple run the followoing command:
make run
Version 1.1.x
Go to the SAMDistImages directory and run the following command:
make install
Additionally, it might be required to run a few more steps within the php
container (docker exec -it php /bin/sh
):
php artisan db:seed (if the databse needs to be seeded with Amadis defaults) php artisan passport:keys (macos only?)
Version 1.1.x + JFrog
Once you pulled the images from JFrog (see: Amadis One - JFrog repository), you need to create a docker-compose file to setup the network and components as well as an environment file to set some variables.
Create a docker-compose-prod.yml
file with similar information (can be updated according to your needs):
version: '3.8' services: database: container_name: database image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-database:${VERSION} command: --default-authentication-plugin=mysql_native_password platform: linux/amd64 env_file: - .env environment: MYSQL_ROOT_PASSWORD: ${ROOT_DATABASE_PASSWORD} DATABASE_IMAGE: ${DATABASE_IMAGE} ports: - ${DATABASE_PORT}:3306 networks: - sambackendnet restart: always php: container_name: php image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-php:${VERSION} depends_on: - database restart: unless-stopped volumes: - php_socket:/var/run/php env_file: - .env healthcheck: interval: 10s timeout: 3s retries: 3 start_period: 30s networks: - sambackendnet http: container_name: http image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-http:${VERSION} depends_on: - php environment: SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80} restart: unless-stopped volumes: - php_socket:/var/run/php ports: # HTTP - target: 80 published: 80 protocol: tcp # HTTPS 443 - target: 443 published: ${API_PORT} protocol: tcp networks: sambackendnet: external: true volumes: php_socket:
Then create a .env
file with the following data (can be updated according to your system):
# Version of the SAM backend VERSION=1.1.4-rc1 SERVER_NAME=dev.amadis.com # Docker repository IMAGE_DEPLOYMENT_REPOSITORY=amadis.jfrog.io/aone-secbkd-local # Permanent storage base directory STORAGE_BASE_DIRECTORY=./Storage # Database server address DATABASE_SERVER=database # Database server address DATABASE_PORT=3306 # MUST be sambackend as set in the distribution images DATABASE_NAME=sambackend # Database username to use DATABASE_USER=sambackend # Database user's password to use DATABASE_PASSWORD=sambackendpw # Database root's password for database updates ROOT_DATABASE_PASSWORD=tryphon1 # arm64v8/mysql:oracle or mysql:8.0-debian DATABASE_IMAGE=mysql:8.0-debian # Port the server will listen to. API_PORT=443
Then create the network (if not already existing):
docker network create sambackendnet
And start the images:
docker-compose -f docker-compose-prod.yml up --build -d http
KeyEmbeddingTool
To export the device transport key securely, the server will leverage a tool from Zimperium called KeyEmbeddingTool
. That tools comes in two flavors: development and production.
The server will look for a /var/www/html/app/tools/KeyEmbeddingTool
in the PHP Docker container.
By default, the development version is used. To switch between development and production versions, two additional binaries will be provided in the container: /var/www/html/app/tools/KeyEmbeddingToolDev
and /var/www/html/app/tools/KeyEmbeddingToolProd
. Simply replace /var/www/html/app/tools/KeyEmbeddingTool
by the one to be used.
Update
Version 1.0.x
This method only works when there is no database table format or element update between 2 versions.
Assuming there is a folder called secbkd-1.0.x on the server (the currently running version) and that the new package (secbkd-1.0.y) is already present on the same path.
e.g.:
<some_directory>/ |_ secbkd-1.0.x/ |_ secbkd-1.0.10.4/
Stop all running containers and remove them:
docker stop samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x docker rm samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x
If you can, clean the docker registry:
docker system prune
Careful, if you have other containers running, you need to delete them manually, this command will remove all existing containers and networks.
Go to the new package and build the images:
cd secbkd-1.0.y/SAMDistImages make images && make pushtorepository
Copy the old 'Storage' dir into the new package (we are still in SAMDistImages directory)
sudo cp -R ../../secbkd-1.0.x/SAMDeployment/Storage ../SAMDeployment/
Run the new containers:
cd ../SAMDeployment make run
And that should do the trick.