From 37ee0d60cdc91bf83895c895cf6926122acb5aa2 Mon Sep 17 00:00:00 2001 From: oleksii Date: Tue, 10 Dec 2024 10:39:48 +0200 Subject: [PATCH 1/3] docs: add Security Server container parameters description --- Docker/securityserver/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Docker/securityserver/README.md b/Docker/securityserver/README.md index f03c756889..675821a4de 100644 --- a/Docker/securityserver/README.md +++ b/Docker/securityserver/README.md @@ -18,6 +18,19 @@ docker build -t xroad-security-server . Alternatively, it's possible to use the image (`niis/xroad-security-server`) available on [Docker Hub](https://hub.docker.com/r/niis/xroad-security-server). +## Container parameters + +| Port | Description | +|--------|--------------------------------------| +| `80` | Management REST API endpoint | +| `4000` | Additional Management REST API port | +| `5500` | Management REST API interface | +| `5558` | Management REST API alternative port | +| `5577` | Admin UI access point | +| `8443` | Secure Admin UI (HTTPS) | +| `8080` | Standard Admin UI (HTTP) | +| `5432` | PostgreSQL database connection | + ## Running Publish the container ports (`8080` and/or `8443`, `4000`, and optionally `5500` and `5577`) to localhost (loopback address). From 77a062327539308ec7abf1360e1a51ffe3d88f8e Mon Sep 17 00:00:00 2001 From: oleksiidn Date: Mon, 13 Jan 2025 15:27:35 +0200 Subject: [PATCH 2/3] Roll back central server Docker README.md file. Add ports description to Test CA --- Docker/centralserver/README.md | 76 +++++++++++++++++++++++++++++++++ Docker/securityserver/README.md | 2 +- Docker/testca/README.md | 8 +++- 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 Docker/centralserver/README.md diff --git a/Docker/centralserver/README.md b/Docker/centralserver/README.md new file mode 100644 index 0000000000..d4ce67bb7a --- /dev/null +++ b/Docker/centralserver/README.md @@ -0,0 +1,76 @@ +# Central Server Docker Image + +***The Central Server images are strictly meant for testing and development purposes. Do not use it in production environment!*** + +The Docker image (`niis/xroad-central-server`) is published on [Docker Hub](https://hub.docker.com/r/niis/xroad-central-server/). + +The Central Server Docker image contains vanilla X-Road Central Server. +All services and PostgreSQL database, are installed into the same container and run using [supervisord](https://docs.docker.com/engine/containers/multi-service_container/#use-a-process-manager). + +TEST-CA, TSA, OCSP have a separate [Dockerfile](./../testca/Dockerfile). + +The installed Central Server is in uninitialized state. + +Admin UI credentials: `xrd`/`secret` + +## Building the Central Server image +Run `init_context.sh` script that will collect the necessary files for building the image to `build` folder. After that you can create the image inside the newly created `build` folder. + +```shell +cd Docker/centralserver/ +./init_context.sh +cd build/ +docker build --build-arg DIST=jammy-current -t centralserver -f ../Dockerfile . +``` + +Alternatively, it's possible to use the image (`niis/xroad-central-server`) available on [Docker Hub](https://hub.docker.com/r/niis/xroad-central-server/). + +## Container parameters + +| Port | Description | +|--------|-------------------------------------| +| `2222` | Management REST API endpoint | +| `4000` | Additional Management REST API port | + +## Running + +Publish the container ports (`4000`, `80` and `9998`) to localhost (loopback address). + +Running a locally built image: +```shell +docker run -p 4000:4000 -p 4001:80 -p 4002:9998 --name cs centralserver +``` + +Running an image available on [Docker Hub](https://hub.docker.com/r/niis/xroad-central-server/): +```shell +docker run -p 4000:4000 -p 4001:80 -p 4002:9998 --name cs niis/xroad-central-server:bionic-7.1.0 +``` + +## Running multiple dockerized X-Road (Security/Central) Servers +If you are running multiple (more than one) containers and map container ports to localhost, it is recommended that you use a separate loopback address for each container and create a X-Road specific network so that containers can communicate. +Accessing admin-ui of a server from the same domain will break session on other servers. You can get over this by setting multiple mappings to localhost in hosts-file. + +```shell +# Create a custom network for x-road containers +docker network create -d bridge x-road-network + +# Create more than one Central Server containers and (optionally) assign them a network-alias for easier reference +docker run -p 4000:4000 -p 4001:80 -p 4002:9998 --network x-road-network --name cs1 niis/xroad-central-server +docker run -p 4100:4000 -p 4101:80 -p 4102:9998 --network x-road-network --name cs2 niis/xroad-central-server +``` + +## Initializing vanilla Central Server +After creating a vanilla Central Server, you need to create certificates. [Test CA](./../testca/README.md) could be used for Signing certificates. + +### Autologin +The `xroad-autologin` add-on is installed, but there is no default PIN set, so the following error at startup is normal: +```text +... INFO exited: xroad-autologin (exit status 0; not expected) +... INFO gave up: xroad-autologin entered FATAL state, too many start retries too quickly +``` +One can create the autologin file by hand after initializing the Central Server: + +```shell +$ docker exec cs su -c 'echo 1234 >/etc/xroad/autologin' xroad +$ docker exec cs supervisorctl start xroad-autologin +``` diff --git a/Docker/securityserver/README.md b/Docker/securityserver/README.md index 675821a4de..77a2921de0 100644 --- a/Docker/securityserver/README.md +++ b/Docker/securityserver/README.md @@ -4,7 +4,7 @@ The Docker image (`niis/xroad-security-server`) is published on [Docker Hub](https://hub.docker.com/r/niis/xroad-security-server). -All services, including the `serverconf` and `messagelog` PostgreSQL databases, are installed into the same container and run using supervisord. +All services, including the `serverconf` and `messagelog` PostgreSQL databases, are installed into the same container and run using [supervisord](https://docs.docker.com/engine/containers/multi-service_container/#use-a-process-manager). The installed Security Server is in uninitialized state. Admin UI credentials: `xrd`/`secret` diff --git a/Docker/testca/README.md b/Docker/testca/README.md index 21a28a5b90..32415ac756 100644 --- a/Docker/testca/README.md +++ b/Docker/testca/README.md @@ -1,3 +1,9 @@ # Test CA Docker image -This is a simplified CA instance for testing purposes. It is not meant for production use. \ No newline at end of file +This is a simplified CA instance for testing purposes. It is not meant for production use. + +## Container parameters + +| Port | Description | +|------------------|-------------------------| +| `8888` or `8899` | ACME management service | From 3ae2b565b2e7b8b5cb03c21e0e6dcc1ea5de5b04 Mon Sep 17 00:00:00 2001 From: oleksiidn Date: Wed, 21 May 2025 10:35:09 +0300 Subject: [PATCH 3/3] add info about central server 80 port --- Docker/centralserver/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Docker/centralserver/README.md b/Docker/centralserver/README.md index d4ce67bb7a..57361ba672 100644 --- a/Docker/centralserver/README.md +++ b/Docker/centralserver/README.md @@ -27,10 +27,11 @@ Alternatively, it's possible to use the image (`niis/xroad-central-server`) avai ## Container parameters -| Port | Description | -|--------|-------------------------------------| -| `2222` | Management REST API endpoint | -| `4000` | Additional Management REST API port | +| Port | Description | +|--------|----------------------------------------------------------------------------------| +| `80` | Ports for outbound connections (from the Central Server to the external network) | +| `2222` | Management REST API endpoint | +| `4000` | Main UI | ## Running