Versions Compared

Version Old Version 21 New Version Current
Changes made by

Armando Carratala

Armando Carratala

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

The following section explains the different parameters needed to configure a Debbie service deployment.

Table of Contents
maxLevel2
minLevel2
indentcircle

Server section

The server object defines the properties necessary to run the embedded Web server. By default the debbie.json file provided is setup to run the Web server on the following URL: "http://localhost:8080/"

Field

Required

Description

Default/Example

license

yes

License key provided by CertiSur.

20180814032223:dW5pdm.............RA==

ip

yes

Web server IP address

127.0.0.1

port

yes

Web server port number.

8080

protocol

yes

Web server protocol.

HTTP

minThreadPool

yes

The minimum number of Web server threads.

10

maxThreadPool

yes

The maximum number of Web server threads.

30

timeout

yes

Internal Web server timeout.

5000

  
Server configuration
Code Block
languagegroovy
themeEclipsetitle
Server configuration
{
  "server": {
    "license": "20180814032223:dW5pdmVyc2FsPVo.............RA==",
    "ip": "127.0.0.1",
    "port": 8080,
    "protocol": "http",
    "minThreadPool": 10,
    "maxThreadPool": 30,
    "timeout": 5000
  }
}

For those environments where an SSL proxy/balancer is not available, an SSL certificate can be configured using the ssl object key in the server object definition. For more details of this feature check the user manual.

SSL Configuration example
Code Block
languagegroovy
themeEclipsetitleSSL Configuration example
{
  "server": {
    ...
    "ssl": {
      "keyStoreFile": "ssl/keystore",
      "keyStorePassword": "OBF:1vny1zlp2x9e6vmw1vn61x8g1zau2vn4",
      "keyManagerPassword": "OBF:1u3u4wmn4z5s1z7a5wnl1u2g"
    },
    ...
  }
}

If you use a proxy server to download the CRLs or obtain OCSP responses, the proxy object key must be added in the server object definition.

Sample Proxy Access configuration
Code Block
languagegroovy
themeEclipse
titleSample Proxy Access configuration
{
  "server": {
    ...
    "proxy": {
      "server": "proxy.internal.local",
      "port": 3128
    },
    ...
  }
}

Debbie section

The debbie object defines the properties necessary to run the validation service.

Field

Required

Description

Default

cacheDir

yes

The path where offline CRL files are stored when a download script is used.

cache/

policyDir

yes

The path where the validation policies are stored.

policies/

documentRepositoryDir

no

The path where uploaded documents are stored in the following format:

"<type>:<directory path>"

where:

  • <type> is "PATH" in case of a local directory path or "S3" in case of an AWS S3 bucket.

  • <directory path> is the location where the files are stored.

/tmp

s3AccessInfo

-

Only used if documentRepositoryDir type is S3. See Document Repository Access table below for more details.

health

no

Credentials to access authenticated tenant health check service. See Authenticated Health Check table below for more details.

urlMaxRedirects

yes

The number of URL redirects supported to access CRL distribution points and OCSP responders.

1

crlConnectionTimeout

yes

CRL distribution point connection timeout. (msec)

2000

crlReadTimeout

yes

CRL distribution point read timeout. (msec)

5000

ocspConnectionTimeout

yes

OCSP responder connection timeout. (msec)

2000

ocspReadTimeout

yes

OCSP responder read timeout. (msec)

5000

codetitle

languagegroovy
Sample "debbie.json" contents for the "debbie" Object
Code Block
languagegroovy
{
  "debbie": {
    "cacheDir": "cache/",
    "policyDir": "policies/",
    "documentRepositoryDir": "S3:secure-doc-files-dev/app/repository",
    "s3AccessInfo": {
       "awsAccessKeyId": "<awsAccessKeyId>",
       "awsSecretAccessKey": "<awsSecretAccessKey>",
       "awsDefaultRegion": "us-east-1"
     },
    "urlMaxRedirects": 1,
    "crlConnectionTimeout": 2000,
    "crlReadTimeout": 5000,
    "ocspConnectionTimeout": 2000,
    "ocspReadTimeout": 5000
  }
}

Document Repository Access

The s3AccessInfo object defines the properties necessary to connect to an AWS Simple Storage Service bucket.

Field

Required

Description

awsAccessKeyId

yes

AWS user AccessKeyID with write permissions over documentRepositoryDir.

awsSecretAccessKey

yes

AWS SecretAccessKey for awsAccessKeyId.

awsDefaultRegion

yes

AWS S3 region, for example "us-east-1"

It is also possible to get this variables from the environment settings: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION.

Authenticated Health Check

The health object defines the credentials to access the authenticated health check service.

Field

Required

Description

Default

user

yes

User to access health check service.

health

password

yes

Password to access health check service.

health

Sample configuration

Following is the content of the "debbie.json" demo configuration file included in with the validation service distribution.

Sample Debbie demo configuration file
Code Block
languagegroovy
titleSample Debbie demo configuration file
{
  "server": {
    "license": "20191024050858:dW5pdmVyc2FsPVo.............RA==",
    "ip": "127.0.0.1",
    "port": 8080,
    "protocol": "http",
    "minThreadPool": 10,
    "maxThreadPool": 30,
    "timeout": 5000
  },
  "debbie": {
    "cacheDir": "cache/",
    "policyDir": "policies/",
    "documentRepositoryDir": "/app/repository",
    "urlMaxRedirects": 1,
    "crlConnectionTimeout": 2000,
    "crlReadTimeout": 5000,
    "ocspConnectionTimeout": 2000,
    "ocspReadTimeout": 5000
  }
}

According to this configuration, the validation service is available at "http://localhost:8080". The policy configuration files can be found in "config/policies/".