Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 20 Next »

The following section explains the different parameters needed to configure a Debbie service deployment.

Server section



The server object defines the properties necessary to run the embedded Web server. By default the debbie.json file provided is setup to run the Web server on the following URL: "http://localhost:8080/"


FieldRequiredDescriptionDefault/Example
licenseyesLicense key provided by CertiSur.20180814032223:dW5pdm.............RA==
ipyesWeb server IP address127.0.0.1
portyesWeb server port number.8080
protocolyesWeb server protocol.HTTP
minThreadPoolyesThe minimum number of Web server threads.10
maxThreadPoolyesThe maximum number of Web server threads.30
timeoutyesInternal Web server timeout.5000

  

Server configuration
{
  "server": {
    "license": "20180814032223:dW5pdmVyc2FsPVo.............RA==",
    "ip": "127.0.0.1",
    "port": 8080,
    "protocol": "http",
    "minThreadPool": 10,
    "maxThreadPool": 30,
    "timeout": 5000
  }
}


For those environments where an SSL proxy/balancer is not available, an SSL certificate can be configured using the ssl object key in the server object definition. For more details of this feature check the user manual.


SSL Configuration example
{
  "server": {
    ...
    "ssl": {
      "keyStoreFile": "ssl/keystore",
      "keyStorePassword": "OBF:1vny1zlp2x9e6vmw1vn61x8g1zau2vn4",
      "keyManagerPassword": "OBF:1u3u4wmn4z5s1z7a5wnl1u2g"
    },
    ...
  }
}


If you use a proxy server to download the CRLs or obtain OCSP responses, the proxy object key must be added in the server object definition.


Sample Proxy Access configuration
{
  "server": {
    ...
    "proxy": {
      "server": "proxy.internal.local",
      "port": 3128
    },
    ...
  }
}

Debbie section


The debbie object defines the properties necessary to run the validation service.


FieldRequiredDescriptionDefault
cacheDiryesThe path where offline CRL files are stored when a download script is used.cache/
policyDiryesThe path where the validation policies are stored.policies/

documentRepositoryDir

no

The path where uploaded documents are stored in the following format:

"<type>:<directory path>"

where:

  • <type> is "PATH" in case of a local directory path or "S3" in case of an AWS S3 bucket.
  • <directory path> is the location where the files are stored.
/tmp
s3AccessInfo-Only used if documentRepositoryDir type is S3. See Document Repository Access table below for more details.
healthnoCredentials to access authenticated tenant health check service. See Authenticated Health Check table below for more details.
urlMaxRedirectsyesThe number of URL redirects supported to access CRL distribution points and OCSP responders.1
crlConnectionTimeoutyesCRL distribution point connection timeout. (msec)2000
crlReadTimeoutyesCRL distribution point read timeout. (msec)5000
ocspConnectionTimeoutyesOCSP responder connection timeout. (msec)2000
ocspReadTimeoutyesOCSP responder read timeout. (msec)5000


Sample "debbie.json" contents for the "debbie" Object
{
  "debbie": {
    "cacheDir": "cache/",
    "policyDir": "policies/",
    "documentRepositoryDir": "S3:secure-doc-files-dev/app/repository",
    "s3AccessInfo": {
       "awsAccessKeyId": "<awsAccessKeyId>",
       "awsSecretAccessKey": "<awsSecretAccessKey>",
       "awsDefaultRegion": "us-east-1"
     },
    "urlMaxRedirects": 1,
    "crlConnectionTimeout": 2000,
    "crlReadTimeout": 5000,
    "ocspConnectionTimeout": 2000,
    "ocspReadTimeout": 5000
  }
}



Document Repository Access


The s3AccessInfo object defines the properties necessary to connect to an AWS Simple Storage Service bucket.


FieldRequiredDescription

awsAccessKeyId

yesAWS user AccessKeyID with write permissions over documentRepositoryDir.

awsSecretAccessKey

yesAWS SecretAccessKey for awsAccessKeyId.

awsDefaultRegion

yesAWS S3 region, for example "us-east-1"


It is also possible to get this variables from the environment settings: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION.


Authenticated Health Check


The health object defines the credentials to access the authenticated health check service.

FieldRequiredDescriptionDefault

user

yesUser to access health check service.health

password

yesPassword to access health check service.health

Sample configuration


Following is the content of the "debbie.json" demo configuration file included in with the validation service distribution.


Sample Debbie demo configuration file
{
  "server": {
    "license": "20191024050858:dW5pdmVyc2FsPVo.............RA==",
    "ip": "127.0.0.1",
    "port": 8080,
    "protocol": "http",
    "minThreadPool": 10,
    "maxThreadPool": 30,
    "timeout": 5000
  },
  "debbie": {
    "cacheDir": "cache/",
    "policyDir": "policies/",
    "documentRepositoryDir": "/app/repository",
    "urlMaxRedirects": 1,
    "crlConnectionTimeout": 2000,
    "crlReadTimeout": 5000,
    "ocspConnectionTimeout": 2000,
    "ocspReadTimeout": 5000
  }
}


According to this configuration, the validation service is available at "http://localhost:8080". The policy configuration files can be found in "config/policies/".


  • No labels