Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

Complete the following steps to download and install Alison Wizard image into your server.

After this process, you'll have a docker instance published locally. You can publish it's interface behind your local reverse proxy or balancer. This configuration is out of the scope of this guide.

Download image



CertiSur distributes Alison Wizard from Docker Hub (https://hub.docker.com/).

Download Docker image

In order to download the images, the user must be registered in the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Step 1- Login using a Docker Hub account


Login Docker Hub
# docker login -u <docker hub account>
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

Inform your docker hub account

You have to inform your docker hub account in order to authorize to download the package. Send an email to support@certisur.com.


Security warning

It is possible to save the user’s credentials so as to login safely following the steps on this link(https://docs.docker.com/engine/reference/commandline/login/#credentials-store).

Step 2- Pulling an image from Docker


Downloading image
# docker pull certisursa/wizard:latest

latest: Pulling from certisursa/wizard
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/wizard:latest
docker.io/certisursa/wizard:latest

Step 3- Run Alison Wizard docker image


Run Alison Wizard
# docker run -d \
-it \
-p 8080:8080 \
--name wizard \
--mount type=bind,source="$(pwd)"/config/tenants, \
      target=/opt/jboss/config/tenants \ 
      certisursa/wizard:latest

Alison Wizard default configuration

Alison Wizard docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

In case you want to modify the default configuration, go to step 5 to download a template of a different configuration. You can copy its content to your local machine and make the changes to:

  • replace the default logo with your image (clientLogo.jpg),
  • adjust the .css
  • define filters for the certificates.

At the moment of running the image, follow the instructions of Step 3 

Step 4- Test Alison wizard

Open your browser pointing to localhost:8080 (or the port defined by you) to access the URL where you published your Alison Wizard installation. You'll see the following image.

If you can see this image means that you have Alison Wizard running into your docker container.

.

Debbie

Debbie is module used to validate certificates and signatures.

Add Custom Tenant



After you have Alison Wizard running on your own container, you can add a custom tenant following the next steps:

Step 5- Download a custom example (looney)

Download the files from the following link looney-demo.tgz

Sample Configuration Directories 
├── debbie
│   ├── config
│   │   ├── certstore
│   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer
│   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer
│   │   ├── debbie.json
│   │   ├── debbielog.properties
│   │   └── policies
│   │       └── looney.policy.json
│   ├── logs
│   └── repository
├── docker-compose.yml
└── wizard
    ├── alison-sdk
    ├── logs
    └── tenants
        ├── looney
        │   ├── config
        │   │   ├── alison-config.json
        │   │   ├── authtoken-desktop.json
        │   │   └── license-desktop.json
        │   ├── images
        │   │   ├── background_world_map.png
        │   │   └── clientLogo.jpg
        │   └── stylesheets
        │       └── custom.css
        └── versiones.yml

Step 6- Define environment variables and mount external volumes

Define following variables to your docker instance:


VariableValue
ENABLED_TENANTSlooney
WIZARD_SECRET_KEY_BASE95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
BASE_INSTALLERS_PATHhttps://s3.amazonaws.com/downloads.certisur.net/installers

Configure your docker-compose file to mount the following volumes.

External directoryContainer directory
./wizard/tenants/opt/jboss/config/tenants
./wizard/logs/opt/jboss/logs

Note: ./wizard/tenants external directory is the directory included into the example tenant config file (looney-demo.tgz) that you downloaded and stored in your local computer.

Note

For more details about Alison Wizard configuration varables, see next section Wizard Configuration.

Step 7- Configure docker_compose.yml and restart the container

Use the previous variables and volume mappings to define the new configuration, in this example as a docker_compose.yml file.

docker-compose.yml
version: '3'

services:

  wizard:
    image: certisursa/wizard:latest
    environment:
      ENABLED_TENANTS: looney
      WIZARD_SECRET_KEY_BASE: 95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
      BASE_INSTALLERS_PATH: https://s3.amazonaws.com/downloads.certisur.net/installers
    volumes:
      - "./wizard/tenants:/opt/jboss/config/tenants"
      - "./wizard/logs:/opt/jboss/logs"
    ports:
      - 8082:8080


Launch the container from a shell

> docker-compose --verbose -f docker-compose.yml up -d

Open your browser pointing to localhost:8082 (or the port defined by you) to access the URL where you published your Alison Wizard installation. You'll see the following image.

If you can see this image means that you have Alison Wizard running into your docker container.

Certificate Validation

Up to here, you can change look&feel likes logos, styles, from the front-end. Your customer can download the desktop application, install it and test that is integrated to the browser.

To complete installation you can add a validation module (Debbie) to test your customer's certificates.

.


Add Validation

After you have Alison Wizard running on your own container, you can add a custom validation for your customer's certificates following the next steps:

Step 7- Download Debbie module

Debbie is a validation module 

Downloading image
# docker pull certisursa/debbie:latest

latest: Pulling from certisursa/debbie
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7....
Status: Downloaded newer image for certisursa/debbie:latest
docker.io/certisursa/debbie:latest

Step 8- Customize (looney) example and restart containers

In step 5, you download the looney example, which include a local configuration for debbie.

Extend you docker-compose.yml file to include debbie image. It should look like:


docker-compose.yml
version: '3'

services:

  debbie:
    image: certisursa/debbie:latest
    volumes:
      - "./debbie/config:/app/config"
      - "./debbie/repository:/app/repository"
      - "./debbie/logs:/app/log"
    ports:
      - 8081:8080

  wizard:
    image: certisursa/wizard:latest
    environment:
      ENABLED_TENANTS: looney
      WIZARD_SECRET_KEY_BASE: 95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
      BASE_INSTALLERS_PATH: https://s3.amazonaws.com/downloads.certisur.net/installers
  	  DEBBIE_BASE_URL: http://localhost:8081
    volumes:
      - "./wizard/tenants:/opt/jboss/config/tenants"
      - "./wizard/logs:/opt/jboss/logs"
    ports:
      - 8082:8080


Look that the following variables was added to wizard configuretion your docker compose file, pointing to the debbie services port.

VariableValue
DEBBIE_BASE_URLhttp://localhost:8081


Launch the container from a shell

> docker-compose --verbose -f docker-compose.yml up -d


To test that debbie is up and running, open your browser pointing to localhost:8081/looney/healthcheck  to access the URL where you published your Debbie installation.


More configuration

For more details about Alison Wizard configuration varables, see next section Wizard Configuration.


Conclusion




Wizard Configuration


Alison Wizard docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

Environment Variables

Configure the following variables to customize your tenants and platforms.


KeyDescriptionValue example
ENABLED_TENANTSList of enabled tenants separated by a comma.acme, looney
WIZARD_SECRET_KEY_BASE

Internal encryption key. It's a random 128 hexadecimal characters long key.

Create your own key and replace it.

95820b3cea66376d0...95820
BASE_INSTALLERS_PATHURL where Alison Desktop installers for Windows, Mac, and Linux are published. Depending on your configuration, this URL can be internal or external.https://download.yousite.com/installers.

Inside of this directory you have to create a subforder for each product version as it is described below.
DEBBIE_BASE_URLURL  where Debbie service will be listening. Debbie is used to test and validate certificates.https://debbie-site:4443

You don't need to expose this site to internet, just need to be accessed by Alison Wizard.
ENABLED_BROWSERSList of enabled browsers supported by the wizard.ie>=8,chrome,firefox,opera, edge,safari
ENABLED_PLATFORMSList of enabled platforms supported by the wizard.windows, mac, Linux

Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Source (host)Path (container)Description
/home/opera/docker/wizard/tenants/opt/jboss/config/tenantstenant configuration folder
/home/opera/docker/wizard/logs/opt/jboss/logslogs folder


Running Custom Tenant

After configuring your own tenant, launch a new docker image with the new configuration.

Run Alison Wizard
# docker run -d \
-it \
-p 8080:8080 \
--name wizard \
--mount type=bind,source="$(pwd)"/config/tenants, target=/opt/jboss/config/tenants \
-e ENABLED_TENANTS=acme \
-e BASE_INSTALLERS_PATH=https://<wizard_url>/installers \
-e DEBBIE_BASE_URL=https://<debbie_url:port>/ \
-e WIZARD_SECRET_KEY_BASE=a95820b3cea66376d06bf3...9a86f5c4b741e6e187cb7085aaee \
certisursa/wizard:latest


License

Alison Wizard comes preinstalled with a universal license valid for up to 1 year.

To obtain a full license, contact CertiSur team (support@certisur.com) and inform the domain list (from all environments: development, staging, production) where the container will be published.

CertiSur will return a definitive license covering all the domains informed with a 3 years validity.

The license file must be included in each tenant configuration folder.


Plugins

These optional components may be installed on some browsers (Firefox, Chrome, Internet Explorer) to allow a different communication between the browser and Alison Desktop.

Plugins must be enabled by domain, similar to license.

Internet Explorer 11

In the particular case of Internet Explorer, you will download an ActiveX component, that will require administrator privileges to be installed.


Tenant Configuration


Each tenant has its own configuration, and every Alison Wizard docker instance can manage one or several tenants. 

The configuration file allows defining all the behavior of the Wizard for each tenant. It is easy to make changes in the operation of the application. It requires to reload the Alison Wizard container image to apply any change made on these files.

The following files define tenant configuration and must be customized or replaces.

FileDescriptionDefault Value
alison-config.json

This is the main configuration file. It defines keystores, providers, filters, and plugins.

It also defines minimal and suggested Alison-Desktop version.


background_world_map.png
background_world_map_ie.png

Background images. It can be replaced.
custom.cssCSS style of main buttons, banner, and color. You can modify this .css file in order to reflect the font type or colors defined by your organizationACME colors
clientLogo.jpgLogo image.ACME logo
alison-license-desktop.json

This file includes a license for the enabled domains.
This file must be replaced by a definitive license file, that can extend new domains and expiration date.

1-year validity license
alison-authtoken-desktop.jsonDefines the authentication token used by Alison-Desktop to manage the session.


Create a new Tenant

The best way to create a new tenant is to copy ACME tenant configuration distributed on the last version of Docker Image, modify its name and apply changes on each related file.

Extend enabled tenants

After copying and configuring the new Tenant, the new name must be included in the ENABLED_TENANTS variable and restart the container.


Principal variables that you can modify to custom your tenant:



  • No labels