Install Security Proxy
Install images
Onegini provides two ways of installing the Docker images of the Security Proxy.
Docker Index
The first and preferred way is to use the Onegini Index. This is the Docker container repository of Onegini.
You must login via the Docker client with your login credentials before you can download the images:
docker login https://release.onegini.com
Then pull the latest images:
docker pull release.onegini.com/<customer-name>/token-server-<customer-name>:<version>
NOTE: If you did not receive login credentials, please contact Onegini support.
Import from tar
The second way is to import the Docker image from a tarball. Use this option when the Docker host cannot connect to the internet.
docker load < /path/to/token-server-<customer-name>-<version>.tar
Show images
Verify that the Docker images are loaded:
docker images
Configure Docker compose
Create a file docker-compose.yml
or add the Security Proxy to an existing Docker compose file.
Example Docker compose file with configuration for the Security Proxy, the network and ETCD:
version: "2"
services:
security-proxy:
image: release.onegini.com/onegini/security-proxy:latest
mem_limit: 512mb
user: onegini
restart: always
environment:
- HOST_IP=10.100.10.1
# Java options
- JAVA_OPTS=-Xmx512m -Xms256m
# Enabled properties provisioning
- SECURITY_PROXY_PROVISIONING_ENABLED=true
# Discovery backend
- SECURITY_PROXY_DISCOVERY_BACKEND=etcd://192.168.0.11:2379/onegini
# Security Proxy propery encrytion password
- SECURITY_PROXY_COMMON_PROPERTY_ENCRYPTION_PASSWORD=887f0d9a563b56b25fb3877ac1ecf897
# Security Proxy backends
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_HOSTS=10.100.10.1:8081
- SECURITY_PROXY_BACK_END_RESOURCE_GATEWAY_HOSTS=10.100.10.1:8082
- SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID=18716FD0808E72E2180327E24467EA38146456479ABC9E2DA99A5F49B193392B
- SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET=527EF9E6637AF54C253220F39CF797729786E9CEAFE78BD23E748949A902E800
depends_on:
- discovery
networks:
- sp_network
ports:
- 8080:8080
discovery:
image: release.onegini.com/library/etcd:latest
mem_limit: 128mb
restart: always
environment:
# Service Discovery
- SERVICE_IGNORE=true
# CoreOS etcd
- ETCD_DATA_DIR=/var/lib/etcd
- ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
- ETCD_ADVERTISE_CLIENT_URLS=http://192.168.0.11:2379
volumes:
- /tmp/etcd_data:/var/lib/etcd
networks:
sp_network:
ipv4_address: 192.168.0.11
networks:
sp_network:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.0.0/24
Start the Docker
docker-compose -f docker-compose.yml up -d