Install Security Proxy

Install images

Onegini provides two ways of installing the Docker images of the Security Proxy.

Docker Index

The first and preferred way is to use the Onegini Index. This is the Docker container repository of Onegini.

You must login via the Docker client with your login credentials before you can download the images:

docker login https://release.onegini.com

Then pull the latest images:

docker pull release.onegini.com/<customer-name>/token-server-<customer-name>:<version>

NOTE: If you did not receive login credentials, please contact Onegini support.

Import from tar

The second way is to import the Docker image from a tarball. Use this option when the Docker host cannot connect to the internet.

docker load < /path/to/token-server-<customer-name>-<version>.tar

Show images

Verify that the Docker images are loaded:

docker images

Configure Docker compose

Create a file docker-compose.yml or add the Security Proxy to an existing Docker compose file.

Example Docker compose file with configuration for the Security Proxy, the network and Consul:

version: "2"
services:
  security-proxy:
    image: release.onegini.com/onegini/security-proxy:<SECURITY_PROXY_VERSION>
    mem_limit: 512mb
    user: onegini
    restart: always
    environment:
      - HOST_IP=10.100.10.1

      # Java options
      - JAVA_OPTS=-Xmx512m -Xms256m

      # Enabled properties provisioning
      - SECURITY_PROXY_PROVISIONING_ENABLED=true

      # Discovery backend
      - CONSUL_HTTP_ADDR=192.168.100.7:8500

      # Security Proxy propery encrytion password
      - SECURITY_PROXY_COMMON_PROPERTY_ENCRYPTION_PASSWORD=887f0d9a563b56b25fb3877ac1ecf897

      # Security Proxy backends
      - SECURITY_PROXY_BACK_END_TOKEN_SERVER_HOSTS=10.100.10.1:8081
      - SECURITY_PROXY_BACK_END_RESOURCE_GATEWAY_HOSTS=10.100.10.1:8082
      - SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID=18716FD0808E72E2180327E24467EA38146456479ABC9E2DA99A5F49B193392B
      - SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET=527EF9E6637AF54C253220F39CF797729786E9CEAFE78BD23E748949A902E800

      # Cache
      - SECURITY_PROXY_CACHE_ENCRYPTION_PASSWORD=39mDvjEezgZZ6bgHy3jTG25K

      - SECURITY_PROXY_REDIS_SENTINEL_NODES=192.168.100.10:26379,192.168.100.11:26379,192.168.100.12:26379
      - SECURITY_PROXY_REDIS_SENTINEL_MASTER_ID=mymaster
    depends_on:
      - consul
      - redis-master-sentinel
    networks:
      - sp_network
    ports:
      - 8080:8080

  consul:
    image: consul:latest
    ports:
      - 8500
    networks:
      overlay:
        ipv4_address: 192.168.100.7

  redis-master:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_PORT=6379
      - REDIS_ANNOUNCE_IP=192.168.100.8
      - REDIS_ANNOUNCE_PORT=6379
    networks:
      overlay:
        ipv4_address: 192.168.100.8

  redis-slave:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_PORT=6379
      - REDIS_ANNOUNCE_IP=192.168.100.9
      - REDIS_ANNOUNCE_PORT=6379
      - REDIS_SLAVE=True
      - REDIS_SLAVEOF_IP=192.168.100.8
      - REDIS_SLAVEOF_PORT=6379
    depends_on:
      - redis-master
    networks:
      sp_network
        ipv4_address: 192.168.100.9

  redis-master-sentinel:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.10
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.100.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master
    networks:
      sp_network
        ipv4_address: 192.168.100.10

  redis-slave-sentinel:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.0.11
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.0.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master-sentinel
    networks:
      sp_network
        ipv4_address: 192.168.100.11

  redis-slave-sentinel-failover:
    image: release.onegini.com/onegini/redis:1.0.0
    user: onegini
    environment:
      - REDIS_SENTINEL=True
      - REDIS_SENTINEL_PORT=26379
      - REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.12
      - REDIS_SENTINEL_ANNOUNCE_PORT=26379
      - REDIS_SENTINEL_MASTER_IP=192.168.100.8
      - REDIS_SENTINEL_MASTER_PORT=6379
    depends_on:
      - redis-master-sentinel
    networks:
      sp_network
        ipv4_address: 192.168.100.12

networks:
  sp_network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24

Note: Replace the <SECURITY_PROXY_VERSION> with the actual version number. You can find the version numbers on the Releases page in Onegini docs.

Start the Docker

docker-compose -f docker-compose.yml up -d