Install Security Proxy
Install images
Onegini provides two ways of installing the Docker images of the Security Proxy.
Docker Index
The first and preferred way is to use the Onegini Index. This is the Docker container repository of Onegini.
You must login via the Docker client with your login credentials before you can download the images:
docker login https://release.onegini.com
Then pull the latest images:
docker pull release.onegini.com/<customer-name>/token-server-<customer-name>:<version>
NOTE: If you did not receive login credentials, please contact Onegini support.
Import from tar
The second way is to import the Docker image from a tarball. Use this option when the Docker host cannot connect to the internet.
docker load < /path/to/token-server-<customer-name>-<version>.tar
Show images
Verify that the Docker images are loaded:
docker images
Configure Docker compose
Create a file docker-compose.yml
or add the Security Proxy to an existing Docker compose file.
Example Docker compose file with configuration for the Security Proxy, the network and Consul:
version: "2"
services:
security-proxy:
image: release.onegini.com/onegini/security-proxy:<SECURITY_PROXY_VERSION>
mem_limit: 512mb
user: onegini
restart: always
environment:
- HOST_IP=10.100.10.1
# Java options
- JAVA_OPTS=-Xmx512m -Xms256m
# Enabled properties provisioning
- SECURITY_PROXY_PROVISIONING_ENABLED=true
# Discovery backend
- CONSUL_HTTP_ADDR=192.168.100.7:8500
# Security Proxy propery encrytion password
- SECURITY_PROXY_COMMON_PROPERTY_ENCRYPTION_PASSWORD=887f0d9a563b56b25fb3877ac1ecf897
# Security Proxy backends
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_HOSTS=10.100.10.1:8081
- SECURITY_PROXY_BACK_END_RESOURCE_GATEWAY_HOSTS=10.100.10.1:8082
- SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID=18716FD0808E72E2180327E24467EA38146456479ABC9E2DA99A5F49B193392B
- SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET=527EF9E6637AF54C253220F39CF797729786E9CEAFE78BD23E748949A902E800
# Cache
- SECURITY_PROXY_CACHE_ENCRYPTION_PASSWORD=39mDvjEezgZZ6bgHy3jTG25K
- SECURITY_PROXY_REDIS_SENTINEL_NODES=192.168.100.10:26379,192.168.100.11:26379,192.168.100.12:26379
- SECURITY_PROXY_REDIS_SENTINEL_MASTER_ID=mymaster
depends_on:
- consul
- redis-master-sentinel
networks:
- sp_network
ports:
- 8080:8080
consul:
image: consul:latest
ports:
- 8500
networks:
overlay:
ipv4_address: 192.168.100.7
redis-master:
image: release.onegini.com/onegini/redis:1.0.0
user: onegini
environment:
- REDIS_PORT=6379
- REDIS_ANNOUNCE_IP=192.168.100.8
- REDIS_ANNOUNCE_PORT=6379
networks:
overlay:
ipv4_address: 192.168.100.8
redis-slave:
image: release.onegini.com/onegini/redis:1.0.0
user: onegini
environment:
- REDIS_PORT=6379
- REDIS_ANNOUNCE_IP=192.168.100.9
- REDIS_ANNOUNCE_PORT=6379
- REDIS_SLAVE=True
- REDIS_SLAVEOF_IP=192.168.100.8
- REDIS_SLAVEOF_PORT=6379
depends_on:
- redis-master
networks:
sp_network
ipv4_address: 192.168.100.9
redis-master-sentinel:
image: release.onegini.com/onegini/redis:1.0.0
user: onegini
environment:
- REDIS_SENTINEL=True
- REDIS_SENTINEL_PORT=26379
- REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.10
- REDIS_SENTINEL_ANNOUNCE_PORT=26379
- REDIS_SENTINEL_MASTER_IP=192.168.100.8
- REDIS_SENTINEL_MASTER_PORT=6379
depends_on:
- redis-master
networks:
sp_network
ipv4_address: 192.168.100.10
redis-slave-sentinel:
image: release.onegini.com/onegini/redis:1.0.0
user: onegini
environment:
- REDIS_SENTINEL=True
- REDIS_SENTINEL_PORT=26379
- REDIS_SENTINEL_ANNOUNCE_IP=192.168.0.11
- REDIS_SENTINEL_ANNOUNCE_PORT=26379
- REDIS_SENTINEL_MASTER_IP=192.168.0.8
- REDIS_SENTINEL_MASTER_PORT=6379
depends_on:
- redis-master-sentinel
networks:
sp_network
ipv4_address: 192.168.100.11
redis-slave-sentinel-failover:
image: release.onegini.com/onegini/redis:1.0.0
user: onegini
environment:
- REDIS_SENTINEL=True
- REDIS_SENTINEL_PORT=26379
- REDIS_SENTINEL_ANNOUNCE_IP=192.168.100.12
- REDIS_SENTINEL_ANNOUNCE_PORT=26379
- REDIS_SENTINEL_MASTER_IP=192.168.100.8
- REDIS_SENTINEL_MASTER_PORT=6379
depends_on:
- redis-master-sentinel
networks:
sp_network
ipv4_address: 192.168.100.12
networks:
sp_network:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.100.0/24
Note: Replace the
<SECURITY_PROXY_VERSION>
with the actual version number. You can find the version numbers on the Releases page in Onegini docs.
Start the Docker
docker-compose -f docker-compose.yml up -d