Hauptmenü öffnen
Wiki - Heidler Strichcode GmbH

IRIS installation (Docker): Unterschied zwischen den Versionen
 
(6 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 25: Zeile 25:
  
  
== First installation ==
+
== Initial setup ==
  
 
=== Download / copy IRIS ===
 
=== Download / copy IRIS ===
Zeile 38: Zeile 38:
 
  wget <downloadlink>
 
  wget <downloadlink>
  
=== load IRIS Docker image ===
+
=== Load IRIS Docker image ===
 
  docker load -i iris-1.X.X.tar.gz
 
  docker load -i iris-1.X.X.tar.gz
  
=== prepare volumes and networks ===
+
=== Prepare volumes and networks ===
 
  docker volume create hsc-db
 
  docker volume create hsc-db
  
 
  docker volume create hsc-config
 
  docker volume create hsc-config
  
  docker network create hsc-network
+
=== Create container from image ===
 +
  docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X
  
=== create container from image ===
+
=== Start container ===
docker create --name iris --network bridge --hostname iris --publish 127.0.0.1:8080:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X
 
 
 
=== connect network ===
 
docker network connect hsc-network iris
 
 
 
=== start container ===
 
 
  docker start iris
 
  docker start iris
  
=== check container logs ===
+
=== Check container logs ===
 
  docker logs iris
 
  docker logs iris
 
An entry should be displayed in the logs that sounds similar to:<syntaxhighlight lang="text" line="1" start="1">
 
An entry should be displayed in the logs that sounds similar to:<syntaxhighlight lang="text" line="1" start="1">
Zeile 68: Zeile 63:
 
If this entry does not appear, wait a moment und execute the command "docker logs iris" again.
 
If this entry does not appear, wait a moment und execute the command "docker logs iris" again.
  
=== configure reverse proxy ===
+
=== Option 1: Configure your own SSL certificate ===
There already has to be a configured reverse proxy with HTTPS set up.
+
By default, the docker container will publish a HTTPS server with a self signed certificate.
  
Therefore, we can recommend the ssl-config generator from Mozilla: https://ssl-config.mozilla.org/
+
This must be replaced by a public certificate from a recognized certificate authority.
  
 +
You will need the following files:
 +
{| class="wikitable"
 +
|+
 +
!File
 +
!Format
 +
!Encoding
 +
!Description
 +
|-
 +
|ca.pem
 +
|X.509
 +
|PEM
 +
|The certificate of the recognized certifcate authoriuty
 +
|-
 +
|server-cert.pem
 +
|X.509
 +
|PEM
 +
|The issued certificate for your server
 +
|-
 +
|server-privatekey-pkcs8.pem
 +
|PKCS#8
 +
|PEM
 +
|The private key for your server
 +
|}
  
  
Please check before the configuration of the connection nginx -> iris, if a valid HTTPS connection can be established with a static site.
+
Please place the files under the above mentioned filename into the following folder, as seen by the container:
  
 +
/etc/heidler/ssl/public
  
After that, you can change the "location /" entry under nginx like following.<blockquote> <code>   location / {</code>
+
This folder is being provided by the docker volume "hsc-config".
  
  <code>       proxy_pass      <nowiki>https://localhost:8080</nowiki>;</code>
+
To find out which folder on the host machine this folder belongs to, you can use the following command:
 +
  docker volume inspect hsc-config
 +
The parameter "Mountpoint" contains the local path.
  
<code>       proxy_read_timeout               300;</code>
+
Example:
  
<code>       proxy_connect_timeout            300;</code>
+
"Mountpoint": "/var/lib/docker/volumes/hsc-config/_data"
  
<code>       proxy_set_header                 X-Real-IP                                       $remote_addr;</code>
+
This would be the path where the files should be placed:
  
<code>       proxy_set_header                 X-Forwarded-For                                 $proxy_add_x_forwarded_for;</code>
+
/var/lib/docker/volumes/hsc-config/_data/ssl/public
  
<code>       proxy_set_header                 Host                                            $host;</code>
+
=== Option 2: Generate a certificate using Let's Encrypt™ ===
 +
Note: Using this option means that you accept the terms of service for Let's Encrypt. The TOS can be reviewed here: https://letsencrypt.org/repository/
  
<code>       proxy_ssl_verify                 off;</code>
+
The public HTTPS certificate will be requested using certbot: https://certbot.eff.org/
  
<code>   }</code></blockquote>
 
  
 +
To use this service, simply add two environment variables when creating the docker container:
 +
--env LETSENCRYPT=<your public domain> --env LETSENCRYPTEMAIL=<your email address to receive notifications about this certificate>
 +
Full example:
 +
docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --env LETSENCRYPT=iris.yourcompany.com --env LETSENCRYPTEMAIL=it@yourcompany.com --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X
 +
You should of course replace the values in this example according to your domain and email address.
  
 
== Updates ==
 
== Updates ==
  
=== Herunterladen / Kopieren von IRIS ===
+
=== Download / copy IRIS ===
Sie erhalten den Downloadlink für IRIS von unserem Support
+
You receive a download link for IRIS from our support.
  
  
Zum Hochladen des Container-Images können Sie die Datei per scp in das Home-Verzeichnis des Docker-Hosts hochladen:
+
To upload the container-image, you can upload the file via scp into the home directory of the Docker-host:
  scp iris-1.X.X.tar.gz <Benutzername>@<Servername>:~/
+
  scp iris-1.X.X.tar.gz <username>@<servername>:~/
  
  
Alternativ direkt über den Downloadlink auf der Maschine herunterladen:
+
Alternatively, donwloading directlyon the machine via download link:
  wget <Downloadlink>
+
  wget <downloadlink>
  
=== Docker Image laden ===
+
=== Load IRIS Docker image ===
 
  docker load -i iris-1.X.X.tar.gz
 
  docker load -i iris-1.X.X.tar.gz
  
=== IRIS stoppen ===
+
=== Stop IRIS ===
Achtung: Ab hier ist IRIS für ca. 1 Minute nicht erreichbar
+
Note: After this, IRIS is unavailable for approx. 1 minute
 
  docker stop iris
 
  docker stop iris
  
=== IRIS Container löschen ===
+
=== Delete IRIS container ===
 
  docker rm iris
 
  docker rm iris
  
=== Neuen IRIS Container mit neuer Version erstellen ===
+
=== Create new IRIS container with new version ===
  docker create --name iris --network bridge --hostname iris --publish 127.0.0.1:8080:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X
+
  docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X
 
 
=== Netzwerk verbinden ===
 
docker network connect hsc-network iris
 
  
=== Container starten ===
+
=== Start container ===
 
  docker start iris
 
  docker start iris
  
=== Altes Container-Image entfernen ===
+
=== Remove old container image ===
Achtung! Im folgenden Befehl die Version 1.X.X durch die vorherige (nicht aktuelle) Version von IRIS ersetzen
+
Note! Replace in the following command, version 1.X.X with previous (not current) version of IRIS
 
  docker image rm iris:1.X.X
 
  docker image rm iris:1.X.X

Aktuelle Version vom 26. April 2023, 14:53 Uhr

Information

IRIS version

In the following text, you can find many commands that contain the current version of IRIS.

Please replace the version with the latest version of IRIS.


Example: 

docker load -i iris-1.X.X.tar.gz

to 

docker load -i iris-1.0.8.tar.gz

or rather the latest version

Docker on Linux

Following description applies to the installation of Docker on Linux.

For other operating systems, the commands or steps must be changed accordingly.

Usually, Linux admin-rights are necessary for Docker-installations.

The most commands therefore require a "sudo" in front or have to be executed as a root user.


Initial setup

Download / copy IRIS

You receive a download link for IRIS from our support.


To upload the container-image, you can upload the file via scp into the home directory of the Docker-host: 

scp iris-1.X.X.tar.gz <username>@<servername>:~/


Alternatively, donwloading directlyon the machine via download link: 

wget <downloadlink>

Load IRIS Docker image

docker load -i iris-1.X.X.tar.gz

Prepare volumes and networks

docker volume create hsc-db

docker volume create hsc-config

Create container from image

docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X

Start container

docker start iris

Check container logs

docker logs iris

An entry should be displayed in the logs that sounds similar to:

2023-02-08 17:22:38.926 -08 WARN  [main] (init.ServiceInitializer:166) - A new user has been created.:
Username: root@localhost
Password: P6oV-GK3GYsdnn_5usDg1tBmn00
Please login with this user and change your password immediately!

Please note this username + password immediately.

If this entry does not appear, wait a moment und execute the command "docker logs iris" again.

Option 1: Configure your own SSL certificate

By default, the docker container will publish a HTTPS server with a self signed certificate.

This must be replaced by a public certificate from a recognized certificate authority.

You will need the following files:

File Format Encoding Description
ca.pem X.509 PEM The certificate of the recognized certifcate authoriuty
server-cert.pem X.509 PEM The issued certificate for your server
server-privatekey-pkcs8.pem PKCS#8 PEM The private key for your server


Please place the files under the above mentioned filename into the following folder, as seen by the container:

/etc/heidler/ssl/public

This folder is being provided by the docker volume "hsc-config".

To find out which folder on the host machine this folder belongs to, you can use the following command: 

docker volume inspect hsc-config

The parameter "Mountpoint" contains the local path.

Example:

"Mountpoint": "/var/lib/docker/volumes/hsc-config/_data"

This would be the path where the files should be placed:

/var/lib/docker/volumes/hsc-config/_data/ssl/public

Option 2: Generate a certificate using Let's Encrypt™

Note: Using this option means that you accept the terms of service for Let's Encrypt. The TOS can be reviewed here: https://letsencrypt.org/repository/

The public HTTPS certificate will be requested using certbot: https://certbot.eff.org/


To use this service, simply add two environment variables when creating the docker container: 

--env LETSENCRYPT=<your public domain> --env LETSENCRYPTEMAIL=<your email address to receive notifications about this certificate>

Full example: 

docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --env LETSENCRYPT=iris.yourcompany.com --env LETSENCRYPTEMAIL=it@yourcompany.com --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X

You should of course replace the values in this example according to your domain and email address.

Updates

Download / copy IRIS

You receive a download link for IRIS from our support.


To upload the container-image, you can upload the file via scp into the home directory of the Docker-host: 

scp iris-1.X.X.tar.gz <username>@<servername>:~/


Alternatively, donwloading directlyon the machine via download link: 

wget <downloadlink>

Load IRIS Docker image

docker load -i iris-1.X.X.tar.gz

Stop IRIS

Note: After this, IRIS is unavailable for approx. 1 minute 

docker stop iris

Delete IRIS container

docker rm iris

Create new IRIS container with new version

docker create --name iris --hostname iris --network bridge --publish 80:80 --publish 443:443 --volume hsc-db:/var/lib/mysql --volume hsc-config:/etc/heidler --restart unless-stopped iris:1.X.X

Start container

docker start iris

Remove old container image

Note! Replace in the following command, version 1.X.X with previous (not current) version of IRIS 

docker image rm iris:1.X.X
Abgerufen von „https://wiki.heidler-strichcode.de/w/index.php?title=IRIS_installation_(Docker)&oldid=5033