From ff47866920e7c51a824f6e98c40d8fd4ca380940 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Fri, 4 Oct 2019 14:25:59 +0200 Subject: Update readme.md - Put SSL client auth guide into separate file. - Add download link to apps.egiz.gv.at/releases. - Put note that cluster mode is not ready. --- docs/howto-ssl-client-auth-with-apache.md | 26 +++++++++++++++++++++ readme.md | 37 +++++------------------------- src/test/resources/config/application.yaml | 1 + 3 files changed, 33 insertions(+), 31 deletions(-) create mode 100644 docs/howto-ssl-client-auth-with-apache.md diff --git a/docs/howto-ssl-client-auth-with-apache.md b/docs/howto-ssl-client-auth-with-apache.md new file mode 100644 index 0000000..44999f7 --- /dev/null +++ b/docs/howto-ssl-client-auth-with-apache.md @@ -0,0 +1,26 @@ + ZS - How To Set Up SSL inc. Client Authentication with Apache 2 + +Some integration tests require SSL protection of the service endpoint with SSL Client Authentication. +Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on . + +1. Install Apache 2. +1. Ensure that mod-proxy is installed and enabled. +1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`: + + ProxyRequests off + ProxyPass /zusemsg/ http://localhost:8081/ + ProxyPassReverse /zusemsg/ http://localhost:8081/ + + Order allow,deny + allow from all + + +1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`: + + SSLCertificateFile /server.localhost.cert.pem + SSLCertificateKeyFile /server.localhost.key.pem + SSLCertificateChainFile /ca-chain.cert.pem + +1. Trust the client certificate with the following directive in `default-ssl-conf`: + + SSLCACertificateFile /trusted-cas-bundle.pem diff --git a/readme.md b/readme.md index 7a7694f..47852b0 100644 --- a/readme.md +++ b/readme.md @@ -32,36 +32,7 @@ Command: Note that some integration tests (prefix `ITSSL`) rely on a TLS connection and Client Authentication. -The following guide explains how to set up TLS and Client Authentication with Apache 2. - -#### Quick Guide: Set Up SSL (inc. Client Authentication) in Apache 2. - -This guide is only needed for running all tests. -Some tests require SSL protection of the service endpoint with SSL Client Authentication. -Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on . - -1. Install Apache 2. -1. Ensure that mod-proxy is installed and enabled. -1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`: - - ProxyRequests off - ProxyPass /zusemsg/ http://localhost:8081/ - ProxyPassReverse /zusemsg/ http://localhost:8081/ - - Order allow,deny - allow from all - - -1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`: - - SSLCertificateFile /server.localhost.cert.pem - SSLCertificateKeyFile /server.localhost.key.pem - SSLCertificateChainFile /ca-chain.cert.pem - -1. Trust the client certificate with the following directive in `default-ssl-conf`: - - SSLCACertificateFile /trusted-cas-bundle.pem - +[This guide](docs/howto-ssl-client-auth-with-apache.md) explains how to set up TLS and Client Authentication with Apache 2. ### Package to .war @@ -71,9 +42,13 @@ The application can be packaged to a web application archive by running the foll Find the war file in the `target/` folder. +## Download + +You can download a ready-to-deploy web application archive (`.war`) of MOA ZS from . + ## Deployment -After packaging the application to a `war` file, the application can be deployed into a servlet container or as a standalone application. +After obtaining the `war` file, MOA ZS needs to be configured and can then be deployed into a servlet container or as a standalone application. ### Configuration diff --git a/src/test/resources/config/application.yaml b/src/test/resources/config/application.yaml index a32d14d..b6f8ef8 100644 --- a/src/test/resources/config/application.yaml +++ b/src/test/resources/config/application.yaml @@ -206,6 +206,7 @@ repository: expiresAfterWrite: 30 # Redis Setup (Cluster Mode) +# Note: Cluster Mode is not operational in the current release. spring: redis: host: 172.17.0.2 -- cgit v1.2.3