# Installing Soffid using Docker Compose # Installing Soffid ## Prerequisites - Docker compose - 8GB RAM - > 10GB disk space (50GB recomended) ## Installation ##### docker-compose.yaml / compose.yaml ```YAML services: mariadb: image: mariadb:11.4 environment: MYSQL_ROOT_PASSWORD: XXXX MYSQL_DATABASE: soffid MYSQL_USER: soffid MYSQL_PASSWORD: YYYY healthcheck: test: "/usr/bin/mariadb --user=root --password=XXXXX --execute \"SHOW DATABASES;\"" interval: 2s timeout: 20s retries: 10 command: --max_allowed_packet=128M --innodb_log_file_size=256M --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci ports: - "3306:3306" networks: - network volumes: - mariadb_data:/var/lib/mysql console: image: europe-docker.pkg.dev/soffid-docker-images/private/iam-console:4.0.0 environment: DB_URL: jdbc:mariadb://mariadb/soffid DB_USER: soffid DB_PASSWORD: YYYY JAVA_OPT: -Xmx4096m ports: - 8080:8080 networks: - network healthcheck: test: bash -c "(echo 'GET /soffid/anonymous/logo.svg HTTP/1.1' >&0; echo >&0; cat >&2;) <> /dev/tcp/localhost/8080" interval: 10s timeout: 20s retries: 10 start_period: 40s volumes: - console_trust:/opt/soffid/iam-console-4/trustedcerts - console_conf:/opt/soffid/iam-console-4/conf - console_index:/opt/soffid/iam-console-4/index depends_on: mariadb: condition: service_started syncserver: image: europe-docker.pkg.dev/soffid-docker-images/private/iam-sync:4.0.0 hostname: syncserver environment: SOFFID_PORT: 1760 SOFFID_HOSTNAME: syncserver.network SOFFID_MAIN: yes DB_URL: jdbc:mysql://mariadb/soffid DB_USER: soffid DB_PASSWORD: YYYY networks: - network volumes: - sync_conf:/opt/soffid/iam-sync/conf depends_on: mariadb: condition: service_started networks: network: name: network driver: bridge volumes: mariadb_data: name: soffid4_mariadbdata console_trust: name: soffid4_console_trustedcerts console_conf: name: soffid4_console_conf console_index: name: soffid4_console_index sync_conf: name: soffid4_sync_conf ``` ##### Ubuntu commands Bear in mind, that the name of the YAML file must be **docker-compose.yaml** And you must execute the docker compose action inside the folder where this file is located. ```shell cd /.../.../soffid ``` Apply the YAML: ```shell sudo docker compose up -d ``` [![image-1699860896041.png](https://bookstack.soffid.com/uploads/images/gallery/2023-11/scaled-1680-/image-1699860896041.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-11/image-1699860896041.png) Check containers ```shell sudo docker compose ps ``` View the console log ```shell sudo docker compose logs -f console ``` View the Sync Server log ```shell sudo docker compose logs -f sync-server ```

When the console is created, the password for the user *admin* will be *changeit* and it will be valid for 24 hours.

Now you can connect to Soffid Console [http://localhost:8080/soffid](http://localhost:8080/soffid) The first thing you must do is to change the **admin** user password **changeit**.

## Upgrade You can update the version in the yaml file ```shell docker compose up -d ``` # How to make a Mariadb Backup? You can perform Mariadb backup by executing the following command: ```shell sudo docker exec -i MARIADB_CONTAINER_NAME mariadb-dump -u root -p soffid01 | gzip > /some/path/on/your/host/soffid01.dump.gz ``` This action requires the root password. You can use: - `--max-allowed-packet=512M`: sets the maximum packet size to 512MB to handle large databases. - `--skip-add-locks` and `--skip-lock-tables`: these options are used to improve performance by skipping certain locking mechanisms. ##### Example [![image-1704804469717.png](https://bookstack.soffid.com/uploads/images/gallery/2024-01/scaled-1680-/image-1704804469717.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-01/image-1704804469717.png) # Installing Soffid with Reverse Proxy ## Prerequisites - Docker compose - 8GB RAM - > 10GB disk space (50GB) ## Installation #### Certificates 1\. Generate an RSA private key ```shell sudo openssl genrsa -out reverse_proxy.key 2048 ``` 2\. Generate a Certificate Signing Request (CSR) ```shell sudo openssl req -new -key reverse_proxy.key -out reverse_proxy.csr ``` 3\. Generate a self-signed certificate ``` sudo openssl x509 -req -days 10000 -in reverse_proxy.csr -signkey reverse_proxy.key -out reverse_proxy.crt ``` #### .pem Generate, if it is necessary, a file .pem with the root and intermediate certificates - [client.pem](https://bookstack.soffid.com/attachments/181) #### Configure nginx: reverse\_proxy.conf ```YAML # re-route everything to console server { client_max_body_size 100M; listen 8080; server_name console; error_page 497 http://$host:80$request_uri; location /soffid { proxy_pass http://compose-console:8080/soffid; } } # Sync Server server { listen 443 ssl; server_name sync-server; error_page 497 http://$host:80$request_uri; ssl_certificate /etc/nginx/cert/reverse_proxy.crt; ssl_certificate_key /etc/nginx/cert/reverse_proxy.key; ssl_client_certificate /etc/ssl/client.pem; ssl_verify_client optional_no_ca; ssl_verify_depth 2; location / { proxy_set_header X-SSL-CERT $ssl_client_escaped_cert; proxy_set_header Host $host; proxy_pass https://sync-server.netcompose:1443/; } } ``` #### docker-compose.yaml ```YAML version: '2' services: mariadb: image: mariadb:11.1.2 environment: MYSQL_ROOT_PASSWORD: XXXX MYSQL_DATABASE: soffid01 MYSQL_USER: admin MYSQL_PASSWORD: XXXX healthcheck: test: "/usr/bin/mariadb --user=root --password=XXXX --execute \"SHOW DATABASES;\"" interval: 2s timeout: 20s retries: 10 command: --max_allowed_packet=128M networks: - network volumes: - mariadb_data:/var/lib/mysql console: image: soffid/iam-console:4.0.0-beta-8 environment: DB_URL: jdbc:mariadb://mariadb/soffid01 DB_USER: root DB_PASSWORD: XXXX networks: - network ports: - "8080" volumes: - console_trust:/opt/soffid/iam-console-4/trustedcerts depends_on: mariadb: condition: service_healthy sync-server: image: soffid/iam-sync:4.0.0-beta-2 hostname: sync-server environment: SOFFID_PORT: 1760 SOFFID_HOSTNAME: sync-server.netcompose SOFFID_MAIN: yes DB_URL: jdbc:mysql://mariadb/soffid01 DB_USER: root DB_PASSWORD: XXXX networks: - network volumes: - sync_conf:/opt/soffid/iam-sync/conf ports: - "1443" depends_on: mariadb: condition: service_healthy nginx: image: nginx:1.25.3 container_name: compose-nginx volumes: - /YOUR FOLDER/proxy-inverso/nginx/conf/reverse_proxy.conf:/etc/nginx/conf.d/default.conf - /YOUR FOLDER/proxy-inverso/nginx/cert/reverse_proxy.pem:/etc/nginx/cert/reverse_proxy.pem - /YOUR FOLDER/proxy-inverso/nginx/cert/reverse_proxy.key:/etc/nginx/cert/reverse_proxy.key - /YOUR FOLDER/proxy-inverso/nginx/cert/reverse_proxy.crt:/etc/nginx/cert/reverse_proxy.crt - /YOUR FOLDER/proxy-inverso/nginx/ssl/client.pem:/etc/ssl/client.pem ports: - 8080:8080 - 443:443 links: - console - sync-server networks: - network networks: network: name: netcompose driver: bridge volumes: mariadb_data: name: compose-mariadbdata console_trust: name: compose_console_trustedcerts sync_conf: name: compose_sync_conf ``` #### Ubuntu commands Bear in mind, that the name of the YAML file must be **docker-compose.yaml** And you must execute the docker compose action inside the folder where this file is located. ```shell cd /.../.../soffid ``` Apply the YAML: ```shell docker compose up -d ``` [![image-1699860896041.png](https://bookstack.soffid.com/uploads/images/gallery/2023-11/scaled-1680-/image-1699860896041.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-11/image-1699860896041.png) Check containers ```shell docker compose ps ``` View the console log ```shell docker compose logs -f console ``` View the Sync Server log ```shell docker compose logs -f sync-server ```

When the console is created, the password for the user *admin* will be *changeit* and it will be **valid for 24 hours**.

Now you can connect to Soffid Console [http://localhost:8080/soffid](http://localhost:8080/soffid) The first thing you must do is to change the admin user password.

## Upgrade You can update the version in the .yaml file ```shell docker compose up -d ```