|
1 | 1 | # Setup |
2 | | -Prerequisites: A MongoDB instance (tested with MongoDB v4). |
3 | 2 |
|
4 | | -Please refer to the [docker-compose.yml](https://github.com/virtualzone/jwt-auth-proxy/blob/master/example/docker-compose.yml) example on how to use the pre-build Docker image. |
| 3 | +## Prerequisites |
| 4 | +* A MongoDB instance (tested with MongoDB v4) |
| 5 | +* A TLS key and certificate for providing mTLS encryption for the backend REST API (see below) |
| 6 | +* Docker Engine (recommended) |
5 | 7 |
|
6 | | -The server requires a key and a certificate for providing mTLS encryption for the backend REST API. |
| 8 | +## Generating Certificates |
| 9 | +By default, the server will create a CA and generate keys and certificates for both server and client on startup (see ```BACKEND_GENERATE_CERT``` [configuration option](config.md)). |
7 | 10 |
|
8 | | -You can generate the server's and clients' keys and certificates manually using OpenSSL. By default, the server will create a CA and generate keys and certificates for both server and client on startup (see BACKEND_GENERATE_CERT environment variable). |
| 11 | +Alternatively, you can generate the server's and clients' keys and certificates manually using OpenSSL: |
| 12 | + |
| 13 | +``` |
| 14 | +# Generate CA Key & Certificate |
| 15 | +openssl genrsa -out certs/ca.key 4096 |
| 16 | +openssl req -new -x509 -sha256 -key certs/ca.key -out certs/ca.crt -days 3650 |
| 17 | +
|
| 18 | +# Generate Server Key, CSR & sign with CA |
| 19 | +openssl genrsa -out certs/server.key 4096 |
| 20 | +openssl req -new -key certs/server.key -out certs/server.csr |
| 21 | +openssl x509 -req -in certs/server.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/server.crt |
| 22 | +
|
| 23 | +# Generate Application/Client Key, CSR & sign with CA |
| 24 | +openssl genrsa -out certs/client.key 4096 |
| 25 | +openssl req -new -key certs/client.key -out certs/client.csr |
| 26 | +openssl x509 -req -in certs/client.csr -CA certs/ca.crt -CAkey certs/ca.key -out certs/client.crt |
| 27 | +``` |
| 28 | + |
| 29 | +The key and certificate must be stored in the directory specified by the ```BACKEND_CERT_DIR``` option, which is ```./certs/``` if not set (see [Configuration](config.md)). Please use these filenames: |
| 30 | + |
| 31 | +* CA Certificate: ```ca.crt``` |
| 32 | +* Server Certificate: ```server.crt``` |
| 33 | +* Server Key: ```server.key``` |
| 34 | + |
| 35 | +## Running in Docker |
| 36 | +It's recommended to use the pre-built Docker images to run JWT Auth Proxy. The images are built automatically with each new version and pushed to the Docker Hub. They are multi-arch, thus the correct image for your architecture will be used automatically (AMD64, ARM v6, ARM v7 and ARM64 v8). |
| 37 | + |
| 38 | +You can use JWT Auth Proxy without Compose or Kubernetes, but these make it easier to orchestrate JWT Auth Proxy with your frontend, backend and the MongoDB. |
| 39 | + |
| 40 | +Use the following command to run the image and set the [configuration options](config.md) accordingly: |
| 41 | + |
| 42 | +``` |
| 43 | +docker run -d \ |
| 44 | + -e "JWT_SIGNING_KEY=<Your JWT Signing Key>" \ |
| 45 | + -e "MONGO_DB_URL=mongodb://localhost:27017" \ |
| 46 | + -e "PROXY_TARGET=http://localhost:8090" \ |
| 47 | + -e "SMTP_SERVER=localhost:25" \ |
| 48 | + -v ${PWD}/certs:/app/certs \ |
| 49 | + -p 8080:8080 \ |
| 50 | + -p 8443:8443 \ |
| 51 | + virtualzone/jwt-auth-proxy |
| 52 | +``` |
| 53 | + |
| 54 | +## Running in Docker Compose |
| 55 | +Please refer to the [docker-compose.yml](https://github.com/virtualzone/jwt-auth-proxy/blob/master/example/docker-compose.yml) example on how to use the pre-build Docker image with Docker Compose. |
| 56 | + |
| 57 | +## Running in Kubernetes |
| 58 | +You can run JWT Auth Proxy in Kubernetes. Currently, there is no Helm Chart available, this may change in the future. In the meanwhile, please set up JWT Auth Proxy as a Pod manually by using the pre-build Docker image ```virtualzone/jwt-auth-proxy```. |
0 commit comments