To run a Wima Docker container you have two options:
- You can build your own image using the Dockerfile we provide and then run the container from it or
- you can run the container directly from the image we provide in Docker Hub.
Both options require that you have docker installed on your machine.
You have to download the Wilma's code from GitHub and navigate to
extras/docker
directory. There, to compile your own image just run:
sudo docker build -t pep-proxy-image .
Note If you do not want to have to use
sudo
in this or in the next section follow these instructions.
This builds a new Docker image following the steps in Dockerfile
and saves it in your local Docker repository with the
name pep-proxy-image
. You can check the available images in your local repository using:
sudo docker images
Note If you want to know more about images and the building process you can find it in Docker's documentation.
Now you can run a new container from the image you have just created with:
sudo docker run -d --name pep-proxy-container \
-v [host_config_file]:/opt/fiware-pep-proxy/config.js \
-p [host_port]:[container_port] pep-proxy-image
Where the different params mean:
-d
indicates that the container runs as a daemon--name
is the name of the new container (you can use the name you want)-v
stablishes a relation between a local folder (in your host computer) and a container's folder. In this case it is used to pass to the container the configuration file that PEP Proxy needs to work.host_config_file
has to be the location of a local file with that configuration following the config template.-p
stablishes a relation between a local port and a container's port. You can use the port you want inhost_port
butcontainer_port
has to be the same that you have set inconfig.app_port
in your config file. If you have setconfig.https
totrue
you have to use here the HTTPS port.- the final param is the name of the image
Here is an example of this command:
sudo docker run -d --name pep-proxy \
-v /home/root/workspace/fiware-pep-proxy/config.js:/opt/fiware-pep-proxy/config.js \
-p 80:80 pep-proxy-image
Once the container is running you can view the console logs using:
sudo docker logs -f pep-proxy
To stop the container:
sudo docker stop pep-proxy
You can also run the container from the image we provide in Docker Hub. In
this case you have only to execute the run command. But now the image name is fiware/pep-proxy:version where version
is the release you want to use:
sudo docker run -d --name pep-proxy-container \
-v [host_config_file]:/opt/fiware-pep-proxy/config.js \
-p [host_port]:[container_port] fiware/pep-proxy
Note If you do not specify a version you are pulling from
latest
by default.
The Dockerfile
is flexible enough to be able to use
alternative base images should you wish. The base image defaults to using
the node:slim
distro, but other base images can be injected using --build-arg
parameters on the commmand line. For
example, to create a container based on
Red Hat UBI (Universal Base Image) 8
add BUILDER
, DISTRO
, PACKAGE_MANAGER
and USER
parameters as shown:
sudo docker build -t pep-proxy \
--build-arg BUILDER=registry.access.redhat.com/ubi8/nodejs-14 \
--build-arg DISTRO=registry.access.redhat.com/ubi8/nodejs-14-minimal \
--build-arg PACKAGE_MANAGER=yum \
--build-arg USER=1001 . --no-cache
To create a container based on Alpine Linux add BUILDER
, DISTRO
, PACKAGE_MANAGER
and USER
parameters as shown:
docker build -t pep-proxy \
--build-arg BUILDER=node:16-alpine \
--build-arg DISTRO=node:16-alpine \
--build-arg PACKAGE_MANAGER=apk . \
--build-arg USER=406 . --no-cache
Currently, the following --build-arg
parameters are supported:
Parameter | Description |
---|---|
BUILDER |
Preferred linux distro to use whilst building the image, defaults to node:${NODE_VERSION} |
DISTRO |
Preferred linux distro to use for the final container image, defaults to node:${NODE_VERSION}-slim |
DISTROLESS |
Preferred Distroless Image to use for the final container. Distroless images can be built using -target=distroless , defaults to gcr.io/distroless/nodejs:${NODE_VERSION} |
DOWNLOAD |
The GitHub SHA or tag to download - defaults to latest |
GITHUB_ACCOUNT |
The GitHub Action to download the source files from, defaults to ging |
GITHUB_REPOSITORY |
The name of the GitHub repository to download the source files from, defaults to fiware-pep-proxy |
NODE_VERSION |
the version of Node.js to use |
PACKAGE_MANAGER |
Package manager to use whilst creating the build, defaults to apt |
SOURCE_BRANCH |
The GitHub repository branch to download the source files from, defaults to master |
USER |
User in the final container image, defaults to node |
-
PEP_PROXY_PORT
- default value is80
-
PEP_PROXY_HTTPS_ENABLED
- default value isfalse
-
PEP_PROXY_HTTPS_PORT
- default value is443
-
PEP_PROXY_IDM_HOST
- default value isaccount.lab.fiware.org
-
PEP_PROXY_IDM_PORT
- default value is443
-
PEP_PROXY_IDM_SSL_ENABLED
- default value istrue
-
PEP_PROXY_APP_HOST
- default value iswww.fiware.org'
-
PEP_PROXY_APP_PORT
- default value is80
-
PEP_PROXY_APP_SSL_ENABLED
- default value isfalse
- Usetrue
if the app server listens in HTTPS -
PEP_PROXY_APP_ID
- default value is left blank and must be overridden -
PEP_PROXY_USERNAME
- default value is left blank and must be overridden -
PEP_PROXY_PASSWORD
- default value is left blank and must be overridden -
PEP_PROXY_AUTH_ENABLED
- default value isfalse
-
PEP_PROXY_PDP
- default value isidm
can be set toauthzforce
,iShare
orxacml
-
PEP_PROXY_PDP_PROTOCOL
- default value ishttp
-
PEP_PROXY_PDP_HOST
- default value islocalhost
-
PEP_PROXY_PDP_PORT
- default value is8080
-
PEP_PROXY_PDP_PATH
- default value is blank -
PEP_PROXY_TENANT_HEADER
- default value is left blank. Typically set toNGSILD-Tenant
orfiware-service
. -
PEP_PROXY_AZF_PROTOCOL
- deprecated usePEP_PROXY_PDP_PROTOCOL
-
PEP_PROXY_AZF_HOST
- deprecated usePEP_PROXY_PDP_HOST
-
PEP_PROXY_AZF_PORT
- deprecated usePEP_PROXY_PDP_PORT
-
PEP_PROXY_AZF_CUSTOM_POLICY
- default value isundefined
which impliesthe usage of default policy checks (HTTP verb + path). -
PEP_PROXY_PUBLIC_PATHS
- default value is[]
- Use,
to split paths - example:PEP_PROXY_PUBLIC_PATHS=/public/*,/static/css/
-
PEP_PROXY_CORS_ORIGIN
- default value is*
-
PEP_PROXY_CORS_METHODS
- default value isGET,HEAD,PUT,PATCH,POST,DELETE
-
PEP_PROXY_CORS_OPTIONS_SUCCESS_STATUS
- default value is204
-
PEP_PROXY_CORS_ALLOWED_HEADERS
- all headers area allowed by default, set to a comma delimited list to restrict this. -
PEP_PROXY_CORS_CREDENTIALS
- TheAccess-Control-Allow-Credentials
-
PEP_PROXY_CORS_MAX_AGE
- TheAccess-Control-Max-Age
header is not sent by default. set totrue
to enable it. -
PEP_PROXY_MAGIC_KEY
- default value isundefined
- should be overridden -
PEP_PROXY_AUTH_FOR_NGINX
- default value isfalse
-
PEP_PROXY_ERROR_TEMPLATE
- default value is an NGSI error payload. -
PEP_PROXY_ERROR_CONTENT_TYPE
- default value isapplication/json