An internet accessible server with:
- Node 14+
- NPM, installed globally
- Firebase Project and Credential
- Privakey uses Firebase by default for notification delivery. Support for other frameworks can be added if necessary.
- MySQL 5.7
- With minimal support from Privakey, other relational databases can be supported.
- AWS DynamoDB
- If a NoSQL solution is desired, DynamoDB is also supported.
- SSL protected endpoints
- If SSL is managed by the Node server (versus, for example, a load balancer or reverse proxy) SSL certificates will need to be acquired, stored and referenced in environment variables.
- Initialize the Database
- Create the database:
- Default Name: privakey_cx
- Create a user with read / write access to run initial scripts
- This user can also be used for Auth Service access, alternatively, you can create a distinct user for Auth Service access to the DB.
- Run DB Scripts
- Scripts are found in /sql directory
- Execute privakeycx.sql first. (items in this file should not be changed)
- Execute insert_constants.sql (items in this file should not be changed)
- Execute config_table_values.sql script.
- Create the database:
- Run the DB installation script
- Script is found in /nosql directory
- Edit createDB.js and change the parameters as documented within the script
- Execute 'node createDB.js'
- Copy the PrivakeyCX Auth Service distribution to the server.
npm install --productionfrom the project root.
- Generate a signing certificate on the Node Server.
From within the root of the PrivakeyCX directory, execute the following commands:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 1000 -out certificate.pem -sha256 -subj "/CN=localhost" openssl pkcs12 -inkey key.pem -in certificate.pem -export -out privakeyservice.pfx
Make a note of the password used during this step, as it will need to be saved in an environment variable later.
- Review and set Config Values in config.json found in the project’s root directory
|port||The port the service will run on.|
|logLevel||Options include: off, error, warn, info, verbose, debug or silly.|
|logName||Path and name of where the file should be generated, relative to project root.|
|maxRequestSize||Maximum, overall size of generateRequest object allowable.|
Reccomended size: 2mb
|signingCertPath||The path, relative to the project root, of the signing certificate generated in Step 3.|
|firebaseFilePath||The path, relative to the project root, of the firebase configuration file used during bootstrapping|
Set up initial Environment Variables:
|Key||Value / Value Description|
|CERT_PW||The password for the certificate created in step 3.|
|OPENSSL_PATH||The path to the Open SSL executable.|
This normally can be discovered by typing
|DATA_HOST||Address of the DB|
|DATA_PORT||Port for the DB|
|DATA_USER||A user with read / write access to DB set up in step 1 of the Database Installation.|
|DATA_PW||Password for DATA_USER|
Should not be changed unless the database script was modified with an alternate name.
|DATA_REGION||For DynamoDB only|
The AWS region that contains the DB.
|DATA_ENDPOINT||For DynamoDB only|
Optional endpoint for connecting to DynamoDB service. Generally not needed if connecting to production DynamoDB
|CX_DATA_KEY||Any string, used for data at rest encryption (primarily for challenge origin credential storage)|
|USE_SSL||true if the application is managing SSL. Otherwise, false|
|SSL_KEY_PATH||Required if USE_SSL is true.|
./cert/server.key is the recommended location/name for this key.
|SSL_CERT_PATH||Required if USE_SSL is true.|
./cert/server.crt is the recommended location/name for this file.
For example, if using CX's built-in communication service and CX is running on the default port 8080, this will be
|COMM_SERVER_KEY||Generated during the bootstrapping process. See bootstrap the system|
|SESSION_KEY||A passphrase used to encrypt the login session cookie in the Admin Portal|
|SMTP_USER||The username for authenticating to the email service used by the Admin Portal|
|SMTP_PW||The password for authenticating to the email service used by the Admin Portal|
|SMTP_PORT||The port used by the email service|
|SMTP_TLS||Flag denoting whether to use TLS when connecting to the email service. True/False|
|SMTP_FROM||The email address that will be labeled on emails sent by the Auth Service|
|SMTP_FROM_NAME||The display name that will be labeled on emails sent by the Auth Service|
|PORTAL_LOCATION||The URL of the Admin Portal, including port. This value should denote the location of Privakey CX with a path of /admin/portal|
|CX_SHOW_TITLE||A flag denoting whether to display the splash title on the console during server start up. 0/1|
Updated 10 months ago
The Bootstrap Wizard is ready to be run to add the first Admin User to the system.