Deploying the Identity service requires generating OPAQUE secrets, building the Docker image, and deploying the container.
The Docker image can be built with the following command:
docker build -f services/identity -t commapp/identity-server:<tag> .OPAQUE is an implementation of a PAKE (Passwor-Authenticated Key Exchange) protocol. This allows for authentication of a user without requiring the password credentials to be stored on the server. To generate the server credentials:
docker run -v comm-identity-secrets:/home/comm/app/identity/secrets identity keygen
NOTE: This OPAQUE keypair is used to encrypt the password credentials of all users. The contents of this file should be persisted in a safe manner beyond a Docker volume.
To run the service:
docker run -d \
-e KEYSERVER_PUBLIC_KEY=<public key> \
-p 50054:50054 \
-v comm-identity-secrets:/home/comm/app/identity/secrets \
commapp/identity-server:<tag>
Deploying Tunnelbroker consists of building its Docker image and deploying that image as a Docker container.
The Docker image for Tunnelbroker can be built using the following command from the project root:
docker build -f services/tunnelbroker -t commapp/tunnelbroker:<tag> .
# Alternatively, there’s a script which creates a very small docker context before building
services/tunnelbroker/make_docker_image.sh -t commapp/tunnelbroker:<tag> .
Tunnelbroker can be run in production using the following command:
docker run -d commapp/tunnelbroker:<tag> \
-p 50051:50051 \
-p 80:51001 \
-v $HOME/.aws:/home/comm/.aws:ro \
tunnelbroker \
--amqp-uri=<amqp-uri> \