Skip to content

Running

Philip Helger edited this page May 23, 2017 · 27 revisions

General requirements

According to the PEPPOL specification an SMP MUST run in the root of a domain (like http://smp.example.org) and must use port 80. Additionally the use of https for the GET requests (defined by the SMP specification) is not allowed.

Please see the special requirements for different application servers before deploying:

Running the SMP

After starting up the SMP and navigating to the respective address in your browser (e.g. http://localhost:8080/smp or http://localhost:80 or http://smp.example.org - whatever address and port you are using) you will see an overview of all service groups managed on this server.

Default login

To login to the management area use the username [email protected] and the password password for the initial login. Afterwards modify this in the user management!

Production configuration

You may use the default WAR file for your SMP server if you specify the absolute paths to webapp.properties and smp-server.properties via the respective system properties peppol.smp.webapp.properties.path (or smp.webapp.properties.path) and peppol.smp.server.properties.path (or smp.server.properties.path) when you start your application server. See Configuration for the content of the configuration files.

Example system parameters where both files are in directory /var/smpserver/:

-Dpeppol.smp.webapp.properties.path=/var/smpserver/webapp.properties
-Dpeppol.smp.server.properties.path=/var/smpserver/smp-server.properties

If the PEPPOL Directory integration is enabled you may want to add the path to the pd-client.properties also via system parameters like this:

-Dpeppol.pd.client.properties.path=/var/smpserver/pd-client.properties

Please note that in case of external properties files all data paths in the configuration files must also be specified absolute.

Running behind an httpd

It is possible to run the SMP on an Tomcat (or the like) that is proxied via an httpd (e.g. per mod_jk or mod_proxy) to the public. In this case and the SMP runs on Tomcat in a context different than ROOT, it is important to

  • set the smp.forceroot configuration property to true (see Configuration for details) and
  • to change the path of the SMP session cookie (usually JSESSIONID) from the original path to the destination path as well

Assuming you want to proxy the SMP from a local Tomcat (with active AJP connector on port 8009) running in context path /smp to the domain test-smp.example.org you might consider adding something (similar to) the following to your httpd VirtualHost configuration:

   ServerName  test-smp.example.org:80
   
   AllowEncodedSlashes NoDecode

   # Remove an optional 'Secure' flag from the cookie named JSESSIONID
   Header edit "Set-Cookie: JSESSIONID=" Secure " "

   ProxyPass         /  ajp://127.0.0.1:8009/smp/ nocanon
   ProxyPassReverse  /  ajp://127.0.0.1:8009/smp/
   ProxyPassReverse  /  http://test-smp.example.org/smp/
   
   # Change the path of the cookies as well (from "/smp" to "/")
   ProxyPassReverseCookiePath /smp /

Note: You can also proxy to http instead of ajp. In that case replace ajp://127.0.0.1:8009/smp/ with http://127.0.0.1:8080/smp/ (assuming Tomcat running on port 8080)

Important: This must be the very first VirtualHost element in your configuration to handle arbitrary names. See the last comment of https://github.com/phax/peppol-smp-server/issues/5 on this.

Note: For test SMPs (registering participants to the SMK) you might want to add ServerAlias *.acc.edelivery.tech.ec.europa.eu and for production SMPs (registering to SML) you could add ServerAlias *.edelivery.tech.ec.europa.eu. If both SMPs are on one server, make sure the test VirtualHost is before the production VirtualHost so that the .acc. entries are surely handled by the test system.

Running behind an nginx

It is possible to run the SMP on an Tomcat (or the like) that is proxied via an nginx to the public. In this case and the SMP runs on Tomcat in a context different than ROOT, it is important to

  • set the smp.forceroot configuration property to true (see Configuration for details) and
  • to change the path of the SMP session cookie (usually JSESSIONID) from the original path to the destination path as well

By default nginx uses HTTP 1.0 so it is important to add the proxy-statement to switch to HTTP 1.1. The name peppolXX is just a placeholder that you can change. The XX is just added to clearly identify where the palceholder is used. The following configuration assumes that the SMNP software is running on Tomcat on the same host on port 8080 in the context /smp. The public DNS name of the server in the below configuration is smp.example.org.

The second server_name property is required to take arbitrary requests from PEPPOL SMK based requests (server_name *.acc.edelivery.tech.ec.europa.eu). For PEPPOL production SML usage, change this to server_name *.edelivery.tech.ec.europa.eu. Hint: when proxying test and production with the same nginx instance, ensure the order is correct, as the production URLs are a subset of the test URLs (so test must come before production).

upstream peppolXX {
  server  127.0.0.1:8080;
}

server {
  listen 80;
  server_name smp.example.org;
  server_name *.acc.edelivery.tech.ec.europa.eu;

  location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_cookie_path /smp /;
    proxy_http_version 1.1;
    proxy_pass http://peppolXX/smp/;
  }
}

Running behind an IIS

The dynamic nature of SMP requests always lead to problems with IIS configuration, because the number of source domains can be very dynamic.

Luckily starting with IIS 10 there is a solution called "Wildcard Host Header Support". See https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/wildcard-host-header-support for details. According to this site, versions prior to IIS 10 are not supported.

See the image below for an example configuration: SMP IIS configuration example