GovSSO Incoming Proxy routes and filters inbound HTTP requests to Ory Hydra and GovSSO Session.
- Java 17 JDK
- Follow GOVSSO-Session/README.md to run dependent services.
- If you have generated new TLS certificates (doable at project GOVSSO-Session) after the last copy, then:
- copy-replace the following files to
src/main/resources
:GOVSSO-Session/local/tls/govsso-ca/govsso-ca.localhost.crt
GOVSSO-Session/local/tls/inproxy/inproxy.localhost.admin.truststore.p12
GOVSSO-Session/local/tls/inproxy/inproxy.localhost.keystore.p12
- copy-replace the following files to
src/test/resources
:GOVSSO-Session/local/tls/admin/admin.localhost.keystore.p12
GOVSSO-Session/local/tls/hydra/hydra.localhost.keystore.p12
GOVSSO-Session/local/tls/session/session.localhost.keystore.p12
- copy-replace the following files to
- Add
127.0.0.1 admin.localhost hydra.localhost session.localhost
line tohosts
file. This is needed only for requests originating from GOVSSO-InProxy when it's running locally (not in Docker Compose) or during tests. It's not needed for web browsers as popular browsers already have built-in support for resolving*.localhost
subdomains. - Run
./mvnw spring-boot:run
- Build
- Either build locally
./mvnw spring-boot:build-image
- Or build in Docker
Git Bash users on Windows should add
docker run --pull always --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ -v "$HOME/.m2:/root/.m2" \ -v "$PWD:/usr/src/project" \ -w /usr/src/project \ maven:3.9-eclipse-temurin-17 \ mvn spring-boot:build-image
MSYS_NO_PATHCONV=1
in front of the command.
- Either build locally
- Follow GOVSSO-Session/README.md to run GOVSSO-InProxy and dependent services inside Docker Compose
- https://inproxy.localhost:13443/actuator - maintenance endpoints
Parameter | Mandatory | Description | Example |
---|---|---|---|
govsso-inproxy.admin.base-url |
Yes | GovSSO Admin administrative API base URL. | https://admin.localhost:17443/ |
govsso-inproxy.admin.token-request-allowed-ip-addresses-storage-path |
Yes | File path where token request allowed IP addresses will be stored. | /tmp/ipaddresses |
govsso-inproxy.admin.token-request-allowed-ip-addresses-refresh-interval-in-milliseconds |
No | Interval for the scheduled task that requests allowed IP addresses from GovSSO Admin. If not provided, defaults to 60000 . |
60000 |
govsso-inproxy.admin.tls.trust-store |
Yes | Location of trust-store, containing trust anchors (CA or end-entity certificates) for verifying TLS connections to GovSSO Admin. | classpath:path/to/trust-store.p12 or file:/path/to/trust-store.p12 |
govsso-inproxy.admin.tls.trust-store-password |
Yes | Trust-store password. | changeit |
govsso-inproxy.admin.tls.trust-store-type |
No | Trust-store type. If not provided, defaults to PKCS12 . |
PKCS12 |
Parameter | Mandatory | Description | Example |
---|---|---|---|
spring.cloud.discovery.client.simple.instances.hydra[0].uri |
Yes | A list of Ory Hydra public API base URL-s used for load balancing. | https://hydra.localhost:14443/ |
spring.cloud.discovery.client.simple.instances.session[0].uri |
Yes | A list of GovSSO Session public API base URL-s used for load balancing. | https://session.localhost:15443/ |
spring.cloud.gateway.httpclient.ssl.trustedX509Certificates |
Yes | Location of trust anchors (CA or end-entity certificates) for verifying TLS connections to Ory Hydra and GovSSO Session. | classpath:path/to/certificate.crt or file:/path/to/certificate.crt |
- Maven Wrapper - Apache 2.0 license