Setting up a Custom Domain and Namespace for Autonomous Identity (AutoID) Deployments

Introduction:

This article provides step-by-step instructions for two distinct scenarios when setting up a custom domain for AutoID. We’ll cover the process of establishing a custom domain for both new and existing Autonomous Identity deployments.

New Deployment Scenario

We begin with the process of setting up a custom domain for the new deployment. Starting with editing the configuration files, generating custom certificates, and deploying the necessary components.

Existing Deployment Scenario

For those with an existing AutoID deployment, the process involves modifying the configuration. This includes updating certificates, modifying server names, redeploying components, and updating environment variables to reflect the new domain name.

Note: In the steps below, we use the URL https://auto-ui.hopesun.com as an illustrative example, representing the default Autonomous Identity (AutoID) URL. Be sure to adapt these values to match your specific deployment and domain details.

Steps to Set a Custom Domain for a New AutoID Deployment:

When using a custom domain for a new AutoID deployment, please consult the following Autonomous Identity documentation: Customize the domain and namespace.

Step 1: Edit the vars.yml File

• Open the vars.yml file.

• Update the following variables:

  • domain_name: Set it to your custom domain, e.g., hopesun.com.
  • target_environment: Set it to your target environment, e.g., auto.

Example:

domain_name: hopesun.com
target_environment: auto

The default Autonomous Identity URL will be: https://auto-ui.hopesun.com

Step 2: Create a Custom Certificate

Create a custom certificate for auto-ui.example.com

• Generate a private key (it can be any name) and a certificate signing request (CSR):

openssl genrsa 2048 > privatekey.key
openssl req -new -key privatekey.key -out csr.key

Follow the prompts to fill in the certificate information. For example:

Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: Florida
Locality Name (eg, city) [Default City]: Melbourne
Organization Name (eg, company) [Default Company Ltd]: Ping
Organizational Unit Name (eg, section) []: Support
Common Name (eg, your name or your server’s hostname) []: auto-ui.hopesun.com
Email Address []:
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []:
An optional company name []:

• Create the certificate:

openssl x509 -req -days 365 -in csr.key -signkey privatekey.key -out mycert.crt

• Rename the key pair files and copy them to the ~/autoid-config/certs directory as follows:
  • mycert.crt to nginx-jas-wildcard.pem
  • privatekey.key to nginx-jas.key

Step 3: Run the Deployer

• Run the deployer script:

  ./deployer.sh run
  

• Ensure that no errors are reported after running the deployer.

Step 4: Update the Hosts File

• Make sure your /etc/hosts file has the correct entry for the customer domain.

That’s it! Your custom domain should now be set up for your Autonomous Identity deployment.

---

Customizing the Domain for an Existing Deployment

In this section, we’ll walk you through the steps to customize the domain for your existing AutoID deployment:

Step 1: Create a Custom Certificate

• Create a custom certificate for your domain, for example, auto-ui.example.com, and name it mycert.crt.

Step 2: Copy Key Pair to Nginx Certificate Directory

• Copy mycert.crt to the Nginx certificate directory:

  cp mycert.crt /opt/autoid/mounts/nginx/cert/server.crt
  
  

• Copy the private key (privatekey.key ) to the same directory:

  cp privatekey.key /opt/autoid/mounts/nginx/cert
  
  

Step 3: Import the Custom Certificate to Jas Keystore/Truststore

• Set a password for the keystore/truststore import:

  export mypass=yourpassword
  

• Import the custom certificate into the Jas keystore:

   keytool -importcert -keystore /opt/autoid/certs/jas/jas-client-keystore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass
  

• Import the certificate into the Jas truststore:

  keytool -importcert -keystore /opt/autoid/certs/jas/jas-server-truststore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass
  

• Verify the keystore and truststore content:

   keytool -list -v -keystore jas-client-keystore.jks -storepass $mypass
   keytool -list -v -keystore jas-server-truststore.jks -storepass $mypass
  

Step 4: Modify Server Name Values in Nginx Configuration

• Modify the server name values in the following configuration files under /opt/autoid/mounts/nginx/conf.d:
  • api.conf
  • ui.conf
  • kibana.conf
  • jas.conf
• Update the ssl_certificate and ssl_certificate_key values in /opt/autoid/mounts/nginx/nginx.conf with the correct filenames for your custom certificate.

Step 5: Redeploy Nginx

• Redeploy Nginx by removing and deploying the Docker stack:

  docker stack rm nginx
  docker stack deploy -c /opt/autoid/res/nginx/docker-compose.yml nginx
  

Step 6: Update Environment Variables

• Check the .bashrc file and edit the JAS_URL environment variable to reflect your updated domain:

  export JAS_URL='https://auto-ui.example.com'
  

Step 7: Verify Hosts File

• Check the /etc/hosts file to ensure it reflects the new server name.

Your Autonomous Identity deployment should now be customized with the new domain.

---

Additional resources

Autonomous Identity

Documentation

Getting Started

• Release Notes

Deploy and Install

• Deployment Planning Guide
• Installation Guide

Configure and Maintain

• Admin Guide

Using Autonomous Identity

• Users Guide

Reference

• API Guide

---

Community

• Easy Automated Deployment of AutoID

• How To: Troubleshoot AutoID