Setting up a Custom Domain and Namespace for Autonomous Identity (AutoID) Deployments
Introduction:
This article provides step-by-step instructions for two distinct scenarios when setting up a custom domain for AutoID. We’ll cover the process of establishing a custom domain for both new and existing Autonomous Identity deployments.
New Deployment Scenario
We begin with the process of setting up a custom domain for the new deployment. Starting with editing the configuration files, generating custom certificates, and deploying the necessary components.
Existing Deployment Scenario
For those with an existing AutoID deployment, the process involves modifying the configuration. This includes updating certificates, modifying server names, redeploying components, and updating environment variables to reflect the new domain name.
Note: In the steps below, we use the URL https://auto-ui.hopesun.com as an illustrative example, representing the default Autonomous Identity (AutoID) URL. Be sure to adapt these values to match your specific deployment and domain details.
Steps to Set a Custom Domain for a New AutoID Deployment:
When using a custom domain for a new AutoID deployment, please consult the following Autonomous Identity documentation: Customize the domain and namespace.
Step 1: Edit the vars.yml
File
-
Open the
vars.yml
file. -
Update the following variables:
-
domain_name
: Set it to your custom domain, e.g.,hopesun.com
. -
target_environment
: Set it to your target environment, e.g.,auto
.
-
Example:
domain_name: hopesun.com
target_environment: auto
The default Autonomous Identity URL will be: https://auto-ui.hopesun.com
Step 2: Create a Custom Certificate
Create a custom certificate for auto-ui.example.com
- Generate a private key (it can be any name) and a certificate signing request (CSR):
openssl genrsa 2048 > privatekey.key
openssl req -new -key privatekey.key -out csr.key
Follow the prompts to fill in the certificate information. For example:
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: Florida
Locality Name (eg, city) [Default City]: Melbourne
Organization Name (eg, company) [Default Company Ltd]: Ping
Organizational Unit Name (eg, section) []: Support
Common Name (eg, your name or your server’s hostname) []: auto-ui.hopesun.com
Email Address []:
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
- Create the certificate:
openssl x509 -req -days 365 -in csr.key -signkey privatekey.key -out mycert.crt
- Rename the key pair files and copy them to the
~/autoid-config/certs
directory as follows:-
mycert.crt
tonginx-jas-wildcard.pem
-
privatekey.key
tonginx-jas.key
-
Step 3: Run the Deployer
- Run the deployer script:
./deployer.sh run
- Ensure that no errors are reported after running the deployer.
Step 4: Update the Hosts File
- Make sure your
/etc/hosts
file has the correct entry for the customer domain.
That’s it! Your custom domain should now be set up for your Autonomous Identity deployment.
Customizing the Domain for an Existing Deployment
In this section, we’ll walk you through the steps to customize the domain for your existing AutoID deployment:
Step 1: Create a Custom Certificate
- Create a custom certificate for your domain, for example,
auto-ui.example.com
, and name itmycert.crt
.
Step 2: Copy Key Pair to Nginx Certificate Directory
-
Copy
mycert.crt
to the Nginx certificate directory:cp mycert.crt /opt/autoid/mounts/nginx/cert/server.crt
-
Copy the private key (
privatekey.key
) to the same directory:cp privatekey.key /opt/autoid/mounts/nginx/cert
Step 3: Import the Custom Certificate to Jas Keystore/Truststore
-
Set a password for the keystore/truststore import:
export mypass=yourpassword
-
Import the custom certificate into the Jas keystore:
keytool -importcert -keystore /opt/autoid/certs/jas/jas-client-keystore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass
-
Import the certificate into the Jas truststore:
keytool -importcert -keystore /opt/autoid/certs/jas/jas-server-truststore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass
-
Verify the keystore and truststore content:
keytool -list -v -keystore jas-client-keystore.jks -storepass $mypass keytool -list -v -keystore jas-server-truststore.jks -storepass $mypass
Step 4: Modify Server Name Values in Nginx Configuration
- Modify the server name values in the following configuration files under
/opt/autoid/mounts/nginx/conf.d
:api.conf
ui.conf
kibana.conf
jas.conf
- Update the
ssl_certificate
andssl_certificate_key
values in/opt/autoid/mounts/nginx/nginx.conf
with the correct filenames for your custom certificate.
Step 5: Redeploy Nginx
-
Redeploy Nginx by removing and deploying the Docker stack:
docker stack rm nginx docker stack deploy -c /opt/autoid/res/nginx/docker-compose.yml nginx
Step 6: Update Environment Variables
-
Check the
.bashrc
file and edit theJAS_URL
environment variable to reflect your updated domain:export JAS_URL='https://auto-ui.example.com'
Step 7: Verify Hosts File
- Check the
/etc/hosts
file to ensure it reflects the new server name.
Your Autonomous Identity deployment should now be customized with the new domain.
Additional resources
Autonomous Identity
Documentation
Getting Started
Deploy and Install
Configure and Maintain
Using Autonomous Identity
Reference
Community