How to Customize Domain and Namespace for AutoID deployments

Author:

Sheila Albertelli

Created at:

Oct 2023

Updated at:

Oct 2023

Setting up a Custom Domain for Autonomous Identity Deployments

Introduction:

This article provides step-by-step instructions for two distinct scenarios when setting up a custom domain for Autonomous Identity deployments. We’ll cover the process of establishing a custom domain for both new and existing Autonomous Identity deployments.

New Deployment Scenario

For users initiating a fresh Autonomous Identity deployment, we begin with the process of setting up a custom domain for the new deployment. Starting with editing the configuration files, generating custom certificates, and deploying the necessary components, we ensure a seamless transition to a personalized domain.

Existing Deployment Scenario

For those with an existing Autonomous Identity deployment, the process involves modifying the configuration and ensuring a smooth transition to the new domain. This includes updating certificates, modifying server names, redeploying components, and updating environment variables to reflect the new domain name.

[new-deployment]# Steps to setup a custom domain for a new Autoid deployment

When using a custom domain for a new Autoid deployment, please consult the following Autonomous Identity documentation: Customize the domain and namespace.

Note: In the steps below, we use the URL https://auto-ui.hopesun.com as an illustrative example, representing the default Autonomous Identity (Autoid) URL. Be sure to adapt these values to match your specific deployment and domain details.

Step 1: Edit the vars.yml File

  • Open the vars.yml file.

  • Update the following variables:

    • domain_name: Set it to your custom domain, e.g., hopesun.com.

    • target_environment: Set it to your target environment, e.g., auto.

  • Example:

    domain_name: hopesun.com
target_environment: auto

The default Autonomous Identity URL will be: https://auto-ui.hopesun.com

Step 2: Create a Custom Certificate

Create a custom certificate for auto-ui.example.com

  • Generate a private key (it can be any name) and a certificate signing request (CSR):

    openssl genrsa 2048 > privatekey.key
openssl req -new -key privatekey.key -out csr.key

Follow the prompts to fill in the certificate information. For example:

Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: Florida
Locality Name (eg, city) [Default City]: Melbourne
Organization Name (eg, company) [Default Company Ltd]: Ping
Organizational Unit Name (eg, section) []: Support
Common Name (eg, your name or your server’s hostname) []: auto-ui.hopesun.com
Email Address []:
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []:
An optional company name []:

  • Create the certificate:

openssl x509 -req -days 365 -in csr.key -signkey privatekey.key -out mycert.crt

  • Rename the key pair files and copy them to the ~/autoid-config/certs directory as follows:

    • mycert.crt to nginx-jas-wildcard.pem

    • privatekey.key to nginx-jas.key

Step 3: Run the Deployer

  • Run the deployer script:

     ./deployer.sh run

  • Ensure that no errors are reported after running the deployer.

Step 4: Update the Hosts File

  • Make sure your /etc/hosts file has the correct entry for the customer domain.

That’s it! Your custom domain should now be set up for your Autonomous Identity deployment.

[existing-deployment]# Customizing Domain for Existing Deployment

In this guide, we’ll walk you through the steps to customize the domain for your existing Autonomous Identity deployment. Please follow these instructions carefully to ensure a smooth transition.

Step 1: Create a Custom Certificate

  • Create a custom certificate for your domain, for example, auto-ui.example.com, and name it mycert.crt.

Step 2: Copy Key Pair to Nginx Certificate Directory

  • Copy mycert.crt to the Nginx certificate directory:

    cp mycert.crt /opt/autoid/mounts/nginx/cert/server.crt

  • Copy the private key (privatekey.key ) to the same directory:

    cp privatekey.key /opt/autoid/mounts/nginx/cert

Step 3: Import the Custom Certificate to Jas Keystore/Truststore

  • Set a password for the keystore/truststore import:

    export mypass=yourpassword

  • Import the custom certificate into the Jas keystore:

     keytool -importcert -keystore /opt/autoid/certs/jas/jas-client-keystore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass

  • Import the certificate into the Jas truststore:

    keytool -importcert -keystore /opt/autoid/certs/jas/jas-server-truststore.jks -alias myalias -file /opt/autoid/mounts/nginx/cert/server.crt -noprompt -keypass $mypass -storepass $mypass

  • Verify the keystore and truststore content:

     keytool -list -v -keystore jas-client-keystore.jks -storepass $mypass
 keytool -list -v -keystore jas-server-truststore.jks -storepass $mypass

Step 4: Modify Server Name Values in Nginx Configuration

  • Modify the server name values in the following configuration files under /opt/autoid/mounts/nginx/conf.d:

    • api.conf

    • ui.conf

    • kibana.conf

    • jas.conf

  • Update the ssl_certificate and ssl_certificate_key values in /opt/autoid/mounts/nginx/nginx.conf with the correct filenames for your custom certificate.

Step 5: Redeploy Nginx

  • Redeploy Nginx by removing and deploying the Docker stack:

    docker stack rm nginx
docker stack deploy -c /opt/autoid/res/nginx/docker-compose.yml nginx

Step 6: Update Environment Variables

  • Check the .bashrc file and edit the JAS_URL environment variable to reflect your updated domain:

    export JAS_URL='https://auto-ui.example.com'

Step 7: Verify Hosts File

  • Check the /etc/hosts file to ensure it reflects the new server name.

Your Autonomous Identity deployment should now be customized with the new domain.