{"type":"doc","content":[{"type":"paragraph","content":[{"text":"The FlexDeploy HTTP Agent distribution contains the following components:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A Tomcat 9 server with required libraries, and base configurations","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The Https Agent WAR","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Step 1. Ensure Java 8 is installed on the server.","type":"text"}]},{"type":"paragraph","content":[{"text":"Setting JAVA_HOME in the configuration will be done later. This Java will be used to run the Tomcat server. A different Java version can be specified on the endpoint configuration in FlexDeploy and those will be used to actually execute plugins. ","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Step 2. Prepare software","type":"text"}]},{"type":"paragraph","content":[{"text":"Download and unzip the HTTPS Agent software using wget, curl, or manually from the ","type":"text"},{"text":"Flexagon Support Portal","type":"text","marks":[{"type":"link","attrs":{"href":"https://support.flexagon.com"}}]},{"text":".","type":"text"}]},{"type":"codeBlock","content":[{"text":"# select folder location where the agent will be downloaded\nexport SOFTWARE_HOME=/u01/software\nmkdir -p $SOFTWARE_HOME\ncd $SOFTWARE_HOME\n\n# The HTTPS agent version should match your FlexDeploy version.\n# Please see https://support.flexagon.com/a/solutions/articles/5000887932 and find the corrent download link.\nwget -O HttpsAgentTomcatComplete.zip \nor\ncurl -L --max-redirs 5 --output HttpsAgentTomcatComplete.zip","type":"text"}]},{"type":"panel","attrs":{"panelIconId":"atlassian-info","panelIcon":":info:","panelColor":"#B3D4FF","panelType":"custom"},"content":[{"type":"paragraph","content":[{"text":"If the endpoint does not have internet access you can download the agent from the ","type":"text"},{"text":"Flexagon Support Portal","type":"text","marks":[{"type":"link","attrs":{"href":"https://support.flexagon.com"}}]},{"text":" and transfer the zip file manually.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Extract the zip file in the desired location (referred to as \"","type":"text"},{"text":"HTTPS_AGENT_HOME","type":"text","marks":[{"type":"strong"}]},{"text":"\" in this document).","type":"text"}]},{"type":"codeBlock","content":[{"text":"export HTTPS_AGENT_HOME=/u01/flexdeployhttpsagent\ncd $HTTPS_AGENT_HOME\nunzip /u01/software/HttpsAgentTomcatComplete.zip .","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Step 3. Configure authentication","type":"text"}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"You must configure the user to have the role '","type":"text"},{"text":"FlexDeployHTTPSAgent","type":"text","marks":[{"type":"code"}]},{"text":"'","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Basic Auth","type":"text"}]},{"type":"paragraph","content":[{"text":"To configure basic auth, use the username and password being stored in tomcat-users.xml. ","type":"text"}]},{"type":"paragraph","content":[{"text":"For basic configuration only, the password needs to be configured in the given HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/tomcat-users.xml file. Here’s what that will look like:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Active Directory/LDAP","type":"text"}]},{"type":"paragraph","content":[{"text":"For LDAP use we will need to change the HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/server.xml file. By default it is configured to use a UserDatabase realm instead of the JNDI realm we are looking for. ","type":"text"}]},{"type":"paragraph","content":[{"text":"Start by commenting out the existing UserDatbase realm. Then let’s uncomment the included JNDI realm, that should look like the following:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"Next, add the organization specific LDAP/Azure Directory configuration.","type":"text"}]},{"type":"paragraph","content":[{"text":"Make sure the user you are trying to connect with ","type":"text"},{"text":"has the ","type":"text","marks":[{"type":"strong"}]},{"text":"FlexDeployHTTPSAgent","type":"text","marks":[{"type":"code"}]},{"text":" ","type":"text"},{"text":"role or they will not be able to connect.","type":"text","marks":[{"type":"strong"}]}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"If you are using Active Directory, the pre-windows 2000 username will be used. See what that looks like in Active Directory below.","type":"text"}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":40.0},"content":[{"type":"media","attrs":{"width":421,"id":"cde040d9-1949-4c4f-b893-1981663194c6","collection":"contentId-10926966196","type":"file","height":543}}]},{"type":"paragraph","content":[{"text":"For more information about using LDAP/Active Directory see the tomcat documentation ","type":"text"},{"text":"how to for realms","type":"text","marks":[{"type":"link","attrs":{"href":"https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm"}}]},{"text":", and also ","type":"text"},{"text":"the configuration reference","type":"text","marks":[{"type":"link","attrs":{"href":"https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Step 4. Configure SSL","type":"text"}]},{"type":"paragraph","content":[{"text":"The use of SSL is required. Steps will be listed for self signing, as well as importing an existing certificate. ","type":"text"}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"It is highly recommended you read the ","type":"text"},{"text":"Tomcat Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html"}}]},{"text":" for more details. ","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Self Signed","type":"text"}]},{"type":"paragraph","content":[{"text":"Run the following command and generate the self signed certificate in the HTTPS_AGENT_HOME/config directory. ","type":"text"}]},{"type":"codeBlock","content":[{"text":"keytool -genkey -keyalg RSA -alias tomcat -keystore tomcat.jks -validity 365 -keysize 2048","type":"text"}]},{"type":"paragraph","content":[{"text":"When prompted enter a password for the keystore.","type":"text"}]},{"type":"paragraph","content":[{"text":"Then when prompted ","type":"text"},{"text":"for your name input the hostname for the server. This is important, if this step is missed the FlexDeploy server will not trust the certificate. ","type":"text","marks":[{"type":"strong"}]},{"text":"The rest of the information is not needed (although you can input it).","type":"text"}]},{"type":"paragraph","content":[{"text":"After that you will be prompted for the password for the tomcat key, press enter to ","type":"text"},{"text":"use the same password as the keystore. This is required by Tomcat.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Next export the certificate in order to add it to the FlexDeploy server’s trust store.","type":"text"}]},{"type":"codeBlock","content":[{"text":"keytool -export -keystore tomcat.jks -storepass -alias tomcat -file httpsagent.cer","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Existing Certificate","type":"text"}]},{"type":"paragraph","content":[{"text":"First generate your certificate using whatever method you would usually use.","type":"text"}]},{"type":"paragraph","content":[{"text":"Next convert the certificate to pk12 format.","type":"text"}]},{"type":"codeBlock","content":[{"text":"openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile ca.crt -caname root","type":"text"}]},{"type":"paragraph","content":[{"text":"Now import the pk12 format cert into a java keystore. This will also generate the keystore if it does not exist. It is recommended to put the keystore into the HTTPS_AGENT_HOME/config directory. ","type":"text"}]},{"type":"codeBlock","content":[{"text":"keytool -importkeystore -deststorepass -destkeypass -destkeystore tomcat.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password -alias tomcat","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configure Tomcat and Import Public Key","type":"text"}]},{"type":"paragraph","content":[{"text":"Next configure the keystore password (and the location of the file if not generated in the config directory). Open up the HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/server.xml file. Find the SSL connector (by default set for port 8444) and add the keystore password like this: If you made the alias tomcat, this will be enough. Otherwise, add key","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n","type":"text"}]},{"type":"paragraph","content":[{"text":"Now import the certificate into the java trust store on the FlexDeploy server. ","type":"text"}]},{"type":"paragraph","content":[{"text":"First copy over the certificate that was generated (with the .cer extension). If you used an existing certificate, this should be the root certificate’s public key. You may have already configured this.","type":"text"}]},{"type":"paragraph","content":[{"text":"Next determine the Java install used by the FlexDeploy server. ","type":"text"}]},{"type":"paragraph","content":[{"text":"If JAVA_HOME is set in your setenvoverride.sh file, use that directory.","type":"text"}]},{"type":"paragraph","content":[{"text":"If it is not set, but it is already set in your system use that value. Run ","type":"text"},{"text":"echo \"$JAVA_HOME\"","type":"text","marks":[{"type":"code"}]},{"text":" to find that out.","type":"text"}]},{"type":"paragraph","content":[{"text":"If it’s not set in setenvoverride.sh or the environment run this command to find the path used ","type":"text"},{"text":"dirname $(dirname $(readlink -f $(which javac)))","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"Then run the following command on the server.","type":"text"}]},{"type":"codeBlock","content":[{"text":"keytool -import -noprompt -trustcacerts -alias httpsAgent -file httpsagent.cer -keystore \"JAVA_INSTALL_PATH/jre/lib/security/cacerts\"","type":"text"}]},{"type":"paragraph","content":[{"text":"The default password for the java keystore is changeit.","type":"text"}]},{"type":"paragraph","content":[{"text":"Now the server will be able to connect to the endpoint. ","type":"text"},{"text":"It is not necessary to restart the FlexDeploy server after adding a certificate.","type":"text","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Step 5. Start the Agent","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute the StartFlexDeployHttpsAgent.sh (or StartFlexDeployHttpsAgent.bat) script to start the agent.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Next Steps","type":"text"}]},{"type":"paragraph","content":[{"text":"To manage FlexDeploy properties locally on the endpoint without the need to send them through HTTPS requests to the agent checkout ","type":"text"},{"text":"this page","type":"text","marks":[{"type":"link","attrs":{"href":"https://flexagon.atlassian.net/wiki/spaces/FD90/pages/10926966259"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Create the endpoint","type":"text","marks":[{"type":"link","attrs":{"href":"https://flexagon.atlassian.net/wiki/spaces/FD90/pages/10926690175"}}]},{"text":" on your FlexDeploy server. ","type":"text"}]}],"version":1}

Browser not supported