EFS Admin Guide
- This guide primarily refers to the setup of EFS in the EFPF Development Environment.
- In the EFPF Testing and Production Environments, the components of the Data Spine are deployed in the same internal network to minimise network latency as described here, and therefore, some configuration has changed.
- In the EFPF Testing and Production Environments, the deployment and the initial configuration of the Data Spine components has been automated using Ansible Playbooks and Gitlab CI/CD infrastructure. This configuration is currently maintained in the EFPF Integration and Deployment repository.
- Latest Connection Details: Link
EFS Deployment Guide
EFS components can be deployed as docker containers. The deployment scripts of EFS components can be found on the gitlab here : https://gitlab.fit.fraunhofer.de/efpf-pilots/efpf-security-components/efpf_efs_srfg_components
run-efac-portal.sh script allows you to start the necessary EFS docker components.
The sequence in which the components of EFS should be deployed are stated below:
API Security Gateway :
API Security Gateway Importer :
How to create and renew Let’s encrypt certificate for EFPF Security Portal server
The following document explains how to setup the Let’s Encrypt certificate with the cert bot:
First, add the repository and install the certbot:
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
Then create the certificates via the following command (Make sure to stop any running Nginx containers during this process) We assume you are using NGINX as a reverse-proxy in your deployment.
sudo certbot-auto certonly --standalone -d efpf-security-portal.salzburgresearch.at www.efpf-security-portal.salzburgresearch.at
The certificates should be available in the following directory:
This folder will contain the following files:
cert.pem chain.pem fullchain.pem privkey.pem
Use the fullchain and privatekey to configure the NGINX instance:
ssl on; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
How to renew the certificate
If NGINX is running; stop Nginx via the following command:
docker-compose stop nginx
Dry run command:
sudo certbot-auto renew --dry-run
Renew certificates command:
sudo certbot-auto renew
The certificates will be available in the following directory:
How to write a cron job for auto-renewal
- Use the following command to auto-renew the certificates:
0 2 * * * sudo /usr/sbin/certbot-auto -q renew