HTTP settings

Changing the TCP port

By default, the XDM user interface is accessible on TCP port 4280, which is the default port for the HTTP protocol.

To change the TCP port number for the XDM user interface, edit the file docker-compose.yml and locate the section services → web-ui → ports. The value of this parameter is a list of port mappings that contains one entry. This entry is a string, enclosed in apostrophes, that contains the external and the internal port numbers, separated by a colon.

The internal port number is 80 and must not be changed. The default value for the external port number is 4280. You can change the external port number to any value that does not cause conflicts with other services that are running on the same system.

Example

To change the TCP port number for the XDM user interface to 4281, change the entry so that it looks like this:

    web-ui:
        [...]
        ports:
            - '4281:80'

Using SSL encryption

Using Self-Signed Certificates

XDM uses the HTTP protocol both for the interactive web interface and for the internal communication between the different modules of the product. In addition to standard HTTP, it is also possible to use the encrypted HTTPS protocol.

It is recommended to use HTTPS in a productive environment. To set up HTTPS, you need to configure a certificate store (key store) for the server. The following example illustrates how to create a PKCS key store using the Java keytool command:

keytool -genkey -alias xdm3 -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore xdm3-keystore.p12 -validity 3650 -ext "SAN:c=IP:127.0.0.1,DNS:localhost,DNS:dataflow-server,DNS:core-server"

After creating the key store edit the docker-compose.yaml file and add the following SSL configuration in core-serverenvironment and dataflow-serverenvironment.The value of the parameter ssl.key-store-password must be set to the password that you entered when the key store was created.

server.ssl.key-store=/xdm/config/xdm3-keystore.p12
server.ssl.key-store-password=mypassword
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=xdm3
spring.cloud.dataflow.client.skip-ssl-validation=true
server.ssl.key-store

The path to the root key store on the execution server

server.ssl.key-store-password

The key store password specified during key store creation

server.ssl.keyStoreType

The type of the key store. PKCS12 is the standard format.

server.ssl.keyAlias

If the key store was created with the keytool command, this must be the value of the -alias parameter. If the key store was created with OpenSSL, then this is the value of the -name parameter in the command.

spring.cloud.dataflow.client.skip-ssl-validation

Using this parameter, the dataflow server will accept any (self-signed) SSL certificate.

The generated file xdm3-keystore.p12 must be copied into the mounted volume /xdm/config.

Using HTTPS for internal communication

To enable the HTTPS protocol for the internal communication between the XDM modules, edit the file docker-compose.yml. You must change the protocol from http to https in three locations:

  1. services → core-server → environment → spring.cloud.dataflow.client.serverUri

  2. services → web_ui → environment → xdm_core_serverUri

  3. services → dataflow_server → environment → xdm_core_serverUri

Using HTTPS for the web interface

The internal web server of the UI image is pre-configured to serve HTTP on port 80 and HTTPS on port 443 using a self-signed certificate.

These ports can be configured using the environment variables http_port and https_port.

To enable the HTTPS protocol for the XDM web interface, edit the file docker-compose.yml and make the following changes:

  1. Under services → web-ui → ports, change the internal port number from 80 to 443 (port 443 is the default port for the HTTPS protocol. If desired, you can use a different port number). The internal port number will be different if you changed https_port.

To replace the default certificate with a certificate matching your internal names, make the following change: . Under services → web-ui → volumes, mount the volume that contains the key and certificate file. The mount point must be /xdm/certificates. You may have to add the section volumes if it does not exist yet.

Example

A complete setup for the section web-ui in the file docker-compose.yml might look as follows:

web-ui:
        image: docker.ubs-hainer.com/xdm3-ui
        ports:
            - '4280:443'
        environment:
            - TZ=Europe/Berlin
            - xdm_core_serverUri=http://core-server:8000/api/
            - https_key_file=/xdm/certificates/xdm.key
            - https_certificate_file=/xdm/certificates/xdm.crt
        depends_on:
            - core-server
        volumes:
            - ./certificates:/xdm/certificates

The local directory ./certificates must contain the key file xdm.key and the certificate file xdm.crt.