Deploy with Docker
This page explains two methods of deploying the solution in Docker containers.
Before you begin:
-
Install Git, Docker, and Docker Compose to get started.
-
Clone the wso2/docker-open-banking repository. This document refers to the file path of the cloned directory as
<OB_DOCKER_HOME>
.
Note
In order to use WSO2 Open Banking Docker Images, you need an active WSO2 Open Banking subscription. If you don't have a WSO2 Open Banking subscription, contact us for more information.
-
If you are looking for a Quick Start Guide and deploy the solution, follow Deploy WSO2 Open Banking with Docker Compose.
-
If you want to deploy each Open Banking component in separate containers, follow Deploy WSO2 Open Banking with Docker.
-
To learn how to download WSO2 Updates for your Open Banking Images, see Download WSO2 Updates.
Deploy WSO2 Open Banking with Docker Compose¶
This section explains how to deploy the solution using Docker Compose.
Note
This is a Quick Start Guide to set up the solution in your local environment.
-
Go to the
obam-with-obiam
directory inside<OB_DOCKER_HOME>
.cd <OB_DOCKER_HOME>/docker-compose/obam-with-obiam
-
Deploy the solution by executing the following:
docker-compose up
-
Obtain the container Id of the Identity Server by executing the command below:
docker ps
-
Copy the
deployment.toml
file of the Identity Server from the container to a desired location in the host machine.docker cp <IS_CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml <DESIRED_LOCATION>
-
Go to the location where you copied the
deployment.toml
and update the copied file as follows:- Change the
jwks_url_sandbox
andjwks_url_production
URLs with the respective JWKS URLs of your certs. - Change the hostnames of
login_url
,retry_url
,oauth2_consent_page
, andoidc_consent_page
with the respective hostnames of the containers.
- Change the
-
Place the modified
deployment.toml
file in the container:Note
You can use the same command and copy any existing
deployment.toml
file to the container.docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml
-
Restart the container to apply the changes:
docker restart obiam
-
Obtain the container Id of the API Manager by executing the command below:
docker ps
-
Copy the
deployment.toml
file of the API Manager from the container to a desired location in the host machine.docker cp <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml <DESIRED_LOCATION>
-
Go to the location where you copied the
deployment.toml
and update the copied file as follows:- Change the following URLs according to the sample given below:
[apim.key_manager] service_url = "https://obiam:9446${carbon.context}services/" [apim.key_manager.configuration] ServerURL = "https://obiam:9446${carbon.context}services/" TokenURL = "https://obam:${https.nio.port}/token" RevokeURL = "https://obam:${https.nio.port}/revoke"
- Add the following tags:
[oauth.endpoints] oauth2_token_url = "https://obiam:9446/oauth2/token" oauth2_jwks_url = "https://obiam:9446/oauth2/jwks" [open_banking.gateway.consent.validation] endpoint = "https://obiam:9446/api/openbanking/consent/validate"
-
Place the modified
deployment.toml
file in the container:Note
You can use the same command and copy any existing
deployment.toml
file to the container.docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml
-
Restart the container to apply the changes:
docker restart obam
-
Log in to the Management Console at
https://obiam:9446/carbon/
. -
Go to Identity Providers > Resident > Inbound Authentication Configuration > OAuth2/OpenID connect Configuration.
-
Set Identity Provider Entity ID as
https://obiam:9446/oauth2/token
. -
When publishing the Dynamic Client Registration (DCR) API, provide the hostname as
obiam
. For example,https://obiam:9446/api/openbanking/dynamic-client-registration
-
When configuring the Key Manager, set the value of
IS_HOST
asobiam
. For example,https://obiam:9446/keymanager-operations/dcr/register
-
You can access the WSO2 Open Banking API Manager using a web browser via the following URLs:
https://obam:9443/publisher
https://obam:9443/devportal
https://obam:9443/admin
https://obam:9443/carbon
-
The API Gateway will be available on the following ports:
https://localhost:8243
http://localhost:8280
To see separate logs for obam
and obiam
Execute the following commands in separate terminals:
$ docker logs -f obiam
$ docker logs -f obam
Deploy WSO2 Open Banking with Docker¶
This section explains how to set up the solution using WSO2 Open Banking Docker Images.
Set up Database Container¶
-
Create a network.
docker network create -d bridge ob-network
-
Pull the MySQL Image.
docker pull mysql:8.0.27
-
Run the MySQL Docker container.
docker run --network ob-network --name mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:8.0.27
-
Copy the
setup.sql
script to the container.docker cp <OB_DOCKER_HOME>/docker-compose/obam-with-obiam/mysql/scripts/setup.sql <mysql-container-id>:/setup.sql
-
Login to the MySQL container
docker exec -it mysql mysql -uroot -proot
-
Source the copied SQL script.
mysql> source setup.sql;
-
Update the MySQL connection limit.
mysql> set global max_connections = 1000;
-
Update the
USER
andopenbank_apimgtdb.SP_METADATA
tables:mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'root'; mysql> ALTER TABLE openbank_apimgtdb.SP_METADATA MODIFY VALUE VARCHAR(7500);
Set up Open Banking Identity Server with Docker¶
-
Pull the Open Banking Identity Server Image from WSO2 Docker Repositories.
docker pull docker.wso2.com/wso2-obiam
-
Deploy the Identity Server Image.
docker run -p 9446:9446 --network ob-network --name obiam docker.wso2.com/wso2-obiam
-
Obtain the container Id by executing the command below:
docker ps
-
Copy the
deployment.toml
file from the container to a desired location in the host machine.docker cp <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml <DESIRED_LOCATION>
-
Go to the location where you copied the
deployment.toml
and update the copied file as follows: -
Change the
jwks_url_sandbox
andjwks_url_production
URLs with the respective JWKS URLs of your certs. -
Change the hostnames of
login_url
,retry_url
,oauth2_consent_page
, andoidc_consent_page
with the respective hostnames of the containers. -
Place the modified
deployment.toml
file in the container:Note
You can use the same command and copy any existing
deployment.toml
file to the container.docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml
-
Restart the container to apply the changes:
docker restart obiam
-
Log in to the Management Console at
https://obiam:9446/carbon/
. -
Go to Identity Providers > Resident > Inbound Authentication Configuration > OAuth2/OpenID connect Configuration.
-
Set Identity Provider Entity ID as
https://obiam:9446/oauth2/token
. -
When publishing the Dynamic Client Registration (DCR) API, provide the hostname as
obiam
. For example,https://obiam:9446/api/openbanking/dynamic-client-registration
-
When configuring the Key Manager, set the value of
IS_HOST
asobiam
. For example,https://obiam:9446/keymanager-operations/dcr/register
Set up Open Banking API Manager with Docker¶
-
Pull the Open Banking API Manager Image from WSO2 Docker Repositories.
docker pull docker.wso2.com/wso2-obam
-
Deploy the API Manager Image.
docker run -p 9443:9443 -p 8243:8243 -p 8280:8280 --network ob-network --name obam docker.wso2.com/wso2-obam
-
Obtain the container Id by executing the command below:
docker ps
-
Copy the
deployment.toml
file from the container to a desired location in the host machine.docker cp <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml <DESIRED_LOCATION>
-
Go to the location where you copied the
deployment.toml
and update the copied file as follows:-
Change the following URLs according to the sample below:
[apim.key_manager] service_url = "https://obiam:9446${carbon.context}services/" [apim.key_manager.configuration] ServerURL = "https://obiam:9446${carbon.context}services/" TokenURL = "https://obam:${https.nio.port}/token" RevokeURL = "https://obam:${https.nio.port}/revoke"
-
Add the following tags:
[oauth.endpoints] oauth2_token_url = "https://obiam:9446/oauth2/token" oauth2_jwks_url = "https://obiam:9446/oauth2/jwks" [open_banking.gateway.consent.validation] endpoint = "https://obiam:9446/api/openbanking/consent/validate"
-
-
Place the modified
deployment.toml
file in the container:Note
You can use the same command and copy any existing
deployment.toml
file to the container.docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml
-
Restart the container to apply the changes:
docker restart obam
Download WSO2 Updates¶
This section explains how to download the WSO2 updates for Open Banking Identity Server and API Manager. For each container you want to update, follow the steps below:
-
Start the container and log in to the container as the root user.
sudo docker exec -u 0 -it obiam /bin/bash
-
Update the
<WSO2_IS_HOME>/updates/config.json
file with the relevant username and backup-dir. - Do the same changes to the
<WSO2_IS_HOME>/<WSO2_IAM_ACCELERATOR_HOME>/updates/config.json
file. -
Go to the
<WSO2_IS_HOME>/bin
directory and update the product../wso2update_linux
-
Run the
merge.sh
script../merge.sh
-
Log out and stop the container.
-
Restart the
obiam
container. -
Repeat the same steps for the API Manager (
obam
) container.