

Deploy with Docker

This page explains two methods of deploying the solution in Docker containers.

Before you begin:

Install Git, Docker, and Docker Compose to get started.
Clone the wso2/docker-open-banking repository. This document refers to the file path of the cloned directory as <OB_DOCKER_HOME>.

Note

In order to use WSO2 Open Banking Docker Images, you need an active WSO2 Open Banking subscription. If you don't have a WSO2 Open Banking subscription, contact us for more information.

If you are looking for a Quick Start Guide and deploy the solution, follow Deploy WSO2 Open Banking with Docker Compose.
If you want to deploy each Open Banking component in separate containers, follow Deploy WSO2 Open Banking with Docker.
To learn how to download WSO2 Updates for your Open Banking Images, see Download WSO2 Updates.

Deploy WSO2 Open Banking with Docker Compose¶

This section explains how to deploy the solution using Docker Compose.

Note

This is a Quick Start Guide to set up the solution in your local environment.

Go to the obam-with-obiam directory inside <OB_DOCKER_HOME>.
```
cd <OB_DOCKER_HOME>/docker-compose/obam-with-obiam
```
Deploy the solution by executing the following:
```
docker-compose up
```
Obtain the container Id of the Identity Server by executing the command below:
```
docker ps
```
Copy the deployment.toml file of the Identity Server from the container to a desired location in the host machine.
```
docker cp <IS_CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml <DESIRED_LOCATION>
```
Go to the location where you copied the deployment.toml and update the copied file as follows:
- Change the jwks_url_sandbox and jwks_url_production URLs with the respective JWKS URLs of your certs.
- Change the hostnames of login_url, retry_url, oauth2_consent_page, and oidc_consent_page with the respective hostnames of the containers.
Place the modified deployment.toml file in the container:

Note

You can use the same command and copy any existing deployment.toml file to the container.
```
docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml
```
Restart the container to apply the changes:
```
docker restart obiam
```
Obtain the container Id of the API Manager by executing the command below:
```
docker ps
```
Copy the deployment.toml file of the API Manager from the container to a desired location in the host machine.
```
docker cp <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml <DESIRED_LOCATION>
```

Go to the location where you copied the deployment.toml and update the copied file as follows:

Change the following URLs according to the sample given below:

[apim.key_manager]
service_url = "https://obiam:9446${carbon.context}services/"

[apim.key_manager.configuration]
ServerURL = "https://obiam:9446${carbon.context}services/"
TokenURL = "https://obam:${https.nio.port}/token"
RevokeURL = "https://obam:${https.nio.port}/revoke"

Add the following tags:

[oauth.endpoints]
oauth2_token_url = "https://obiam:9446/oauth2/token"
oauth2_jwks_url = "https://obiam:9446/oauth2/jwks"

[open_banking.gateway.consent.validation]
endpoint = "https://obiam:9446/api/openbanking/consent/validate"

Place the modified deployment.toml file in the container:

Note

You can use the same command and copy any existing deployment.toml file to the container.
```
docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml
```
Restart the container to apply the changes:
```
docker restart obam
```
Log in to the Management Console at https://obiam:9446/carbon/.
Go to Identity Providers > Resident > Inbound Authentication Configuration > OAuth2/OpenID connect Configuration.
Set Identity Provider Entity ID as https://obiam:9446/oauth2/token.
When publishing the Dynamic Client Registration (DCR) API, provide the hostname as obiam. For example,
```
https://obiam:9446/api/openbanking/dynamic-client-registration
```
When configuring the Key Manager, set the value of IS_HOST as obiam. For example,
```
https://obiam:9446/keymanager-operations/dcr/register
```
You can access the WSO2 Open Banking API Manager using a web browser via the following URLs:
- https://obam:9443/publisher
- https://obam:9443/devportal
- https://obam:9443/admin
- https://obam:9443/carbon
The API Gateway will be available on the following ports:
- https://localhost:8243
- http://localhost:8280

To see separate logs for obam and obiam

Execute the following commands in separate terminals:

$ docker logs -f obiam

$ docker logs -f obam

Deploy WSO2 Open Banking with Docker¶

This section explains how to set up the solution using WSO2 Open Banking Docker Images.

Set up Database Container¶

Create a network.

docker network create -d bridge ob-network

Pull the MySQL Image.
```
docker pull mysql:8.0.27
```

Run the MySQL Docker container.

docker run --network ob-network --name mysql -e MYSQL_ROOT_PASSWORD=root  -d mysql:8.0.27

Copy the setup.sql script to the container.

docker cp <OB_DOCKER_HOME>/docker-compose/obam-with-obiam/mysql/scripts/setup.sql  <mysql-container-id>:/setup.sql

Login to the MySQL container

docker exec -it mysql mysql -uroot -proot

Source the copied SQL script.
```
mysql> source setup.sql;
```

Update the MySQL connection limit.

mysql> set global max_connections = 1000;

Update the USER and openbank_apimgtdb.SP_METADATA tables:

mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'root';
mysql> ALTER TABLE openbank_apimgtdb.SP_METADATA MODIFY VALUE VARCHAR(7500);

Set up Open Banking Identity Server with Docker¶

Pull the Open Banking Identity Server Image from WSO2 Docker Repositories.
```
docker pull docker.wso2.com/wso2-obiam
```

Deploy the Identity Server Image.

docker run -p 9446:9446 --network ob-network --name obiam docker.wso2.com/wso2-obiam

Obtain the container Id by executing the command below:
```
docker ps
```

Copy the deployment.toml file from the container to a desired location in the host machine.

docker cp <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml <DESIRED_LOCATION>

Go to the location where you copied the deployment.toml and update the copied file as follows:
Change the jwks_url_sandbox and jwks_url_production URLs with the respective JWKS URLs of your certs.
Change the hostnames of login_url, retry_url, oauth2_consent_page, and oidc_consent_page with the respective hostnames of the containers.
Place the modified deployment.toml file in the container:

Note

You can use the same command and copy any existing deployment.toml file to the container.
```
docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2is-5.11.0/repository/conf/deployment.toml
```
Restart the container to apply the changes:
```
docker restart obiam
```
Log in to the Management Console at https://obiam:9446/carbon/.
Go to Identity Providers > Resident > Inbound Authentication Configuration > OAuth2/OpenID connect Configuration.
Set Identity Provider Entity ID as https://obiam:9446/oauth2/token.
When publishing the Dynamic Client Registration (DCR) API, provide the hostname as obiam. For example,
```
https://obiam:9446/api/openbanking/dynamic-client-registration
```
When configuring the Key Manager, set the value of IS_HOST as obiam. For example,
```
https://obiam:9446/keymanager-operations/dcr/register
```

Set up Open Banking API Manager with Docker¶

Pull the Open Banking API Manager Image from WSO2 Docker Repositories.
```
docker pull docker.wso2.com/wso2-obam
```

Deploy the API Manager Image.

docker run -p 9443:9443 -p 8243:8243 -p 8280:8280 --network ob-network --name obam docker.wso2.com/wso2-obam

Obtain the container Id by executing the command below:
```
docker ps
```

Copy the deployment.toml file from the container to a desired location in the host machine.

docker cp <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml <DESIRED_LOCATION>

Go to the location where you copied the deployment.toml and update the copied file as follows:

Change the following URLs according to the sample below:

[apim.key_manager]
service_url = "https://obiam:9446${carbon.context}services/"

[apim.key_manager.configuration]
ServerURL = "https://obiam:9446${carbon.context}services/"
TokenURL = "https://obam:${https.nio.port}/token"
RevokeURL = "https://obam:${https.nio.port}/revoke"

Add the following tags:

[oauth.endpoints]
oauth2_token_url = "https://obiam:9446/oauth2/token"
oauth2_jwks_url = "https://obiam:9446/oauth2/jwks"

[open_banking.gateway.consent.validation]
endpoint = "https://obiam:9446/api/openbanking/consent/validate"

Place the modified deployment.toml file in the container:

Note

You can use the same command and copy any existing deployment.toml file to the container.
```
docker cp <DESIRED_LOCATION>/deployment.toml <CONTAINER_ID>:/home/wso2carbon/wso2am-4.0.0/repository/conf/deployment.toml
```
Restart the container to apply the changes:
```
docker restart obam
```

Download WSO2 Updates¶

This section explains how to download the WSO2 updates for Open Banking Identity Server and API Manager. For each container you want to update, follow the steps below:

Start the container and log in to the container as the root user.
```
sudo docker exec -u 0 -it obiam /bin/bash
```
Update the <WSO2_IS_HOME>/updates/config.json file with the relevant username and backup-dir.
Do the same changes to the <WSO2_IS_HOME>/<WSO2_IAM_ACCELERATOR_HOME>/updates/config.json file.
Go to the <WSO2_IS_HOME>/bin directory and update the product.
```
./wso2update_linux 
```
Run the merge.sh script.
```
./merge.sh
```
Log out and stop the container.
Restart the obiam container.
Repeat the same steps for the API Manager (obam) container.

Top