# Set up Environment for Development Test

Here we will explain how to set up an environment for development test.

# Start the 4App

sh start-debug.sh

# Create Certificate

Create a root certificate for development. This is necessary so that there are no ssl errors in the browser.

# 1. Install mkcert

mkcert is a simple tool for creating locally-trusted development certificates. To install, please follow the instruction on their GitHub.

https://github.com/FiloSottile/mkcert#installation (opens new window)

After a successful installation, run the following command to create and install a new local Certificate Authority (CA):

mkcert -install

Please note: This command only installs the CA to the computer's local trust stores, so its browsers will not complain about invalid/self-signed certificates for certificates created with mkcert. We will create the actual certificate in the next step.

# 2. Create a Certificate for your Installation

To create a new certificate, create folder docker_certs in project 4allportal-dmz-adapter:

cd docker_certs
# ls should print an empty folder
ls

# Create the certificate and key using mkcert
mkcert dmz4ap.4allportal.com

This command should have created two new files in the directory:

dmz4ap.4allportal.com-key.pem
dmz4ap.4allportal.com.pem

# 3. Configure SSL for Incoming Requests

cd docker_certs

cat dmz4ap.4allportal.com.pem dmz4ap.4allportal.com-key.pem > bundle.pem
# export certificate for Java
openssl pkcs12 -export -in bundle.pem -inkey dmz4ap.4allportal.com-key.pem -out 4allportal.net.p12 -password pass:123456
keytool -importkeystore -srckeystore 4allportal.net.p12 -srcstoretype PKCS12 -srcstorepass 123456 -destkeystore keystore.jks -deststoretype JKS -deststorepass 123456

This command should have created the file 4allportal.net.p12 in the directory.

# 4. Configure SSL for Outgoing Requests to 4ALLPORTAL

create folder to_java_keystore in folder docker_certs
show folder with pem file
```
mkcert -CAROOT
```
copy rootCA.pem from folder shown with mkcert -CAROOT to folder docker_certs/to_java_keystore

# 5. Verify the Nginx Configuration

The 4ALLPORTAL container cannot directly consume HTTPS traffic. To handle it, a new service web needs to be created.
For development we use Nginx, a commonly used reverse proxy. Others like Traefik would also work.

The nginx service is configured in docker-compose.yaml as service web
The configuration for the nginx service is in folder docker_nginx.

The configuration will work when previously generated key and certificate are in the docker_certs folder.

# Add Host Entry to your Testing Computer

127.0.0.1 dmz4ap.4allportal.com

This is necessary for routing the requests to the DMZ-Adapter instead of the 4ALLPORTAL.

# Create API Key

Open 4ALLPORTAL in browser with local port (without DMZ-Adapter) http://localhost:3501
Create api_key in admin snap-in Developer/API/API Key settings and enable the key
Replace BEARER_TOKEN in docker-compose.yml with the idof the generated api_Key
Terminate the running script start-debug.sh

# Configure Mail Server in docker-compose.yml for 4ALLPORTAL

This is necessary to create users and receive emails for them. Look at mail configuration (opens new window) to assist with the configuration.

# Start the 4ALLPORTAL

Terminal

sh start-debug.sh

After some moments, everything should be up and running.

# Check your Browser

Try accessing http://dmz4ap.4allportal.com (opens new window) or https://dmz4ap.4allportal.com (opens new window). The first url automatically redirects to the second.

If everything worked well, browsers on the same machine should not complain, meaning that your certificate is considered valid.

# Check that Requests are Handled by DMZ Adapter

Use charles or developer tools of a browser to check that header

Server: DMZ-Adapter

is set for all request and additional header

Server: nginx/...

is set for request not handled from dmz adapter cache.

# Tests

Login
Logout
Upload
Upload and unpack archive (for example zip file)
Download
Download derivate of multiple files
send eTicket
show eTicket
Admin snap-in blocked per default and accessible when configuration changed to deny="false" in file docker_dmz/conf/dmz-adapter.xml
```
<endpoint deny="false">
  <url>/api/system/admin-structure</url>
</endpoint>
```
To diff the content of the used configuration file with the original configuration file from docker container the file docker_dmz/conf/dmz-adapter-original.xml exists. This will be copied from the container on every container startup. The file docker_dmz/conf/dmz-adapter.xml will be copied only when it not exists in mounted volumn on docker startup.
AMF Method (at least two working amf method calls /service/amf with no error)
SAML login testen
- Create saml konfiguration with endpoint /api/system/admin-structure set to deny="false"
- SAML configuration guide (opens new window)

← Secure DMZ Adapter Installation of the DMZ adapter →