https://ldej.nl/post/building-an-acapy-controller-architecture/
$ git clone --recursive [email protected]:ldej/issuer.git
github.com/bcgov/von-network
Start 4 Indy nodes and the von-webserver. The von-webserver has a web interface at localhost:9000 which allows you to browse the transactions in the blockchain.
$ git clone https://github.com/bcgov/von-network
$ cd von-network
$ ./manage start --logs
github.com/bcgov/indy-tails-server
Start a Tails server for the revocation registry tails files.
$ git clone https://github.com/bcgov/indy-tails-server
$ cd indy-tails-server
$ ./docker/manage start
$ cat .env
AGENT_WALLET_SEED=<some-32-char-wallet-seed>
LABEL=<name-of-your-application>
ACAPY_ENDPOINT_PORT=8000
ACAPY_ENDPOINT_URL=http://localhost:8000/
ACAPY_ADMIN_PORT=11000
LEDGER_URL=http://172.17.0.1:9000
TAILS_SERVER_URL=http://tails-server:6543
CONTROLLER_PORT=8080
WALLET_NAME=<wallet-name>
WALLET_KEY=<secret>
$ make up
$ make logs
TODO
The ACA-py docker image is made with the acapy.dockerfile. It is a custom image where libindy is installed and the postgres plugin is installed as a wallet storage backend. I could only install the postgres plugin with the indy-sdk
repository, that's why it is a git submodule. aries-cloudagent-python
is included in this repo as a submodule, so I can run the latest master, I mean main branch.
The controller docker image is used for both building and running the Go application.
I used this blog post as a source of inspiration for getting the easiest set up to work. That's also where init-letsencrypt.sh
comes from. I modified it to fit my structure.
For the first deployment, copy the following to the remote host:
- init-letsencrypt.sh
- .env.prod
- docker-compose.yml
- docker-compose.prod.yml
- ./nginx
Then run it:
$ cd /issuer && ./init-letsencrypt.sh
I tried to understand the aries-cloudagent-python/deploymentModel.md, but it was too much to read. The two examples at the bottom (indy-email-verification and iiwbook) helped me get in the right direction with the docker-compose.yml
file.
This issuer is deployed on Digital Ocean using the cheapest pre-installed docker droplet. Apparently the ufw
firewall is enabled by default.
https://www.digitalocean.com/docs/networking/firewalls/resources/troubleshooting/
$ docker context create remote --docker "host=ssh://user@hostname"
$ docker-compose --context remote logs
If the tails-server gets a permission denied on the volume, then chown -R 1001:1001 /issuer/tails-files
.
- Automate deployment using Github Actions
- Add functionality for issuing credentials
- Add a frontend