Initial configuration of censhare WP, including Webpack and the required Keycloak settings. |
After installation of the required censhare WP components, configure the following:
Keycloak
Cloud Gateway
Static Resource Server
By default, Webserver service is activated.
If not, do the following:
In the censhare Admin Client, go to Configuration > Services > Webserver and double-click Configuration.
In the Configuration dialog, activate Service enabled and click OK.
If Keycloak is already set up for your organization, note down the required information as stated in Cloud Gateway.
If you just installed Keycloak, follow these steps before you continue to configure Cloud Gateway:
Configure Keycloak first, to carry on with the Cloud Gateway configuration. To configure Cloud Gateway, you need specific information from Keycloak that you can obtain from the Keycloak administration console. Important to configure here is the web client information taken from Keycloak. |
Keycloak client name
If you follow the censhare Keycloak documentation, the default name is censhare 5 OpenID client. It may be different in your case.
Keycloak Client ID
If you follow the censhare Keycloak documentation, the default name is censhare5. It may be different in your case.
Keycloak client secret
The censhare WP client Secret from your Keycloak server
Keycloak server base URL
For example: http://keycloak:8080/auth. Note that https requires the use of a Reverse Proxy.
The default configuration for the Cloud Gateway service are set in the code. As of that, you do not need to specify the default values in the application.yml file. Therefore, these settings are commented out. This prevents the application.yml file from overwriting the default values with older values if the values have been changed in the code. If you do not want to use the default settings, comment out the appropriate lines and change the settings.
When installing the RPM package, the application.yml file is not overwritten if it has changed. Instead, the installation creates an application.yml.rpmnew file. Compare both files for new or changed default settings.
Have the Keycloak configuration options at hand.
Go to /opt/censer/cloud-gateway.
Open application.yml.
Set the server port:
server.port: 8082 |
Enable Load Balancer headers. These are required to use Load Balancer headers and send the right redirect_uri to the Keycloak server:
server.forward-headers-strategy: native |
Client ID
spring.security.oauth2.client.registration.keycloak.client-id: <keycloak-client-id> |
Client name
spring.security.oauth2.client.registration.keycloak.client-name: <keycloak-client-name> |
Client secret
spring.security.oauth2.client.registration.keycloak.client-secret: |
Uncomment the line and replace the secret with the respective censhare WP client secret in your Keycloak server.
External Keycloak URL
For the following URIs, replace the URLs with your external Keycloak URL. For example, http://keycloak:8080/auth:
spring.security.oauth2.client.provider.keycloak.authorization-uri: https://censhare.example.com/auth/realms/censhare/protocol/openid-connect/auth spring.security.oauth2.client.provider.keycloak.token-uri: https://censhare.example.com/auth/realms/censhare/protocol/openid-connect/token spring.security.oauth2.client.provider.keycloak.user-info-uri: https://censhare.example.com/auth/realms/censhare/protocol/openid-connect/userinfo spring.security.oauth2.client.provider.keycloak.jwk-set-uri: https://censhare.example.com/auth/realms/censhare/protocol/openid-connect/certs cg.keycloakLogoutUrl: https://censhare.example.com/auth/realms/censhare/protocol/openid-connect/logout |
Users nee to manage password changes via the Keycloak Account Management. You have to configure the redirect from the password change dialog of censhare Web to the required Keycloak URL.
To make that URL work, it is necessary to configure a rule in Cloud Gateway, which maps it to the Keycloak Account Management page. Add an entry similar to this:
spring.cloud.gateway.routes: - id: censhare5_change_password_redirect uri: http://localhost:8080 predicates: - Path=/censhare5/client/change-password filters: - SetPath=/auth/realms/censhare/account |
Please adjust http://localhost:8080
with the correct host and port of your local Keycloak server.
For the following IDs:
censhare5_rest_endpoint
censhare5_forward_rest_endpoint
censhare5_upload_endpoint
censhare5_websocket_endpoint
Uncomment all entries for the affected routes.
In the uri of each route, change the http://censhare-server URLs to point to your censhare Server :
If Cloud Gateway and censhare Server are running on the same computer, you can use the localhost. For example, http://localhost:9000
If Cloud Gateway and censhare Server are not running in the same subnet, use the server name or full server name. For example, server name, full server name < censhare-server>.com.
For the following ID:
Uncomment the entry for the affected route.
Change the uri to point to your Static Resource Server.
If Cloud Gateway and Static Resource Server are running on the same computer, you can use the local host. For example, http://localhost:8081 .
If Cloud Gateway and Static Resource Server are not running in the same subnet, use the server name or full server name. For example, server name, full server name < static-resource-server>.com .
If you have adapted any ports, you find them here:
/opt/censer/static-resource-server/application.yml |
Variable: server.port
sudo systemctl restart censhare.cloud-gateway |
Here you can use localhost as hostname only if Cloud Gateway, Static Resource Server, Keycloak, and censhare Server are running on the same computer. Important to configure here is the Auth URLs taken from Keycloak. |
You can use the server name as hostname instead of the full server name if Cloud Gateway, Static Resource Server, Keycloak, and censhare Server are running in the same subnet of your network.
Default configuration settings for the service are set in the code. As of that, you do not need to set the default values in the application.yml file. To show this, these settings are commented out. This prevents that the application.yml file overwrites default settings with older values when the settings have been changed in the code. Only uncomment settings if you want to change them.
The installation of the RPM package does not overwrite the application.yml file if it has changed. Instead, the installation creates an application.yml.rpmnew file. Compare both files to detect new or changed default settings. |
Go to /opt/censer/static-resource-server.
Open application.yml in an editor.
Uncomment the line with application.server.rest.url and replace localhost with the server name where censhare Server is running. For example, http://censhare.your-company.com:9000/ws/rest/
Uncomment the line with spring.security.oauth2.resourceserver.jwt.jwk-set-uri and replace localhost with the server name where Keycloak is running. For example, http:// authentication.your-company.com:8080/auth/realms/censhare/protocol/openid-connect/certs
The configuration for the webpack files depends on whether you have customized the censhare Web user interface or added additional user interface languages.
Ensure that Node.js 10 or higher is installed. |
If you have not yet done any customization of the web interface, you can directly download the webpack file for your censhare WP version from the repository. The download includes the webpacks for German and English as user interface languages.
Download the wepback file, for example webpack-2021.2.0.tar.gz:
curl --user repo-user https://rpm.censhare.com/artifactory/webpack-release/2021.2.0/webpack-2021.2.0.tar.gz -o webpack-2021.2.0.tar.gz |
The webpack creation is working on git-based and RPM-based installations. |
Check the FRONTEND.md file for more information on the frontend customization:
censhare/censhare-Customer/FRONTEND.md |
If you are using censhare WP 2021.2.0 or 2021.2.1 on RPM-based installations, you must create the directory:
Otherwise, the webpack creation fails. |
Go to the build
directory:
Enter:
cd ~/censhare/censhare-Client5/web/ |
Build webpack
:
yarn yarn cs5 release |
For each language an own webpack is created.
Pack the webpacks into one webpack file:
cd dist tar -czf webpack-VERSION.tar.gz censhare5 |
Replace VERSION with the censhare version that you are using.
Connect to the server that is running the Static Resource Server via SSH.
Create the /opt/webpack/ folder.
Copy the webpack file to that folder via scp.
Unpack the webpack file, for example:
tar -xf webpack-2021.2.0.tar.gz -C /opt/webpack/ |
Restart the service:
sudo systemctl restart censhare.static-resource-server |
If you want to install the webpack to a different folder, you must uncomment the line with webserver.content-dir in application.yml in /opt/censer/static-resource-server and change the path to that folder. |
If you use a load balancer such HAProxy or a reverse proxy, such as NGINX, set the relevant redirects. For more information, see Load balancing with HAProxy.
Optional service. For more information, see Configure Google Cloud AI service.
Optional service. For more information, see Social media management.
Once you have set up all services, users can log in to the censhare web client. They enter their credentials in the Keycloak login screen. They are then logged into censhare Web.
Check the censhare WP services and logs
|