censhare WP - Initial configuration
Initial configuration of censhare WP, including Webpack and the required Keycloak settings.
Webserver service
By default, Webserver service is activated.
If not, do the following:
In the censhare Admin Client, go to Configuration > Services > Webserver and double-click Configuration.
In the Configuration dialog, activate Service enabled and click OK.
Keycloak for censhare WP
If Keycloak is already set up for your organization, note down the required information as stated in Cloud Gateway.
If you just installed Keycloak, follow these steps before you continue to configure Cloud Gateway:
- Create a Keycloak system admin and start the Keycloak server
- Configure the censhare realm and realm keys
- Create internal admin user
- Configure the censhare web application client
- Optionally, configure censhare desktop client
- Configure the hosts.xml
- Configure censhare Server to access Keycloak
Cloud Gateway
Before you begin
(1) To configure the Cloud Gateway, complete the Keycloak configuration first. Y ou need the some keys from Keycloak for the Cloud Gateway configuration .
(2) The following configuration shows the minimal setup to access the application. Further configuration of the Cloud Gateway can be necessary for session handling and custom branding.
Obtain required Keycloak information
- Log into Keycloak as administrator.
- Note down the following information from the censhare web application client in the Clients section:
Keycloak client name
If you follow the censhare Keycloak documentation, the default name is censhare 5 OpenID client. It may be different in your case.Keycloak Client ID
If you follow the censhare Keycloak documentation, the default name is censhare5. It may be different in your case.Keycloak client secret
The censhare WP client Secret from your Keycloak serverKeycloak server base URL
For example: http://keycloak:8080/auth. Note that https requires the use of a Reverse Proxy.
The default configuration for the Cloud Gateway service are set in the code. As of that, you do not need to specify the default values in the application.yml file. Therefore, these settings are commented out. This prevents the application.yml file from overwriting the default values with older values if the values have been changed in the code. If you do not want to use the default settings, comment out the appropriate lines and change the settings.
When installing the RPM package, the application.yml file is not overwritten if it has changed. Instead, the installation creates an application.yml.rpmnew file. Compare both files for new or changed default settings.
Adapt the data for Cloud Gateway
Have the Keycloak configuration options at hand.
Go to /censhare-product/core-cloud-gateway/application.yml.
Open the file with an appropriate editor.
Set the server port:
YMLserver.port: 8082
Enable Load Balancer headers. These are required to use Load Balancer headers and send the right redirect_uri to the Keycloak server:
YMLserver.forward-headers-strategy: native
Adapt the data for Keycloak
Client ID
YMLspring.security.oauth2.client.registration.keycloak.client-id: <keycloak-client-id>
Client name
YMLspring.security.oauth2.client.registration.keycloak.client-name: <keycloak-client-name>
Client secret
YMLspring.security.oauth2.client.registration.keycloak.client-secret:
Uncomment the line and replace the secret with the respective censhare WP client secret in your Keycloak server.
External Keycloak URL
For the following URIs, replace the URLs with your external Keycloak URL. For example, http://keycloak:8080/auth:
YMLspring.security.oauth2.client.provider.keycloak.authorization-uri: https://authentication-example.censhare.com/auth/realms/censhare/protocol/openid-connect/auth spring.security.oauth2.client.provider.keycloak.token-uri: https://authentication-example.censhare.com/auth/realms/censhare/protocol/openid-connect/token spring.security.oauth2.client.provider.keycloak.user-info-uri: https://authentication-example.censhare.com/auth/realms/censhare/protocol/openid-connect/userinfo spring.security.oauth2.client.provider.keycloak.jwk-set-uri: https://authentication-example.censhare.com/auth/realms/censhare/protocol/openid-connect/certs
Adapt URL for password change
Users need to manage password changes via the Keycloak Account Management. You have to configure the redirect from the password change dialog of censhare Web to the required Keycloak URL.
To make that URL work, you have to configure a rule in Cloud Gateway, which maps it to the Keycloak Account Management page. Add an entry similar to this:
spring.cloud.gateway.routes:
- id: censhare5_change_password_redirect
uri: http://localhost:8080
predicates:
- Path=/censhare5/client/change-password
filters:
- SetPath=/auth/realms/censhare/account
Important
(1) Replace http://localhost:8080 with the correct host and port of your local Keycloak server.
(2) If you use one or multiple custom brandings, you must set the password change routes for each branding separately. For more information, see (2021.2) Custom branding (censhare WP).
Adapt the routes to the censhare Server
For the following IDs:
censhare5_rest_endpoint
censhare5_forward_rest_endpoint
censhare5_upload_endpoint
censhare5_websocket_endpoint
Uncomment all entries for the affected routes.
In the uri of each route, change the http://censhare-server URLs to point to your censhare Server :
If Cloud Gateway and censhare Server are running on the same computer, you can use the localhost. For example, http://localhost:9000
If Cloud Gateway and censhare Server are not running in the same subnet, use the server name or full server name. For example, server name , full server name <censhare-server>.com .
Important
If you use one or multiple custom brandings, you must set the endpoints for each branding separately. For more information, see (2021.2) Custom branding (censhare WP).
Adapt the route to the Static Resource Server
For the following ID:
- static_resources
Uncomment the entry for the affected route.
Change the uri to point to your Static Resource Server.
If Cloud Gateway and Static Resource Server are running on the same computer, you can use the local host. For example, http://localhost:8081 .
If Cloud Gateway and Static Resource Server are not running in the same subnet, use the server name or full server name. For example, server name , full server name <static-resource-server>.com .
If you have adapted any ports, you find them here:
BASH/opt/censer/static-resource-server/application.yml
Variable: server.port
Configure session handling
To avoid broken UI and other issues, check if the cg.censhareLogoutUrl
parameter is missing in the application.yml
and add it. See Configure session handling for the complete session handling configuration.
Restart the service
sudo systemctl restart censhare.core-cloud-gateway
Static Resource Server
Here you can use localhost as hostname only if Cloud Gateway, Static Resource Server, Keycloak, and censhare Server are running on the same computer.
Important to configure here is the Auth URLs taken from Keycloak.
You can use the server name as hostname instead of the full server name if Cloud Gateway, Static Resource Server, Keycloak, and censhare Server are running in the same subnet of your network.
Default configuration settings for the service are set in the code. As of that, you do not need to set the default values in the application.yml file. To show this, these settings are commented out. This prevents the application.yml file overwrites default settings with older values when the settings have been changed in the code. Only uncomment settings if you want to change them.
Adapt the application.yml file for the Static Resource Server
Go to /opt/censer/static-resource-server.
Open application.yml in an editor.
Uncomment the line with application.server.rest.url. If the Static Resource Server is running on the same computer as the censhare Server, you can use the local host, for example, http://localhost:9000/ . If the censhare Server is running on a different computer, replace localhost with the external URL, for example, http://censhare.your-company.com:9000/ws/rest/. In addtion, HAProxy will take care of the correct redirection.
Uncomment the line with spring.security.oauth2.resourceserver.jwt.jwk-set-uri and replace localhost with the server name where Keycloak is running. For example, http:// authentication.your-company.com:8080/auth/realms/censhare/protocol/openid-connect/certs
Webpack
The configuration for the webpack files depends on whether you have customized the censhare Web user interface or added additional user interface languages.
Before you begin
Ensure that Node.js 10 or higher is installed.
censhare Web without customization
If you have not yet done any customization of the web interface, you can download and deploy the frontend bundles as is. The download includes the bundles for German and English user interface.
- You find the frontend bundles for the censhare releases here: https://rpm.censhare.com/artifactory/webpack-release/.
- Change to the directory containing your censhare version, for example https://rpm.censhare.com/artifactory/webpack-release/2021.2.2/.
Download the bundle, for example webpack-2021.2.3.tar.gz:
BASHcurl --user repo-user https://rpm.censhare.com/artifactory/webpack-release/2021.2.4/webpack-2021.2.4.tar.gz -o webpack-2021.2.4.tar.gz
censhare Web with customization
If you want to customize the censhare Web frontend, you must build and deploy the customized frontend bundles to the censhare host. For more information, see (2021.2) Getting started (censhare WP).
Redirects
If you use a load balancer such HAProxy or a reverse proxy, such as NGINX, set the relevant redirects. For more information, see Load balancing with HAProxy.
censhare Google Cloud AI
Optional service. For more information, see Configure Google Cloud AI service.
censhare Social Media
Optional service. For more information, see Social media management.
censhare Email service
User login to censhare Web
Once you have set up all services, users can log in to the censhare web client. They enter their credentials in the Keycloak login screen. They are then logged into censhare Web.
Next steps
Check the censhare WP services and logs