Installation Guides
Kron PAM 3.7.* Mobile App Serv...
The steps for Kron PAM Mobile App Server (on the DMZ)
· the certificate files (jks and p12) created in the section 2 should be transferred to kron pam mobile app server note that, jks and p12 files should be identical on both environments to check this, the following commands should be run on both environments sha256sum /pam/docker mgmt/cert/aioc p12 sha256sum /pam/docker mgmt/cert/aioc jks ! if the files are not identical due to the 3rd party ssh/sftp tool (e g mobaxterm) usage, sshpass command can be used for file transfer sshpass p ‘your password’ rsync avz /pam/docker mgmt/cert/ aioc p12 pamuser @ 10 10 0 2 10 10 0 2 /pam/docker mgmt/cert sshpass p ‘your password’ rsync avz /pam / / docker mgmt/cert/ aioc jks pamuser @ 10 10 0 2 10 10 0 2 /pam/docker mgmt/cert · after the file transfer from kron pam server to kron pam mobile app server, ownership and mode configurations should be changed for these files sudo chown pamuser\ pam group /pam/docker mgmt/cert/ aioc jks /pam/docker mgmt/cert/ aioc p12 sudo chmod 750 /pam/docker mgmt/cert/ aioc jks /pam/docker mgmt/cert/ aioc p12 · if only the mobile api service is used on the dmz (without other docker services) the following docker compose yml file should be used under /pam/docker mgmt/ x common variables \&common variables config server uri https //10 10 0 1 8001 \# config variables security config path /app/security/security properties config user aioc config password aioc \# ssl environment values ssl enable true ssl key store type pkcs12 key store file /app/certs/aioc jks trust store file /app/certs/aioc p12 \# log log directory path /app/logs/ \# pam properties instance name your instance name tz your timezone services mobile api image dockerhub kron com tr/pam/mobile api 24 2 2 environment common variables ports \ "9443 9443" volumes \ /pam/gui/conf/cert /app/gui certs \ /pam/logs\ /app/logs \ /pam/docker mgmt/cert /app/certs \ /pam/kron/security /app/security \ /pam/gui/netright/ /app/license dns \ 8 8 8 8 \ 8 8 4 4 extra hosts \ "host docker internal 10 10 0 2" \ " your pam instance name 10 10 0 1" · if the customer uses its own certificate for accessing mobile url, the certificate should be uploaded to /pam/gui/conf/cert (e g , mobile jks ) note that the purpose of using this certificate is different from the self signed certificate to access a specific docker service on the kron pam server after that, mobile api default properties file located at /pam/docker mgmt/config repo/ should be updated server ssl key store=file /app/gui certs/ mobile jks server ssl key alias= your alias server ssl key password= your key password server ssl key store password= your key store password · the following line of the mobile api default properties file located at /pam/docker mgmt/config repo/ should be updated pam rest api server url=https // 10 10 0 1 · lastly, mobile api service on the kron pam mobile app server should be restarted (down & up) docker compose down mobile api docker compose up mobile api d