The Access API is accessible from AAU's network on knox-proxy01.srv.aau.dk. You can use that as url, without any ssh connection established.
/srv/data/.secret on server knox-func01@srv.aau.dk.
knox-proxy01@srv.aau.dk..env in the root of this repository and paste the environment variables into it.docker-compose up --build in the root of this repository.ssh <student_mail>@knox-proxy01.srv.aau.dk -L <your_port>:localhost:80
Deployment is normally handled by watchtower on push to main. However, in case of the need of manual deployment, run
docker run -p 0.0.0.0:80:8080 -d -e INTERNAL_KEY=*** -e KNOX_DATABASE_AUTHORIZATION=*** -e API_SECRET=*** ghcr.io/knox-aau/access-api:main
Find and learn more about .env secrets in KNOX.
Add your service to the list in services.json like this:
[
// other services here ...
{
"name": "<your_service_name>",
"base_url": "http://<your_server_domain>:<your_port>",
"authorization_key_identifier":"<your_env_key>"
}
]
For examples, check out the actual services.json file.
After the changes are merged into main, view the Github Action tab for the status of the deployment. After it succeeds, there can go up to a minute for Watchtower to update the container. After that, your service should be available. See Use the service for more information.
The authorization_key_identifier can be ignored if your service does not require authentication.
This is the name of the key as it is set in the docker run command.
Your service must accept the header Authorization with the value of the key. If your service does not accept this header, the access api will not be able to access your service.
For the environment variable to be set in the Access API, docker run has to be executed again on it's server, with the new environment variable injected into the container. For deployment, see Deploy new version manually, or contact the authors.
Send a request to http://knox-proxy01.srv.aau.dk/<your_service_name>. All parameters and headers will be forwarded to the service. The response will be forwarded to the client. The response will be the same as if you would have sent the request directly to the service.
Header access-authorization must be set to an internal key to access the service. Contact the authors of this repository or the current Product Owner of KNOX to get the key.