Versions Compared

Version Old Version 5 New Version Current
Changes made by

Wilter Torres Enriquez

Saray Cordón Arnau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SignBox Optimizer can be supplied as a Docker or as a Virtual Machine image. See the configuration description in:
SignBox Optimizer on DockerSignBox Optimizer on Virtual Machine

Hardware requirements

CPU: modern multicore (minimum 4 core)

...

Code Block
docker-compose ps

             Name                                 Command                State                 Ports
----------------------------------------------------------------------------------------------------------------------
signbox_optimizer_nginx_1               /docker-entrypoint.sh ngin ...   Up      0.0.0.0:443->443/tcp,:::443->443/tcp,
                                                                                  0.0.0.0:80->80/tcp,:::80->80/tcp
signbox_optimizer_signbox_api_1         signbox start                    Up
signbox_optimizer_signbox_cryptosvc_1   signbox start                    Up

All services must be UP.

SignBox Optimizer on Virtual Machine (OVA)

The Virtual Machine is supplied in an OVA file. SignBox Optimizer image is compatible with common virtual environments like VMWare, AWS, Azure or VirtualBox.

STEP 1: Import SignBox Optimizer (VM) in the virtual environment.

Adjust the system requirements for optimal usage considering host terminal resources described in hardware requirements.

STEP 2: Network configuration.

The network settings are configured on the file ifcfg-ens160, which can be found in the path /etc/sysconfig/network-scripts. Edit the file and insert the correct IP address, network mask, gateway and DNS for your network.

Example:

...

Restart network services with command:

Code Block
service network restart

Proxy network settings

The Proxy settings are configured in the file settings.ini which can be found in path /opt/bit4id/de/etc. Edit the file and insert proxy address, port and credentials if are needed.

It is possible to include url exceptions for services that don't use proxy network. Exceptions must be included in regular expression format.

Example:

...

Update Signbox

Run the following commands:

Code Block
cd /opt/signbox_optimizer
docker-compose down

List all Docker images to find the image ID or name.and then remove the image.

Code Block
docker images

REPOSITORY              TAG                       IMAGE ID       CREATED         SIZE
nginx                   latest                    66f8bdd3810c   7 weeks ago     192MB
signbox                 latest                    9977e730eb8f   2 months ago    56.2MB

Then remove the image.

Code Block
docker rmi nginx:latest
docker rmi signbox:latest

Load the new Signbox Docker image.

Code Block
docker image load -i signbox.tar 
docker-compose up -d

Signature Image Configuration

...

In case that you don't make use of LTV/LVTLITE signature level, this process is NOT necessary.

This process vary depending on the selected optimizer install method.

Every certificate introduced in the optimizer regarding the rootstore needs to be formatted as a PEM file and introduced in a specific folder. Below an example of the general structure that is needed.

Note: Number of lines below the header are not representative of a real certificate.

Code Block
-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
BAYTAkVTMUQwQgYDVQQHDDtCYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg
YXQgd3d3LnVhbmF0YWNhLmNvbS9hZGRyZXNzKTEWMBQGA1UECgwNVUFOQVRBQ0Eg
Uy5BLjEVMBMGA1UECwwMVFNQLVVBTkFUQUNBMRswGQYDVQQDDBJVQU5BVEFDQSBS
K+0fx83luCN81YLsUpdpc3e0URG7eDMKNG54WvtW
-----END CERTIFICATE-----

Docker

STEP 1: Load certificates in the optimizer

Load the PEM files in the following path or your mapped volume:

Code Block
/signbox_optimizer/etc/trusted_roots/certs

STEP 2: Restart the service

After all the desired certificates have been loaded into the optimizer, we must fully restart the services with

Code Block
docker compose down

Followed by

Code Block
docker compose up -d

...

.

This process vary depending on the selected optimizer install method.

Every certificate introduced in the optimizer regarding the rootstore needs to be formatted as a PEM file and introduced in a specific folder. Below an example of the general structure that is needed.

Note: Number of lines below the header are not representative of a real certificate.

Code Block
-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
BAYTAkVTMUQwQgYDVQQHDDtCYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg
YXQgd3d3LnVhbmF0YWNhLmNvbS9hZGRyZXNzKTEWMBQGA1UECgwNVUFOQVRBQ0Eg
Uy5BLjEVMBMGA1UECwwMVFNQLVVBTkFUQUNBMRswGQYDVQQDDBJVQU5BVEFDQSBS
K+0fx83luCN81YLsUpdpc3e0URG7eDMKNG54WvtW
-----END CERTIFICATE-----

Docker

STEP 1: Load certificates in the optimizer

Load the PEM files in the following path or your mapped volume:

Code Block
/opt/bit4id/designbox_optimizer/etc/trusted_roots/certs

STEP 2: Restart the service

After all the desired certificates have been loaded into the optimizer, we must fully restart the services with

Code Block
systemctldocker stop bit4-de.api.service bit4-de.cryptosvc.service nginxcompose down

Followed by

Code Block
systemctldocker start bit4-de.api.service bit4-de.cryptosvc.service nginxcompose up -d

Logs

Service logs files are stored in a local folder in OVA or stored inside the containers in Docker.

...