项目作者: ldej

项目描述 :
An ACA-py controller that can issue credentials
高级语言: Go
项目地址: git://github.com/ldej/issuer.git
创建时间: 2020-10-22T11:13:40Z
项目社区:https://github.com/ldej/issuer

开源协议:

下载


Issuer

https://ldej.nl/post/building-an-acapy-controller-architecture/

Checkout

  1. $ git clone --recursive git@github.com:ldej/issuer.git

Running locally

Start a VON-network ledger

github.com/bcgov/von-network

Start 4 Indy nodes and the von-webserver. The von-webserver has a web interface at localhost:9000 which allows you to browse the transactions in the blockchain.

```shell script
$ git clone https://github.com/bcgov/von-network
$ cd von-network
$ ./manage start —logs

  1. ### Start a Tails server
  2. [github.com/bcgov/indy-tails-server](https://github.com/bcgov/indy-tails-server)
  3. Start a Tails server for the revocation registry tails files.
  4. ```shell script
  5. $ git clone https://github.com/bcgov/indy-tails-server
  6. $ cd indy-tails-server
  7. $ ./docker/manage start

Create an environment file

  1. $ cat .env
  2. AGENT_WALLET_SEED=<some-32-char-wallet-seed>
  3. LABEL=<name-of-your-application>
  4. ACAPY_ENDPOINT_PORT=8000
  5. ACAPY_ENDPOINT_URL=http://localhost:8000/
  6. ACAPY_ADMIN_PORT=11000
  7. LEDGER_URL=http://172.17.0.1:9000
  8. TAILS_SERVER_URL=http://tails-server:6543
  9. CONTROLLER_PORT=8080
  10. WALLET_NAME=<wallet-name>
  11. WALLET_KEY=<secret>

Start

  1. $ make up
  2. $ make logs

Connecting to BCoverin ledgers

TODO

ACA-py docker image

The ACA-py docker image is made with the acapy.dockerfile. It is a custom image where libindy is installed and the postgres plugin is installed as a wallet storage backend. I could only install the postgres plugin with the indy-sdk repository, that’s why it is a git submodule. aries-cloudagent-python is included in this repo as a submodule, so I can run the latest ~master~, I mean main branch.

Controller docker image

The controller docker image is used for both building and running the Go application.

nginx and certbot

I used @pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71">this blog post as a source of inspiration for getting the easiest set up to work. That’s also where init-letsencrypt.sh comes from. I modified it to fit my structure.

For the first deployment, copy the following to the remote host:

  • init-letsencrypt.sh
  • .env.prod
  • docker-compose.yml
  • docker-compose.prod.yml
  • ./nginx

Then run it:

  1. $ cd /issuer && ./init-letsencrypt.sh

docker-compose

I tried to understand the aries-cloudagent-python/deploymentModel.md, but it was too much to read. The two examples at the bottom (indy-email-verification and iiwbook) helped me get in the right direction with the docker-compose.yml file.

Deployment

This issuer is deployed on Digital Ocean using the cheapest pre-installed docker droplet. Apparently the ufw firewall is enabled by default.

https://www.digitalocean.com/docs/networking/firewalls/resources/troubleshooting/

  1. $ docker context create remote --docker "host=ssh://user@hostname"
  2. $ docker-compose --context remote logs

Permissions

If the tails-server gets a permission denied on the volume, then chown -R 1001:1001 /issuer/tails-files.

TODO

  • Automate deployment using Github Actions
  • Add functionality for issuing credentials
  • Add a frontend