Configuring the Akka TLS Communication for ThingWorx
 |
The distributed subscription capability is available from ThingWorx 9.4 and up.
|
Configuring Akka TLS Communication
By default, Akka SSL is disabled in the provided ThingWorx image. This is useful for testing and development but not for use in production. PTC strongly recommends enabling Akka SSL communication if you intend to utilize it in a production scenario to secure your ThingWorx Platform appropriately.
Configure Akka TLS Communication
You can use the following environment variables for the container configuration. These can be used in the docker-compose.yml file included in the Dockerfile download or the respective TWXdockerfile>docker-compose-[postgrtes, mssql, azuresql]-clustered/.env file in the Thingworx Dockerfile download.
|
Variables Names
|
Docker Compose Defaults
|
Comments
|
|
AKKA_SSL_ENABLED
|
true
|
Turn on/off tls Akka communication.
|
|
AKKA_KEYSTORE
|
/certs/keystore.jks
|
Relative path to the key store, which should have a private key in it. The path must match the existing volume. Can be stored in the certs volume. For example, /certs/keystore.jks.
|
|
AKKA_TRUSTSTORE
|
/certs/truststore.jks
|
Relative path to the key store, which should have a public key in it. The path must match the existing volume. Can be stored in the certs volume. For example, /certs/truststore.jks.
|
|
AKKA_KEYSTORE_PASSWORD
|
No default value set
|
Password from AKKA_KEYSTORE.
|
|
AKKA_TRUSTSTORE_PASSWORD
|
No default value set
|
Password from AKKA_TRUSTSTORE.
|
After the variables are set up, perform the following steps:
|
|
keystore.jks and truststore.jks must be copied into the Thingworx Platform Docker container.
|
1. Place your keystore.jks and truststore.jks files in the same directory as the docker-compose.yml file.
2. Uncomment the following lines belonging to the Platform service in the docker-compose.yml file:
# Use this to mount custom key and truststores for akka tls communication
- ./keystore.jks:${AKKA_KEYSTORE}
- ./truststore.jks:${AKKA_TRUSTSTORE}
- ./keystore.jks:${AKKA_KEYSTORE}
- ./truststore.jks:${AKKA_TRUSTSTORE}
During the startup process, both files will be copied into the container.
3. Uncomment the following lines belonging to the x-platform section in the docker-compose.yml file:
# Akka config for SSL
AKKA_SSL_ENABLED: ${AKKA_SSL_ENABLED}
AKKA_KEYSTORE: ${AKKA_KEYSTORE}
AKKA_TRUSTSTORE: ${AKKA_TRUSTSTORE}
AKKA_KEYSTORE_PASSWORD: ${AKKA_KEYSTORE_PASSWORD}
AKKA_TRUSTSTORE_PASSWORD: ${AKKA_TRUSTSTORE_PASSWORD}
AKKA_SSL_ENABLED: ${AKKA_SSL_ENABLED}
AKKA_KEYSTORE: ${AKKA_KEYSTORE}
AKKA_TRUSTSTORE: ${AKKA_TRUSTSTORE}
AKKA_KEYSTORE_PASSWORD: ${AKKA_KEYSTORE_PASSWORD}
AKKA_TRUSTSTORE_PASSWORD: ${AKKA_TRUSTSTORE_PASSWORD}