Configuration
This document provides a detailed overview of the Mixeway Flow Configuration, which is divided into two main parts: instance configuration and application configuration. The instance configuration includes settings that require a platform restart to apply changes, such as proxy setup, login type, and TLS/SSL. The application configuration, in its current version, allows for the setup of SMTP for outgoing email communication.
Instance Configuration
Instance configuration encompasses settings that are integral to the core operation of the Mixeway platform. These settings can only be modified during runtime, meaning any changes made will necessitate a restart of the platform to take effect. The key components of instance configuration are:
- Proxy Setup: Configuring a proxy server for network communications.
- Login Type: Determining the authentication method, either Single Sign-On (SSO) or traditional username/password.
- TLS/SSL: Setting up Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for secure communications.
Proxy Setup
To configure the proxy settings, you need to specify the proxy server details, including the address, port, and any necessary authentication credentials. This setup ensures that all network traffic is routed through the specified proxy server. Proxy will be used by Flow to reach git instance and get CVE feeds.
In order to configure proxy all You need to do is pass PROXY_HOS
T and `PROXY_PORT` variables to backend e.g. using docker-compose install:
backend:
image: mixeway/flow-api:latest
container_name: flowapi_backend
ports:
- "8888:8888"
- "8443:8443"
environment:
SSL: "TRUE"
PROXY_HOST: "127.0.0.1"
PROXY_PORT: 3128
volumes:
- pki_data:/etc/pki
- dependency_track_data:/root/.dependency-track
depends_on:
- flowdb
Login Type
The login type configuration allows you to choose between SSO and user/password authentication methods. SSO provides a seamless login experience by integrating with existing identity providers, while the user/password method requires manual credential management.
By Default username / password login type is enabled and default password is admin:admin – after first login You are forced to set new password. If You would like to setup SSO that support OAuth2 e.g. Keycloak You need to provide additional informations in docker-compose:
backend:
image: mixeway/flow-api:latest
container_name: flowapi_backend
ports:
- "8888:8888"
- "8443:8443"
environment:
SSL: "TRUE"
SSO: "TRUE"
SSO_CLIENT_ID: your_client_id
SSO_CLIENT_SECRET: your_client_secret
SSO_REDIRECT_URI: http://your-redirect-uri
SSO_AUTHORIZATION_URI: http://your-authorization-uri
SSO_TOKEN_URI: http://your-token-uri
SSO_USER_INFO_URI: http://your-user-info-uri
SSO_JWK_SET_URI: http://your-jwk-set-uri
FRONTEND_URL: http://your-frontend-url
volumes:
- pki_data:/etc/pki
- dependency_track_data:/root/.dependency-track
depends_on:
- flowdb
To obtain required links and client_id and secret contact Your SSO system administrator.
TLS/SSL
Configuring TLS/SSL is crucial for securing data transmission between the Mixeway platform and its users. This involves setting up certificates and keys to enable encrypted communications, thereby protecting sensitive information from potential threats.
By default both frontend and backend is configure to run using HTTPS. By Default if nothing is configured both frontend and backend generate self-signed TTL Certificates.
If You would like to use Your own certificates You need to remove volumes:
- flow_data
- pki_data
create Your own certificates and mount them for example assume I have files private.key public.crt and certificate.p12 (PKSC12 containing both key and cert) and file pass contains password for PKCS12 in location /etc/pki on my file system, modification of compose would look like:
version: '3.8'
services:
backend:
image: mixeway/flow-api:latest
container_name: flowapi_backend
ports:
- "8888:8888"
- "8443:8443"
environment:
SSL: "TRUE"
# Uncomment and set these when using SSO
# SSO: "TRUE"
# SSO_CLIENT_ID: your_client_id
# SSO_CLIENT_SECRET: your_client_secret
# SSO_REDIRECT_URI: http://your-redirect-uri
# SSO_AUTHORIZATION_URI: http://your-authorization-uri
# SSO_TOKEN_URI: http://your-token-uri
# SSO_USER_INFO_URI: http://your-user-info-uri
# SSO_JWK_SET_URI: http://your-jwk-set-uri
# FRONTEND_URL: http://your-frontend-url
volumes:
- /etc/pki:/etc/pki
- dependency_track_data:/root/.dependency-track
depends_on:
- flowdb
flowdb:
image: postgres:latest
container_name: flowdb
ports:
- "5432:5432"
environment:
POSTGRES_DB: flow
POSTGRES_USER: flow_user
POSTGRES_PASSWORD: flow_pass
volumes:
- flowdb_data:/var/lib/postgresql/data
flow:
image: mixeway/flow:latest
container_name: flow_frontend
ports:
- "443:443"
volumes:
- /etc/pki:/etc/nginx/ssl
depends_on:
- backend
volumes:
flowdb_data:
dependency_track_data: