Mixeway is deployed as a docker image. Base installation contains 3 containers: MixewayBackend MixewayFrontend [PostgreSQL Database](https://hub.docker.com//postgres)
docker-compose# Create project directory mkdir mixeway && cd "$_" # Download latest release wget https://github.com/Mixeway/MixewayHub/releases/download/v1.6.3/MixewayHub.zip # Unzip contents unzip MixewayHub.zip # Run startup script ./startup.sh # Run application docker-compose up
startup.sh script is preparing environment variable and create self-signed certificates. As a result file with content is created:
FRONTEND_URL=https://localhost KEYALIAS=localhost TRUSTPASS=changeit P12PASS=changeit PROFILE=prod CERTIFICATE=/pki/cert.crt PRIVATEKEY=/pki/private.key VAULT_ENABLED=false
| Name | Required | Default | Description |
|---|---|---|---|
| FRONTEND_URL | required | - | URL under which site will be avaliable to users |
| KEYALIAS | required | - | alias of the key in generated java key store |
| TRUSTPASS | require | - | password to the truststore |
| P12PASS | required | - | password to pkcs12 file with certificate and private key |
| PROFILE | required | prod | profile used, avaliable options prod and keycloak |
| CERTIFICATE | required | - | path to the certificate in container |
| PRIVATEKEY | required | - | path to the private key in container |
| DB_URL | required | jdbc:postgresql:// MixerDB:5432/mixer | connection string to DB |
| DB_USER | required | mixeruser | DB user |
| DB_PASSWORD | required | mixerpassword | DB password |
| Vault configuration | |||
| VAULT_ENABLED | required | true | define if Vault will be used for password storing |
| VAULT_TOKEN | not required | - | if VAULT_ENABLED=true token to authenticate in vault |
| VAULT_SCHEME | not required | http | if VAULT_ENABLED=true protocol used to communicate with vault |
| VAULTAPPNAME | not required | - | if VAULT_ENABLED=true Appname in vault |
| VAULT_HOST | not required | - | if VAULT_ENABLED=true hostname of vault |
| VAULT_PORT | not required | 8200 | if VAULT_ENABLED=true port of vault |
| VAULT_PATH | not required | secret/ | if VAULT_ENABLED=true path of where secrets will be stored |
| VAULT_PATH | not required | secret/ | if VAULT_ENABLED=true path of where secrets will be stored |
| Social login configuration | |||
| FACEBOOKAPPID | not required | - | APP_ID in facebook if want to use login with facebook |
| FACEBOOKAPPID | not required | - | FACEBOOKAPPID in facebook if want to use login with facebook |
| GITHUBAPPID | not required | - | GITHUBAPPID in github if want to use login with github |
| GITHUB_SECRET | not required | - | GITHUB_SECRET in github if want to use login with github |
| Keycloak login configuration | |||
| KEYCLOAK_REALM | not required | - | if PROFILE=keycloak realm used by keycloak |
| KEYCLOAK_URL | not required | - | if PROFILE=keycloak URL of keycloak |
| KEYCLOAK_SSL | not required | external | if PROFILE=keycloak encryption schema |
| KEYCLOAKCLIENTID | not required | - | if PROFILE=keycloak keycloak client id |
| KEYCLOAK_SECRET | not required | - | if PROFILE=keycloak keycloak secret id |
Mixeway is orchestration platform and as such it require to be able to communicate with number of security tools. It is recommended to use Hashicorp Vault as a place where Mixeway will store passwords for security tools integrated with Mixeway. This way Mixeway will put password to vault and get it anytime it will be used. Without this integration passwords to vulnerability scanners will be stored in clear text in database. You will see notification in logs:
#################################################################################################################### # WARRNING! # # Vault Configuration is not set # # Scanner passwords will be stored # # in clear text. It is recommended # # To use vault. # # Read Mixeway docummentation # ####################################################################################################################
In order to enable such integration simply put:
VAULT_ENABLED=true VAULT_TOKEN={token} VAULT_SCHEME=https VAULT_APP_NAME=mixeway VAULT_HOST=localhost VAULT_PORT=8200
at the end of environments file