Setup Apache & Keycloak locally on Windows

Owned by Yafang Deng
Last updated: 12 May 2022
2 min read

Please clone https://github.com/Health-Education-England/TIS-APACHE-SETUP to get started. 

Using docker compose

  • log into the internal docker repo(Run the following command in git bash, if you're using powershell, the command is different). You will need to configure your AWS authentication first.
  • edit the docker-compose.yml file
    • update the nginx service to set the volume that points to your TIS-ADMIN-UI\admin subdirectory.
  • follow the Setup the host section
  • if you have other nginx service running, disable it. And run the following command
    • docker-compose up --build
  • navigate to http://local.tis.com/auth/ → Administration Console, log in using the KC credentials in the ENV values. If the password doesn't work, ask other guys for help.
  • setup kc and user in profile from the below section
  • copy the OIDCClientSecret from oauth2.conf under ./files/etc/apache2/conf-available/oauth2.conf
    • update the api-gateway secret in the keycloak database → client table
    • docker-compose down and up to restart

this would build the apache image and start up the containers.

Setup the host

  • Start most of the backend services
    • Profile
    • Tcs
    • Reference
  • Build admins ui with npm run build, so that you will get the admin subdirectory. Don't do npm start at the same time.
  • Start up your ES container: docker start <container id/name>
    • if you dont have one, create one using something like: docker run --name elasticsearch-6.2.4 -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e "http.host=0.0.0.0" -e "transport.host=0.0.0.0" -e "xpack.security.enabled=false" -d docker.elastic.co/elasticsearch/elasticsearch:6.2.4
    • don't forget to synchronize data with elasticsearch when you run es docker the first time
  • Start up your MySql container: docker start <mysql container id/name> / start up the mysql service or use the database locally listening port 3306
  • ensure you have the kc database and user
    • create database keycloak;
    • grant all on keycloak.* to keycloak@'%' identified by '29UTYZ735L0T8i7h6657Di71H'; (You can use other password, but it needs to be the same as `MYSQL_PASSWORD` in the docker-compose file)
    • flush priviledge

Setup Keycloak

When you log in the KC Administration Console, 

  • go to Clients in the sidebar, then go to api-gateway, update the all fields of Valid Redirect URLs and Web Origins.

* Valid Redirect URIs :
https://local.tis.com/access/index.html
http://localhost/*
*
https://local.tis.com/logout/index.html
https://local.tis.com/admin/redirect_uri

Web Origins
https://local.tis.com

  • go to Users in the sidebar, search your name, if you are not in the Users, add a user for yourself (If you've already got an user, skip this step), eg.

    add user:
    username: paul.hoang@hee.nhs.uk
    email: paul.hoang@hee.nhs.uk
    First name: paul
    surname: hoang
    save

    credentials
    set password

Setup User in Profile (Also, if you've already got an user, skip this step)

Now that you have a user in KC, you need a matching user in the Profile datanbase. See the example below, please replace the user with your own information:

use profile;

INSERT INTO `HeeUser` (`name`, `firstName`, `lastName`, `gmcId`, `phoneNumber`, `emailAddress`, `active`) VALUES ('paul.hoang@hee.nhs.uk', 'Paul', 'Hoang', NULL, NULL, 'paul.hoang@hee.nhs.uk', 1);

INSERT INTO `UserRole` (`userName`, `roleName`) VALUES
('paul.hoang@hee.nhs.uk', 'AssessmentsAdmin'),
('paul.hoang@hee.nhs.uk', 'ConcernsObserver'),
('paul.hoang@hee.nhs.uk', 'ETL'),
('paul.hoang@hee.nhs.uk', 'HEE TIS Admin'),
('paul.hoang@hee.nhs.uk', 'PersonAdmin'),
('paul.hoang@hee.nhs.uk', 'ProfileAdmin'),
('paul.hoang@hee.nhs.uk', 'RVObserver');


For more information, please refer to Setup Apache & Keycloak locally by PaulH

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213