The security-manager image has changes repository since version 9. Was docker.asseco-ce.com/lids/server/lids-security-server and now is docker.asseco-ce.com/samo/server/samo-security-manager.
SAMO 10 Linux Docker Deployment
Overview
This guide covers the deployment of SAMO 10 platform using Docker on Linux systems.
The lids-full image is no longer available. Each application and service requires its own Docker image and configuration.
Prerequisites
- Docker Engine 20.x or higher installed
- Docker Compose (optional but recommended)
- Database configured (Oracle or PostgreSQL)
- Required prerequisites installed (see Prerequisites section)
Architecture Changes
Individual applications must run on specific ports. If multiple applications need to run on the same host and port, nginx or a reverse proxy must be used to route traffic.
All parameters that were previously written in Tomcat properties should now be moved to environment variables (.env) or SECRET_PROPERTIES in Docker Compose.
Separated Services
Two services have been separated from LIDS AS and now have their own Docker images:
SAMO License Server for SAMO 10
The License Server is now a standalone service with its own image.
SAMO Security Manager for SAMO 10
The Security Manager is now a standalone service with its own image.
Deployment Steps
1. Prepare Docker Environment
Ensure Docker is running and properly configured:
docker --version
docker compose --version
2. Pull SAMO 10 Docker Images
Pull the required Docker images from your registry:
docker pull docker.asseco-ce.com/samo/server/samo-license-server:<version>
docker pull docker.asseco-ce.com/samo/server/samo-security-manager:<version>
docker pull <registry>/samo-10:latest
3. Create Docker Compose File
Create a docker-compose.yml file for SAMO 10 with separated services:
version: '3.8'
services:
license-server:
image: docker.asseco-ce.com/samo/server/samo-license-server:${license_server_version}
restart: always
environment:
- samo_env_configuration=${env_configuration}
- SECRET_PROPERTIES= --ldap.password=$DEV_LDAP_PASSWORD --dataSource.password=$DEV_DATASOURCE_PASSWORD
ports:
- "${license_server_http_port}:8080"
volumes:
- ${configuration_dir:-./configuration/packages}:/usr/local/configuration
- ${env_dir:-./}:/usr/local/environment
- ${data_dir}:/usr/local/data
security-manager:
image: docker.asseco-ce.com/samo/server/samo-security-manager:${security_manager_version}
restart: always
environment:
- samo_env_configuration=${env_configuration}
- SECRET_PROPERTIES= --ldap.password=$DEV_LDAP_PASSWORD --dataSource.password=$DEV_DATASOURCE_PASSWORD
ports:
- "${security_manager_http_port}:8080"
volumes:
- ${configuration_dir:-./configuration/packages}:/usr/local/configuration
- ${env_dir:-./}:/usr/local/environment
- ${data_dir}:/usr/local/data
lids:
image: docker.asseco-ce.com/samo/server/samo-lids-as-tomcat:${lids_version}
restart: always
environment:
- samo_env_configuration=${env_configuration}
- SECRET_PROPERTIES= --ldap.password=$DEV_LDAP_PASSWORD --dataSource.password=$DEV_DATASOURCE_PASSWORD
ports:
- "${lids_http_port}:8080"
- "${lids_debug_port}:8000"
volumes:
- ${configuration_dir:-./configuration/packages}:/usr/local/configuration
- ${env_dir:-./}:/usr/local/environment
- ${data_dir}:/usr/local/data
Each service must be configured with its own ports and environment variables. Make sure SECRET_PROPERTIES are correctly set for each service.
4. Configure Environment Variables
Create a .env file with the following variables:
# Service versions
license_server_version=latest
security_manager_version=latest
lids_version=latest
# all of the other required service versions
# Ports
license_server_http_port=8081
security_manager_http_port=8082
lids_http_port=8080
# all of the other components ports
Never commit .env files containing sensitive data (passwords, secrets) to version control.
5. Configure Application Ports
Each application has its own prefix (component name), e.g., authServer, userService, etc.
Available port configuration parameters:
| Parameter | Default | Notes |
|---|---|---|
{component}.http.disabled | false | Disables main HTTP connector |
{component}.https.enabled | false | Enables HTTPS connector |
{component}.debug.enabled | false | Enables debug connector (Tomcat separate port) |
{component}.http.port | 8080 | HTTP port |
{component}.https.port | 8443 | HTTPS port |
{component}.debug.port | 8000 | Debug port (Tomcat/JDWP) |
{component}.https.certificatePath | - | Required if HTTPS enabled |
{component}.https.certificateKey | Auto | Derived from certificate path if not provided |
Example for HTTPS configuration:
HTTPS_ENABLED=true
HTTPS_CERTIFICATE_PATH=/usr/local/data/common/certs/server.pem
# HTTPS_CERTIFICATE_KEY will default to /usr/local/data/common/certs/server.key
HTTPS_PORT=8443
6. Start Containers
Launch the SAMO 10 containers:
docker compose up -d
Configuration Parameters
Database Configuration
Database connection properties can be specified via .properties files or environment variables in Docker Compose.
The dataSource.property parameter defines the prefix used to resolve database properties.
Default parameters:
dataSource.property=dataSource
dataSource.name=jndi:jdbc/lids
dataSource.driver=oracle.jdbc.OracleDriver
dataSource.url=jdbc:oracle:thin:@server.domain:1521:ORCL
dataSource.username=user
dataSource.password=<password>
Connection pool defaults (HikariCP):
| Parameter | Default | Notes |
|---|---|---|
dataSource.maxActive | 50 | Maximum number of active connections |
dataSource.minIdle | 0 | Minimum number of idle connections |
dataSource.idleTimeout | 600000 ms (10 minutes) | Maximum time a connection can remain idle |
dataSource.maxLifetime | 1800000 ms (30 minutes) | Maximum lifetime of a connection |
dataSource.connectionTimeout | 30000 ms (30 seconds) | Maximum wait time for a connection from pool |
dataSource.validationQuery | Auto-detected by driver | Query to validate connections |
dataSource.validationQueryTimeout | 5000 ms (5 seconds) | Timeout for validation query |
These can be configured via SECRET_PROPERTIES:
environment:
- SECRET_PROPERTIES=--dataSource.url=jdbc:oracle:thin:@dbhost:1521:ORCL --dataSource.username=user --dataSource.password=pass --dataSource.maxActive=100
Verification
Check container status:
docker compose ps
docker compose logs -f samo-app
docker compose logs -f license-server
docker compose logs -f security-manager
Management Commands
- Stop containers:
docker compose stop - Restart containers:
docker compose restart - View logs:
docker compose logs -f [service-name] - Restart specific service:
docker compose restart license-server
Troubleshooting
If containers fail to start, check:
- Database connectivity: Verify database is accessible and credentials are correct
- Required ports availability: Ensure ports are not already in use
- Container logs: Check logs for error messages using
docker compose logs -f - Environment variables: Verify all required environment variables are set correctly
- SECRET_PROPERTIES: Ensure passwords and sensitive data are properly configured
- Volume mounts: Verify that volume paths exist and are accessible
Common Issues
Port conflicts:
# Check if ports are in use
netstat -tuln | grep <port>
Database connection errors:
- Verify
dataSource.url,dataSource.username, anddataSource.password - Check network connectivity to database host
- Ensure database is running and accepting connections
Missing configuration:
- Verify volume mounts are correctly configured
- Check that configuration files exist in mounted directories