Installation
Dependencies
For standalone installation Java 21 is required on the host system. E.g.
(Amazon Corretto 21)
Java 21 (Amazon Corretto 21) is an LTS Release (EOL: Oct 2030)
For Docker installation, Docker is required on the host system.
Docker
The Docker image is based on amazoncorretto:21-alpine3.21-jdk.
Prerequisites
Docker must bei installed on the host.
Installation
-
Extract release archive file to desired folder
-
The settings in the .env file may need to be adapted to your local requirements. See section configuration
-
Run the application
Start the app via docker compose# Runs the application in foreground
docker compose up
# Runs the application in background
docker compose up -d
Updates
Before you begin the update, back up your configuration files such as .env, authorizations.yml, certificates, etc.
Then delete the old containers and associated images.
# Stop and remove the old container
docker-compose stop
docker-compose down
# Delete old images
docker image rm nubexx-encryption-service
docker image rm amazoncorretto:21-alpine3.21-jdk
After downloading and extracting the updated release archive file, you should first restore your saved configuration files. Then restart the container.
docker-compose up [-d]
Standalone
Prerequisites
We must have installed Java 21 on the machine.
Download and install Java 21 (select the Windows x64 msi package.)
https://docs.aws.amazon.com/corretto/latest/corretto-21-ug/windows-install.html
Installation
- Extract release archive file to desired folder
- The settings in the .env file may need to be adapted to your local requirements. See section configuration
- Run the application
- Windows
- Linux or MacOS
On windows, we recommend to extract the application e.g. in the folder C:\Nubexx-Encryption-Service
and ensure the app have write access to the install folder.
cd <your-installation-path>
./start.bat
cd <your-installation-path>
java -jar nubexx-encryption-service.jar
The application runs until CTRL + C is pressed or the console window is closed.
Install application as Windows service
A wrapper is required to install a Java application as a service under Windows. We can use the Apache Commons Daemon in 64 bit version here.
The wrapper is provided with the release archive file in the ‘commons-daemon’ folder, so no separate download is required.
Open a command shell with admin permissions.
cd <your-installation-path>
.\install-service.bat
# Start the service
net start NubexxEncryptionService
# Check the service status
sc query NubexxEncryptionService
# Stop the service
net stop NubexxEncryptionService
# Remove the service
sc delete NubexxEncryptionService
Configuration
You can change the most important settings in the .env file. Here is an overview of the settings.
| Name | Default | Description |
|---|---|---|
| ACCESS_LOG_ENABLE | false | Enable the access log of the internal tomcat server. |
| APP_UI_SHOW_INFOS | false | Show additional infos in WebUI like version and swagger-ui link even if not authenticated. Should enabled at production. |
| KEYSTORE_FILE * | File name of the keystore file where SSL certificate is stored. | |
| KEYSTORE_KEY_ALIAS * | Key alias under which the certificate is saved in the keystore file. | |
| KEYSTORE_PASSWORD * | Password to access the keystore file. | |
| LOG_LEVEL | INFO | Log level (INFO, DEBUG, etc) |
| LOG_PATH | ./log | Path for the log files |
| SERVER_PORT | 433 | Server-Port: 443, 8443, etc for SSL_ENABLE=true - 80, 8080, etc for SSL_ENABLE=false. |
| SERVER_REDIRECT_ENABLE | true | Set to true, if SSL_ENABLE=true and none SSL requests should redirect to SSL. |
| SERVER_REDIRECT_PORT_HTTP | 80 | None SSL-Port: 80, 808, etc for SSL_ENABLE=true and SERVER_REDIRECT_ENABLE=true. |
| SERVER_SSL_ENABLE | true | Enabled SSL (https). Should be deactivated if you want to use an upstream proxy that handles SSL termination. |
| TIME_ZONE | UTC | Time zone used in the |
| MAX_FILE_SIZE | 10MB | Max size for multipart request for /api/encrypt or / api/decrypt request (non stream) |
| LOG_PROFILE | none | Set to "logging-file" to enable writing infos to LOG_PATH instead to stdout |
* These values are required, even if you do not want to use SSL. In this case, it is necessary to specify an empty dummy file.
A self-signed certificate insecure_self_signed_certificate.p12 width password self-signed is included
in the delivered application. This certificate may not be used for productive applications.
If you want to use SSL in the application, generate or import a real certificate.
For Custom configuration you can change the configuration file configuration.yaml.
Configuration params are describes in the configuration section.
Test the application
In the default configuration you can access the frontend via HTTPS port 8443 (http://localhost:8443)
For further configurations, see documentation.
