Repository files navigation

https://ldej.nl/post/building-an-acapy-controller-architecture/

$ git clone --recursive git@github.com:ldej/issuer.git

github.com/bcgov/von-network

Start 4 Indy nodes and the von-webserver. The von-webserver has a web interface atlocalhost:9000 which allows you to browse the transactions in the blockchain.

$ git clone https://github.com/bcgov/von-network$cd von-network$ ./manage start --logs

github.com/bcgov/indy-tails-server

Start a Tails server for the revocation registry tails files.

$ git clone https://github.com/bcgov/indy-tails-server$cd indy-tails-server$ ./docker/manage start

$ cat .envAGENT_WALLET_SEED=<some-32-char-wallet-seed>LABEL=<name-of-your-application>ACAPY_ENDPOINT_PORT=8000ACAPY_ENDPOINT_URL=http://localhost:8000/ACAPY_ADMIN_PORT=11000LEDGER_URL=http://172.17.0.1:9000TAILS_SERVER_URL=http://tails-server:6543CONTROLLER_PORT=8080WALLET_NAME=<wallet-name>WALLET_KEY=<secret>

$ make up$ make logs

TODO

The ACA-py docker image is made with theacapy.dockerfile. It is a custom image where libindy is installed and the postgres plugin is installed as a wallet storage backend. I could only install the postgres plugin with theindy-sdk repository, that's why it is a git submodule.aries-cloudagent-python is included in this repo as a submodule, so I can run the latestmaster, I meanmain branch.

The controller docker image is used for both building and running the Go application.

I usedthis blog post as a source of inspiration for getting the easiest set up to work. That's also whereinit-letsencrypt.sh comes from. I modified it to fit my structure.

For the first deployment, copy the following to the remote host:

• init-letsencrypt.sh
• .env.prod
• docker-compose.yml
• docker-compose.prod.yml
• ./nginx

Then run it:

$cd /issuer&& ./init-letsencrypt.sh

I tried to understand thearies-cloudagent-python/deploymentModel.md, but it was too much to read. The two examples at the bottom (indy-email-verification andiiwbook) helped me get in the right direction with thedocker-compose.yml file.

This issuer is deployed on Digital Ocean using the cheapest pre-installed docker droplet. Apparently theufw firewall is enabled by default.

https://www.digitalocean.com/docs/networking/firewalls/resources/troubleshooting/

$ docker context create remote --docker"host=ssh://user@hostname"$ docker-compose --context remote logs

If the tails-server gets a permission denied on the volume, thenchown -R 1001:1001 /issuer/tails-files.

• Automate deployment using Github Actions
• Add functionality for issuing credentials
• Add a frontend