Installation/Maintenance requires an admin familiar with linux.
This is the multi-page printable view of this section. Click here to print.
Getting Started
How to install CDM-Server
1 - System Requirements
Things you need for the server to run.
Processor
- x86-64 compatible server CPU
- 8-cores or more
- Example: Intel Xeon E5 or later/equivalent AMD Epyc
Memory (RAM)
- Minimum
16 GB 32 GBor more recommended
Storage
- SSD with at least
10 GBfree storage space for application, database, and container - Or more, depending on the data volume
Operating System
As we use Linux OCI images (Docker), it should run without any problems on any current operating system with Docker support that can handle Linux.
Recommended OS: Ubuntu 20.04 LTS and Ubuntu 24.04 LTS
We do not support Windows at this moment. If you still want to run it on Windows, here’s a guide.
Software requirements
Common Linux Utils
curl,tar,nano(or alternatives)
Docker
- Docker Engine
v27.2.0+with docker-compose-pluginv2.29.7+
Network requirements
- Stable network connection with sufficient bandwidth for data transfer between server and clients.
1+ gbpsrecommended
Security requirements
User privileges
- Make sure that the server has the appropriate user rights for managing Docker containers.
Firewall
- Configure the firewall to allow the traffic required to access the application.
- Incoming Port 443 (or custom) for HTTPS (For IQ-Software, CDM-Server Webapp).
- Outgoing Port 636 (or custom) for LDAPS
- Outgoing Port 443 for HTTPS for Azure, OCI Image Pulls, etc.
2 - Installation
How to install CDM-Server
Linux Knowledge Required
Installation requires an admin familiar with Linux. You will need to enter the commands in a terminal. The instructions here assumes you have common utilities likecurl, tar, nano installed.Step 1: Install Docker Compose
Make sure Docker Engine (with docker-compose-plugin) is installed on your system.
See System Requirements for more details.
You may also try alternatives such as Podman.
Step 2: Download the Docker-Compose File
Go to the directory you want to download CDM-Server in, and run:
curl -s https://get.apis.de/cdm.sh | bashcurl -s https://get.apis.de/cdm.sh | bash -s v1.0.0If you want to do it manually, you can get the docker-compose file from the following link: https://get.apis.de/cdm/latest.tar.gz
#!/bin/bash
# URL of the tar.gz file
url="https://get.apis.de/cdm/latest.tar.gz"
# Download the tar.gz file
curl -O "$url"
# Extract the tar.gz file
tar -xzvf "latest.tar.gz"
# Optional: Remove the tar.gz file after extraction
rm "latest.tar.gz"
chmod +x download
chmod +x start
chmod +x stop
echo "CDM setup has been downloaded and extracted."
Step 3: Create the DotEnv Files
To use the server, you need to provide some data in the form of two DotEnv files:
.env.env.idp
Create new DotEnv files, copy the contents of the example files, and update the values with your own configuration.
.env File
Example: .env.example
cp .env.example .env && nano .env
.env.idp File
Example: IdP (ID Provider) specific DotEnv files:
.env.idp.azure.example.env.idp.ldaps.example.env.idp.local.example
cp .env.idp.local.example .env.idp && nano .env.idp
cp .env.idp.azure.example .env.idp && nano .env.idp
cp .env.idp.ldaps.example .env.idp && nano .env.idp
Detailed DotEnv Guide
More details here: Setting Up DotEnv FilesStep 4: Login and Download CDM-Server Images
Use the following command to login and download the CDM-Server images. You’ll be asked to enter username and password.
APIS CDM-Server Account
You need to have a valid account to download the images. If you don’t have one yet, please contact customer service through Support Pagesudo ./download
Step 5. Start the CDM-Server Services
sudo ./start
How to Stop
In case, you need to stop CDM-Server services:
sudo ./stop
Step 6. Access CDM-Server
Please see Login for more information.
3 - Setting Up the Environment
How to set up your environment to use the server.
Please set some basic details of the server in the .env file. You can find the .env.example file in the root directory of the project.
Warning
Securing file-system access of the host is important. Please make sure that your custom certificate files,.env, .env.idp files etc. are not accessible to unauthorized users.You should also ensure unauthorized persons do not have access to the docker containers. Ensuring the host server is secured, is your responsibility.
Configuration
cp .env.example .env && nano .env
## HELP
# https://get.apis.de/docs/server/env/
## ABOUT
# This will be used to create the root business unit
# Do not use special characters
COMPANY_NAME=
## CDM HOST and PORT
# The hostname to access the server.
# Must not contain protocol such as https://
# Must not have port number
# Must not have trailing slash
# Example: cdm.example.com
CDM_HOST=localhost
# Just the port number; 443 recommended
# Default port is 443
CDM_PORT=443
## USE CUSTOM HTTPS CERTIFICATE FOR CDM-SERVER (PRIVATE-KEY)
# If you have a custom certificate (private-key), set this to true.
# You need to place the custom certificate in the same directory as your `docker-compose.yml` file (where you have downloaded CDM-Server).
# The certificate file name must be `cdm-server.pfx`
# For a false value, a self-signed certificate will be created and used for HTTPS.
# Please check [help docs for more information](https://get.apis.de/docs/server/https/).
# Default is false
USE_CUSTOM_CERT=false
### CUSTOM CERTIFICATE PASSWORD
# If you are using a custom certificate (`USE_CUSTOM_CERT=true`) and your certificate is password-protected, set the password here.
# Otherwise, leave it empty.
CUSTOM_CERT_PASS=
Example
COMPANY_NAME=APIS Informationtechnologien GmbH
CDM_HOST=cdm.apis.de
CDM_PORT=443
USE_CUSTOM_CERT=true
CUSTOM_CERT_PASS=supersecretpassword
COMPANY_NAME
This is the name of your company. It will be used to create the root business unit.
USE_CUSTOM_CERT
See HTTPS for more information.
Setup Up ID Provider (IdP)
After you are done setting up .env, please head over to the IdP Docs to setup .env.idp file.
Permissions for the DotEnv Files
It is recommended that you do not allow other users in same server system to read the DotEnv files as some of them can contain credentials.
You can try chmod 600 on all of them.
4 - HTTPS
How to use HTTPS to secure against various threats
CDM-Server takes the secure-by-design approach and thus enforces HTTPS.
HTTPS to Access CDM-Server
If you set the USE_CUSTOM_CERT environment variable to true:
- You can provide your own certificate. The server will use these files to serve HTTPS.
- This can be self-signed or CA-signed (recommended).
- There is a dummy file
./cdm-server.pfxwhere you have downloaded the CDM-Server. Just replace it with your own certificate.
Warning
If your certificate has a password, please setCUSTOM_CERT_PASS environment variable. Otherwise, leave it empty.Self-Signed Certificate
If the variable is set to false, the server will generate and use a self-signed certificate. You can find it in
./.data/certs/<CDM_HOST>.cert.p7b- X.509 certificate (contains the public key) that you can import to your browser../.data/certs/<CDM_HOST>.pfx- Certificate inPKCS#12format. It contains private Key that you should not share.
Warning
Using self-signed certificate is not recommended for production.Install Self-Signed Certificate on User’s Machine
Please see Install Self-Signed Certificate for more information.
LDAP over SSL
For this, look into LDAP documentation.
5 - Login
How to login to CDM-Server
- Open your browser and navigate to the CDM-Server URL. The module select page will appear.
- Click
Dashboard - In case of
LocalorLdaps, enter your username and password - In case of
Azure, you will be redirected to Azure login page.
CDM-Server URL
This is alwayshttps://<CDM_HOST>:<CDM_PORT>/web/welcome.html.For example,
https://cdm.example.com:443/web/welcome.html.