# notes on security:
# set volume mapping in compose.yaml: security/ -> /etc/pki/tls/
# configure port/SSL connector: (path is relative to the dir where compose.yaml is
# * server-connector.xml : set tomcat connector with certificates
#    -- ia2 needs SECTIGO
#    -- iam needs self-signed keystore.jks
# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)



#### Security
# SSL-certificates are site-dependent and must be regularly updated:
# vlkb-soda expects them in /etc/pki/tls
#
# map volume: ./security:/etc/pki/tls:ro
#
# ia2token: 
#  auth.propeties
#  authpolicy.properties
#  server-connector.xml
#  SECTIGO/*
#
# iamtoken: env KEYSTORE_ALIAS=tomcat
#   keystore.jks
#   keystore.pwd
#