Configuration & Provisioning

create the configuration file a configuration file can be created using the vendor platform instead of manually using the ui ensures all required fields are correctly configured and helps reduce the risk of errors for a step by step guide docid\ w51otuih9tqm7rbmpqoy create a folder named config next to your floating server binary inside this folder, create a file named default yaml config/default yaml use the following template use the following template database \# if using sqlite type sqlite path /data/db sqlite \# if using sqlcipher type sqlcipher # < switch from sqlite to sqlcipher path /data/app db password "your password" \# if using postgres type postgres host localhost port 5432 user fsuser password fspassword name fsdb sslmode "disable" # options disable, require, verify ca sslrootcert "/path/to/sslcert/ca crt" # ignore if sslmode "disable" cryptoproviderkey "" # secret used to encrypt db data in oauth mode server port 8080 # port on which the server runs verbose true # level of information given in logs disableuserauth false # disable user authentication requirement, not admin! cloud useoauth false \# if authenticating with api/shared key apikey "" sharedkey "" \# if authenticating with oauth clientid "" clientsecret "" \# cloud server config baseurl "" # default "https //api licensespring com" apiprefix "" # default "/api/v4/" serverpublickey "" # default licensespring prod's public key \# if having airgap licenses, fetch this key from platform airgappublickey "" \# provisioning config usehardwarekey false # choose provisioning method hardwarekeypin "" # optional, custom pin privatekeypath "" # path to generated priv key ignore if using hardware key certificatepath "" # path to cert received from ls comment out or remove the fields for the database type you are not using database configuration the database section defines how the application connects to the underlying database two database types are currently supported sqlite and postgresql sqlite when using sqlite, make sure the database directory specified in the yaml configuration file actually exists for example, if you're using /data/db sqlite as shown in the sample above, ensure that the data directory exists the floating server will not create missing directories automatically the database file can be named anything the server will create it if it doesn't exist if you're using sqlite, provide the file path for the database file type sqlite path /data/db sqlite sqlcipher integration starting from https //docs licensespring com/floating server v2/overview and installation#rbun1 we offer full encryption of the sqlite database to enable it in your config file , set the database type to sqlchiper instead of sqlite before running the server, install sqlcipher on your system (linux or windows) and ensure your app links to it installing sqlcipher linux sudo apt update sudo apt install sqlcipher libsqlcipher dev windows if you’re on win 10 or above, install wsl on windows and run sudo apt get install sqlcipher postgresql update the default yaml file with the following fields host the postgresql server address (usually localhost for local development) port port number (default is 5432 ) user the postgresql username password the password for the specified user name the name of the database to connect to type postgres host the posgres host port the postgres port user the user in db password password name give the db a name setting up postgresql (local) install postgresql (if not installed) create the database and user psql postgres inside the psql prompt sql create database fsdb; create user fsuser with password 'fspassword'; grant all privileges on database fsdb to fsuser; verify the connection psql h localhost u fsuser d fsdbpsql h localhost u fsuser d fsdb you will be prompted to enter the password you set for the database user (e g ,fspassword or the password you chose) this process in macos is shown in the following picture cryptoproviderkey cryptoproviderkey is a secret key you may use to encrypt data before storing it in the database oauth you must set cryptoproviderkey to encrypt data in the database api/shared keys not required; the database uses sharedkey for encryption automatically server configuration port network port the server listens on verbose set true for development logs, false for production disableuserauth only set true for testing; this disables user authentication for license management features cloud configuration api/shared keys fill apikey and sharedkey oauth set useoauth true and provide clientid, clientsecret, and cryptoproviderkey if your baseurl or apiprefix differs from the defaults, specify them in the cloud section you must also provide the server’s public key in the following format serverpublickey | \ begin public key (your public key here) \ end public key floating server v2 2 0+ the private key pem supports either begin rsa private key or begin private key provisioning the floating server provisioning ensures that only authorized instances of the server are allowed to run starting with floating server v2 2 0 , provisioning can be completed using either hardware key authentication , or the previously supported certificate based method (csr) both provisioning options are available and managed through the licensespring platform this section provides a high level overview; detailed steps for each method are outlined below floating server provisioning with certificates (csr) step 1 generate a key pair openssl genrsa out private key 2048 step 2 provision via ls platform open the licensespring platform navigate to enterprise company → licenses → floating servers click provision the floating server choose certificate as the authentication type enter a name and optional expiration date generate a csr (certificate signing request) locally copy the contents of request csr into the ls platform form on the below and click confirm step 3 download and save certificates save the issued certificate (e g , certificate crt) generate the chain certificate from platform as shown below (e g , chain pem) keep your private key accessible step 4 update default yaml cloud usehardwarekey false # choose provisioning method privatekeypath "" # ignore if using hardware key certificatepath "" # ignore if using hardware key floating server provisioning using a hardware key as an alternative to certificate based provisioning, the floating server can be provisioned using a hardware key (dongle) this method authorizes the server based on the presence of a physical security device connected to the machine use this option when physical enforcement or offline licensing is required optional set a custom hardware key pin before starting the provisioning process with a hardware key, you may choose to update the default hardware key pin if you set a custom pin, ensure that the new value is included in the floating server configuration file, as shown below configuration for hardware key provisioning when provisioning with a hardware key, update the configuration file( default yaml ) accordingly usehardwarekey false # choose provisioning method hardwarekeypin "" # optional, custom pin certificatepath "" # path to cert received from ls requirements a supported hardware key (yubikey) hardware key drivers installed on the server hardware key physically connected to the floating server machine required permissions are needed to perform this action step 1 provision the floating server open the licensespring platform navigate to → licenses → floating servers click provision the floating server enter a server name select hardware key as the authentication type follow the steps on the below screenshot click confirm the floating server is now registered to use hardware key authentication to download the yubikey provisioning application, refer to the hardware key licensing https //docs licensespring com/license entitlements/activation types/hardware keys#kmyeo create a license for hardware key–based floating server use after provisioning the floating server with a hardware key, you must create a license that is explicitly enabled for hardware key usage when creating or editing the license in the licensespring platform navigate to licenses create a new license enable the required hardware key option (checkbox) save the license only licenses with the hardware key option enabled can be used with a floating server that is provisioned using a hardware key licenses without this option enabled will not be accepted by a hardware key–provisioned floating server