Configuration & Provisioning

create the configuration file create a folder named config next to your floating server binary inside this folder, create a file named default yaml use the following template use the following template database \# if using sqlite type sqlite path /data/db sqlite \# if using postgres type postgres host localhost port 5432 user fsuser password fspassword name fsdb cryptoproviderkey "" # secret used to encrypt db data in oauth mode server port 8080 # port on which the server runs verbose true # level of information given in logs disableuserauth false # disable user authentication requirement, not admin! cloud useoauth false \# if authenticating with api/shared key apikey "" sharedkey "" \# if authenticating with oauth clientid "" clientsecret "" \# cloud server config baseurl "" # default "https //api licensespring com" apiprefix "" # default "/api/v4/" serverpublickey "" # default licensespring prod's public key \# if having airgap licenses, fetch this key from platform airgappublickey "" \# provisioning config usehardwarekey false # choose provisioning method privatekeypath "" # path to generated priv key ignore if using hardware key certificatepath "" # path to cert received from ls ignore if using hardware key cacertificatepath "" # path to ca certificate, in both provision methods comment out or remove the fields for the database type you are not using database configuration the database section defines how the application connects to the underlying database two database types are currently supported sqlite and postgresql sqlite when using sqlite, make sure the database directory specified in the yaml configuration file actually exists for example, if you're using /data/db sqlite as shown in the sample above, ensure that the data directory exists the floating server will not create missing directories automatically the database file can be named anything the server will create it if it doesn't exist if you're using sqlite, provide the file path for the database file postgresql update the default yaml file with the following fields host the postgresql server address (usually localhost for local development) port port number (default is 5432 ) user the postgresql username password the password for the specified user name the name of the database to connect to setting up postgresql (local) install postgresql (if not installed) create the database and user psql postgres inside the psql prompt sql create database fsdb; create user fsuser with password 'fspassword'; grant all privileges on database fsdb to fsuser; verify the connection psql h localhost u fsuser d fsdbpsql h localhost u fsuser d fsdb you will be prompted to enter the password you set for the database user (e g ,fspassword or the password you chose) this process in macos is shown in the following picture cryptoproviderkey cryptoproviderkey is a secret key you may use to encrypt data before storing it in the database oauth you must set cryptoproviderkey to encrypt data in the database api/shared keys not required; the database uses sharedkey for encryption automatically server configuration port network port the server listens on verbose set true for development logs, false for production disableuserauth only set true for testing; this disables user authentication for license management features cloud configuration api/shared keys fill apikey and sharedkey oauth set useoauth true and provide clientid, clientsecret, and cryptoproviderkey if your baseurl or apiprefix differs from the defaults, specify them in the cloud section you must also provide the server’s public key in the following format serverpublickey | \ begin public key (your public key here) \ end public key provisioning the floating server provisioning ensures that only authorized instances of the server are allowed to run step 1 generate a key pair step 2 provision via ls platform open the licensespring platform navigate to enterprise company → licenses → floating servers click provision the floating server choose certificate as the authentication type enter a name and optional expiration date generate a csr (certificate signing request) locally copy the contents of request csr into the ls platform form on the below and click confirm step 3 download and save certificates save the issued certificate (e g , certificate crt) save the ca chain certificate below (e g , chain crt) chain crt begin certificate miigndccbbygawibagiceauwdqyjkozihvcnaqelbqawgagxczajbgnvbaytaknb mqswcqydvqqidajcqzesmbaga1uebwwjvmfuy291dmvymrywfaydvqqkda1mawnl bnnlc3byaw5nmrmweqydvqqldappcgvyyxrpb25zmr4whaydvqqddbvmawnlbnnl c3byaw5nifjvb3qgq0exkzapbgkqhkig9w0bcqewhg9wzxjhdglvbnnabgljzw5z zxnwcmluzy5jb20wibcnmjuwnzi5mdg0odawwhgpmja2nja3mtkwodq4mdbamigm mqswcqydvqqgewjdqtelmakga1uecawcqkmxfjaubgnvbaomduxpy2vuc2vzchjp bmcxezarbgnvbasmck9wzxjhdglvbnmxmdaubgnvbammj0xpy2vuc2vzchjpbmcg u2lnbmf0dxjlieludgvybwvkawf0zsbdqtermckgcsqgsib3dqejarycb3blcmf0 aw9uc0bsawnlbnnlc3byaw5nlmnvbtccaiiwdqyjkozihvcnaqebbqadggipadcc agocggibamjcjcdtcroijccloduamzi7ueazv5y+pcgt2ubdbmgxhtzyk5aptmm3 xavakyyqznohcfgxmyfv/3/pbuqpgflkilictfj/pvvy/efpbdeeq7oocgdnda5w emryhhxz/kepjpcgshuk6fejwbymmylqsietgnak2hff9wwh3f6kdbfcdy8i5tww 8kygqrcwednjvtqb37gssbhobxbcpm84kp3qmank6/kqgopabs9h9ocgsvpeddrh qejyaxckdud0cbbqxd9vyotjxfpdvodyyuey3nufsaerxcmlhx2qkykhg+65o0gq d9gpu+zahhmg9sgimxxiyny25urpry4plwazrplks9tkboqqmrbi5dbtwlq2o8t2 ckphnko2kepjyq1r1zibp2aq9wc9fwo1tn108892bme94tzsvzbfxhpzdjxwgvn+ aevwytqqlxtk/nbggqbfbbhjarr5+m0ztfdlaruvgnypkoriv0r0p6evoyyhgp0o 96ycuemzqugdgnc7jh4k+/yqbokme7zssxiqereag53ixfdbnsic3ym3cgzrd4xp dqi457ejlbbinubtb9alvwqi6s/sg2javh9vomw3ealu9aqwmtv2mmvqshbyecdj /54w8lyhdqza6x9xegoueey4eqd9a8nkc1j0p6psgq1xa844cek7agmbaagjzjbk mb0ga1uddgqwbbr8m0druaka0v7e8osvlwlhkvjlztafbgnvhsmegdawgbtiv4ca so/b74e3liqy9ffppddm7dasbgnvhrmbaf8ecdagaqh/ageama4ga1uddweb/wqe awibhjanbgkqhkig9w0baqsfaaocageawjpdglnymaanr/2dfq6pd3xaxlqfjrow gtye9pdopdn+p4bgxrwp2nopn+s+403opig145vw5cblyflbpmu/lbdellftfzo8 qtj2jrbhilraieufxzn+wstrhpbgqxmjqywdvmssvia8qg9g8hvfvpgrjf2yrtbg bqpnt13hjbawnp94pp6m3npeppyz/esvy7g0i2avjnj1wye05fd0pqpokc0cmqoc w5yd4u5rop+blghkvxg/jut7nlf4jhppsqaj2n+wcdqmzrltirva2p+8h8uirhv9 z2/wus9xxgs1drdapc9lax0q62ogt6qbjpwlba62m2syh6+sxw8+ztvuwf+m83dh xqezkelknatxvg2jr/tn1ef+tzih6uajeb7byl/wqt7wachsdjidf7pkfu82xs62 480t/wj+j9ffl8p8cdyni+4t42m/v4pdhgoz8pumxfvj8j5pnr9izryxyjuyy45/ pkcztrsrhdkb5if+nhcgi1cmaxkbyvqp85katjwbsnqxmeciqcaeubu81mezbavn 7nug/n7ncmq6g4agswy5fmlnwxfwi7slypervugrzrkbqfea9lca1digpd+xdv3m w6+rtcxbsj+5cd8xdr9999zaeeajrxkz4yb6n6w8iw9ahbffzlmjpz1imvqh+e2w gpho4mrd6r4= \ end certificate \ begin certificate miigrtccbc2gawibagiubzunxqfw38teuxnpim/dddxnramwdqyjkozihvcnaqel bqawgagxczajbgnvbaytaknbmqswcqydvqqidajcqzesmbaga1uebwwjvmfuy291 dmvymrywfaydvqqkda1mawnlbnnlc3byaw5nmrmweqydvqqldappcgvyyxrpb25z mr4whaydvqqddbvmawnlbnnlc3byaw5nifjvb3qgq0exkzapbgkqhkig9w0bcqew hg9wzxjhdglvbnnabgljzw5zzxnwcmluzy5jb20wibcnmjqwnzi2mjixmtuywhgp mja3nda3mtqymjexntjamigomqswcqydvqqgewjdqtelmakga1uecawcqkmxejaq bgnvbacmcvzhbmnvdxzlcjewmbqga1uecgwntgljzw5zzxnwcmluzzetmbega1ue cwwkt3blcmf0aw9uczeembwga1ueawwvtgljzw5zzxnwcmluzybsb290ienbmssw kqyjkozihvcnaqkbfhxvcgvyyxrpb25zqgxpy2vuc2vzchjpbmcuy29tmiicijan bgkqhkig9w0baqefaaocag8amiiccgkcageaxfmgr6/surshfjsbv1fiycs2/taf nrer2yewju62ryrbhdao4h202ix4mzt1p5o26umq1wnkvvjrcrti41czx9xgjs73 syh+bvefqtzcvqzximszsjjpdxennaxo0sadulmxwpvj25ek78k47/5hrdbblujb yli7etuq80y/jhumewdkv6iigsqpso0ei0w6qmykidgvlxz2b0emlebxryruv+5r fso3idgqhbtqspvvhqfizd7fq4r5cb0lclhg3ibxihngwoobxpir9w4t0djinnjg c8rsicemxwizlc1lky19u8d67flepfkfez1j1zvae3eweapubuqux1vohrq2n+hr ozrr6eokg4ctzdu2zse7vttid14wjljkukshmjnrmb4jutuoncpxhyyvlb6zxiqn le0mamhva6pv4oduuk9ib7bwlu7m4xol75y3dnhykhdak44dkmrcfoqazpey8wzw ydspxblc02kmfhy7j6rdczf/lbls2piov+m428esyogplflbdvjukgtskmkowruy 8rnbd7zksezpycfgzpdibnke1btb7f3olxgvuo+1oudrsgvmiea1ap3nacomfmaq m0kazbskvp02hjv/ecbanmcabm1kb8wglcc/6gwjzuu2osjsyqzcfqysxz21owhm 4pxidx96sgbualmcaweaaanjmgewhqydvr0obbyefok/gjqw78hvh7ewjdl0uu89 12bsmb8ga1udiwqymbaafok/gjqw78hvh7ewjdl0uu8912bsma8ga1udeweb/wqf mambaf8wdgydvr0paqh/baqdagggma0gcsqgsib3dqebcwuaa4icaqcfb1h0vlia pua6lkutnuj8hiw12gv6mzb2iuygcuihjolhfu4uvdheikpe4n7wpzfjopsfzfxy gm6ttkut+gsycqcc5tsaofwzr8r9psm0q1+vyc93ty0h7i57i/db3kigrud+t4kx 2fyjvtzkgvvma1sjwpnhzv1i+xjpodt6xfljyz012n28mohwvczrfvwpg0zy7egu +gjzxb2ht2rl+6d9iza42vdbpxl+9izai/1crm2tltkoajozo1lv+r4gsh7ibaoi hc6sqpw8rn+md0zqeswfipyaubz1s6/jrbzi/o+mlyfxeqb433r4btqv42eohxhb phdwtvxw4y79lr7+mlthhtbksjog5d/o5ufpdfdhywsbt/nmfch7mpflr8ahwyp9 rfshxtjqarwerz8rnfmsq/r+y1qlp8v+7a+xmd6zojyl4r3jmpvowpmvutjmwqpx h9fpt5tki2lz4objjleyrtiklrq1yi5nqv6is/khbbsbibkbigf5w5jgghbwb+ma rujo8c79jvkxscjtqqkne/bfegoitrzkgg2cxxuk/vrtfhnxikcwvzglkncry/9o 3zab8gdiphozxmvz6dq9fjbafcsuygz4aweqjkpnf84kq+xyytxfoiaziyvkuxcq 1gtgmiqyhighjvi8imrwjkibrofzs82fog== \ end certificate keep your private key accessible step 4 update default yaml cloud usehardwarekey false # choose provisioning method privatekeypath "" # ignore if using hardware key certificatepath "" # ignore if using hardware key cacertificatepath "" # path to ca certificate, in both provision methods