LogoLogo
  • Signature Validation Service
    • Trust Service Provider
    • Electronic and digital signatures
  • Digital signatures concepts
    • Simplified PKI model
    • Digital certificate
    • CRLs and OCSP
    • Trusted List (TL)
    • Certificate Chain and Certification Path Validation
  • Document Processing
    • Signature creation
    • Signature validation
    • Timestamping
    • Multiple signatures
  • Signature Applicability Rules / Signature Policy
  • Deployment
    • Bare-metal
    • Kubernetes
    • Standalone
    • Remarks
  • Administration guide
    • SimpleSign
    • Trust1Connector
    • DSS API Service
    • DSS API Utilities service
  • Architecture component overview
  • AdES validation constraints/policy
Powered by GitBook
On this page
  • Loadbalancer Configuration
  • API Gateway
  • Nginx File limit
  1. Deployment

Remarks

Additional Considerations

Loadbalancer Configuration

The Trust1Validation and utilities are sateless and idempotent REST services.

This means that you can deploy multiple instances of these and apply a round-robin distribution algorithm to distribute load on these services.

These services do not make use of sticky sessions , this means that when a user executes an use-case it can use different nodes for the endpoints on those services.

API Gateway

When using an API Gateway or an API Ingress in front of the deployment (bare-metal or K8), the following policies can be taken into consideration:

  • Authentication token policy

  • IP range whitelisting policy

  • Rate limitaiton policy

The setup of an API Gateway or Ingress controller is up to the hosting provider and is not part of the Trust1Validation solution

Nginx File limit

The default Nginx file limit is 1MB. We can adjust this by updating the nginx.conf file.

In this file you need to update the server like so

server {
    client_max_body_size 250M;
    ...
}

Note after this you'll need to restart the Nginx service for the configuration to be applied.

For Kubernetes when you use an Ngnix as ingress you need to add this to the configuration

nginx.ingress.kubernetes.io/proxy-body-size: "100m"

Full example;

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: t1c-dss-api-ingress
  annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "100m"
  namespace: {{ .Release.Namespace }}
spec:
  ingressClassName: nginx
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: t1c-dss-api-service
            port:
              number: 80

Last updated 4 months ago