Customizing MobileFirst Server containers

For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Customizing MobileFirst Server containers

We can customize the MobileFirst Server settings before building MobileFirst Server container images.
The container gets created from the artifacts that are provided in the V8.0.0 package. For an overview of the package contents and folder structure, see Package structure and contents.

The customizable elements for the MobileFirst Server container are located in package_root/mfpf-server/usr. The following tables describe the subfolders and files to use for customization.

Table 1. Descriptions of the mfpf-server/ sub folders
Folder Description
./usr Contains the customization template for the MobileFirst Server container.
./usr/bin Contains the script file (mfp-init) that gets executed when the container starts. We can add custom code to the script, however, do not modify the existing code.
./usr/config Contains the server configuration fragments (keystore, server properties, user registry) used by MobileFirst Server.
keystore.xml - the configuration of the repository of security certificates used for SSL encryption. The files listed must be referenced in the ./usr/security folder.
mfpfproperties.xml - configuration properties for the MobileFirst Server. See the supported properties listed in these topics:
List of JNDI properties for MobileFirst Server administration service
List of JNDI properties for MobileFirst runtime

registry.xml - user registry configuration. The basicRegistry (a basic XML-based user-registry configuration is provided as the default. User names and passwords can be configured for basicRegistry or we can configure ldapRegistry.

./usr/env Contains the environment properties used for server initialization (server.env) and custom JVM options jvm.options. See Table 2 for a list of supported server environment properties.
./usr/jre-security Add JRE security-related files (such as the JRE truststore, policy .jar files, and so forth) to be updated on the container. The files in this folder get copied to the JAVA_HOME/jre/lib/security/ folder in the container.
./usr/security Contains your keystore, truststore, and LTPA keys (ltpa.keys) files.
./usr/ssh Contains the ssh public key file (id_rsa.pub) to enable ssh on the container.

Table 2. Supported server environment properties (server.env)
Property Default Value Description
MFPF_SERVER_HTTPPORT 9080^* The port used for client HTTP requests. Use -1 to disable this port.
MFPF_SERVER_HTTPSPORT 9443^* The port used for client HTTP requests secured with SSL (HTTPS). Use -1 to disable this port.
MFPF_CLUSTER_MODE Standalone Configuration not required. Valid values are Standalone orFarm. The Farm value is automatically set when the container is run as a container group.
MFPF_ADMIN_ROOT mfpadmin The context root at which the MobileFirst Server Administration Services are made available.
MFPF_CONSOLE_ROOT mfpconsole The context root at which the MobileFirst Operations Console is made available.
MFPF_ADMIN_GROUP mfpadmingroup The name of the user group assigned the predefined role mfpadmin.
MFPF_DEPLOYER_GROUP mfpdeployergroup The name of the user group assigned the predefined role mfpdeployer.
MFPF_MONITOR_GROUP mfpmonitorgroup The name of the user group assigned the predefined role mfpmonitor.
MFPF_OPERATOR_GROUP mfpoperatorgroup The name of the user group assigned the predefined role mfpoperator.
MFPF_SERVER_ADMIN_USER WorklightRESTUser The Liberty server administrator user for MobileFirst Server Administration Services.
MFPF_SERVER_ADMIN_PASSWORD mfpadmin
Ensure that you change the default value to a private password before deploying to a production environment.
The password of the Liberty server administrator user for MobileFirst Server Administration Services.
MFPF_ADMIN_USER admin The user name for the administrator role for MobileFirst Server operations.
MFPF_ADMIN_PASSWORD admin The password for the administrator role for MobileFirst Server operations.

^*Do not modify the default port number. Read more in the following section.
After you finish customizing an image, it is ready to be built and run on IBM Containers for Bluemix®.
Important: If you are going to use MobileFirst Analytics, we must build and run the MobileFirst Analytics container before deploying and running the MobileFirst Server container.
Containers must be restarted after any configuration changes have been made (cf ic restart containerId). For container groups, we must restart each container instance within the group. For example, if a root certificate changes, each container instance must be restarted after the new certificate has been added.

Port number limitation

There is currently an IBM Containers limitation with the port numbers that are available for public domain. Therefore, the default port numbers given for the MobileFirst Analytics container and the MobileFirst Server container (9080 for HTTP and 9443 for HTTPS) cannot be altered. Containers in a container group must use HTTP port 9080. Container groups do not support the use of multiple port numbers or HTTPS requests.

Parent topic: MobileFirst Server container


Folder	Description
./usr	Contains the customization template for the MobileFirst Server container.
./usr/bin	Contains the script file (mfp-init) that gets executed when the container starts. We can add custom code to the script, however, do not modify the existing code.
./usr/config	Contains the server configuration fragments (keystore, server properties, user registry) used by MobileFirst Server. keystore.xml - the configuration of the repository of security certificates used for SSL encryption. The files listed must be referenced in the ./usr/security folder. mfpfproperties.xml - configuration properties for the MobileFirst Server. See the supported properties listed in these topics: List of JNDI properties for MobileFirst Server administration service List of JNDI properties for MobileFirst runtime registry.xml - user registry configuration. The basicRegistry (a basic XML-based user-registry configuration is provided as the default. User names and passwords can be configured for basicRegistry or we can configure ldapRegistry.
./usr/env	Contains the environment properties used for server initialization (server.env) and custom JVM options jvm.options. See Table 2 for a list of supported server environment properties.
./usr/jre-security	Add JRE security-related files (such as the JRE truststore, policy .jar files, and so forth) to be updated on the container. The files in this folder get copied to the JAVA_HOME/jre/lib/security/ folder in the container.
./usr/security	Contains your keystore, truststore, and LTPA keys (ltpa.keys) files.
./usr/ssh	Contains the ssh public key file (id_rsa.pub) to enable ssh on the container.


Property	Default Value	Description
MFPF_SERVER_HTTPPORT	9080^*	The port used for client HTTP requests. Use -1 to disable this port.
MFPF_SERVER_HTTPSPORT	9443^*	The port used for client HTTP requests secured with SSL (HTTPS). Use -1 to disable this port.
MFPF_CLUSTER_MODE	Standalone	Configuration not required. Valid values are Standalone orFarm. The Farm value is automatically set when the container is run as a container group.
MFPF_ADMIN_ROOT	mfpadmin	The context root at which the MobileFirst Server Administration Services are made available.
MFPF_CONSOLE_ROOT	mfpconsole	The context root at which the MobileFirst Operations Console is made available.
MFPF_ADMIN_GROUP	mfpadmingroup	The name of the user group assigned the predefined role mfpadmin.
MFPF_DEPLOYER_GROUP	mfpdeployergroup	The name of the user group assigned the predefined role mfpdeployer.
MFPF_MONITOR_GROUP	mfpmonitorgroup	The name of the user group assigned the predefined role mfpmonitor.
MFPF_OPERATOR_GROUP	mfpoperatorgroup	The name of the user group assigned the predefined role mfpoperator.
MFPF_SERVER_ADMIN_USER	WorklightRESTUser	The Liberty server administrator user for MobileFirst Server Administration Services.
MFPF_SERVER_ADMIN_PASSWORD	mfpadmin Ensure that you change the default value to a private password before deploying to a production environment.	The password of the Liberty server administrator user for MobileFirst Server Administration Services.
MFPF_ADMIN_USER	admin	The user name for the administrator role for MobileFirst Server operations.
MFPF_ADMIN_PASSWORD	admin	The password for the administrator role for MobileFirst Server operations.