Use the following Docker command to run the CA Gateway container in SSL/TLS secure mode.

If the host system uses SELinux, append a Z to the volume mount string. For example:

See the following sections for a description of each option.

--cap-drop ALL

Drop all Linux capabilities from the Docker container.

-d

Launch the container in the background. Remove this option to see the CA Gateway log output while running, although it might terminate CA Gateway when closing the terminal.

-h <HOST>

Use <HOST> when logging the active URL, where <HOST> is the hostname of the CA Gateway server. When omitting this option, the active URL recorded in the logs displays a random hostname. For example:

-p <CAGW_HOST_PORT>:<server.port> 

Map the following ports.

• The <CAGW_HOST_PORT> user-selected port to expose CA Gateway on the host machine.
• The <server.port> value of the server port configuration parameter in the application.yml file.

-p <MONITOR_HOST_PORT>:<management.server.port>

Map the following ports: 

• The <MONITOR_HOST_PORT> user-selected port to expose the monitoring service on the host machine.
• The <management.server.port> value of the management server port configuration parameter in the application.yml file.

See Checking the CA Gateway health for how to check the health check and monitoring service. 

-v <HOST_CONFIG>:/etc/cagw/config

Map the following folders.

• The <HOST_CONFIG> configuration folder described in Creating the host configuration folder.
• The /etc/cagw/config configuration folder in the Docker container.

Alternatively, you can add several -v flags to map different files and folders. For example:

The ro option sets the read-only mode for the mapped file.

-e JAVA_OPTS="-Dcagw.enable.crldp.checking=true"

Enable CRL checking. This command adds the following option to the JAVA_OPTS environment variable passed to the CA Gateway.