diff --git a/README.md b/README.md index dfebfae..c8ee644 100644 --- a/README.md +++ b/README.md @@ -227,9 +227,10 @@ The `keyrock` container is a web application server listening on two ports: - Port `3443` has been exposed for secure HTTPS traffic for the site and REST API > [!NOTE] -> HTTPS should be used throughout for any secured application, but to do this properly, -> **Keyrock** requires a trusted SSL certificate - the default certificate is self-certified and available for testing -> purposes. The certificates can be overridden by attaching a volume to replace the files under `/opt/fiware-idm/certs`. +> +> HTTPS should be used throughout for any secured application, but to do this properly, **Keyrock** requires a trusted +> SSL certificate - the default certificate is self-certified and available for testing purposes. The certificates can +> be overridden by attaching a volume to replace the files under `/opt/fiware-idm/certs`. > > In a production environment, all access should occur over HTTPS, to avoid sending any sensitive information using > plain-text. Alternatively HTTP can be used within a private network behind a configured HTTPS Reverse Proxy @@ -252,10 +253,10 @@ The `keyrock` container is driven by environment variables as shown: | IDM_HTTPS_PORT | `3443` | Port used by the **Keyrock** App Server for HTTP traffic this has been altered from the default 443 | > [!NOTE] -> that this example has secured the MySQL password using **Docker Secrets** By using -> `IDM_DB_PASS` with the `_FILE` suffix and referring to a secrets file location. This avoids exposing the password as -> an `ENV` variable in plain-text - either in the `Dockerfile` Image or as an injected variable which could be read -> using `docker inspect`. +> +> that this example has secured the MySQL password using **Docker Secrets** By using `IDM_DB_PASS` with the `_FILE` +> suffix and referring to a secrets file location. This avoids exposing the password as an `ENV` variable in +> plain-text - either in the `Dockerfile` Image or as an injected variable which could be read using `docker inspect`. > > The following list of variables (where used) should be set via secrets with the `_FILE` suffix in a Production System: > @@ -317,6 +318,7 @@ git checkout NGSI-LD ``` > [!NOTE] +> > The initial creation of Docker images can take up to three minutes Thereafter, all services can be initialized from the command-line by running the @@ -330,6 +332,7 @@ repository: Where `` will vary depending upon the exercise we wish to activate. > [!NOTE] +> > If you want to clean up and start over again you can do so with the following command: > > ```console