Preamble
LockSelf software uses two main components:
- MySQL database (version 5.7)
- API REST PHP (version 7.4)
The database and the web server are set up on two separate Linux servers (Ubuntu 18.04 LTS) in a VPC dedicated to the company.
This installation is made on our French partner’s sovereign cloud, 3DS Outscale. Depending on the contract, the installation will be effective either in the eu-west-2 region or in the cloudgouv-eu-west-1 region, the latter being SECNUMCLOUD certified by ANSSI.
Infrastructure description
Network flow matrix
The flows configured on the different servers are :
| Server | Incoming |
| Application | 443 since 0.0.0.0/0 |
| Database | 3306 since application servers ’subnet |
The incoming flows on the application part can be restricted on several specific IP / range on simple request.
General requirements
Before starting the service’s installation, you will need to provide us with several items.
1. The subdomain you want to use. (ex: lockself.company.com)
The LockSelf installation dedicated to your company will be made on this sub-domain. Once the prerequisites have been retrieved, we will provide you with an IP to link with the chosen subdomain.
This subdomain will allow your employees to connect to the application, and will be exposed to your external contacts when using LockTransfer.
2. The SSL certificate associated with this domain name
Three elements must be provided :
- The Certificate (crt, cer, pem or text format)
- The associated private key (key or text format)
- The certificate chain (or chain of Trust, in crt or text format)
This certificate will allow to add the SSL termination on the chosen sub-domain, which will
activate the HTTPS layer. A HSTS sublayer is also applied on the chosen sub-domain.
You will be responsible for renewing the certificate and its availability to LockSelf teams.
We can, if you wish, send you the CSR (Certificate Signing Request) which will be requested by the provider which creates the certificate.
If you wish, please return the following information to us:
Country
Region
Locality name
Organization name
Organization unit name
Common name (chosen sub-domain)
Email address (email associated to the certificate)
3. SMTP information
The information to be provided is :
-
- Host
- Port
- Authentication requested ? (true / false)
- User
- Password
- SSL or TLS used ?
The SMTP information will allow you to connect the LockSelf installation made for your company to your SMTP server in order to send system emails. When using the LockTransfer product, emails will also be sent to the recipients of your transfers via the same SMTP server.
Updated