Skip to main content

Getting up and running

Start NLX using Docker Compose#

Now we have prepared all the requirements to run NLX, we can start all components using Docker Compose.

Next to the certificates you created in retrieve a demo certificate you also need certificates from an internal PKI to encrypt traffic between NLX components (such as the Management API and the Inway). The demo already has a working PKI so you don't have to set this up yourself.

First, let's clone the NLX project. It contains the Docker Compose file and its dependencies.

git clone

After the repository is cloned, move into it:

cd nlx-try-me

Set the hostname of the Inway (where should be replaced with your own hostname).


Then, start all components by running:

docker-compose up -d

This will start Dex (Identity Provider), PostgreSQL and the required NLX components.

The NLX components are configured using environment variables which in this guide are set in docker-compose.yml.

To be able to access NLX Management you will need to create an user with an email matching one of the users in the OpenID Connect Provider. Since we already setup the admin@nlx.local user we can use this to create the admin user:

docker-compose exec api nlx-management-api create-user --email admin@nlx.local --role admin

Below you is an overview of the environment variables per NLX component:

Environment variables#

  • DIRECTORY_REGISTRATION_ADDRESS This address is used by the inway to anounce itself to the directory.
  • INWAY_NAME Alias the Inway by a name instead of it's unique identifier.
  • SELF_ADDRESS The address of the inway so it can be reached by the NLX network.
  • MANAGEMENT_API_ADDRESS The address of the Management API.
  • TLS_NLX_ROOT_CERT This is the location of the root certificate.
  • TLS_ORG_CERT This is the location of the organization certificate.
  • TLS_ORG_KEY This is the location of the organization private key.
  • POSTGRES_DSN Connection-string to the PostgreSQL database.
  • DISABLE_LOGDB The value 1 will disable the transaction logs, the value 0 will enable them.
  • LOG_LEVEL Log level of the application. Options: debug, info, warn.

At last, let's verify if all the components are up and running:

docker-compose ps

It might take a while for all components to become healthy. If after a while one or more components aren't running you can inspect the logs for any errors.

Dex (Identity Provider)#

The Management UI supports the OpenID Connect protocol for authentication and authorization. In the demo we provide Dex, which is a configurable Identity Provider.

On Linux based operating systems this works out-of-the-box. If you're using MacOS or Windows you will need to add the hostname for Dex to the known hosts.

sudo sh -c "echo ' dex.nlx.localhost' >> /etc/hosts"

Now let's verify that the local hostname for Dex points to the host:

ping dex.nlx.localhost -c 1

The output should be:

PING dex.nlx.localhost ( 56(84) bytes of data.
64 bytes from localhost ( icmp_seq=1 ttl=64 time=0.026 ms
--- dex.nlx.localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms

Access the Management UI#

You can access the Management UI by opening http://localhost:8080 in your browser. When you do you should see the login screen:

Login screen

Clicking on the login button leads you to Dex which acts as an OpenID Connect Identity Provider. For demo purposes we configured Dex to accept a static username/password but in production you would use your own Identity Provider.

You can login with the demo credentials:

After logging in you will be asked to grant access. Click on "Grant Access" to get access to the Management UI.

Management UI overview#

On the left you will find the main navigation which separates the UI in several pages:

  • Inways: Lists all available inways.
  • Services: Shows a list of your services. You can also register new services here.
  • Directory: Lists all available services in the demo directory. This is also the place where you can request access to another service.
  • Settings: Shows all global settings.


Set the organization inway#

In order to receive access requests you have to set a default inway for your organization. You can do that by going to the settings page, selecting the "Inway-01" and clicking on "Save settings".

In the Docker Compose file we have started, access requests can be accepted by the inway on port 8444. Make sure that port is publicly accessible.

Settings screen

In sum#

So far we have:

  • Started all components using Docker Compose
  • Granted access to the Management UI
  • Set a default organization inway