Skip to main content

USP Server Installation

This guide details the steps required to install the USP Server on Debian-based and RHEL-based systems using the provided .deb and .rpm packages.

Prerequisites

  • Root access.
  • Certificates are required to enable USP Manager and USP Server mTLS authentication: a Certificate Authority (CA) certificate trusted by both components, and a TLS certificate with its corresponding private key for each component.
info

If you prefer to use self-signed certificates, refer to the mTLS Certificates Generation Guide for instructions on generating them. Note that the guide uses a single self-generated CA certificate to sign both the USP Server and USP Manager TLS certificates. While this simplifies setup, it differs from typical production practices.

Installation

1. Download the .rpm package

To obtain the installation package, contact your Stonebranch representative. If you do not have a representative, reach out to support@stonebranch.com.

2. Install the package

Use the following command to install the package:

sudo rpm -ivh usp-server_{VERSION}_linux_amd64.rpm
info

Replace {VERSION} with the version of USP you are installing (e.g., 1.0).

3. Confirm creation of config and env files

The USP Server uses a configuration file located at /opt/udmg/etc/usp-server.hcl. Additionally, the systemctl unit loads environment variables from /opt/udmg/etc/usp-server.env

To verify that these files were created correctly, run the following commands:

cd /opt/udmg/etc/
ls

4. Set the USP Server's configuration file

Edit the /opt/udmg/etc/usp-server.hcl file by opening it in a text editor. For example:

vi usp-server.hcl
warning

All files that are going to be used by USP Manager need to be owned by the appropiate user and group (udmg). For more information, refer to File Ownership and Permissions.

Set the following arguments in the USP Server Configuration File:

/opt/udmg/etc/usp-server.hcl
# Unique identifier for this USP Server instance.  
# Must match exactly the Name field defined in the corresponding Proxy Server configuration.
# Info note below links to more details.
name = "usp-server-1"

web {
  # TLS/SSL configuration for HTTPS (all fields required).
  tls {
    # Absolute path to the USP Server's TLS certificate used for mTLS authentication with the USP Manager.
    cert = "/opt/udmg/etc/certificates/usp-server-1.crt" # Use this if you followed the mTLS Certificates Generation Guide.

    # Absolute path to the USP Server's private key used for mTLS authentication with the USP Manager.
    key  = "/opt/udmg/etc/certificates/usp-server-1.key" # Use this if you followed the mTLS Certificates Generation Guide.

    # Absolute path to the trusted CA certificate used to validate the USP Client in mTLS authentication.
    ca   = "/opt/udmg/etc/certificates/usp-server-ca.crt" # Use this if you followed the mTLS Certificates Generation Guide.
  }
}

log {
  # (Optional) Recommended for troubleshooting.
  # Specify a file path to write logs to a dedicated log file.
  path = "/var/opt/udmg/usp-server.log"
}
info

For more context on how the name value is used, see Proxy Servers.

For a complete list of available configuration parameters, refer to USP Server Configuration File.

5. Start the USP Server systemd service

Once the required configuration fields have been configured, start the service using the following command:

sudo systemctl start usp-server

6. Verify installation

Ensure that the service starts without errors by checking its status with the following command:

sudo systemctl status usp-server
info

If you encounter any issues during installation, refer to our Troubleshooting for solutions to the most common problems.