Podman Compose scripts for starting the Digg Wallet environment services locally.
Before running the local environment, ensure the following prerequisites are in place.
Note: For local development we recomend docker compose v2 as compose provider to podman. https://docs.docker.com/compose/install/linux/ .
- option 1: Podman desktop https://podman-desktop.io/
- option 2: Headless: https://github.com/containers/podman-compose
Allow port 80+ for non-root users since podman runs rootless:
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80mkcert is required to generate trusted local TLS certificates for the Traefik reverse proxy.
sudo apt install libnss3-tools mkcertbrew install mkcert
brew install nss # Required for FirefoxInstall the local CA in the system trust store so that browsers and tools trust the generated certificates:
mkcert -installNote: The local issuer CA certificate can be found with
cat "$(mkcert -CAROOT)/rootCA.pem"
Generate a certificate and key pair for Traefik to serve local HTTPS traffic:
mkdir -p config/traefik/certs
mkcert \
--cert-file ./config/traefik/certs/wallet-cert.pem \
--key-file ./config/traefik/certs/wallet-key.pem \
localhost 127.0.0.1 ::1 10.0.2.2Follow these steps in order to configure the environment before starting the services.
cp .env.example .envReview the variables in .env and update them as needed for your local setup. The key variable is BASE_URL, which defines the root URL used by all cluster services and defaults to https://localhost.
Android emulator note: Android emulators cannot reach
localhoston the host machine. If you are developing for Android, setBASE_URL=https://10.0.2.2so the emulator can resolve requests to the running services.
Corporate proxy note: If you are behind a corporate proxy, you may need to add the container network ranges to Podman's configuration to prevent proxy errors. Edit ~/.config/containers/containers.conf and restart Podman (Also possible through podman UI):
[engine] env = [ "http_proxy=your-regular-proxy", "https_proxy=your-regular-proxy", "no_proxy=your-regular-no-proxy,172.0.0.0/8" ]
podman compose pullpodman compose up| Service | URL | Description |
|---|---|---|
| Demo verifier | https://localhost/demo-verifier | Our verifier demo service |
| EU reference verifier backend | https://localhost/refimpl-verifier-backend | Backend used by both verifier implementations |
| EU reference PID issuer | https://localhost/pid-issuer | EU's reference implementation of a PID issuer |
| Keycloak | https://localhost/idp | Identity provider for the PID issuer |
| Wallet Provider | https://localhost/wallet-provider | Issues and manages the lifecycle of Wallet Unit Attestations (WUA) |
| Wallet Client Gateway | https://localhost/wallet-client-gateway | BFF for the wallet app(s) |
| Wallet Account | https://localhost/wallet-account | Manages user accounts |
| Wallet Attribute Attestation | https://localhost/wallet-attribute-attestation | Manages user attribute attestations |
| Traefik | http://localhost:8080 | Reverse proxy handling TLS termination |
If you need to add a new application to the Docker Compose setup, its image must be published before it can be pulled and used locally.
Note this is not officially supported but it might be possible to: Override PODMAN_SOCK in your .env file to point to the Docker socket before running compose:
PODMAN_SOCK=/var/run/docker.sockOr export it inline:
export PODMAN_SOCK=/var/run/docker.socktry running:
# run the compose file with docker
docker compose up -d; sleep 1s
# Run the tests
mvn test
# Teardown compose
docker compose down