Installing external Perimeter Server using Docker container

You can use a Docker container to install and set up the external Perimeter Server.


  1. Download the Docker image for external Perimeter Server from Passport Advantage. This image is included in the Certified Container.
  2. Specify the parameters.
    Parameter Description Mandatory
    MAX_ALLOCATION # maxAllocation - Limits the amount of memory used for network buffers. No
    MAX_JVM_HEAP # maxHeapSize - Do not change in this file; edit the startup or install script instead Yes
    PS_SECURE_IF # secureIF - the network interface facing the central server Yes
    REVERSE_CONNECT # reverseConnect - true if this Perimeter Server connects to its master, instead of listening Yes
    PS_PORT # port - the port number used for the local end of the persistent connection Yes
    PS_EXTERNAL_IF # externalIF - the network interface facing trading partners Yes
    REMOTE_ADDR # remoteAddress - the central server resides at this IP address No
    REMOTE_PORT # remotePort - the central server will be listening on this port for this server to connect No
    RESTRICTED # restricted - set to true to enable restricted network access, controlled by restricted.policy No
    RECEIVE_BUFFER_SIZE # receiveBufferSize - socket receive buffer size for persistent connection No
    SEND_BUFFER_SIZE # sendBufferSize - socket send buffer size for persistent connection No
    KILL_STALE_CLOSE_WAIT # ps.killStale_CLOSE_WAIT - This property is used to decide whether or not to kill stale hanging CLOSE_WAIT connections No
    KILL_STALE_CLOSE_WAIT # ps.killStale_FIN_WAIT2 - This property is used to decide whether or not to kill stale hanging CLOSE_WAIT connections No
    KILL_STALE_FIN_WAIT2 # ps.killStale_FIN_WAIT2 - This property is used to decide whether or not to kill stale hanging FIN_WAIT2 connections No
    MAX_TIME_TO_KILL_STALE_CONNECTIONS # ps.maxTimeToKillStaleConnections - This property represents the maximum time value in seconds to keep the the CLOSE_WAIT and FIN_WAIT2 connections alive before clearing them off No
    DUMP_EXT_PS_CONNECTION_LIST # ps.dumpExtPSConnectionList - This property governs if the connections details have to be dumped to logs or not - default is false No
    LOG_LEVEL # loglevel - May have values of (ERROR,WARN,INFO,COMMTRACE,DEBUG or ALL) No
    ROTATE_LOGS # rotatelogs - enables log rotation when maxlogsize is reached No
    MAX_LOG_SIZE # maxlogsize - log output will roll over when this many records have been written No
    MAX_NUM_LOGS # maxnumlogs - after this many logs are written, old logs will be deleted No
    Note: All these are existing parameters, which are present in the file. No new parameters are added.
  3. Specify the configurations required for the external Perimeter Server using the docker run command.
    Sample configurations:
    • Using setup file:
      Create psSetup.cfg and make it available in the mapped volume.
      docker run -v <host-file-location>:/ibm/resources
    • Using environment variables:
      • -e option: Add environment variables in Docker run command:

        docker run -e PS_PORT=3000 <image>

      • --env-file option: Create a file that contains environment variables and specify the file details in the docker run command:

        docker run --env-file <filename> <image>

  4. Execute docker run command after specifying the parameters and configurations.
    • using mapped volume
      docker run -e LICENSE=accept -d -v <host-file-location>:/ibm/resources --net=host <image-id>
    • using environment variables
      • -e option: All the mandatory parameters need to be specified as environment variables to the Docker container.
        docker run -e LICENSE=accept -d --net=host -e PS_PORT=3000 
        -e REVERSE_CONNECT=true <all-mandatory-params-as-env-vars> <image-id>
      • --env-file
        docker run -e LICENSE=accept -d –net=host --env-file <env-variable-file> <image-id>
    Note: It is not mandatory to always have a mapped volume for the Docker container. You can also specify the configuration as environment variables. For restricted mode, the mapped volume is mandatory.
  5. Configure the external Perimeter Server in restricted mode and specify the restricted.policy file when installed in a more secure mode (REVERSE_CONNECT=true).
    • Set the RESTRICTED parameter to true in the psSetup.cfg file or environment variable.
    • Provide the restricted.policy file in the mapped volume (mapped volume in this case is mandatory).


The external Perimeter Server is installed and configured using a Docker container. The Docker console logs show the Perimeter Server logs.
docker logs <container-id>

You now need to add the external Perimeter Server that is installed using Docker container to Sterling B2B Integrator. For more information, see Perimeter servers in Sterling B2B Integrator.