Customizing MobileFirst Server containers

You must add projects and customize the related project components before building MobileFirst Server container images.

Custom applications built using MobileFirst Studio, or using Xcode and the MobileFirst Platform Command Line Interface can be deployed in a MobileFirst Server container.

The container gets created from the artifacts that are provided in the MobileFirst Platform Foundation on IBM® Containers package. For an overview of the package contents and folder structure, see Package structure and contents.

The customizable elements for the MobileFirst Server container are located in package_root/mfpf-server/usr. The following tables describe the sub folders and files to use for customization.

Table 1. Descriptions of the mfpf-server/ sub folders
Folder Description
./usr Contains the customization template for the MobileFirst Server container.
./usr/bin Contains the script file (mfp-init) that gets executed when the container starts. You can add custom code to the script, however, do not modify the existing code.
./usr/config Contains the server configuration fragments (keystore, server properties, user registry) used by MobileFirst Server.
  • keystore.xml - the configuration of the repository of security certificates used for SSL encryption. The files listed must be referenced in the ./usr/security folder.
  • mfpfproperties.xml - configuration properties for the MobileFirst Server. See the supported properties listed in these topics:
  • registry.xml - user registry configuration. The basicRegistry (a basic XML-based user-registry configuration is provided as the default. User names and passwords can be configured for basicRegistry or you can configure ldapRegistry.
./usr/env Contains the environment properties used for server initialization (server.env) and custom JVM options jvm.options. See Table 2 for a list of supported server environment properties.
./usr/jre-security Add JRE security-related files (such as the JRE truststore, policy .jar files, and so forth) to be updated on the container. The files in this folder get copied to the JAVA_HOME/jre/lib/security/ folder in the container.
./usr/projects Contains the existing projects that have been deployed to MobileFirst Server.

You can add MobileFirst project WAR files or add the entire folder structure of a MobileFirst project.

./usr/projects/project_name Contains the project to deploy to MobileFirst Server.
./usr/projects/project_name/bin Contains the project WAR file. The name of the project and the name of the project WAR file must be the same.
./usr/projects/project_name/server/conf Contains authenticationConfig.xml and SMSConfig.xml . These settings override the settings provided in the project WAR file.
./usr/projects/project_name/server/lib Contains the library (JAR) files that are required by the project.
./usr/security Contains your keystore, truststore, and LTPA keys (ltpa.keys) files.
./usr/ssh Contains the ssh public key file ( to enable ssh on the container.
./usr/wxs Contains The WebSphere® eXtreme Scale client library when the IBM Data Cache service on Bluemix® is used as the attribute store for MobileFirst Server.
Table 2. Supported server environment properties (server.env)
Property Default Value Description
MFPF_SERVER_HTTPPORT 9080* The port used for client HTTP requests. Use -1 to disable this port.
MFPF_SERVER_HTTPSPORT 9443* The port used for client HTTP requests secured with SSL (HTTPS). Use -1 to disable this port.
MFPF_CLUSTER_MODE Standalone Configuration not required. Valid values are Standalone or Farm. The value Farm is automatically set when the container is run as a container group.
MFPF_ADMIN_ROOT worklightadmin The context root at which the MobileFirst Server Administration Services are made available.
MFPF_CONSOLE_ROOT worklightconsole The context root at which the MobileFirst Operations Console is made available.
MFPF_ADMIN_GROUP worklightadmingroup The name of the user group possessing the predefined role worklightadmin.
MFPF_DEPLOYER_GROUP worklightdeployergroup The name of the user group possessing the predefined role worklightdeployer.
MFPF_MONITOR_GROUP worklightmonitorgroup The name of the user group possessing the predefined role worklightmonitor.
MFPF_OPERATOR_GROUP worklightoperatorgroup The name of the user group possessing the predefined role worklightoperator.
MFPF_SERVER_ADMIN_USER WorklightRESTUser The Liberty server administrator user for MobileFirst Server Administration Services.

Ensure that you change the default value to a private password before deploying to a production environment.

The password of the Liberty server administrator user for MobileFirst Server Administration Services.
MFPF_ADMIN_USER admin The user name for the administrator role for MobileFirst Server operations.
MFPF_ADMIN_PASSWORD admin The password for the administrator role for MobileFirst Server operations.
publicKeyServerUrl   The URL to the MobileFirst runtime that runs the mobile apps with MobileFirst Data Proxy.
*Do not modify the default port number. Read more in the following section.
After you finish customizing an image, it is ready to be built and run on IBM Containers for Bluemix.
Important: If you are going to use MobileFirst Operational Analytics, you must build and run the MobileFirst Operational Analytics container before deploying and running the MobileFirst Server container.

Containers must be restarted after any configuration changes have been made (cf ic restart containerId). For container groups, you must restart each container instance within the group. For example, if a root certificate changes, each container instance must be restarted after the new certificate has been added.

Port number limitation

There is currently an IBM Containers limitation with the port numbers that are available for public domain. Therefore, the default port numbers given for the MobileFirst Operational Analytics container and the MobileFirst Server container (9080 for HTTP and 9443 for HTTPS) cannot be altered. Containers in a container group must use HTTP port 9080. Container groups do not support the use of multiple port numbers or HTTPS requests.