Skip to content

Installing the HTML5 Gateway Docker

Importing the Docker image

Before you can create an HTML5 Gateway Docker container, you need to import the Docker image. To do this, launch a shell from which the Docker commands are available to you, as well as the cleanroom-html5-4.6.1-33-v2.tgz file. From the shell, run the following command, adjusting the path to the TGZ file if it is not in the current directory:

1
docker load --input cleanroom-html5-4.6.1-33-v2.tgz

Then check that the import was successful with the following command:

1
docker inspect --type=image cleanroom-html5:4.6.1-33-v2

The expected output is as follows. If this is not the case, then the import has failed:

1
2
3
4
5
6
[
    {
        "Id": "sha256:16ae07f1604409f6b092a8a2944e69b3db458a04dbbab6ffc3f945c253c82cee",
        "RepoTags": [
            "cleanroom-html5:4.6.1-33-v2"
        ],
Complete output 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
[
    {
        "Id": "sha256:16ae07f1604409f6b092a8a2944e69b3db458a04dbbab6ffc3f945c253c82cee",
        "RepoTags": [
            "cleanroom-html5:4.6.1-33-v2"
        ],
        "RepoDigests": [],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2025-08-27T11:35:33.014244258+02:00",
        "DockerVersion": "",
        "Author": "",
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 781097647,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/aa079416d669709486e3fd3dfefcff51acb3905ffcca7e6e428630d1a499e669/diff:/var/lib/docker/overlay2/da9f43ee88f5961a157af404be018fc7c3f5185a798b26911e38118d83830de7/diff:/var/lib/docker/overlay2/28efb3982392e95711e849cb90985fd534cd6273f4dec758463f98b41a432e93/diff:/var/lib/docker/overlay2/44a3abed0a932259b79c9e5e273749cc06bd8aca7d3adbfd1753a7b053dcae2f/diff:/var/lib/docker/overlay2/e3dfd4c7c4fe568ef731bd91314e69cc5c807ce717d5f4ea94f0d02cc11e70c5/diff:/var/lib/docker/overlay2/5acf2b56871d2537d95b9981c0498e16723a9eca20827f550366b48d8acf508f/diff:/var/lib/docker/overlay2/c732cd17c6501229b3a12c488d7f4c26f8634329211cac54ff1cf0d53055421f/diff:/var/lib/docker/overlay2/fd61cbda2a5e9a578c5a8eea67b63df3d31642588be3b6f2f7ebe6e10964f745/diff",
                "MergedDir": "/var/lib/docker/overlay2/b9c8170b6a9ed8e7c84a9ba208cd6e4b25e88d1dad42cd72b0e1178da62a46d4/merged",
                "UpperDir": "/var/lib/docker/overlay2/b9c8170b6a9ed8e7c84a9ba208cd6e4b25e88d1dad42cd72b0e1178da62a46d4/diff",
                "WorkDir": "/var/lib/docker/overlay2/b9c8170b6a9ed8e7c84a9ba208cd6e4b25e88d1dad42cd72b0e1178da62a46d4/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:4668f0f488e5ad4494fadff56ad585c514794b3a293e5e8d006410de9da08155",
                "sha256:782f6c5256575fbef0e518a1a1ce9188c457f1a0e9b88b733ed672f6e1be482d",
                "sha256:e09fd3e10e878ef6c812ccde0fa55b66cf4b9b593cf182c2760fec73649968c2",
                "sha256:e51c952c7bd89e0a3188c683d689eed81444d5513c14251f4b21cb9fd056d27d",
                "sha256:233ff67db52988898e3c1b4c2573b86c1c0c50d23f1f4b2365e3fc51abedbf9f",
                "sha256:f832eee42398852cab80a9a45138bf076d63ebbe153263fd8cf66857a0833d02",
                "sha256:f59f79d19c38ae4863b81774ad1d98030370c64e17013eb786da7b727bf2b41b",
                "sha256:0caeed550a29dbb274781e78bbe910fa5ccfdc90119cb4f9e3c815feff5a70b9",
                "sha256:21313651aa44ac0f5dd459a94be172b003b68f81b0db945c24a7ada5c21799e3"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        },
        "Config": {
            "Cmd": null,
            "Entrypoint": [
                "/entrypoint.sh"
            ],
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "DEBIAN_FRONTEND=noninteractive",
                "IMAGE_BUILD_DATE=20250827T112940",
                "IMAGE_BUILD_VERSION=4.6.1-33-v2",
                "IMAGE_IPDIPC=IPC-53702"
            ],
            "ExposedPorts": {
                "8080/tcp": {},
                "8090/tcp": {}
            },
            "Labels": {
                "maintainer": "contact@systancia.com",
                "org.label-schema.build-date": "20250827T112940",
                "org.label-schema.description": "Systancia Cleanroom Gateway",
                "org.label-schema.name": "Systancia Cleanroom 4.6.1-33-v2 HTML5 Server",
                "org.label-schema.url": "http://systancia.com/",
                "org.label-schema.vendor": "Systancia",
                "version": "4.6.1-33-v2"
            },
            "OnBuild": null,
            "User": "root",
            "Volumes": null,
            "WorkingDir": ""
        }
    }
]

Container configuration

Environment variables

Variables for deployment by pairing

Name Mandatory Default value Comment
ENV_MEDIATION YES Used for pairing connection.
Indicates the DNS name or IP address for connecting to the web interface of a cyberelements Cleanroom platform.
ENV_TOKEN YES Used for pairing connection.
Indication of the pairing token to be used for connection to the Mediation Controller.
ENV_NO_CHECK_CERT NO false Used for pairing connections.
Whether or not to disable Mediation Controller web certificate checking, useful with cyberelements Cleanroom when accessing via IP address or when the web certificate is not a certificate recognized by the default public certification authorities.
Accepted values: true or false.

Variables for manual deployment

Name Mandatory Default value Comment
ENV_GW_CERT_NAME YES Used for connection with manual configuration.
Name of the certificate file for connecting to the SSL Router.
ENV_GW_CERT_PASSWORD YES Used for connection with manual configuration.
Certificate file password for connection to the SSL Router.
ENV_SSL_ROUTER_IP YES Used for connection with manual configuration.
IP address or DNS name of the SSL router to which the HTML5 Gateway will connect.
ENV_SSL_ROUTER_PORT NO 443 Used for connection with manual configuration.
Port of the SSL router to which the HTML5 Gateway will connect.

Various variables

Name Mandatory Default value Comment
ENV_DISABLE_RSYSLOG NO false Service deactivation rsyslog.
Accepted values: true or false.

Volumes

Volume Comment
/etc/ipdiva/ HTML5 Gateway configuration volume.
We recommend mounting it on a named volume or on the host machine's file system.
/opt/certificates/ Volume containing the HTML5 Gateway certificate(s) when configuring without pairing.
/var/log/ Volume containing the HTML5 Gateway logs.

Ports

Port Comment
8080 HTML5 service listening port.

Deployment of the HTML5 Gateway Docker

Deployment with pairing

Prerequisites

Before deploying the HTML5 Gateway Docker, you must obtain a pairing token.

The deployment described below will use all available volumes (except /opt/certificates/ that is not useful in this context) and expose all ports.
The volumes will be mounted on the host machine's file system with the location HTML5_GATEWAY_REP. Inside this location are the following subdirectories:

  • config
  • log

You can customize the variables for the following commands:

Custom value Variable Comment
DOCKER_NAME Name of the Docker container.
HTML5_GATEWAY_REP Location on the file system to mount the volumes.
ENV_MEDIATION_VALUE Value of the ENV_MEDIATION environment variable.
ENV_TOKEN_VALUE Value of the ENV_TOKEN environment variable.
ENV_NO_CHECK_CERT_VALUE Value of the ENV_NO_CHECK_CERT environment variable.

Create the directory tree required for mounting volumes on the file system:

1
2
mkdir -p HTML5_GATEWAY_REP/config
mkdir HTML5_GATEWAY_REP/log

And finally, start a new container:

1
2
3
4
5
6
7
8
docker run -d --restart unless-stopped --name "DOCKER_NAME" \
-e ENV_MEDIATION="ENV_MEDIATION_VALUE" \
-e ENV_TOKEN="ENV_TOKEN_VALUE" \
-e ENV_NO_CHECK_CERT="ENV_NO_CHECK_CERT_VALUE" \
-v "HTML5_GATEWAY_REP/config/:/etc/ipdiva/:rw" \
-v "HTML5_GATEWAY_REP/log/:/var/log/:rw" \
-p 8080:8080 \
cleanroom-html5:4.6.1-33-v2

The container logs can be viewed using the following command:

1
docker logs -f DOCKER_NAME

Manual deployment

Prerequisites

Before deploying the HTML5 Gateway Docker, you must have the certificate required for the HTML5 Gateway.

The deployment described below will use all available volumes and expose all ports.
The volumes will be mounted on the host machine's file system with the location MANUAL_REP. Inside this location are the following subdirectories:

  • config
  • log
  • certificates

You can customize the variables for the following commands:

Custom value Variable Comment
MANUAL_NAME Name of the Docker container.
MANUAL_REP Location on the file system to mount the volumes.
ENV_GW_CERT_NAME_VALUE Value of the ENV_GW_CERT_NAME environment variable.
ENV_GW_CERT_PASSWORD_VALUE Value of the ENV_GW_CERT_PASSWORD environment variable.
ENV_SSL_ROUTER_IP_VALUE Value of the ENV_SSL_ROUTER_IP environment variable.
ENV_SSL_ROUTER_PORT_VALUE Value of the ENV_SSL_ROUTER_PORT environment variable.

Create the directory tree required for mounting volumes on the file system:

1
2
3
mkdir -p MANUAL_REP/config
mkdir MANUAL_REP/log
mkdir MANUAL_REP/certificates

Then place the certificates for the HTML5 Gateway and the recording service in MANUAL_REP/certificates.

Finally, start a new container:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
docker run -d --restart unless-stopped --name "MANUAL_NAME" \
-e ENV_GW_CERT_NAME="ENV_GW_CERT_NAME_VALUE" \
-e ENV_GW_CERT_PASSWORD="ENV_GW_CERT_PASSWORD_VALUE" \
-e ENV_SSL_ROUTER_IP="ENV_SSL_ROUTER_IP_VALUE" \
-e ENV_SSL_ROUTER_PORT="ENV_SSL_ROUTER_PORT_VALUE" \
-v "MANUAL_REP/config/:/etc/ipdiva/:rw" \
-v "MANUAL_REP/log/:/var/log/:rw" \
-v "MANUAL_REP/certificates/:/opt/certificates/:ro" \
-p 8080:8080 \
cleanroom-html5:4.6.1-33-v2

The container logs can be viewed using the following command:

1
docker logs -f MANUAL_NAME

Configuration of the Mediation Controller

In order for the new HTML5 Gateway Docker to be operational, the Mediation Controller Server still needs to be configured via SSH or console access and root permissions.

This last setting is required to allow the Mediation Controller to communicate with the HTML5 service.
However, this configuration varies depending on the location of the HTML5 Gateway Docker:

The overall diagram is as follows:

flowchart LR
    subgraph DMZ
        direction TB
        HTML5(HTML5 Gateway Docker)
        MED(Mediation Controller)
    end

    subgraph LAN
        GW(Edge Gateway)
    end


    MED -.-> |Connection to HTML5 service ; TCP 8080| HTML5
    HTML5 --> |TLS Tunnel| MED
    MED ~~~ GW
    GW --> |TLS Tunnel| MED
    GW ~~~ MED

    linkStyle 0 stroke:#d22,color;
Hold "Ctrl" to enable pan & zoom

In this context, it will be necessary to add the information given below to the /etc/ipdiva/httpd/commonParameters.extra.conf file or to create it.
Customization of the settings is available:

Custom value Variable Comment
HTML5_URL_DMZ URL configured when declaring the HTML5 Gateway in the administration console.
HTML5_IP_DMZ DNS name or IP address of the Docker server on which the HTML5 Gateway Docker is active.
HTML5_PORT_DMZ Port published by the Docker server for the HTML5 Gateway Docker. 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
<Location /HTML5_URL_DMZ/>
    Order allow,deny
    Allow from all
    ProxyPass http://HTML5_IP_DMZ:HTML5_PORT_DMZ/systanciaHTML5-6.0/ flushpackets=on
    ProxyPassReverse http://HTML5_IP_DMZ:HTML5_PORT_DMZ
</Location>

<Location /HTML5_URL_DMZ/websocket-tunnel>
    Order allow,deny
    Allow from all
    ProxyPass ws://HTML5_IP_DMZ:HTML5_PORT_DMZ/systanciaHTML5-6.0/websocket-tunnel
    ProxyPassReverse ws://HTML5_IP_DMZ:HTML5_PORT_DMZ/systanciaHTML5-6.0/websocket-tunnel
</Location>

The overall diagram is as follows:

flowchart LR
    subgraph DMZ
        direction TB
        MED(Mediation Controller)
    end

    subgraph LAN
        HTML5(HTML5 Gateway Docker)
        GW(Edge Gateway)
    end


    MED -.- | Connection to HTML5 service ; through TLS Tunnel| GW -.-> |Connection to HTML5 service ; TCP 8080| HTML5
    HTML5 --> |TLS Tunnel| MED
    GW --> |TLS Tunnel| MED

    linkStyle 0,1 stroke:#d22,color;
Hold "Ctrl" to enable pan & zoom

In this context, it will be necessary to add the information given below to the /etc/ipdiva/httpd/commonParameters.extra.conf file or to create it.
Customization of the settings is available:

Custom value Variable Comment
HTML5_URL_LAN URL configured when declaring the HTML5 Gateway in the administration console.
GW_NAME_LAN Name of the Edge Gateway used to connect to the HTML5 service. The pipe character at the end of the line must be kept.
ORGANIZATION_NAME_LAN Name of the organization to which the Edge Gateway connects.
HTML5_IP_LAN DNS name or IP address of the Docker server on which the HTML5 Gateway Docker is active.
HTML5_PORT_LAN Port published by the Docker server for the HTML5 Gateway Docker. 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<Location /HTML5_URL_LAN/>
    Order allow,deny
    Allow from all
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-IPdiva-Gateway GW_NAME_LAN|
    RequestHeader set X-IPdiva-Orgname ORGANIZATION_NAME_LAN
    RequestHeader set X-IPdiva-Service HTML5_IP_LAN:HTML5_PORT_LAN

    ProxyPass http://127.0.0.1:9016/systanciaHTML5-6.0/ flushpackets=on
</Location>

<Location /HTML5_URL_LAN/websocket-tunnel>
    Order allow,deny
    Allow from all
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-IPdiva-Gateway GW_NAME_LAN|
    RequestHeader set X-IPdiva-Orgname ORGANIZATION_NAME_LAN
    RequestHeader set X-IPdiva-Service HTML5_IP_LAN:HTML5_PORT_LAN

    ProxyPass ws://127.0.0.1:9016/systanciaHTML5-6.0/websocket-tunnel
</Location>

Tip

This configuration can also be used in the following situation where a Docker Edge Gateway and a Docker HTML5 Gateway are running in the same Docker network:

flowchart LR
    subgraph DMZ
        direction TB
        MED(Mediation Controller)
    end

    subgraph LAN
        subgraph docker[Docker Server]
            HTML5([HTML5 Gateway Docker])
            GW([Edge Gateway])
        end
    end


    MED -.- | Connection to HTML5 service ; through TLS Tunnel| GW -.-> |Connection to HTML5 service ; TCP 8080 through Docker network| HTML5
    HTML5 --> |TLS Tunnel| MED
    GW --> |TLS Tunnel| MED

    linkStyle 0,1 stroke:#d22,color;
Hold "Ctrl" to enable pan & zoom
Example

In this example, we will deploy an Edge Gateway and an HTML5 Gateway on the same Docker server.

The infrastructure used for the example is as follows:

  • Serveur Mediation Controller
    • Web IP address: 10.0.10.10
    • Organization name: my-organization-name
    • Token for Edge Gateway: YJ5N-JN05-N5LS-N26H-7JHA-HZ9R-BGJF-MAVH
    • Token for HTML5 Gateway: ATCW-OMVR-0RY4-LW1M-D9G9-H5VF-WPX5-YCXF
    • URL for accessing the HTML5 service: HTML5_DOCKER
  • Docker server
    • Docker network name: cyberelements-cleanroom-network
    • Edge Gateway
      • Name: my-edge-gateway-docker
      • Root location on the file system: /opt/my-edge-gateway-docker
    • HTML5 Gateway
      • Name: my-html5-gateway-docker
      • Root location on the file system: /opt/my-html5-gateway-docker

First, on the Docker server, you need to create the tree structure for mounting the Docker volumes:

1
2
3
4
5
6
mkdir -p /opt/my-edge-gateway-docker/config
mkdir /opt/my-edge-gateway-docker/graphical_archives
mkdir /opt/my-edge-gateway-docker/ssh_archives
mkdir /opt/my-edge-gateway-docker/log
mkdir -p /opt/my-html5-gateway-docker/config
mkdir /opt/my-html5-gateway-docker/log

Then create a bridge type Docker network so that the two containers can communicate with each other:

1
docker network create -d bridge cyberelements-cleanroom-network

Next, start the Edge Gateway container. Note that the example establishes a connection by pairing, with access to the Mediation Controller via its IP address and no certificate check added. In addition, the --network parameter is added to specify the use of the previously created Docker network: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
docker run -d --restart unless-stopped --name "my-edge-gateway-docker" \
-e ENV_MEDIATION="10.0.10.10" \
-e ENV_TOKEN="YJ5N-JN05-N5LS-N26H-7JHA-HZ9R-BGJF-MAVH" \
-e ENV_NO_CHECK_CERT="true" \
-v "/opt/my-edge-gateway-docker/config/:/etc/ipdiva/:rw" \
-v "/opt/my-edge-gateway-docker/graphical_archives/:/var/lib/ipdiva/carerecord/archives/:rw" \
-v "/opt/my-edge-gateway-docker/ssh_archives/:/var/ipdiva/care/sshrecord/:rw" \
-v "/opt/my-edge-gateway-docker/log/:/var/log/:rw" \
-p 2222:2222 \
-p 3389:3389 \
-p 8443:8443 \
--network="cyberelements-cleanroom-network" \
cleanroom-gateway:4.6.1-33-v2

Next, start the HTML5 Gateway container. Note that the example establishes a connection by pairing, with access to the Mediation Controller via its IP address and no certificate check added. In addition, the --network parameter is added to specify the use of the previously created Docker network, and since access to the HTML5 service will go through the Docker network, publishing port 8080 is not necessary: 

1
2
3
4
5
6
7
8
docker run -d --restart unless-stopped --name "my-html5-gateway-docker" \
-e ENV_MEDIATION="10.0.10.10" \
-e ENV_TOKEN="ATCW-OMVR-0RY4-LW1M-D9G9-H5VF-WPX5-YCXF" \
-e ENV_NO_CHECK_CERT="true" \
-v "/opt/my-html5-gateway-docker/config/:/etc/ipdiva/:rw" \
-v "/opt/my-html5-gateway-docker/log/:/var/log/:rw" \
--network="cyberelements-cleanroom-network" \
cleanroom-html5:4.6.1-33-v2

Finally, the /etc/ipdiva/httpd/commonParameters.extra.conf file on the Mediation Controller server(s) needs to be configured. The following section should be added:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<Location /HTML5_DOCKER/>
    Order allow,deny
    Allow from all
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-IPdiva-Gateway my-edge-gateway-docker|
    RequestHeader set X-IPdiva-Orgname my-organization-name
    RequestHeader set X-IPdiva-Service my-html5-gateway-docker:8080

    ProxyPass http://127.0.0.1:9016/systanciaHTML5-6.0/ flushpackets=on
</Location>

<Location /HTML5_DOCKER/websocket-tunnel>
    Order allow,deny
    Allow from all
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-IPdiva-Gateway my-edge-gateway-docker|
    RequestHeader set X-IPdiva-Orgname my-organization-name
    RequestHeader set X-IPdiva-Service my-html5-gateway-docker:8080

    ProxyPass ws://127.0.0.1:9016/systanciaHTML5-6.0/websocket-tunnel
</Location>

Before applying the new settings, you must check that the new configuration does not cause any blocking errors for the Apache2 web server.
To do this, run the following command:

1
apache2ctl configtest

If the return is Syntax OK then the changes can be applied with the command below. Otherwise, check the configuration of your /etc/ipdiva/httpd/commonParameters.extra.conf file.

1
systemctl reload apache2