Server Application Install Instructions

OMA is deployed as a web application from an https file server. Production deployment the OMA application is only supported via an https file server. Technically, the non‑PWA version of OMA will run via an http server, however, for good web application deployment security, only https file servers are supported.

Only one application should be hosted under each https file server (a given host and port) because the applications will share application storage on the client. This includes localStorage, sessionStorage, IndexDB, WebSQL, and Cache Storage. For example, if you have a production version of OMA on https://host.com:8080/index.html and a test version of OMA on https://host:8080/test/index.html, they will share the same application storage under the domain https://host.com:8080. This is not necessarily an issue, you just need to know if you change a setting that is stored in application storage (for example, Login settings Enable IDCS login or Enable OMAHttpBridge), it will be changed for both version of the application. Another example, iIf you have two versions of the application, one for your North region and one for the South region and if their are differences more than just the data they interact with, it is recommended to use to different https domains (for example, https://host.com:8080 for North and https://host.com:8081 for South).

If you are running the application as a Web app (not a PWA), the https server can be signed with a less secure SSL certificate (for example, self-signed non Certificate Authority (CA)).

Applications running as a Progressive Web App (PWA) use a service worker. When the service worker attempts to register itself, the https server's certificate must be valid. The https server certificate to support a PWA has these requirements:

• The https server must be running on a Fully Qualified Domain Name (FQDN, host.com) that is recognized by the clients DNS server.

• The SSL certificate used by the https server must include the FQDN in the Subject Alternate Name (SAN) list.

• The SSL certificate must be issued by a root level trust authority or CA. On iOS or Android, this must be a client verifiable CA authority. On Windows, you can install a self signed FQDNed certificate with the FQDN in the SAN in the windows system certificate storage using the Manage Computer Certificates app. On Linux systems with a tool called certutil, you can install a self signed FQDNed certificate with the FQDN in the SAN in the Linux system certificate storage for the user.

One more note about PWAs, the RestFUL endpoint the PWA communicates with (for example,the nms-ws RestFUL services) MUST also follow the same certificate requirements of the PWA's https SSL certificate. PWAs can not communicate to un-trusted RestFUL service endpoints.

To install the application, copy the www directory from the application build distribution directory to the https server root directory. For example, on a simple OPAL NMS system, there is an nms-lighttpd server serving the $OPERATIONS_MODELS directory. Follow the instructions in the nms-lighttpd script to enable the https server. For this example, we will assume the host name is host.com and the https port will be 8889. Copy the application build distribution directory OMA2/dist/oma_pwa/www directory to $OPERATIONS_MODELS/mobile/oma2/www directory. From any client device with access to the nms-lighttpd server, goto the address: https://host.com:8889/mobile/oma2/www/index.html, and OMA will start as a PWA enabled application.