Handout for version 25.0.x
Hard- and Software Requirements
|
Lobster Bridge |
|
|
|
|
|
Hardware |
|
Highly dependent on the expected load |
|
|
|
|
|
|
|
Software |
|
|
|
|
|
Operating System |
Windows or Linux |
|
|
|
Software |
Java 11 (up to date version, preferably https://adoptium.net/de/temurin/releases/?os=any&arch=any&version=11) |
|
|
Network |
|
|
|
|
|
Inbound Ports |
None |
|
|
|
Outbound Ports |
local → Lobster Data Platform/DMZ 443/tcp local → Lobster API Server 443/tcp local → Bridge Gateway 8444/tcp |
|
Private Bridge Gateway |
|
|
|
|
|
Hardware |
|
Highly dependent on the expected load |
|
|
Software |
|
|
|
|
|
Operating System |
Windows or Linux |
|
|
|
Software |
Java 11 (up to date version, preferably https://adoptium.net/de/temurin/releases/?os=any&arch=any&version=11) |
|
|
Network |
|
|
|
|
|
Inbound Ports |
(all standard DMZ requirements) Lobster Data Platform → local 9000/tcp Lobster Bridge → local 8444/tcp |
|
|
|
Outbound Ports |
(all standard DMZ requirements) local → Lobster API Server 443/tcp |
|
Lobster Data Platform |
|
|
|
|
|
Network |
|
|
|
|
|
Inbound Ports |
Lobster Bridge → local 443/tcp (ETL/AS2) |
|
|
|
Outbound Ports |
local → Lobster API Server 443/tcp local → Lobster Bridge Gateway Server 443/tcp (official Lobster Bridge Gateway) local → Lobster Bridge Gateway Server 9000/tcp (private DMZ/Gateway) |
Creating a Bridge Connection in the Platform
|
Alias |
A name to recognize the Bridge besides the UUID |
|
Bridge password |
The password, which is used to create the tunnel and to verify access from and to the Bridge. For the 25.0.x beta, do not use a '#' in the password. |
|
Partner |
If AS2 shall be used later, the appropriate partner can be chosen here. |
Downloading the Bridge Installation File
The Bridge can be downloaded with the Download Button in the upper right corner.
Popups must be allowed for this page otherwise the download will fail!
There is one download which works for Linux and Windows equally.
You can download the Bridge before configuring the Bridge Connections, the download file is not customized with any connection parameters in any way.
Installing the Bridge
Unzip the Bridge installation file in the desired directory
Adjust bin/hub.sh for Linux or hubenv.bat for Windows:
set HUB_HOME to the root of your Bridge Installation, e.g. export HUB_HOME=/opt/bridge
set JAVA_HOME to your installed Java, e.g. export JAVA_HOME= /lvm/Java/JDK11/openlogic-11-0-21/
First Run/Configuration of the Bridge
Manually
Windows
Script: ./bin/hub.bat
Use the provided Windows script to manually start or stop Lobster Bridge. This script is pre-configured and require no additional settings, simply double click to start and ctrl +c to stop the application.
Linux
Script: ./bin/hub.sh
Usage: start – stop
As a Service
Windows
Use the provided Windows script to install Lobster Bridge as a Windows service, monitoring log is located at ./logs/wrapper.log.
Script: ./bin/ installService.bat
Usage: install - start – stop – remove - restart
Linux
Script: ./bin/service.sh
Options: check - create – delete
Configuring
Application URL
To access the Lobster Bridge application interface, navigate to the following URL in your web browser, By default, Lobster Bridge is configured to use SSL port 443. The SSL port configuration can be found and customized in “./etc/hub.xml”
https://<Server-IP-or-Hostname>:<SSL-Port>/bridge
When logging in as2 System has to be PROD - SYSTEM. Otherwise data will be lost when updating the Bridge to 25.1!
First Time Login
Username: admin
Password: admin
Upon first login, users will be guided through a straightforward installation and configuration process using the Lobster Bridge Installer. This interactive installer simplifies setup by prompting users through clearly defined steps.
The only mandatory step during initial setup with the Lobster Bridge Installer is the creation of the Bridge Administrator user account. All other configuration steps, such as uploading certificates—essential for the application's secure and proper functionality—and configuring AS2 settings, can either be completed during installation or configured later within the application itself.
At first start the wizard must be completed.
The two necessary steps are creating a user and creating and exchanging the certificates. The rest of the configuration process like AS2 can be skipped and completed later.
In the next step the Bridge ID and the password must be entered. The password should be memorized and known. The Brigde Id can be obtained via the context menu on the specific Bridge Connection Entry in the Platform: "Copy Bridge-ID to clipboard".
Generating and exchanging the certificates
Keep clicking "Next" till the wizard is finished.
Completing configuration in the Platform
After successfully completing the wizard, the Bridge certificate has to be updated in the Bridge Connection Entry via the context menu "Fetch data from Bridge Registry".
Service Configuration
Database connection
Configure a jdbc database connection on the platform that uses the tunnel to connect to a database on the bridge side. In the platform navigate to “Configuration - Databases/Connectors”. Add a new entry and choose “Create DB Connection on Lobster Bridge”. Choose the bridge and enter the database parameter for your local database on the bridge client.
This creates a database entry on the bridge. The connection can be tested with the context menu “Connection test”.
AS2 Configuration
Platform AS2
To configure an AS2 Channel on the platform side, enter the following parameters in the channel settings:
"Own Id (Me towards partner)", this has to match the "Partner Id" on the bridge side
"Partner Id (Partner towards me)", this has to match the "Local AS2-ID" on the bridge side
"Partner Address": Enter the gateway tunnel endpoint address for the bridge: https://<GATEWAY>/bridge/<bridge-uuid>/<AS2Endpoint>, for example "https://bridge.lobster-cloud.com/bridge/8cd11114-a05b-4950-a7ac-a5be60692830/BusinessConnector/AS2Retrieve"
"Local certificate (encryption)": Choose the locale platform certificate for the configured bridge
"Partner certificate (encryption)" and "Partner certificate (TLS ClientAuth)": Choose the imported bridge certificate (in "Bridge connections": context menu "Fetch date from bridge registry")
"Further AS2 Settings": enable "send signed", "send encrypted", "receive signed" and "send signed"
Bridge AS2
"Local AS2-ID": this has to match the "Partner Id" on the platform side
"Partner ID": this has to match the "Own Id" on the bridge side
"Partner Address": Enter your platform or DMZ endpoint address for AS2 (no bridge uuid here), e.g. https://platform.lobster.cloud.com/partner/AS2Retrieve
Bridge Log Files
See ControlCenter → Server Logs.
Log folders
"brg"
Bridge services related logs like configuration errors.
Example: wrong AS2 folder configuration:
--------------------------------------------------------
Error-log for 'brg' opened at Wed Sep 10 00:00:00 UTC 2025
LobsterBridge, powered by Lobster
Patch Level: 28.05.2025 17:00:00
Installation-ID: 1002p
--------------------------------------------------------
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/idoc could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/idoc
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/edifact could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/edifact
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/x12 could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/x12
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/xml could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/xml
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/edifact could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/edifact
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/x12 could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/x12
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/xml could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/xml
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/idoc could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/idoc"internal"
Basic bridge client operation and network connection errors.
Example: Outbound tunnel connection problem
--------------------------------------------------------
Error-log for 'internal' opened at Thu Sep 11 05:30:39 UTC 2025
IS/5.9.16_28052025170000
Patch Level: 28.05.2025 17:00:00
Installation-ID: 1002p
--------------------------------------------------------
05:30:44 [NioTunnelClient] [ERROR] [qtp988402146-95-check-workers] Exception while check workers
java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:483)
at java.base/sun.nio.ch.Net.connect(Net.java:472)
at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:692)
at java.base/java.nio.channels.SocketChannel.open(SocketChannel.java:194)
at de.lobster.scm.dmz.transport.AbstractNioTunnelProxy.openClientChannel(AbstractNioTunnelProxy.java:165)
at de.lobster.scm.dmz.transport.NioTunnelClient.checkWorkers(NioTunnelClient.java:110)
at de.lobster.scm.dmz.transport.NioTunnelClient.lambda$3(NioTunnelClient.java:247)
at de.lobster.scm.dmz.AbstractDmzClientApp.lambda$1(AbstractDmzClientApp.java:93)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:829)
"as2log"
AS2 operation related messages.
Example: the platform received the file, the certificates are ok, but there is no matching profile configured:
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for signing: 0x1992e631fa1/CN=SYS_CERT_BRIDGE_td_test2,O=Lobster,C=DE
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): info of private key for certificate 0x1992e631fa1/CN=SYS_CERT_BRIDGE_td_test2,O=Lobster,C=DE: org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey/RSA/PKCS#8
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used signing algorithm SHA256withRSA evaluated from SHA256withRSA
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for encryption: 0x198ea5233bd/CN=SYS_CERT_PLATFORM_td_test2,O=Lobster,C=DE
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used encryption algorithm 2.16.840.1.101.3.4.1.42 evaluated from RSA
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): performing security operations (mdn mic alg: sha256): compressed signed encrypted, MIC: LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Try to send AS2 message with ID '<1476034553.4.1757420437657@bridge-test-server-03>' with MIC LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256 using micalg sha256 to URL 'https://10.99.132.148/partner/AS2Retrieve/'
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): message to be sent has been saved to '/opt/bridge_installations/bridge/./as2/data/msgblock_0/as2sent17941891656698856916.dat'
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Message sent to Nep_ldp_prod with synchronous MDN-delivery requested. Read in MDN-data
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): received has been saved to '/opt/bridge_installations/bridge/./as2/data/msgblock_0/as2received6075498375476014409.dat'
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Message has been signed with a certificate with serial number 0x198ea5233bd
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for check signature: 0x198ea5233bd/CN=SYS_CERT_PLATFORM_td_test2,O=Lobster,C=DE
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): check of signature was successful with signature digest vgimIhEkPwpMRD1+odtIGnJAYAdKoR4N3UyUENhyp0Y=
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Received MDN info:
Message-ID: MDN_1476034553.4.1757420437657@bridge-test-server-03
Original-Message-ID: 1476034553.4.1757420437657@bridge-test-server-03
Original-From: Nep_brg_prod
Original-To: Nep_ldp_prod
Message-MIC: null
Received Message-MIC: LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256
Disposition Type: 1
Disposition Text: internal-error
Disposition Modifier: 2
Disposition Modifier Texts: Failure: The received message lead to an error while being processed by the system: Error while handling your AS2-request - no suitable profile found.
FAQ
Q: Why can I not download the Bridge Installation file from the Platform?
A: You have to allow popups in your browser for the Platform site.
Q: I have some networking problems, the tunnel is not created and/or my platform can not reach the Bridge
A: Check if all firewall rules reflect the needed ports, as they are specified in the requirements and if own port configurations must be taken into account.