Handout for version 25.1.x
Hard- and Software Requirements
|
Lobster Bridge |
|
|
|
|
|
Hardware |
|
Highly dependent on the expected load |
|
|
|
|
|
|
|
Software |
|
|
|
|
|
Operating System |
Windows or Linux |
|
|
|
Software |
Java 11 (up to date version, preferably https://adoptium.net/de/temurin/releases/?os=any&arch=any&version=11) |
|
|
Network |
|
|
|
|
|
Inbound Ports |
None |
|
|
|
Outbound Ports |
rlocal → Lobster Data Platform/DMZ 443/tcp local → Lobster API Server 443/tcp local → Bridge Gateway 8444/tcp |
|
Private Bridge Gateway |
|
|
|
|
|
Hardware |
|
Highly dependent on the expected load |
|
|
Software |
|
|
|
|
|
Operating System |
Windows or Linux |
|
|
|
Software |
Java 11 (up to date version, preferably https://adoptium.net/de/temurin/releases/?os=any&arch=any&version=11) |
|
|
Network |
|
|
|
|
|
Inbound Ports |
(all standard DMZ requirements) Lobster Data Platform → local 9000/tcp Lobster Bridge → local 8444/tcp |
|
|
|
Outbound Ports |
(all standard DMZ requirements) local → Lobster API Server 443/tcp |
|
Lobster Data Platform |
|
|
|
|
|
Network |
|
|
|
|
|
Inbound Ports |
Lobster Bridge → local 443/tcp (ETL/AS2) |
|
|
|
Outbound Ports |
local → Lobster API Server 443/tcp local → Lobster Bridge Gateway Server 443/tcp (official Lobster Bridge Gateway) local → Lobster Bridge Gateway Server 9000/tcp (private DMZ/Gateway) |
Creating a Bridge Connection in the Lobster Data Platform
|
Alias |
A name to recognize the Bridge besides the UUID |
|
Bridge password |
The password, which is used to create the tunnel and to verify access from and to the Bridge. |
|
Partner |
If AS2 shall be used later, the appropriate partner can be chosen here. |
If a private Lobster Bridge Gateway is configured and connected to the Lobster Data Platform, a combobox with the available gateways is displayed in the creation dialog, from which a gateway can be selected.
Downloading Lobster Bridge Installation File
The Bridge can be downloaded with the Download Button in the upper right corner.
Popups must be allowed for this page otherwise the download will fail!
There is one download which works for Linux and Windows equally.
You can download Lobster Bridge before configuring the Bridge Connections, the download file is not customized with any connection parameters in any way.
Installing Lobster Bridge via Lobster Application Wrapper
After downloading the Lobster Bridge installation files, you need to unpack them.
We recommend the paths "C:\Lobster_Bridge" for Windows or "/opt/Lobster_Bridge" for Linux. Once the files have been unpacked, you can install Lobster Bridge using the Lobster Application Wrapper. To start the installation, simply run the following commands in the Lobster Bridge installation directory.
Since the Lobster Bridge installation files do not contain Java, this must be installed separately on the system by the customer. (See Hard- and Software Requirements)
Install the service on the OS
java -jar ./bin/wrapper.jar --install-serviceStart the service of Lobster Bridge
java -jar ./bin/wrapper.jar --run-serviceThe java command can only be used directly if Java is properly added to your system’s PATH environment variable. If Java is not in the PATH, you need to call it with the full path to the bin directory of your Java installation.
You can see whether the installation and start of the service was successful in the directory /logs/wrapper.log in the Lobster Bridge installation directory.
First Run/Configuration of Lobster Bridge
Configuration
Application URL
To access the Lobster Bridge application interface, navigate to the following URL in your web browser, By default, Lobster Bridge is configured to use SSL port 443. The SSL port configuration can be found and customized in “./etc/hub.xml”
https://<Server-IP-or-Hostname>:<SSL-Port>/bridge
First Time Login
Username: admin
Password: admin
Upon first login, users will be guided through a straightforward installation and configuration process using the Lobster Bridge Installer. This interactive installer simplifies setup by prompting users through clearly defined steps.
The only mandatory step during initial setup with the Lobster Bridge Installer is the creation of the Bridge Administrator user account. All other configuration steps, such as uploading certificates—essential for the application's secure and proper functionality—and configuring AS2 settings, can either be completed during installation or configured later within the application itself.
At first start the wizard must be completed.
In the next step the ID of the Lobster Bridge and the password must be entered. The password should be memorized and known. The Brigde Id can be obtained via the context menu on the specific Bridge Connection Entry in the Lobster Data Platform: "Copy Bridge-ID to clipboard".
Generating and exchanging the certificates
Keep clicking "Next" till the wizard is finished.
Completing configuration in the Lobster Data Platform
After successfully completing the wizard, the Bridge certificate has to be updated in the Bridge Connection Entry via the context menu "Fetch data from Bridge Registry".
Service Configuration
Database connection
Configure a jdbc database connection on the Lobster Data Platform that uses the tunnel to connect to a database on the bridge side. In the Lobster Data Platform navigate to “Configuration - Databases/Connectors”. Add a new entry and choose “Create DB Connection on Lobster Bridge”. Choose the bridge and enter the database parameter for your local database on the bridge client.
This creates a database entry on the bridge. The connection can be tested with the context menu “Connection test”.
AS2 Configuration
Lobster Data Platform AS2
To configure an AS2 Channel on the Lobster Data Platform side, enter the following parameters in the channel settings:
Select a Lobster Bridge. This will automatically set the partner address, certificates, and further AS2 settings based on the selected bridge.
After that, only the following parameters need to be set
Own Id (Me towards partner)", this has to match the "Partner Id" on the bridge side
"Partner Id (Partner towards me)", this has to match the "Local AS2-ID" on the bridge side
Bridge AS2
"Local AS2-ID": this has to match the "Partner Id" on the platform side
"Partner ID": this has to match the "Own Id" on the bridge side
"Partner Address": Enter your platform or DMZ endpoint address for AS2 (no bridge uuid here), e.g. https://platform.lobster.cloud.com/partner/AS2Retrieve
Bridge Log Files
See ControlCenter → Server Logs.
Log folders
"brg"
Bridge services related logs like configuration errors.
Example: wrong AS2 folder configuration:
--------------------------------------------------------
Error-log for 'brg' opened at Wed Sep 10 00:00:00 UTC 2025
LobsterBridge, powered by Lobster
Patch Level: 28.05.2025 17:00:00
Installation-ID: 1002p
--------------------------------------------------------
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/idoc could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/idoc
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/edifact could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/edifact
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/x12 could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/x12
02:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (prod. environment) File ./outbound/prod/backup/xml could not read java.nio.file.NoSuchFileException: ./outbound/prod/backup/xml
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/edifact could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/edifact
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/x12 could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/x12
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/xml could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/xml
03:00:22 SYSTEM:BRIDGE:MFT:TASKMANAGER (test environment) File ./outbound/test/backup/idoc could not read java.nio.file.NoSuchFileException: ./outbound/test/backup/idoc"internal"
Basic bridge client operation and network connection errors.
Example: Outbound tunnel connection problem
--------------------------------------------------------
Error-log for 'internal' opened at Thu Sep 11 05:30:39 UTC 2025
IS/5.9.16_28052025170000
Patch Level: 28.05.2025 17:00:00
Installation-ID: 1002p
--------------------------------------------------------
05:30:44 [NioTunnelClient] [ERROR] [qtp988402146-95-check-workers] Exception while check workers
java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:483)
at java.base/sun.nio.ch.Net.connect(Net.java:472)
at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:692)
at java.base/java.nio.channels.SocketChannel.open(SocketChannel.java:194)
at de.lobster.scm.dmz.transport.AbstractNioTunnelProxy.openClientChannel(AbstractNioTunnelProxy.java:165)
at de.lobster.scm.dmz.transport.NioTunnelClient.checkWorkers(NioTunnelClient.java:110)
at de.lobster.scm.dmz.transport.NioTunnelClient.lambda$3(NioTunnelClient.java:247)
at de.lobster.scm.dmz.AbstractDmzClientApp.lambda$1(AbstractDmzClientApp.java:93)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:829)
"as2log"
AS2 operation related messages.
Example: the platform received the file, the certificates are ok, but there is no matching profile configured:
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for signing: 0x1992e631fa1/CN=SYS_CERT_BRIDGE_td_test2,O=Lobster,C=DE
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): info of private key for certificate 0x1992e631fa1/CN=SYS_CERT_BRIDGE_td_test2,O=Lobster,C=DE: org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey/RSA/PKCS#8
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used signing algorithm SHA256withRSA evaluated from SHA256withRSA
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for encryption: 0x198ea5233bd/CN=SYS_CERT_PLATFORM_td_test2,O=Lobster,C=DE
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used encryption algorithm 2.16.840.1.101.3.4.1.42 evaluated from RSA
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): performing security operations (mdn mic alg: sha256): compressed signed encrypted, MIC: LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Try to send AS2 message with ID '<1476034553.4.1757420437657@bridge-test-server-03>' with MIC LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256 using micalg sha256 to URL 'https://10.99.132.148/partner/AS2Retrieve/'
12:20:37 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): message to be sent has been saved to '/opt/bridge_installations/bridge/./as2/data/msgblock_0/as2sent17941891656698856916.dat'
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Message sent to Nep_ldp_prod with synchronous MDN-delivery requested. Read in MDN-data
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): received has been saved to '/opt/bridge_installations/bridge/./as2/data/msgblock_0/as2received6075498375476014409.dat'
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Message has been signed with a certificate with serial number 0x198ea5233bd
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): used certificate for check signature: 0x198ea5233bd/CN=SYS_CERT_PLATFORM_td_test2,O=Lobster,C=DE
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): check of signature was successful with signature digest vgimIhEkPwpMRD1+odtIGnJAYAdKoR4N3UyUENhyp0Y=
12:20:38 NORMAL AS2AuthServicePartnerManager: 63e5d54e86d18(Nep_brg_prod:Nep_ldp_prod:TLS): Received MDN info:
Message-ID: MDN_1476034553.4.1757420437657@bridge-test-server-03
Original-Message-ID: 1476034553.4.1757420437657@bridge-test-server-03
Original-From: Nep_brg_prod
Original-To: Nep_ldp_prod
Message-MIC: null
Received Message-MIC: LUh8sNA/r2phXZNjjgdCDem3aaLr1c3bY42s7v5R9eM=, sha256
Disposition Type: 1
Disposition Text: internal-error
Disposition Modifier: 2
Disposition Modifier Texts: Failure: The received message lead to an error while being processed by the system: Error while handling your AS2-request - no suitable profile found.
FAQ
Q: Why can I not download the Bridge Installation file from the Platform?
A: You have to allow popups in your browser for the Platform site.
Q: I have some networking problems, the tunnel is not created and/or my platform can not reach the Bridge
A: Check if all firewall rules reflect the needed ports, as they are specified in the requirements and if own port configurations must be taken into account.