globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

doc: installation improvements

Browse source
This commit is contained in:
Éloi Rivard 2021-10-12 18:14:09 +02:00
parent b3e11e1d2f
commit 5863a38e40
3 changed files with 31 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
canaille/conf/config.sample.toml
View file

@ -89,11 +89,11 @@ FIELDS = [
] ]
# The jwt configuration. You can generate a RSA keypair with: # The jwt configuration. You can generate a RSA keypair with:
# ssh-keygen -t rsa -b 4096 -m PEM -f private.pem # openssl genrsa -out private.pem 4096
# openssl rsa -in private.pem -pubout -outform PEM -out public.pem # openssl rsa -in private.pem -pubout -outform PEM -out public.pem
[JWT] [JWT]
PUBLIC_KEY = "canaille/conf/public.pem"
PRIVATE_KEY = "canaille/conf/private.pem" PRIVATE_KEY = "canaille/conf/private.pem"
PUBLIC_KEY = "canaille/conf/public.pem"
KTY = "RSA" KTY = "RSA"
ALG = "RS256" ALG = "RS256"
EXP = 3600 EXP = 3600

4
demo/conf/canaille.toml
View file

@ -89,11 +89,11 @@ GROUP_NAME_ATTRIBUTE = "cn"
GROUP_USER_FILTER = "(member={user.dn})" GROUP_USER_FILTER = "(member={user.dn})"
# The jwt configuration. You can generate a RSA keypair with: # The jwt configuration. You can generate a RSA keypair with:
# ssh-keygen -t rsa -b 4096 -m PEM -f private.pem # openssl genrsa -out private.pem 4096
# openssl rsa -in private.pem -pubout -outform PEM -out public.pem # openssl rsa -in private.pem -pubout -outform PEM -out public.pem
[JWT] [JWT]
PUBLIC_KEY = "conf/public.pem"
PRIVATE_KEY = "conf/private.pem" PRIVATE_KEY = "conf/private.pem"
PUBLIC_KEY = "conf/public.pem"
KTY = "RSA" KTY = "RSA"
ALG = "RS256" ALG = "RS256"
EXP = 3600 EXP = 3600

33
doc/install.rst
View file

@ -32,20 +32,41 @@ New fashion: Use slapadd to add the schemas
sudo slapadd -n0 -l schemas/*.ldif sudo slapadd -n0 -l schemas/*.ldif
sudo service slapd restart sudo service slapd restart
Web interface Canaille installation
============= =====================
Then you can deploy the code either by copying the git repository or installing the pip package: Choose a path to store the canaille sources, for instance `/opt/canaille`. The install canaille there in a virtualenv.
.. code-block:: console .. code-block:: console
pip install canaille sudo mkdir /etc/canaille
sudo virtualenv /etc/canaille
sudo /etc/canaille/bin/pip install canaille
Configuration
=============
Choose a path to store your configuration, for instance `/etc/canaille` and then copy the sample configuration there. You should also generate a keypair that canaille will use to sign tokens.
.. code-block:: console
sudo mkdir /etc/canaille
sudo openssl genrsa -out private.pem 4096
sudo openssl rsa -in private.pem -pubout -outform PEM -out public.pem
sudo cp canaille/conf/config.sample.toml /etc/canaille/config.toml
sudo cp canaille/conf/openid-configuration.sample.json /etc/canaille/openid-configuration.json
Web interface
=============
Finally you have to run the website in a WSGI server: Finally you have to run the website in a WSGI server:
.. code-block:: console .. code-block:: console
pip install gunicorn sudo /opt/canaille/bin/pip install gunicorn
gunicorn "canaille:create_app()" gunicorn "canaille:create_app()"
Recurrent jobs Recurrent jobs
@ -56,4 +77,4 @@ expired tokens and authorization codes with:
.. code-block:: console .. code-block:: console
env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean env CONFIG=/etc/canaille/config.toml FASK_APP=canaille /opt/canaille/bin/flask clean