2011-10-13 23:22:52 +02:00
.. _installation:
2021-06-18 08:32:11 +02:00
============
Installation
============
2011-10-13 23:22:52 +02:00
2021-06-18 08:32:11 +02:00
1. Setup the repository::
2011-10-13 23:22:52 +02:00
2021-06-18 15:48:29 +02:00
$ wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -
$ echo deb http://deb.entrouvert.org/ buster main >> /etc/apt/sources.list
$ apt update
2021-06-18 15:37:39 +02:00
2. Create the database::
2021-06-18 15:48:29 +02:00
$ apt install apg
$ PASSWORD=$(apg -n 1 -M NCL -m 20)
$ apt install postgresql
2021-06-18 16:55:34 +02:00
$ su - postgres -c psql <<EOF
2021-06-18 15:48:29 +02:00
CREATE ROLE authentic2 WITH LOGIN SUPERUSER PASSWORD '$PASSWORD';
ALTER ROLE authentic2 SET client_encoding TO 'utf8';
CREATE DATABASE authentic2;
GRANT ALL PRIVILEGES ON DATABASE authentic2 TO authentic2;
EOF
$ mkdir -p /etc/authentic2/settings.d
$ cat > /etc/authentic2/settings.d/database.py <<EOF
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "authentic2",
"USER": "authentic2",
"PASSWORD": "$PASSWORD",
"HOST": "127.0.0.1",
"PORT": "5432",
}
}
EOF
2021-06-18 15:37:39 +02:00
2021-06-18 17:18:55 +02:00
.. warning ::
The authentic2 user is **SUPERUSER** because the authentic2
installation process uses it to create postgres extensions. This
privilege should be dropped if in production.
2021-06-18 15:37:39 +02:00
3. Install::
2021-06-18 15:48:29 +02:00
$ apt install authentic2
2011-10-13 23:22:52 +02:00
2021-06-18 08:32:11 +02:00
.. note ::
2011-10-13 23:22:52 +02:00
2021-06-18 11:45:08 +02:00
The Debian GNU/Linux packages published at https://deb.entrouvert.org/ follow the `release cycle of Publik <https://dev.entrouvert.org/projects/publik/wiki/Cycle_de_mises_%C3%A0_jour> `__ .
2021-05-04 12:30:00 +02:00
2021-06-18 11:49:41 +02:00
Specifying a different database
-------------------------------
This is done by modifying the DATABASES dictionary in
`/etc/authentic2/settings.d/database.py` . For example::
DATABASES['default'] = {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'authentic',
'USER': 'admindb',
'PASSWORD': 'foobar',
'HOST': 'db.example.com',
'PORT': '', # empty string means default value
}
You should refer to the Django documentation on databases settings at
http://docs.djangoproject.com/en/dev/ref/settings/#databases for all
the details.
2021-06-18 12:19:01 +02:00
Running Authentic 2 behind an Apache2 reverse proxy
---------------------------------------------------
Authentic 2 runs as an `uWSGI daemon
<https://uwsgi-docs.readthedocs.io/en/latest/> `__ and can be
configured as a backend for an Apache2 reverse proxy by adding
2021-11-29 11:54:58 +01:00
the following example to `/etc/apache2/sites-available/authentic2.conf` ::
2021-06-18 12:19:01 +02:00
<VirtualHost *:80>
ServerName idp.example.com
DocumentRoot /var/www/empty
RedirectPermanent / https://idp.example.com
ErrorLog ${APACHE_LOG_DIR}/idp.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/idp.example.com-access.log combined
</Virtualhost>
<Virtualhost *:443>
ServerName idp.example.com
DocumentRoot /var/www/empty
SSLEngine On
Alias /static /var/lib/authentic2/collectstatic
ProxyPass /static !
<Directory /var/lib/authentic2/collectstatic>
Require all granted
</Directory>
ProxyRequests Off
ProxyPreserveHost on
ProxyPass / unix:/var/run/authentic2/authentic2.sock|http://127.0.0.1/
ProxyPassReverse / unix:/var/run/authentic2/authentic2.sock|http://127.0.0.1/
<Location />
RequestHeader set X-Forwarded-SSL "on"
RequestHeader set X-Forwarded-Protocol "ssl"
RequestHeader set X-Forwarded-Proto "https"
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/idp.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/idp.example.com-access.log combined
</VirtualHost>
2011-10-13 23:22:52 +02:00
2021-11-29 11:54:58 +01:00
And the enable it with::
$ a2ensite authentic2
It also requires modules that can be enabled as follows::
$ a2enmod proxy_http headers ssl
2014-12-03 17:10:45 +01:00
Quickstarts
2021-06-18 12:24:46 +02:00
-----------
2012-05-11 17:32:14 +02:00
2014-12-03 17:10:45 +01:00
.. toctree ::
:maxdepth: 1
2012-05-11 17:32:14 +02:00
2014-12-03 17:10:45 +01:00
quick_oauth2_idp
quick_saml2_idp
quick_saml2_sp
quick_cas_idp