2024-09-08 22:15:10 +00:00
|
|
|
Start with Debian 12
|
|
|
|
|
2024-09-16 17:53:38 +00:00
|
|
|
When you create your machine create two other DNS entries using your base Domain Name. They will be "authserver" and "idp."
|
|
|
|
|
2024-09-13 02:59:04 +00:00
|
|
|
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
|
2024-09-16 17:53:38 +00:00
|
|
|
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
|
2024-09-08 22:15:10 +00:00
|
|
|
Apt-Install certbot python3-certbot-nginx golang-go
|
|
|
|
|
2024-09-13 02:59:04 +00:00
|
|
|
If necessary create a "normal" user and give them "sudo" access in /etc/group
|
|
|
|
|
|
|
|
Become that user.
|
|
|
|
|
2024-09-08 22:15:10 +00:00
|
|
|
Create a working directory
|
|
|
|
|
|
|
|
cmd: cd <Working Directory>
|
|
|
|
|
|
|
|
cmd: git clone https://code.cacert.org/cacert/oidc-registration-php.git
|
|
|
|
|
|
|
|
cmd: cd oidc-registration-php
|
|
|
|
|
|
|
|
cmd: cp cacert.ini.sample cacert.ini
|
|
|
|
|
|
|
|
Edit cacert.ini and set the Database User and Password that you wish to use.
|
|
|
|
Also set the Domain and Host name in the URL variables.
|
|
|
|
|
|
|
|
cmd: cd misc
|
|
|
|
|
2024-09-13 02:59:04 +00:00
|
|
|
Edit oidc_db_v2.sql and insert the Database User name chosen above in place of "<Your User>".
|
2024-09-08 22:15:10 +00:00
|
|
|
|
2024-09-13 02:59:04 +00:00
|
|
|
As Root: cmd: cp oidc_db_v2.sql /var/lib/postgresql
|
2024-09-08 22:15:10 +00:00
|
|
|
As Root: cmd: su - postgres
|
2024-09-08 22:39:30 +00:00
|
|
|
cmd: createuser -s -d -e -r -P <DB User> ( Pwd: <DB Password> )
|
|
|
|
cmd: createdb oidc_db -O <DB User>
|
2024-09-08 22:15:10 +00:00
|
|
|
cmd: psql oidc_db < oidc_db_v2.sql
|
2024-09-18 01:14:29 +00:00
|
|
|
Note: There will be a series of 8 error messages followed by CREATE and ALTER statements. This is normal due to the format of the dump.
|
|
|
|
Ctrl-D
|
2024-09-08 22:15:10 +00:00
|
|
|
Ctrl-D
|
|
|
|
|
|
|
|
cmd: cd ..
|
|
|
|
|
|
|
|
cmd: mkdir -p $HOME/.local/share/virtualenvs ~/.local/bin
|
|
|
|
cmd: python3 -m venv $HOME/.local/share/virtualenvs/ansible
|
|
|
|
cmd: $HOME/.local/share/virtualenvs/ansible/bin/pip install ansible
|
|
|
|
cmd: ln -s $HOME/.local/share/virtualenvs/ansible/bin/ansible* $HOME/.local/bin/
|
|
|
|
cmd: export PATH=$HOME/.local/bin:$HOME/go/bin:$PATH
|
2024-09-13 02:59:04 +00:00
|
|
|
|
|
|
|
Edit your ~/.profile to include the preceeding PATH changes
|
|
|
|
|
|
|
|
cmd: . ~/.profile
|
2024-09-08 22:15:10 +00:00
|
|
|
cmd: go install github.com/nicksnyder/go-i18n/v2/goi18n@latest
|
|
|
|
|
2024-09-13 02:59:04 +00:00
|
|
|
cmd: cd ..
|
2024-09-08 22:15:10 +00:00
|
|
|
|
|
|
|
cmd: git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git
|
|
|
|
cmd: cd oidc-parent
|
|
|
|
# cause pull, fetch and other git commands to consider submodules
|
|
|
|
cmd: git config submodule.recurse true
|
|
|
|
|
|
|
|
cmd: make
|
2024-09-14 20:59:09 +00:00
|
|
|
Answer the password question for your "normal" user.
|
|
|
|
|
2024-09-08 22:15:10 +00:00
|
|
|
Change into the "deployment" sub-directory
|
|
|
|
cmd: cd deployment
|
2024-09-16 17:53:38 +00:00
|
|
|
|
|
|
|
Edit two files here. "host_vars/localhost.yml" and "group_vars/all.yml".
|
|
|
|
In both files, search for "hydra_public" and change "auth.cacert.localhost" into the "authserver" DNS name that you created at the top.
|
|
|
|
Then, in both files, search for "idp" and change "login.cacert.localhost" into the "idp" DNS name that you created at the top.
|
|
|
|
|
|
|
|
|
|
|
|
Continue by:
|
2024-09-08 22:15:10 +00:00
|
|
|
cmd: ansible-playbook -K 01_install_cacert_oidc.yml
|
2024-09-14 20:59:09 +00:00
|
|
|
Answer the password question for your "normal" user.
|
2024-09-08 22:15:10 +00:00
|
|
|
|
2024-09-18 01:14:29 +00:00
|
|
|
cmd: cd ../../oidc-registration-php
|
2024-09-08 22:15:10 +00:00
|
|
|
|
2024-09-13 15:23:08 +00:00
|
|
|
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
|
2024-09-14 21:08:20 +00:00
|
|
|
Also change "<Host IP>" to the correct value for your machine.
|
2024-09-13 15:23:08 +00:00
|
|
|
|
2024-09-08 22:15:10 +00:00
|
|
|
From your working directory, do the following As Root:
|
|
|
|
cmd: cd oidc-registration-php
|
|
|
|
cmd: cp -r * /var/www/html
|
2024-09-13 15:23:08 +00:00
|
|
|
cmd: cp ssl-certs/* /usr/local/share/ca-certificates
|
2024-09-08 22:15:10 +00:00
|
|
|
cmd: update-ca-certificates -f
|
|
|
|
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
|
2024-09-14 21:08:20 +00:00
|
|
|
cmd: mkdir -p /etc/nginx/certs
|
2024-09-14 20:59:09 +00:00
|
|
|
cmd: cp misc/cas.pem /etc/nginx/certs
|
2024-09-16 17:53:38 +00:00
|
|
|
cmd: chmod 751 /srv/hydra/bin
|
|
|
|
cmd: chmod 751 /srv/hydra/bin/hydra
|
|
|
|
cmd: cd /srv/cacert/etc
|
2024-09-18 01:14:29 +00:00
|
|
|
cmd: certbot --nginx -d <your domain name> -d <your authserver domain name> -d <Your IDP Domain Name>
|
|
|
|
cmd: cp -i /etc/letsencrypt/live/<Your Domain Name>/cert.pem <Your IDP Domain Name>.pem
|
|
|
|
cmd: cp -i /etc/letsencrypt/live/<Your Domain Name>/privkey.pem <Your IDP Domain Name>-key.pem
|
2024-09-16 17:53:38 +00:00
|
|
|
cmd: chown root:cacert *
|
2024-09-18 01:14:29 +00:00
|
|
|
cmd: chmod 640 <Your IDP Domain Name>-key.pem
|
|
|
|
cmd: systemctl restart cacert-idp.service
|
|
|
|
cmd: systemctl status cacert-idp.service
|
2024-09-16 17:53:38 +00:00
|
|
|
|
|
|
|
Exit Root, if necessary
|
|
|
|
|
2024-09-08 22:15:10 +00:00
|
|
|
|
|
|
|
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.
|
|
|
|
|
|
|
|
|
|
|
|
|