cacert/oidc-registration-php
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Further updates to the installation instructions.

Browse source
This commit is contained in:
Brian Mc Cullough 2024-09-16 19:53:38 +02:00
parent 5f0c508c55
commit f4c70dcd17
3 changed files with 26 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
INSTALL.txt
View file

@ -1,7 +1,9 @@
Start with Debian 12
When you create your machine create two other DNS entries using your base Domain Name. They will be "authserver" and "idp."
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
Apt-Install certbot python3-certbot-nginx golang-go
If necessary create a "normal" user and give them "sudo" access in /etc/group
@ -57,12 +59,19 @@ Answer the password question for your "normal" user.
Change into the "deployment" sub-directory
cmd: cd deployment
Edit two files here. "host_vars/localhost.yml" and "group_vars/all.yml".
In both files, search for "hydra_public" and change "auth.cacert.localhost" into the "authserver" DNS name that you created at the top.
Then, in both files, search for "idp" and change "login.cacert.localhost" into the "idp" DNS name that you created at the top.
Continue by:
cmd: ansible-playbook -K 01_install_cacert_oidc.yml
Answer the password question for your "normal" user.
cmd: cd ../..
As Root: cmd: certbot --nginx -d <your domain name>
As Root: cmd: certbot --nginx -d <your domain name> -d <your authserver domain name> -d <your idp domain name>
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
Also change "<Host IP>" to the correct value for your machine.
@ -75,7 +84,16 @@ From your working directory, do the following As Root:
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
cmd: mkdir -p /etc/nginx/certs
cmd: cp misc/cas.pem /etc/nginx/certs
cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
cmd: chmod 751 /srv/hydra/bin
cmd: chmod 751 /srv/hydra/bin/hydra
cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/cert.pem idp.buadh-brath.com.pem
cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/privkey.pem idp.buadh-brath.com-key.pem
cmd: cd /srv/cacert/etc
cmd: chown root:cacert *
cmd: chmod 640 idp.buadh-brath.com-key.pem
Exit Root, if necessary
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.

3
info.php
View file

@ -3,6 +3,7 @@
echo file_get_contents("html/header.html");
$ini_arr = parse_ini_file( "cacert.ini" );
$wellKnownURL = $ini_arr[ 'URLs' ][ 'WellKnownURL' ];
?>
@ -32,7 +33,7 @@ $ini_arr = parse_ini_file( "cacert.ini" );
</p>
<p>
You may download the various URLs provided by the OpenID component
<a href="<?php echo $ini_arr[ 'URLs' ][ 'WellKnownURL' ] ?>" title="OpenID Config" target="_blank" download="openid_configuration.json" >Here</a>
<a href="<?php echo $wellKnownURL ?>" title="OpenID Config" target="_blank" download="openid_configuration.json" >Here</a>
</p>
<p>
For more information, see our <b>About Page</b>

6
register.php
View file

@ -125,7 +125,7 @@ if (count($_POST) > 0) {
echo "</td>";
echo "<td>&nbsp;</td>";
echo "<td>";
echo $ini_arr[ 'AuthURL' ];
echo $ini_arr[ 'URLs' ][ 'AuthURL' ];
echo "</td>";
echo "</tr>";
echo "<tr>";
@ -134,7 +134,7 @@ if (count($_POST) > 0) {
echo "</td>";
echo "<td>&nbsp;</td>";
echo "<td>";
echo $ini_arr[ 'TokenURL' ];
echo $ini_arr[ 'URLs' ][ 'TokenURL' ];
echo "</td>";
echo "</tr>";
echo "<tr>";
@ -143,7 +143,7 @@ if (count($_POST) > 0) {
echo "</td>";
echo "<td>&nbsp;</td>";
echo "<td>";
echo $ini_arr[ 'UserInfoURL' ];
echo $ini_arr[ 'URLs' ][ 'UserInfoURL' ];
echo "</td>";
echo "</tr>";
echo "</table>";