diff --git a/INSTALL.txt b/INSTALL.txt index e314eeb..7ea5866 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,7 +1,9 @@ Start with Debian 12 +When you create your machine create two other DNS entries using your base Domain Name. They will be "authserver" and "idp." + APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo -Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip +Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm Apt-Install certbot python3-certbot-nginx golang-go If necessary create a "normal" user and give them "sudo" access in /etc/group @@ -57,12 +59,19 @@ Answer the password question for your "normal" user. Change into the "deployment" sub-directory cmd: cd deployment + +Edit two files here. "host_vars/localhost.yml" and "group_vars/all.yml". +In both files, search for "hydra_public" and change "auth.cacert.localhost" into the "authserver" DNS name that you created at the top. +Then, in both files, search for "idp" and change "login.cacert.localhost" into the "idp" DNS name that you created at the top. + + +Continue by: cmd: ansible-playbook -K 01_install_cacert_oidc.yml Answer the password question for your "normal" user. cmd: cd ../.. -As Root: cmd: certbot --nginx -d +As Root: cmd: certbot --nginx -d -d -d Edit misc/reverse-proxy.conf and change "" to the correct value. Also change "" to the correct value for your machine. @@ -75,7 +84,16 @@ From your working directory, do the following As Root: cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d cmd: mkdir -p /etc/nginx/certs cmd: cp misc/cas.pem /etc/nginx/certs - cmd: ( cd /var/www/html ; mv -i index.html index.html-orig ) + cmd: chmod 751 /srv/hydra/bin + cmd: chmod 751 /srv/hydra/bin/hydra + cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/cert.pem idp.buadh-brath.com.pem + cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/privkey.pem idp.buadh-brath.com-key.pem + cmd: cd /srv/cacert/etc + cmd: chown root:cacert * + cmd: chmod 640 idp.buadh-brath.com-key.pem + +Exit Root, if necessary + Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish. diff --git a/info.php b/info.php index c33d963..4c454de 100644 --- a/info.php +++ b/info.php @@ -3,6 +3,7 @@ echo file_get_contents("html/header.html"); $ini_arr = parse_ini_file( "cacert.ini" ); +$wellKnownURL = $ini_arr[ 'URLs' ][ 'WellKnownURL' ]; ?> @@ -32,7 +33,7 @@ $ini_arr = parse_ini_file( "cacert.ini" );

You may download the various URLs provided by the OpenID component - Here + Here

For more information, see our About Page diff --git a/register.php b/register.php index a8f62ac..66978bf 100644 --- a/register.php +++ b/register.php @@ -125,7 +125,7 @@ if (count($_POST) > 0) { echo ""; echo " "; echo ""; - echo $ini_arr[ 'AuthURL' ]; + echo $ini_arr[ 'URLs' ][ 'AuthURL' ]; echo ""; echo ""; echo ""; @@ -134,7 +134,7 @@ if (count($_POST) > 0) { echo ""; echo " "; echo ""; - echo $ini_arr[ 'TokenURL' ]; + echo $ini_arr[ 'URLs' ][ 'TokenURL' ]; echo ""; echo ""; echo ""; @@ -143,7 +143,7 @@ if (count($_POST) > 0) { echo ""; echo " "; echo ""; - echo $ini_arr[ 'UserInfoURL' ]; + echo $ini_arr[ 'URLs' ][ 'UserInfoURL' ]; echo ""; echo ""; echo "";