Further updates to the installation instructions.
This commit is contained in:
parent
5f0c508c55
commit
f4c70dcd17
3 changed files with 26 additions and 7 deletions
24
INSTALL.txt
24
INSTALL.txt
|
@ -1,7 +1,9 @@
|
||||||
Start with Debian 12
|
Start with Debian 12
|
||||||
|
|
||||||
|
When you create your machine create two other DNS entries using your base Domain Name. They will be "authserver" and "idp."
|
||||||
|
|
||||||
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
|
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
|
||||||
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip
|
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
|
||||||
Apt-Install certbot python3-certbot-nginx golang-go
|
Apt-Install certbot python3-certbot-nginx golang-go
|
||||||
|
|
||||||
If necessary create a "normal" user and give them "sudo" access in /etc/group
|
If necessary create a "normal" user and give them "sudo" access in /etc/group
|
||||||
|
@ -57,12 +59,19 @@ Answer the password question for your "normal" user.
|
||||||
|
|
||||||
Change into the "deployment" sub-directory
|
Change into the "deployment" sub-directory
|
||||||
cmd: cd deployment
|
cmd: cd deployment
|
||||||
|
|
||||||
|
Edit two files here. "host_vars/localhost.yml" and "group_vars/all.yml".
|
||||||
|
In both files, search for "hydra_public" and change "auth.cacert.localhost" into the "authserver" DNS name that you created at the top.
|
||||||
|
Then, in both files, search for "idp" and change "login.cacert.localhost" into the "idp" DNS name that you created at the top.
|
||||||
|
|
||||||
|
|
||||||
|
Continue by:
|
||||||
cmd: ansible-playbook -K 01_install_cacert_oidc.yml
|
cmd: ansible-playbook -K 01_install_cacert_oidc.yml
|
||||||
Answer the password question for your "normal" user.
|
Answer the password question for your "normal" user.
|
||||||
|
|
||||||
cmd: cd ../..
|
cmd: cd ../..
|
||||||
|
|
||||||
As Root: cmd: certbot --nginx -d <your domain name>
|
As Root: cmd: certbot --nginx -d <your domain name> -d <your authserver domain name> -d <your idp domain name>
|
||||||
|
|
||||||
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
|
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
|
||||||
Also change "<Host IP>" to the correct value for your machine.
|
Also change "<Host IP>" to the correct value for your machine.
|
||||||
|
@ -75,7 +84,16 @@ From your working directory, do the following As Root:
|
||||||
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
|
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
|
||||||
cmd: mkdir -p /etc/nginx/certs
|
cmd: mkdir -p /etc/nginx/certs
|
||||||
cmd: cp misc/cas.pem /etc/nginx/certs
|
cmd: cp misc/cas.pem /etc/nginx/certs
|
||||||
cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
|
cmd: chmod 751 /srv/hydra/bin
|
||||||
|
cmd: chmod 751 /srv/hydra/bin/hydra
|
||||||
|
cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/cert.pem idp.buadh-brath.com.pem
|
||||||
|
cmd: cp -i /etc/letsencrypt/live/registercacert.buadh-brath.com/privkey.pem idp.buadh-brath.com-key.pem
|
||||||
|
cmd: cd /srv/cacert/etc
|
||||||
|
cmd: chown root:cacert *
|
||||||
|
cmd: chmod 640 idp.buadh-brath.com-key.pem
|
||||||
|
|
||||||
|
Exit Root, if necessary
|
||||||
|
|
||||||
|
|
||||||
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.
|
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.
|
||||||
|
|
||||||
|
|
3
info.php
3
info.php
|
@ -3,6 +3,7 @@
|
||||||
echo file_get_contents("html/header.html");
|
echo file_get_contents("html/header.html");
|
||||||
|
|
||||||
$ini_arr = parse_ini_file( "cacert.ini" );
|
$ini_arr = parse_ini_file( "cacert.ini" );
|
||||||
|
$wellKnownURL = $ini_arr[ 'URLs' ][ 'WellKnownURL' ];
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
@ -32,7 +33,7 @@ $ini_arr = parse_ini_file( "cacert.ini" );
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
You may download the various URLs provided by the OpenID component
|
You may download the various URLs provided by the OpenID component
|
||||||
<a href="<?php echo $ini_arr[ 'URLs' ][ 'WellKnownURL' ] ?>" title="OpenID Config" target="_blank" download="openid_configuration.json" >Here</a>
|
<a href="<?php echo $wellKnownURL ?>" title="OpenID Config" target="_blank" download="openid_configuration.json" >Here</a>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
For more information, see our <b>About Page</b>
|
For more information, see our <b>About Page</b>
|
||||||
|
|
|
@ -125,7 +125,7 @@ if (count($_POST) > 0) {
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "<td> </td>";
|
echo "<td> </td>";
|
||||||
echo "<td>";
|
echo "<td>";
|
||||||
echo $ini_arr[ 'AuthURL' ];
|
echo $ini_arr[ 'URLs' ][ 'AuthURL' ];
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "</tr>";
|
echo "</tr>";
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
|
@ -134,7 +134,7 @@ if (count($_POST) > 0) {
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "<td> </td>";
|
echo "<td> </td>";
|
||||||
echo "<td>";
|
echo "<td>";
|
||||||
echo $ini_arr[ 'TokenURL' ];
|
echo $ini_arr[ 'URLs' ][ 'TokenURL' ];
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "</tr>";
|
echo "</tr>";
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
|
@ -143,7 +143,7 @@ if (count($_POST) > 0) {
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "<td> </td>";
|
echo "<td> </td>";
|
||||||
echo "<td>";
|
echo "<td>";
|
||||||
echo $ini_arr[ 'UserInfoURL' ];
|
echo $ini_arr[ 'URLs' ][ 'UserInfoURL' ];
|
||||||
echo "</td>";
|
echo "</td>";
|
||||||
echo "</tr>";
|
echo "</tr>";
|
||||||
echo "</table>";
|
echo "</table>";
|
||||||
|
|
Loading…
Reference in a new issue