cacert/oidc-registration-php
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
oidc-registration-php/INSTALL.txt

103 lines
3.6 KiB
Text
Raw Blame History

Start with Debian 12
When you create your machine create two other DNS entries using your base Domain Name. They will be "authserver" and "idp."
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
Apt-Install certbot python3-certbot-nginx golang-go
If necessary create a "normal" user and give them "sudo" access in /etc/group
Become that user.
Create a working directory
cmd: cd <Working Directory>
cmd: git clone https://code.cacert.org/cacert/oidc-registration-php.git
cmd: cd oidc-registration-php
cmd: cp cacert.ini.sample cacert.ini
Edit cacert.ini and set the Database User and Password that you wish to use.
Also set the Domain and Host name in the URL variables.
cmd: cd misc
Edit oidc_db_v2.sql and insert the Database User name chosen above in place of "<Your User>".
As Root: cmd: cp oidc_db_v2.sql /var/lib/postgresql
As Root: cmd: su - postgres
cmd: createuser -s -d -e -r -P <DB User> ( Pwd: <DB Password> )
cmd: createdb oidc_db -O <DB User>
cmd: psql oidc_db < oidc_db_v2.sql
Note: There will be a series of 8 error messages followed by CREATE and ALTER statements. This is normal due to the format of the dump.
Ctrl-D
Ctrl-D
cmd: cd ..
cmd: mkdir -p $HOME/.local/share/virtualenvs ~/.local/bin
cmd: python3 -m venv $HOME/.local/share/virtualenvs/ansible
cmd: $HOME/.local/share/virtualenvs/ansible/bin/pip install ansible
cmd: ln -s $HOME/.local/share/virtualenvs/ansible/bin/ansible* $HOME/.local/bin/
cmd: export PATH=$HOME/.local/bin:$HOME/go/bin:$PATH
Edit your ~/.profile to include the preceeding PATH changes
cmd: . ~/.profile
cmd: go install github.com/nicksnyder/go-i18n/v2/goi18n@latest
cmd: cd ..
cmd: git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git
cmd: cd oidc-parent
# cause pull, fetch and other git commands to consider submodules
cmd: git config submodule.recurse true
cmd: make
Answer the password question for your "normal" user.
Change into the "deployment" sub-directory
cmd: cd deployment
Edit two files here. "host_vars/localhost.yml" and "group_vars/all.yml".
In both files, search for "hydra_public" and change "auth.cacert.localhost" into the "authserver" DNS name that you created at the top.
Then, in both files, search for "idp" and change "login.cacert.localhost" into the "idp" DNS name that you created at the top.
Continue by:
cmd: ansible-playbook -K 01_install_cacert_oidc.yml
Answer the password question for your "normal" user.
cmd: cd ../../oidc-registration-php
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
Also change "<Host IP>" to the correct value for your machine.
From your working directory, do the following As Root:
cmd: cd oidc-registration-php
cmd: cp -r * /var/www/html
cmd: cp ssl-certs/* /usr/local/share/ca-certificates
cmd: update-ca-certificates -f
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
cmd: mkdir -p /etc/nginx/certs
cmd: cp misc/cas.pem /etc/nginx/certs
cmd: chmod -R 751 /srv/hydra/bin
cmd: cd /srv/cacert/etc
cmd: certbot --nginx -d <your domain name> -d <your authserver domain name> -d <Your IDP Domain Name>
cmd: cp -i /etc/letsencrypt/live/<Your Domain Name>/cert.pem <Your IDP Domain Name>.pem
cmd: cp -i /etc/letsencrypt/live/<Your Domain Name>/privkey.pem <Your IDP Domain Name>-key.pem
cmd: chown root:cacert *
cmd: chmod 640 <Your IDP Domain Name>-key.pem
cmd: systemctl restart cacert-idp.service
cmd: systemctl status cacert-idp.service
Exit Root, if necessary
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.
Reference in a new issue View git blame Copy permalink