diff options
| -rw-r--r-- | README.md | 64 |
1 files changed, 23 insertions, 41 deletions
@@ -7,58 +7,40 @@ docker build --no-cache=true -t ndn-pwman . ``` -### Add secret -Make a `secret.txt` file and add a random 50 character secret in a data dir. This is just an example. - -``` -6dxjpk*+-ywfxxi#_wmpzon@-p6hwwh9z)7q0t)h7zy*tdz20x -``` - - -### Migrate database - -If running for the first time or if changes has been made to the database scheme you should run the django migrate script. You should store the database in a volume. - -``` -docker run --rm -ti -v $(pwd)/data:/opt/pwman ndn-pwman migrate -``` - -### Collect statics - -You need to server the static content using either apache or nginx. -To export the static files use the same data dir as you did for the database, and run the `collectstatic` command. - -``` -docker run --rm -ti -v $(pwd)/data:/opt/pwman ndn-pwman collectstatic -``` - - ## Running pwman -You need a useradmin keytab file, and the admin password for our ldap. +You need a useradmin keytab file, and the admin password for our LDAP. + +You also need a proxy running in front of pwman, that sends along a `X-Remote-User` http header. ``` - docker run --rm -ti --name pwman -e LDAP_PASSWORD="1234secrets" -v /etc/useradmin.keytab:/etc/useradmin.keytab:ro -v $(pwd)/data:/opt/pwman ndn-pwman server + docker run --rm -ti --name pwman -e LDAP_PASSWORD="1234secrets" -e LDAP_SERVER="ldap.nordu.net" -v /etc/useradmin.keytab:/opt/keytabs/pwman.keytab:ro -v $(pwd)/data:/opt/pwman ndn-pwman ``` - -## Debugging - -You can run the image with the argument shell. +## Gennerating a persistent csrf key ``` -docker run --rm -ti ndn-pwman shell +docker run --rm --ti ndn-pwman pwman -gennerate-csrf ``` ## Environement variables -Required veriables marked with a `*` +Run `pwman -h` to get the full list of flags. All flags can be set using environment variables by upper casing them and replacing dashes with underscore e.g. `ldap-password` becomes `LDAP_PASSWORD`. + +The only required variable is the `LDAP_PASSWORD` -- LDAP_URL - defaults to `ldaps://ldap.norud.net` +- LDAP_SERVER - defaults to `localhost` +- LDAP_PORT - defaults to `636` - LDAP_USER - defaults to `cn=admin,dc=nordu,dc=net` -- LDAP_PASSWORD* -- KERBEROS_SCRIPT - `/opt/pwman/kerberos.pl` -- DEBUG_MODE - defaults to `False` -- SECRET_KEY_FILE - use a file containing a secret. Will overwrite SECRET_KEY if present. Defaults to `DATA_DIR/secret.txt` -- SECRET_KEY - random 50 characters (including specials) -- DATA_DIR - defaults to `/opt/pwman`, where the database, static files etc will be stored. +- LDAP_PASSWORD +- CHANGEPW_SCRIPT - `/opt/scripts/create-kdc-principal.pl` +- CSRF_SECRET - random 32 characters (including specials) +- ADDRESS - sets the address the pwman server will listen on - `:3000` +- BASE_PATH - Pwman should reside under e.g. `/sso` +- PWNED - path to pwned passwords v2 file +- KRB5_CONFIG - path to krb5.conf file + +Primarily development variables: + +- CSRF_INSECURE - allow csrf cookies to be sent over unencrypted http +- LDAP_SSL_SKIP_VERIFY - don't do ldap ssl verification |