psono - docker
create config
## make dirs
> mkdir -p /var/opt/containers/psono
## create keys using psono
> docker run --rm -ti \
psono/psono-server:latest python3 ./psono/manage.py generateserverkeys
create env file called /var/opt/containers/psono/settings.yml
## == secrets
SECRET_KEY: 'xxxx..'
ACTIVATION_LINK_SECRET: 'xxxx..'
DB_SECRET: 'xxxx..'
EMAIL_SECRET_SALT: '$2b$1..'
PRIVATE_KEY: '02...0b'
PUBLIC_KEY: '02...0b'
## == debug
DEBUG: False
## == allowed hosts
ALLOWED_HOSTS: ['*']
## == allowed domains
ALLOWED_DOMAINS: ['psono.pw']
## == host url
HOST_URL: 'https://www.psono.pw/server'
## == smtp settings
EMAIL_FROM: 'psono@example.com'
EMAIL_HOST: 'smtp.example.com'
EMAIL_HOST_USER: ''
EMAIL_HOST_PASSWORD : ''
EMAIL_PORT: 25
EMAIL_SUBJECT_PREFIX: ''
EMAIL_USE_TLS: False
EMAIL_USE_SSL: False
EMAIL_SSL_CERTFILE: False
EMAIL_SSL_KEYFILE:
EMAIL_TIMEOUT: 10
## == database settings
DATABASES:
default:
'ENGINE': 'django.db.backends.postgresql_psycopg2'
'NAME': 'psono'
'USER': 'psono'
'PASSWORD': 'password'
'HOST': 'psono-database'
'PORT': '5432'
TEMPLATES: [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': ['/root/psono/templates'],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
use the secrets from the docker command one step above
test mail config
## test mail config
> docker run --rm \
-v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
-ti psono/psono-server:latest python3 ./psono/manage.py sendtestmail user@example.com
setup database and server
## create docker network
> docker network create psono-network
## create database dir
> mkdir -p /var/opt/containers/psono/postgres
## create docker database container
> docker run --name psono-database --network psono-network \
-v /var/opt/containers/psono/postgres:/var/lib/postgresql/data \
-e POSTGRES_USER=psono \
-e POSTGRES_PASSWORD=password \
-d --restart=unless-stopped \
postgres:14
## prepare database
> docker run --rm --network psono-network \
-v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
-ti psono/psono-server:latest python3 ./psono/manage.py migrate
## run psono server on port 10100
> docker run --name psono-server --network psono-network \
--sysctl net.core.somaxconn=65535 \
-v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
-d --restart=unless-stopped -p 127.0.0.1:10100:80 psono/psono-server:latest
## test connection
> curl 127.0.0.1:10100/info/
## create a user
> docker run --rm --network psono-network \
-v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
-ti psono/psono-server:latest python3 \
./psono/manage.py createuser user@example.com myPassword email@example.com
...
Created user "user@example.com" with password "******" and email "email@example.com"
## create a cleanup job using cron
> crontab -e
30 2 * * * docker run --rm -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml -ti psono/psono-server:latest python3 ./psono/manage.py cleartoken >> /var/log/cron.log 2>&1
for a reverse proxy example see:
psono documentaion
create webclient
## create webclient directory
> mkdir -p /var/opt/containers/psono/webclient
## create webconfig file
edit /var/opt/containers/psono/webclient/config.json
{
"backend_servers": [{
"title": "Psono.pw",
"url": "https://www.psono.pw/server"
}],
"base_url": "https://www.psono.pw/",
"allow_custom_server": true,
"allow_registration": true,
"allow_lost_password": true,
"disable_download_bar": false,
"authentication_methods": ["AUTHKEY", "LDAP"],
"saml_provider": []
}
## create privacy policy - see example : https://gitlab.com/psono/psono-client/blob/develop/src/common/data/privacy-policy-content.html
> edit /var/opt/containers/psono/webclient/privacy-policy-content.html
## run webclient
> docker run --name psono-client \
-v /var/opt/containers/psono/webclient/config.json:/usr/share/nginx/html/config.json \
-v /var/opt/containers/psono/webclient/privacy-policy-content.html:/usr/share/nginx/html/privacy-policy-content.html \
-d --restart=unless-stopped -p 127.0.0.1:10101:80 psono/psono-client:latest
setup admin client
## add following to settings.yml
MANAGEMENT_ENABLED: True
## restart psono server
> docker restart psono-server
## promote the admin user
> docker run --rm --network psono-network \
-v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
-ti psono/psono-server:latest python3 \
./psono/manage.py promoteuser user@example.com superuser
...
Promoted user "user@example.com" to "superuser"
## run admin client
> docker run --name psono-admin-client \
-v /var/opt/containers/psono/webclient/config.json:/usr/share/nginx/html/portal/config.json \
-d --restart=unless-stopped -p 127.0.0.1:10102:80 psono/psono-admin-client:latest
go to
https://pw.example.com
for web login
go tohttps://pw.example.com/portal
for admin ui login
13-02-2022