create config

## make dirs
> mkdir -p /var/opt/containers/psono

## create keys using psono
> docker run --rm -ti \
  psono/psono-server:latest python3 ./psono/manage.py generateserverkeys 

create env file called /var/opt/containers/psono/settings.yml

## == secrets
SECRET_KEY: 'xxxx..'
ACTIVATION_LINK_SECRET: 'xxxx..'
DB_SECRET: 'xxxx..'
EMAIL_SECRET_SALT: '$2b$1..'
PRIVATE_KEY: '02...0b'
PUBLIC_KEY: '02...0b'

## == debug
DEBUG: False

## == allowed hosts
ALLOWED_HOSTS: ['*']

## == allowed domains
ALLOWED_DOMAINS: ['psono.pw']

## == host url
HOST_URL: 'https://www.psono.pw/server'

## == smtp settings
EMAIL_FROM: 'psono@example.com'
EMAIL_HOST: 'smtp.example.com'
EMAIL_HOST_USER: ''
EMAIL_HOST_PASSWORD : ''
EMAIL_PORT: 25
EMAIL_SUBJECT_PREFIX: ''
EMAIL_USE_TLS: False
EMAIL_USE_SSL: False
EMAIL_SSL_CERTFILE: False
EMAIL_SSL_KEYFILE:
EMAIL_TIMEOUT: 10

## == database settings
DATABASES:
    default:
        'ENGINE': 'django.db.backends.postgresql_psycopg2'
        'NAME': 'psono'
        'USER': 'psono'
        'PASSWORD': 'password'
        'HOST': 'psono-database'
        'PORT': '5432'

TEMPLATES: [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': ['/root/psono/templates'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

use the secrets from the docker command one step above

test mail config

## test mail config
> docker run --rm \
  -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
  -ti psono/psono-server:latest python3 ./psono/manage.py sendtestmail user@example.com

setup database and server

## create docker network
> docker network create psono-network

## create database dir
> mkdir -p /var/opt/containers/psono/postgres

## create docker database container
> docker run --name psono-database --network psono-network \
  -v /var/opt/containers/psono/postgres:/var/lib/postgresql/data \
  -e POSTGRES_USER=psono \
  -e POSTGRES_PASSWORD=password \
  -d --restart=unless-stopped \
  postgres:14

## prepare database
> docker run --rm --network psono-network \
  -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
  -ti psono/psono-server:latest python3 ./psono/manage.py migrate

## run psono server on port 10100
> docker run --name psono-server --network psono-network \
    --sysctl net.core.somaxconn=65535 \
    -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
    -d --restart=unless-stopped -p 127.0.0.1:10100:80 psono/psono-server:latest

## test connection
> curl 127.0.0.1:10100/info/

## create a user
> docker run --rm --network psono-network \
  -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
  -ti psono/psono-server:latest python3 \
  ./psono/manage.py createuser user@example.com myPassword email@example.com
  ...
  Created user "user@example.com" with password "******" and email "email@example.com"

## create a cleanup job using cron
> crontab -e
30 2 * * * docker run --rm -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml -ti psono/psono-server:latest python3 ./psono/manage.py cleartoken >> /var/log/cron.log 2>&1

for a reverse proxy example see: psono documentaion

create webclient

## create webclient directory
> mkdir -p /var/opt/containers/psono/webclient

## create webconfig file
edit /var/opt/containers/psono/webclient/config.json

{
  "backend_servers": [{
    "title": "Psono.pw",
    "url": "https://www.psono.pw/server"
  }],
  "base_url": "https://www.psono.pw/",
  "allow_custom_server": true,
  "allow_registration": true,
  "allow_lost_password": true,
  "disable_download_bar": false,
  "authentication_methods": ["AUTHKEY", "LDAP"],
  "saml_provider": []
}

## create privacy policy - see example : https://gitlab.com/psono/psono-client/blob/develop/src/common/data/privacy-policy-content.html
> edit /var/opt/containers/psono/webclient/privacy-policy-content.html

## run webclient 
> docker run --name psono-client \
  -v /var/opt/containers/psono/webclient/config.json:/usr/share/nginx/html/config.json \
  -v /var/opt/containers/psono/webclient/privacy-policy-content.html:/usr/share/nginx/html/privacy-policy-content.html \
  -d --restart=unless-stopped -p 127.0.0.1:10101:80 psono/psono-client:latest

setup admin client

## add following to settings.yml
MANAGEMENT_ENABLED: True

## restart psono server
> docker restart psono-server

## promote the admin user
> docker run --rm --network psono-network \
  -v /var/opt/containers/psono/settings.yml:/root/.psono_server/settings.yaml \
  -ti psono/psono-server:latest python3 \
  ./psono/manage.py promoteuser user@example.com superuser
  ...
  Promoted user "user@example.com" to "superuser"

## run admin client
> docker run --name psono-admin-client \
    -v /var/opt/containers/psono/webclient/config.json:/usr/share/nginx/html/portal/config.json \
    -d --restart=unless-stopped -p 127.0.0.1:10102:80 psono/psono-admin-client:latest

go to https://pw.example.com for web login
go to https://pw.example.com/portal for admin ui login