root / docs / source / install.rst @ e5cbe795
History | View | Annotate | Download (12.3 kB)
1 | e0184c36 | Leonidas Poulopoulos | .. _install-label: |
---|---|---|---|
2 | e0184c36 | Leonidas Poulopoulos | |
3 | e0184c36 | Leonidas Poulopoulos | Installation/Configuration |
4 | b3081a11 | Leonidas Poulopoulos | ========================== |
5 | e0184c36 | Leonidas Poulopoulos | .. contents:: |
6 | e0184c36 | Leonidas Poulopoulos | |
7 | b3081a11 | Leonidas Poulopoulos | .. attention:: |
8 | b3081a11 | Leonidas Poulopoulos | Installation instructions assume a clean Debian Wheezy with Django 1.4 |
9 | b3081a11 | Leonidas Poulopoulos | |
10 | 348febee | Leonidas Poulopoulos | Assuming that you have installed all the required packages as described in :ref:`require-label` you can install the djnro platform application. |
11 | e0184c36 | Leonidas Poulopoulos | |
12 | e0184c36 | Leonidas Poulopoulos | Currently the source code is availiable at code.grnet.gr and can be cloned via git:: |
13 | e0184c36 | Leonidas Poulopoulos | |
14 | 348febee | Leonidas Poulopoulos | git clone https://code.grnet.gr/git/djnro |
15 | e0184c36 | Leonidas Poulopoulos | |
16 | 50781337 | Leonidas Poulopoulos | As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database. After git clone, copy settings.py.dist to settings.py:: |
17 | e0184c36 | Leonidas Poulopoulos | |
18 | 50781337 | Leonidas Poulopoulos | cd djnro |
19 | 50781337 | Leonidas Poulopoulos | cp djnro/settings.py.dist djnro/settings.py |
20 | e0184c36 | Leonidas Poulopoulos | |
21 | 5377fa47 | Kroustouris Stauros | |
22 | e0184c36 | Leonidas Poulopoulos | Project Settings (settings.py) |
23 | e5cbe795 | Kroustouris Stauros | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
24 | e5cbe795 | Kroustouris Stauros | Settings.py file should not be edited, the variables that need to be altered are in local_settings.py.dist. |
25 | e5cbe795 | Kroustouris Stauros | To set up Djnro one must copy local_settings.py.dist, to local_settings.py and alter the settings according to |
26 | e5cbe795 | Kroustouris Stauros | the configuration of the host. |
27 | e0184c36 | Leonidas Poulopoulos | |
28 | e0184c36 | Leonidas Poulopoulos | The following variables/settings need to be altered or set: |
29 | 97801513 | Stauros Kroustouris | |
30 | e0184c36 | Leonidas Poulopoulos | Set Admin contacts:: |
31 | e0184c36 | Leonidas Poulopoulos | |
32 | e0184c36 | Leonidas Poulopoulos | ADMINS = ( |
33 | e0184c36 | Leonidas Poulopoulos | ('Admin', 'admin@example.com'), |
34 | e0184c36 | Leonidas Poulopoulos | ) |
35 | e0184c36 | Leonidas Poulopoulos | |
36 | e0184c36 | Leonidas Poulopoulos | Set the database connection params:: |
37 | e0184c36 | Leonidas Poulopoulos | |
38 | e0184c36 | Leonidas Poulopoulos | DATABASES = { |
39 | e0184c36 | Leonidas Poulopoulos | ... |
40 | e0184c36 | Leonidas Poulopoulos | } |
41 | e0184c36 | Leonidas Poulopoulos | |
42 | b3081a11 | Leonidas Poulopoulos | For a production instance and once DEBUG is set to False set the ALLOWED_HOSTS:: |
43 | b3081a11 | Leonidas Poulopoulos | |
44 | b3081a11 | Leonidas Poulopoulos | ALLOWED_HOSTS = ['.example.com'] |
45 | b3081a11 | Leonidas Poulopoulos | |
46 | e0184c36 | Leonidas Poulopoulos | Set your timezone and Languages:: |
47 | e0184c36 | Leonidas Poulopoulos | |
48 | e0184c36 | Leonidas Poulopoulos | TIME_ZONE = 'Europe/Athens' |
49 | e0184c36 | Leonidas Poulopoulos | |
50 | e0184c36 | Leonidas Poulopoulos | LANGUAGES = ( |
51 | e0184c36 | Leonidas Poulopoulos | ('el', _('Greek')), |
52 | e0184c36 | Leonidas Poulopoulos | ('en', _('English')), |
53 | e0184c36 | Leonidas Poulopoulos | ) |
54 | e0184c36 | Leonidas Poulopoulos | |
55 | b3081a11 | Leonidas Poulopoulos | Set your static root and url:: |
56 | e0184c36 | Leonidas Poulopoulos | |
57 | b3081a11 | Leonidas Poulopoulos | STATIC_ROOT = '/path/to/static' |
58 | b3081a11 | Leonidas Poulopoulos | STATIC_URL = 'http://www.example.com/static' |
59 | b3081a11 | Leonidas Poulopoulos | |
60 | b3081a11 | Leonidas Poulopoulos | Set the secret key:: |
61 | b3081a11 | Leonidas Poulopoulos | |
62 | b3081a11 | Leonidas Poulopoulos | SECRET_KEY = '<put something really random here, eg. %$#%@#$^2312351345#$%3452345@#$%@#$234#@$hhzdavfsdcFDGVFSDGhn>' |
63 | e0184c36 | Leonidas Poulopoulos | |
64 | e0184c36 | Leonidas Poulopoulos | Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable:: |
65 | 97801513 | Stauros Kroustouris | |
66 | e0184c36 | Leonidas Poulopoulos | AUTHENTICATION_BACKENDS = ( |
67 | 97801513 | Stauros Kroustouris | 'djnro.djangobackends.shibauthBackend.shibauthBackend', |
68 | e0184c36 | Leonidas Poulopoulos | ... |
69 | e0184c36 | Leonidas Poulopoulos | 'django.contrib.auth.backends.ModelBackend', |
70 | e0184c36 | Leonidas Poulopoulos | ) |
71 | e0184c36 | Leonidas Poulopoulos | |
72 | e0184c36 | Leonidas Poulopoulos | Set your template dirs:: |
73 | e0184c36 | Leonidas Poulopoulos | |
74 | e0184c36 | Leonidas Poulopoulos | TEMPLATE_DIRS = ( |
75 | b3081a11 | Leonidas Poulopoulos | "/example/templates", |
76 | e0184c36 | Leonidas Poulopoulos | ) |
77 | e0184c36 | Leonidas Poulopoulos | |
78 | e0184c36 | Leonidas Poulopoulos | As the application includes a "Nearest Eduroam" functionality, world eduroam points are harvested via the eduroam.org kml file:: |
79 | 97801513 | Stauros Kroustouris | |
80 | e0184c36 | Leonidas Poulopoulos | EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml' |
81 | e0184c36 | Leonidas Poulopoulos | |
82 | 97801513 | Stauros Kroustouris | |
83 | 5377fa47 | Kroustouris Stauros | Depending on your AAI policy set an appropriate authEntitlement:: |
84 | d11cbe98 | Kroustouris Stauros | |
85 | e0184c36 | Leonidas Poulopoulos | SHIB_AUTH_ENTITLEMENT = 'urn:mace:example.com:pki:user' |
86 | e0184c36 | Leonidas Poulopoulos | |
87 | e0184c36 | Leonidas Poulopoulos | Mail server parameters:: |
88 | e0184c36 | Leonidas Poulopoulos | |
89 | e0184c36 | Leonidas Poulopoulos | SERVER_EMAIL = "Example domain eduroam Service <noreply@example.com>" |
90 | e0184c36 | Leonidas Poulopoulos | EMAIL_SUBJECT_PREFIX = "[eduroam] " |
91 | e0184c36 | Leonidas Poulopoulos | |
92 | e0184c36 | Leonidas Poulopoulos | NRO contact mails:: |
93 | e0184c36 | Leonidas Poulopoulos | |
94 | e0184c36 | Leonidas Poulopoulos | NOTIFY_ADMIN_MAILS = ["mail1@example.com", "mail2@example.com"] |
95 | e0184c36 | Leonidas Poulopoulos | |
96 | b3081a11 | Leonidas Poulopoulos | Set your cache backend (if you want to use one). For production instances you can go with memcached. For development you can switch to the provided dummy instance:: |
97 | e0184c36 | Leonidas Poulopoulos | |
98 | 5377fa47 | Kroustouris Stauros | |
99 | b3081a11 | Leonidas Poulopoulos | CACHES = { |
100 | b3081a11 | Leonidas Poulopoulos | 'default': { |
101 | b3081a11 | Leonidas Poulopoulos | 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', |
102 | b3081a11 | Leonidas Poulopoulos | 'LOCATION': '127.0.0.1:11211', |
103 | b3081a11 | Leonidas Poulopoulos | } |
104 | b3081a11 | Leonidas Poulopoulos | } |
105 | e0184c36 | Leonidas Poulopoulos | |
106 | 53b6f8a4 | Leonidas Poulopoulos | Models Name_i18n and URL_i18n include a language choice field |
107 | 53b6f8a4 | Leonidas Poulopoulos | If languages are the same with LANGUAGES variable, simply do URL_NAME_LANGS = LANGUAGES else set your own:: |
108 | 53b6f8a4 | Leonidas Poulopoulos | |
109 | 53b6f8a4 | Leonidas Poulopoulos | URL_NAME_LANGS = ( |
110 | 53b6f8a4 | Leonidas Poulopoulos | ('en', 'English' ), |
111 | 53b6f8a4 | Leonidas Poulopoulos | ('el', 'Ελληνικά'), |
112 | 53b6f8a4 | Leonidas Poulopoulos | ) |
113 | 53b6f8a4 | Leonidas Poulopoulos | |
114 | e0184c36 | Leonidas Poulopoulos | NRO specific parameters. Affect html templates:: |
115 | e0184c36 | Leonidas Poulopoulos | |
116 | e0184c36 | Leonidas Poulopoulos | # Frontend country specific vars, eg. Greece |
117 | e0184c36 | Leonidas Poulopoulos | NRO_COUNTRY_NAME = _('My Country') |
118 | 97801513 | Stauros Kroustouris | # Variable used by context_processor to display the "eduroam | <country_code>" in base.html |
119 | e0184c36 | Leonidas Poulopoulos | NRO_COUNTRY_CODE = 'gr' |
120 | e0184c36 | Leonidas Poulopoulos | # main domain url used in right top icon, eg. http://www.grnet.gr |
121 | e0184c36 | Leonidas Poulopoulos | NRO_DOMAIN_MAIN_URL = "http://www.example.com" |
122 | a280d3db | Leonidas Poulopoulos | # provider info for footer |
123 | a280d3db | Leonidas Poulopoulos | NRO_PROV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"} |
124 | e0184c36 | Leonidas Poulopoulos | #NRO social media contact (Use: // to preserve https) |
125 | a280d3db | Leonidas Poulopoulos | NRO_PROV_SOCIAL_MEDIA_CONTACT = [ |
126 | 97801513 | Stauros Kroustouris | {"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"}, |
127 | e0184c36 | Leonidas Poulopoulos | {"url":"//soc.media.url", "icon":"icon.png", "name":"NAME2(eg. Twitter)"}, |
128 | e0184c36 | Leonidas Poulopoulos | ] |
129 | e0184c36 | Leonidas Poulopoulos | # map center (lat, lng) |
130 | e0184c36 | Leonidas Poulopoulos | MAP_CENTER = (36.97, 23.71) |
131 | 97801513 | Stauros Kroustouris | #Helpdesk, used in base.html: |
132 | e0184c36 | Leonidas Poulopoulos | NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'} |
133 | e0184c36 | Leonidas Poulopoulos | |
134 | 97801513 | Stauros Kroustouris | Set the Realm country for REALM model:: |
135 | e0184c36 | Leonidas Poulopoulos | |
136 | e0184c36 | Leonidas Poulopoulos | #Countries for Realm model: |
137 | e0184c36 | Leonidas Poulopoulos | REALM_COUNTRIES = ( |
138 | e0184c36 | Leonidas Poulopoulos | ('country_2letters', 'Country' ), |
139 | e0184c36 | Leonidas Poulopoulos | ) |
140 | e0184c36 | Leonidas Poulopoulos | |
141 | e0184c36 | Leonidas Poulopoulos | Shibboleth attribute MAP according to your AAI policy:: |
142 | e0184c36 | Leonidas Poulopoulos | |
143 | e0184c36 | Leonidas Poulopoulos | #Shibboleth attribute map |
144 | e0184c36 | Leonidas Poulopoulos | SHIB_USERNAME = ['HTTP_EPPN'] |
145 | e0184c36 | Leonidas Poulopoulos | SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL'] |
146 | e0184c36 | Leonidas Poulopoulos | SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME'] |
147 | e0184c36 | Leonidas Poulopoulos | SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME'] |
148 | e0184c36 | Leonidas Poulopoulos | SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT'] |
149 | e0184c36 | Leonidas Poulopoulos | |
150 | e0184c36 | Leonidas Poulopoulos | Django Social Auth parameters:: |
151 | e0184c36 | Leonidas Poulopoulos | |
152 | e0184c36 | Leonidas Poulopoulos | TWITTER_CONSUMER_KEY = '' |
153 | e0184c36 | Leonidas Poulopoulos | TWITTER_CONSUMER_SECRET = '' |
154 | d11cbe98 | Kroustouris Stauros | |
155 | e0184c36 | Leonidas Poulopoulos | FACEBOOK_APP_ID = '' |
156 | e0184c36 | Leonidas Poulopoulos | FACEBOOK_API_SECRET = '' |
157 | 5377fa47 | Kroustouris Stauros | |
158 | e0184c36 | Leonidas Poulopoulos | LINKEDIN_CONSUMER_KEY = '' |
159 | e0184c36 | Leonidas Poulopoulos | LINKEDIN_CONSUMER_SECRET = '' |
160 | 5377fa47 | Kroustouris Stauros | |
161 | e0184c36 | Leonidas Poulopoulos | LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress'] |
162 | e0184c36 | Leonidas Poulopoulos | LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry'] |
163 | e0184c36 | Leonidas Poulopoulos | LINKEDIN_EXTRA_DATA = [('id', 'id'), |
164 | e0184c36 | Leonidas Poulopoulos | ('first-name', 'first_name'), |
165 | e0184c36 | Leonidas Poulopoulos | ('last-name', 'last_name'), |
166 | e0184c36 | Leonidas Poulopoulos | ('email-address', 'email_address'), |
167 | e0184c36 | Leonidas Poulopoulos | ('headline', 'headline'), |
168 | e0184c36 | Leonidas Poulopoulos | ('industry', 'industry')] |
169 | 5377fa47 | Kroustouris Stauros | |
170 | e0184c36 | Leonidas Poulopoulos | YAHOO_CONSUMER_KEY = '' |
171 | e0184c36 | Leonidas Poulopoulos | YAHOO_CONSUMER_SECRET = '' |
172 | 5377fa47 | Kroustouris Stauros | |
173 | e0184c36 | Leonidas Poulopoulos | GOOGLE_SREG_EXTRA_DATA = [] |
174 | 5377fa47 | Kroustouris Stauros | |
175 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
176 | 5377fa47 | Kroustouris Stauros | |
177 | e0184c36 | Leonidas Poulopoulos | FACEBOOK_EXTENDED_PERMISSIONS = ['email'] |
178 | 5377fa47 | Kroustouris Stauros | |
179 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/' |
180 | e0184c36 | Leonidas Poulopoulos | LOGIN_REDIRECT_URL = '/manage/' |
181 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/' |
182 | 5377fa47 | Kroustouris Stauros | |
183 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
184 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_REDIRECT_IS_HTTPS = True |
185 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_CREATE_USERS = True |
186 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False |
187 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_SANITIZE_REDIRECTS = False |
188 | 5377fa47 | Kroustouris Stauros | |
189 | 5377fa47 | Kroustouris Stauros | |
190 | 5377fa47 | Kroustouris Stauros | |
191 | e0184c36 | Leonidas Poulopoulos | SOCIAL_AUTH_PIPELINE = ( |
192 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.social.social_auth_user', |
193 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.user.get_username', |
194 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.user.create_user', |
195 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.social.associate_user', |
196 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.social.load_extra_data', |
197 | e0184c36 | Leonidas Poulopoulos | 'social_auth.backends.pipeline.user.update_user_details', |
198 | e0184c36 | Leonidas Poulopoulos | ) |
199 | e0184c36 | Leonidas Poulopoulos | |
200 | b3081a11 | Leonidas Poulopoulos | .. versionadded:: 0.9 |
201 | b3081a11 | Leonidas Poulopoulos | |
202 | 5377fa47 | Kroustouris Stauros | Support for eduroam CAT can be set via the corresponding variables/dicts. Make sure to **always** include a 'production' instance record for CAT_INSTANCES and CAT_AUTH. |
203 | b3081a11 | Leonidas Poulopoulos | What you really need to make CAT work is a CAT_API_KEY and the CAT_API_URL. The CAT_PROFILES_URL is the base url of the landing page where your institution users can download device profile configurations:: |
204 | b3081a11 | Leonidas Poulopoulos | |
205 | b3081a11 | Leonidas Poulopoulos | CAT_INSTANCES = ( |
206 | b3081a11 | Leonidas Poulopoulos | ('production', 'Production Instance'), |
207 | b3081a11 | Leonidas Poulopoulos | ('testing', 'Testing Instance'), |
208 | b3081a11 | Leonidas Poulopoulos | ('dev1', 'Dev1 Instance'), |
209 | b3081a11 | Leonidas Poulopoulos | ) |
210 | 5377fa47 | Kroustouris Stauros | |
211 | b3081a11 | Leonidas Poulopoulos | CAT_AUTH = { |
212 | b3081a11 | Leonidas Poulopoulos | 'production':{"CAT_API_KEY":"<provided API key>", |
213 | b3081a11 | Leonidas Poulopoulos | "CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
214 | b3081a11 | Leonidas Poulopoulos | "CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
215 | b3081a11 | Leonidas Poulopoulos | "CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"}, |
216 | b3081a11 | Leonidas Poulopoulos | 'testing':{"CAT_API_KEY":"<provided API key>", |
217 | b3081a11 | Leonidas Poulopoulos | "CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
218 | b3081a11 | Leonidas Poulopoulos | "CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
219 | b3081a11 | Leonidas Poulopoulos | "CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"}, |
220 | b3081a11 | Leonidas Poulopoulos | 'dev1':{"CAT_API_KEY":"<provided API key>", |
221 | b3081a11 | Leonidas Poulopoulos | "CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
222 | b3081a11 | Leonidas Poulopoulos | "CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php", |
223 | b3081a11 | Leonidas Poulopoulos | "CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"}, |
224 | b3081a11 | Leonidas Poulopoulos | } |
225 | b3081a11 | Leonidas Poulopoulos | |
226 | b3081a11 | Leonidas Poulopoulos | For more administrative info on eduroam CAT, you can visit: `A guide to eduroam CAT for federation administrators <https://confluence.terena.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+federation+administrators>`_. |
227 | e0184c36 | Leonidas Poulopoulos | |
228 | e0184c36 | Leonidas Poulopoulos | Database Sync |
229 | b3081a11 | Leonidas Poulopoulos | ^^^^^^^^^^^^^ |
230 | e0184c36 | Leonidas Poulopoulos | |
231 | e0184c36 | Leonidas Poulopoulos | Once you are done with settings.py run:: |
232 | e0184c36 | Leonidas Poulopoulos | |
233 | e0184c36 | Leonidas Poulopoulos | ./manage.py syncdb |
234 | e0184c36 | Leonidas Poulopoulos | |
235 | e0184c36 | Leonidas Poulopoulos | Create a superuser, it comes in handy. And then run south migration to complete:: |
236 | e0184c36 | Leonidas Poulopoulos | |
237 | e0184c36 | Leonidas Poulopoulos | ./manage.py migrate |
238 | e0184c36 | Leonidas Poulopoulos | |
239 | e0184c36 | Leonidas Poulopoulos | Now you should have a clean database with all the tables created. |
240 | e0184c36 | Leonidas Poulopoulos | |
241 | e0184c36 | Leonidas Poulopoulos | Running the server |
242 | b3081a11 | Leonidas Poulopoulos | ^^^^^^^^^^^^^^^^^^ |
243 | e0184c36 | Leonidas Poulopoulos | |
244 | e0184c36 | Leonidas Poulopoulos | We suggest going via Apache with mod_wsgi. Below is an example configuration:: |
245 | e0184c36 | Leonidas Poulopoulos | |
246 | 1debb48b | Kroustouris Stauros | WSGIDaemonProcess djnro processes=3 threads=20 display-name=%{GROUP} python-path=/path/to/djnro/ |
247 | 348febee | Leonidas Poulopoulos | WSGIProcessGroup djnro |
248 | 97801513 | Stauros Kroustouris | |
249 | e0184c36 | Leonidas Poulopoulos | ... |
250 | 97801513 | Stauros Kroustouris | |
251 | e0184c36 | Leonidas Poulopoulos | <VirtualHost *:443> |
252 | e0184c36 | Leonidas Poulopoulos | ServerName example.com |
253 | e0184c36 | Leonidas Poulopoulos | ServerAdmin admin@example.com |
254 | e0184c36 | Leonidas Poulopoulos | ServerSignature On |
255 | 97801513 | Stauros Kroustouris | |
256 | 1debb48b | Kroustouris Stauros | <Files wsgi.py> |
257 | 1debb48b | Kroustouris Stauros | Order deny,allow |
258 | 1debb48b | Kroustouris Stauros | Allow from all |
259 | 1debb48b | Kroustouris Stauros | </Files> |
260 | 1debb48b | Kroustouris Stauros | |
261 | 1debb48b | Kroustouris Stauros | |
262 | e0184c36 | Leonidas Poulopoulos | SSLEngine on |
263 | e0184c36 | Leonidas Poulopoulos | SSLCertificateFile ... |
264 | e0184c36 | Leonidas Poulopoulos | SSLCertificateChainFile ... |
265 | e0184c36 | Leonidas Poulopoulos | SSLCertificateKeyFile ... |
266 | 97801513 | Stauros Kroustouris | |
267 | e0184c36 | Leonidas Poulopoulos | # Shibboleth SP configuration |
268 | e0184c36 | Leonidas Poulopoulos | ShibConfig /etc/shibboleth/shibboleth2.xml |
269 | e0184c36 | Leonidas Poulopoulos | Alias /shibboleth-sp /usr/share/shibboleth |
270 | 97801513 | Stauros Kroustouris | |
271 | e0184c36 | Leonidas Poulopoulos | # Integration of Shibboleth into Django app: |
272 | 97801513 | Stauros Kroustouris | |
273 | e0184c36 | Leonidas Poulopoulos | <Location /login> |
274 | e0184c36 | Leonidas Poulopoulos | AuthType shibboleth |
275 | e0184c36 | Leonidas Poulopoulos | ShibRequireSession On |
276 | e0184c36 | Leonidas Poulopoulos | ShibUseHeaders On |
277 | e0184c36 | Leonidas Poulopoulos | require valid-user |
278 | e0184c36 | Leonidas Poulopoulos | </Location> |
279 | 97801513 | Stauros Kroustouris | |
280 | 97801513 | Stauros Kroustouris | |
281 | e0184c36 | Leonidas Poulopoulos | <Location /Shibboleth.sso> |
282 | e0184c36 | Leonidas Poulopoulos | SetHandler shib |
283 | e0184c36 | Leonidas Poulopoulos | </Location> |
284 | 97801513 | Stauros Kroustouris | |
285 | 97801513 | Stauros Kroustouris | |
286 | 348febee | Leonidas Poulopoulos | Alias /static /path/to/djnro/static |
287 | 1debb48b | Kroustouris Stauros | WSGIScriptAlias / /path/to/djnro/djnro/wsgi.py |
288 | cf115eda | Kroustouris Stauros | ErrorLog /var/log/apache2/error.log |
289 | cf115eda | Kroustouris Stauros | CustomLog /var/log/apache2/access.log combined |
290 | e0184c36 | Leonidas Poulopoulos | </VirtualHost> |
291 | e0184c36 | Leonidas Poulopoulos | |
292 | e0184c36 | Leonidas Poulopoulos | *Info*: It is strongly suggested to allow access to /admin|overview|alt-login *ONLY* from trusted subnets. |
293 | 97801513 | Stauros Kroustouris | |
294 | e0184c36 | Leonidas Poulopoulos | Once you are done, restart apache. |
295 | e0184c36 | Leonidas Poulopoulos | |
296 | e0184c36 | Leonidas Poulopoulos | Initial Data |
297 | b3081a11 | Leonidas Poulopoulos | ^^^^^^^^^^^^ |
298 | e0184c36 | Leonidas Poulopoulos | What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py). |
299 | e0184c36 | Leonidas Poulopoulos | The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the *Institutions* Model |
300 | e0184c36 | Leonidas Poulopoulos | |
301 | e0184c36 | Leonidas Poulopoulos | Next Steps (Set your Logo) |
302 | b3081a11 | Leonidas Poulopoulos | ^^^^^^^^^^^^^^^^^^^^^^^^^^ |
303 | 97801513 | Stauros Kroustouris | The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder. To change the domain logo on top right, replace the static/img/right_logo_small.png file with your own logo (86x40). |
304 | 5377fa47 | Kroustouris Stauros | |
305 | 5377fa47 | Kroustouris Stauros | Upgrade Instructions |
306 | 5377fa47 | Kroustouris Stauros | ^^^^^^^^^^^^^^^^^^^^ |
307 | e5cbe795 | Kroustouris Stauros | * Backup your settings.py file. |
308 | 27ac0194 | Kroustouris Stauros | |
309 | e5cbe795 | Kroustouris Stauros | * Copy loca_settings.py.dist to local_settings.py and fill the configuration according to the settings.py from your v0.8 instance. |
310 | 0ab62c1a | Kroustouris Stauros | |
311 | 27ac0194 | Kroustouris Stauros | * edit the apache configuration in order to work with the new location of wsgi and |
312 | 27ac0194 | Kroustouris Stauros | set the python-path attribute. |
313 | 27ac0194 | Kroustouris Stauros | |
314 | 27ac0194 | Kroustouris Stauros | * remove old wsgi file '/path/to/djnro/apache/django.wsgi' |
315 | 27ac0194 | Kroustouris Stauros | |
316 | e5cbe795 | Kroustouris Stauros | * remove old settings.py.dist |
317 | e5cbe795 | Kroustouris Stauros | |
318 | d3c0ae1e | Kroustouris Stauros | * remove django-extensions from `INSTALLED_APPS` |
319 | d3c0ae1e | Kroustouris Stauros | |
320 | d3c0ae1e | Kroustouris Stauros | * Add timeout in cache configuration |
321 | d3c0ae1e | Kroustouris Stauros | |
322 | d3c0ae1e | Kroustouris Stauros | * Required packages: |
323 | d3c0ae1e | Kroustouris Stauros | |
324 | d3c0ae1e | Kroustouris Stauros | * python-oauth2 |
325 | d3c0ae1e | Kroustouris Stauros | |
326 | d3c0ae1e | Kroustouris Stauros | * python-requests |
327 | d3c0ae1e | Kroustouris Stauros | |
328 | d3c0ae1e | Kroustouris Stauros | * python-lxml |
329 | d3c0ae1e | Kroustouris Stauros | |
330 | d3c0ae1e | Kroustouris Stauros | * python-yaml |
331 | d3c0ae1e | Kroustouris Stauros | |
332 | d3c0ae1e | Kroustouris Stauros | * run manage.py migrate |
333 | d3c0ae1e | Kroustouris Stauros | |
334 | 0ab62c1a | Kroustouris Stauros | |
335 | 0ab62c1a | Kroustouris Stauros | Pip Support |
336 | 0ab62c1a | Kroustouris Stauros | ^^^^^^^^^^^^ |
337 | 0ab62c1a | Kroustouris Stauros | We have added a requirements.txt file, tested for django 1.4.5. You can use it |
338 | 0ab62c1a | Kroustouris Stauros | with `pip install -r requirements.txt`. |
339 | d3c0ae1e | Kroustouris Stauros | |
340 | d3c0ae1e | Kroustouris Stauros | |
341 | d3c0ae1e | Kroustouris Stauros | Ldap Authentication |
342 | d3c0ae1e | Kroustouris Stauros | ^^^^^^^^^^^^^^^^^^^ |
343 | d3c0ae1e | Kroustouris Stauros | In case you want to use Ldap authentication:: |
344 | 6e7ad679 | Kroustouris Stavros | |
345 | d3c0ae1e | Kroustouris Stauros | AUTHENTICATION_BACKENDS = ( |
346 | d3c0ae1e | Kroustouris Stauros | ..., |
347 | d3c0ae1e | Kroustouris Stauros | 'django_auth_ldap.backend.LDAPBackend', |
348 | d3c0ae1e | Kroustouris Stauros | ..., |
349 | d3c0ae1e | Kroustouris Stauros | ) |
350 | d3c0ae1e | Kroustouris Stauros | |
351 | d3c0ae1e | Kroustouris Stauros | # LDAP CONFIG |
352 | 5925e4b8 | Kroustouris Stauros | import ldap |
353 | 6e7ad679 | Kroustouris Stavros | from django_auth_ldap.config import LDAPSearch, GroupOfNamesType |
354 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_BIND_DN = "" |
355 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_BIND_PASSWORD = "" |
356 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_SERVER_URI = "ldap://foo.bar.org" |
357 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_START_TLS = True |
358 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People, dc=bar, dc=foo", |
359 | d3c0ae1e | Kroustouris Stauros | ldap.SCOPE_SUBTREE, "(uid=%(user)s)") |
360 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_USER_ATTR_MAP = { |
361 | d3c0ae1e | Kroustouris Stauros | "first_name":"givenName", |
362 | d3c0ae1e | Kroustouris Stauros | "last_name": "sn", |
363 | d3c0ae1e | Kroustouris Stauros | "email": "mail |
364 | d3c0ae1e | Kroustouris Stauros | } |
365 | d3c0ae1e | Kroustouris Stauros | # Set up the basic group parameters. |
366 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_GROUP_SEARCH = LDAPSearch( |
367 | d3c0ae1e | Kroustouris Stauros | "ou=Groups,dc=foo,dc=bar,dc=org",ldap.SCOPE_SUBTREE, objectClass=groupOfNames" |
368 | d3c0ae1e | Kroustouris Stauros | ) |
369 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() |
370 | d3c0ae1e | Kroustouris Stauros | AUTH_LDAP_USER_FLAGS_BY_GROUP = { |
371 | d3c0ae1e | Kroustouris Stauros | "is_active": "cn=NOC, ou=Groups, dc=foo, dc=bar, dc=org", |
372 | d3c0ae1e | Kroustouris Stauros | "is_staff": "cn=staff, ou=Groups, dc=foo, dc=bar, dc=org", |
373 | d3c0ae1e | Kroustouris Stauros | "is_superuser": "cn=NOC, ou=Groups,dc=foo, dc=bar, dc=org" |
374 | d3c0ae1e | Kroustouris Stauros | } |