ubuntuapache
howto run privacyidea with apache2 and mysql on ubuntu 14.04 ltswe use the latest 1.0dev0ofprivacyidea. it is available via thepython package indexor viagithub.
we assume that you have an apache2 and mysql database installed. this example was done on ubuntu 14.04 lts.
install dependencieswe are using the python virtualenv. so the installation will get all correct versions of its depending python modules.
we also need to install some development packages:
apt-get install python-dev python-virtualenv libldap2-dev libsasl2-dev libmysqlclient-dev
we will install privacyidea to /srv/privacyidea:cd /srv virtualenv privacyidea
cd privacyidea
source bin/activate
note:source bin/activate will enter the python virtualenv. all python packages you install via pip will not be installed to your main system but to /srv/privacyidea. we assume that you downloaded the privacyidea version 1.0dev0. (or install it directly from pypi)pip install privacyidea-1.0dev0.tar.gz
this will also install all dependencies. some of the packages need to be compiled, this is why we installed the development packages in the first step. as we will use mysql as the database, we need to install the python package:pip install mysql-python
now we will create the database and the database user:$ mysql -u root -p
enter password:
welcome to the mysql monitor. commands end with ; or /g.
your mysql connection id is 42
server version: 5.5.35-1ubuntu1 (ubuntu)
copyright (c) 2000, 2013, oracle and/or its affiliates. all rights reserved.
oracle is a registered trademark of oracle corporation and/or its
affiliates. other names may be trademarks of their respective
owners.
type 'help;' or '/h' for help. type '/c' to clear the current input statement.mysql> create database privacyidea;
query ok, 1 row affected (0.00 sec)mysql> grant all privileges on privacyidea.* to privacyidea@localhost identified by yourpassword;
query ok, 0 rows affected (0.00 sec)
mysql> flush privileges;
query ok, 0 rows affected (0.00 sec)mysql> quit;
bye
prepare configurationcreate the configuration directory:mkdir /etc/privacyidea
add the user, the wsgi script will run as:useradd -r privacyidea
copy the configuration examples:cp etc/privacyidea/* /etc/privacyidea/
mv /etc/privacyidea/privacyidea.ini.example /etc/privacyidea/privacyidea.ini
in /etc/privacyidea/privacyidea.ini adapt the following lines:sqlalchemy.url = mysql://privacyidea:yourpassword@localhost/privacyidea
args = ('/var/log/privacyidea/privacyidea.log','a', 10000000, 4)
who.log_file = /var/log/privacyidea/privacyidea.log
privacyideaurl = https://yourserver
privacyideaurl.disable_ssl=true
create your own encryption key:privacyidea-create-enckey -f /etc/privacyidea/privacyidea.ini
fix access rights:privacyidea-fix-access-rights -f /etc/privacyidea/privacyidea.ini -u privacyidea
create the database:paster setup-app /etc/privacyidea/privacyidea.ini
create admin usersin the first step, we will use admin users from a password file /etc/privacyidea/admin-users. later you can define realms in privacyidea.ini, that contain admin users.privacyidea-create-pwidresolver-user -u admin -i 1000 > /etc/privacyidea/admin-users
if you create an admin user admin, you can login as admin@admin.setup apachefinally we setup apache, we install mod-wsgi and enable a bunch of modules:apt-get install libapache2-mod-wsgi
a2enmod headers
a2enmod auth_digest
a2enmod ssl
a2dissite 000-default
copy the example apache config to its place:cp etc/apache2/sites-available/privacyidea /etc/apache2/sites-available/
note:with apache 2.4 the file needs to be renamed to privacyidea.confnow adapt privaycyidea.conf:
wsgiscriptalias / /etc/privacyidea/privacyideaapp.wsgi
wsgipythonhome /srv/privacyideasi
note:with apache 2.4 you need to change the access statement to require all granted, otherwise you will get ah01630: client denied by server configuration.as we want to run with ssl, you need to create self signed certificates:
privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea.conf
privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea
now enable your site:a2ensite privacyidea
restart apache and login with the administrator admin@admin you created earlier.