How To Run privacyIDEA With Apache2 And MySQL On Ubuntu 14.0_MySQL
Howto run privacyIDEA with Apache2 and MySQL On Ubuntu 14.04 LTS
We use the latest 1.0dev0ofprivacyIDEA. It is available via thepython package indexor viagithub.
We assume that you have an Apache2 and MySQL database installed. This example was done on Ubuntu 14.04 LTS.
Install dependencies
We are using the python virtualenv. So the installation will get all correct versions of its depending python modules.
We also need to install some development packages:
apt-get install python-dev python-virtualenv libldap2-dev libsasl2-dev libmysqlclient-dev
We will install privacyidea to /srv/privacyidea:cd /srv virtualenv privacyidea
cd privacyidea
source bin/activate
pip install privacyIDEA-1.0dev0.tar.gz
This will also install all dependencies. Some of the packages need to be compiled, this is why we installed the development packages in the first step. As we will use MySQL as the database, we need to install the python package:pip install MySQL-python
Now we will create the database and the database user:$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or /g.
Your MySQL connection id is 42
Server version: 5.5.35-1ubuntu1 (Ubuntu)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '/h' for help. Type '/c' to clear the current input statement.mysql> create database privacyidea;
Query OK, 1 row affected (0.00 sec)mysql> grant all privileges on privacyidea.* to "privacyidea"@"localhost" identified by "yourPassword";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)mysql> quit;
Bye
Prepare configuration
Create the configuration directory:mkdir /etc/privacyidea
Add the user, the wsgi script will run as:useradd -r privacyidea
Copy the configuration examples:cp etc/privacyidea/* /etc/privacyidea/
mv /etc/privacyidea/privacyidea.ini.example /etc/privacyidea/privacyidea.ini
sqlalchemy.url = mysql://privacyidea:yourPassword@localhost/privacyidea
args = ('/var/log/privacyidea/privacyidea.log','a', 10000000, 4)
who.log_file = /var/log/privacyidea/privacyidea.log
privacyideaURL = https://yourServer
privacyideaURL.disable_SSL=True
privacyidea-create-enckey -f /etc/privacyidea/privacyidea.ini
Fix access rights:privacyidea-fix-access-rights -f /etc/privacyidea/privacyidea.ini -u privacyidea
Create the database:paster setup-app /etc/privacyidea/privacyidea.ini
Create admin users
In the first step, we will use admin users from a password file /etc/privacyidea/admin-users. Later you can define realms in privacyidea.ini, that contain admin users.privacyidea-create-pwidresolver-user -u admin -i 1000 > /etc/privacyidea/admin-users
If you create an admin user "admin", you can login as "admin@admin".Setup Apache
Finally we setup Apache, we install mod-wsgi and enable a bunch of modules:apt-get install libapache2-mod-wsgi
a2enmod headers
a2enmod auth_digest
a2enmod ssl
a2dissite 000-default
cp etc/apache2/sites-available/privacyidea /etc/apache2/sites-available/
Note:With Apache 2.4 the file needs to be renamed to privacyidea.confNow adapt privaycyidea.conf:
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
WSGIPythonHome /srv/privacyideasi
As we want to run with SSL, you need to create self signed certificates:
privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea.conf
privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea
a2ensite privacyidea
Restart apache and login with the administrator "admin@admin" you created earlier.