Scribd
Upload
2K views13 pages

How To Install Psono in A Single Ubuntu Container

The document provides instructions for installing Psono password manager in a single Ubuntu container. It includes steps to create an SSL certificate using Certbot, set up a PostgreSQL database, install Psono server using Git, and configure the settings.yaml file with details like the email and database settings. The last sections specify how to configure the email and database blocks in the settings file.

Uploaded by

marco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views13 pages

How To Install Psono in A Single Ubuntu Container

The document provides instructions for installing Psono password manager in a single Ubuntu container. It includes steps to create an SSL certificate using Certbot, set up a PostgreSQL database, install Psono server using Git, and configure the settings.yaml file with details like the email and database settings. The last sections specify how to configure the email and database blocks in the settings file.

Uploaded by

marco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

 how to install psono in a single ubuntu container

 guide
 https://doc.psono.com/admin/installation/install-preparation.html#system-
requirements
 https://www.raffaelechiatto.com/installazione-e-configurazione-del-
password-manager-psono-su-ubuntu-server-18-04/
 https://gigazine.net/gsc_news/en/20200921-psono/
 certificate
 create the A record on dns (ovh → domain section → add and entry)
 passwords.netforfun.ovh = 51.38.81.147
 be sure there is a A record for doku.netforfun.ovh to 51.38.81.147
ping passwords.netforfun.ovh = 51.38.81.147

 use certbot container to create the ssl certificate for doku.netforfun.ovh


docker exec -ti certbot bash

certbot -d cloud.netforfun.ovh certonly

#option 3

#/var/www/html

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh #to


check generated keys

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh | grep fullchain.pem

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh | grep privkey.pem

 create the container


 check if ports are already uses for another container
docker container ps -a | grep 8085

docker container ps -a | grep 5443

docker run -dti --name psonocontlore20201121 \

-p 51.38.81.147:8085:80 \

-p 51.38.81.147:5443:443 \

-v /opt/letsencrypt:/etc/letsencrypt \

ubuntu:18.04

container ps -a | grep psonocontlore


docker exec -ti psonocontlore20201121 /bin/bash

apt-get update

 database - postgres
container ps -a | grep psonocontlore

docker exec -ti psonocontlore20201121 /bin/bash

apt-get update

apt-get install postgresql postgresql-contrib -y

su - postgress #to change user from root to


postgres

service postgresql status

service postgresql start

service postgresql status

createdb psono #to create a database called psono

psql psono

CREATE USER psono WITH PASSWORD 'password';

GRANT ALL PRIVILEGES ON DATABASE "psono" to psono;

CREATE EXTENSION IF NOT EXISTS ltree; #to install


extension

CREATE EXTENSION IF NOT EXISTS "pgcrypto"; #to install


extension

\q #to leave the


configuration

Ctrl + D #to came back to the previous user

service postgresql restart


service postgresql status

 server installation
apt-get install -y \

git \

libyaml-dev \

libpython3-dev \

libpq-dev \

libffi-dev \

python3-dev \

python-pip \

python3-pip \

python3-psycopg2 \

postgresql-client \

haveged \

libsasl2-dev \

libldap2-dev \

libssl-dev \

supervisor

pip3 install gunicorn

adduser psono #to create the user psono

su psono #to change user to psono

pwd

ls -lash
git clone https://gitlab.com/psono/psono-server.git ~/psono-server

cd

ls -lash /home/psono/ | grep psono-server

CTRL + D #per ritornare all utente di root

cd /home/psono/psono-server

pip3 install -r requirements.txt

su psono #change user to psono

mkdir ~/.psono_server #to create setting folder

ls -lash /home/psono/ | grep .psono-server

 create yaml file


nano ~/.psono_server/settings.yaml #paste the following

# python3 ~/psono-server/psono/manage.py generateserverkeys

SECRET_KEY: 'zgFqxW3hkWBXoMKhPOug77AB2qaMxegwh15mwo28THgxMxgQQUjCR'

ACTIVATION_LINK_SECRET: 'gxGBTCOuCLhdWx3tRNhqBJo8BiBa9QiKI8npzIeR2ylLxHtf'

DB_SECRET: 'wHPhrlAFKoBOUbSsdXsTvArsKHOgNDk6vsSLGzcMvDU3L1xY4r6qgZC3vco'

EMAIL_SECRET_SALT: '$adkgnEndSBVNqMRFH.O'

PRIVATE_KEY: 'a1ee57e26ffa587e93604c913a1ec99e5b8c3d363e21e2eda'

PUBLIC_KEY: 'ca0fa92bba376a1d64c0e06c502ea61995cc0e77645e855'

# The URL of the web client (path to e.g activate.html without the trailing
slash)

# WEB_CLIENT_URL: 'https://www.psono.pw'
# Switch DEBUG to false if you go into production

DEBUG: False

# Adjust this according to Django Documentation


https://docs.djangoproject.com/en/2.2/ref/settings/

ALLOWED_HOSTS: ['*']

# Should be your domain without "www.". Will be the last part of the username

ALLOWED_DOMAINS: ['psono.pw']

# If you want to disable registration, you can comment in the following line

# ALLOW_REGISTRATION: False

# If you want to disable the lost password functionality, you can comment in
the following line

# ALLOW_LOST_PASSWORD: False

# If you want to enforce that the email address and username needs to match
upon registration

# ENFORCE_MATCHING_USERNAME_AND_EMAIL: False

# If you want to restrict registration to some email addresses you can specify
here a list of domains to filter

# REGISTRATION_EMAIL_FILTER: ['company1.com', 'company2.com']


# Should be the URL of the host under which the host is reachable

# If you open the url and append /info/ to it you should have a text similar
to {"info":"{\"version\": \"....}

HOST_URL: 'https://www.psono.pw/server'

# The email used to send emails, e.g. for activation

# ATTENTION: If executed in a docker container, then "localhost" will resolve


to the docker container, so

# "localhost" will not work as host. Use the public IP or DNS record of the
server.

EMAIL_FROM: '[email protected]'

EMAIL_HOST: 'localhost'

EMAIL_HOST_USER: ''

EMAIL_HOST_PASSWORD : ''

EMAIL_PORT: 25

EMAIL_SUBJECT_PREFIX: ''

EMAIL_USE_TLS: False

EMAIL_USE_SSL: False

EMAIL_SSL_CERTFILE:

EMAIL_SSL_KEYFILE:

EMAIL_TIMEOUT:

# In case one wants to use mailgun, comment in below lines and provide the
mailgun access key and server name

# EMAIL_BACKEND: 'anymail.backends.mailgun.EmailBackend'

# MAILGUN_ACCESS_KEY: ''
# MAILGUN_SERVER_NAME: ''

# In case you want to offer Yubikey support, create a pair of credentials here
https://upgrade.yubico.com/getapikey/

# and update the following two lines before commenting them in

# YUBIKEY_CLIENT_ID: '123456'

# YUBIKEY_SECRET_KEY: '8I65IA6ASDFIUHGIH5021FKJA='

# If you have own Yubico servers, you can specify here the urls as a list

# YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']

# Cache enabled without belows Redis may lead to unexpected behaviour

# Cache with Redis

# By default you should use something different than database 0 or 1, e.g. 13


(default max is 16, can be configured in

# redis.conf) possible URLS are:

# redis://[:password]@localhost:6379/0

# rediss://[:password]@localhost:6379/0

# unix://[:password]@/path/to/socket.sock?db=0

# CACHE_ENABLE: False

# CACHE_REDIS: False

# CACHE_REDIS_LOCATION: 'redis://127.0.0.1:6379/13'
# Disables Throttling (necessary for unittests to pass) by overriding the
cache with a dummy cache

# https://docs.djangoproject.com/en/2.2/topics/cache/#dummy-caching-for-
development

# THROTTLING: False

# Enables the management API, required for the psono-admin-client / admin


portal

# MANAGEMENT_ENABLED: False

# Enables the fileserver API, required for the psono-fileserver

# FILESERVER_HANDLER_ENABLED: False

# Enables files for the client

# FILES_ENABLED: False

# Allows that users can search for partial usernames

# ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True

# Allows that users can search for email addresses too

# ALLOW_USER_SEARCH_BY_EMAIL: True

# Disables central security reports

# DISABLE_CENTRAL_SECURITY_REPORTS: True
# Configures a system wide DUO connection for all clients

# DUO_INTEGRATION_KEY: ''

# DUO_SECRET_KEY: ''

# DUO_API_HOSTNAME: ''

# If you are using the DUO proxy, you can configure here the necessary HTTP
proxy

# DUO_PROXY_HOST: 'the-ip-or-dns-name-goes-here'

# DUO_PROXY_PORT: 80

# DUO_PROXY_TYPE: 'CONNECT'

# If your proxy requires specific headers you can also configure these here

# DUO_PROXY_HEADERS: ''

# Normally only one of the configured second factors needs to be solved.


Setting this to True forces the client to solve all

# MULTIFACTOR_ENABLED: True

# Allows admins to limit the offered second factors in the client

# ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo']

# Your Postgres Database credentials

# ATTENTION: If executed in a docker container, then "localhost" will resolve


to the docker container, so

# "localhost" will not work as host. Use the public IP or DNS record of the
server.

DATABASES:
default:

'ENGINE': 'django.db.backends.postgresql_psycopg2'

'NAME': 'psono'

'USER': 'psono'

'PASSWORD': 'PraUSCA@12'

'HOST': 'localhost'

'PORT': '5432'

# for master / slave replication setup comment in the following (all reads
will be redirected to the slave

# slave:

# 'ENGINE': 'django.db.backends.postgresql_psycopg2'

# 'NAME': 'YourPostgresDatabase'

# 'USER': 'YourPostgresUser'

# 'PASSWORD': 'YourPostgresPassword'

# 'HOST': 'YourPostgresHost'

# 'PORT': 'YourPostgresPort'

# Update the path to your templates folder

# If you do not want to change it (yet) you can leave it like it is.

TEMPLATES: [

'BACKEND': 'django.template.backends.django.DjangoTemplates',

'DIRS': ['/home/psono/psono-server/psono/templates'],

'APP_DIRS': True,
'OPTIONS': {

'context_processors': [

'django.template.context_processors.debug',

'django.template.context_processors.request',

'django.contrib.auth.context_processors.auth',

'django.contrib.messages.context_processors.messages',

],

},

},

 change the following blocks


 to send e-mails
EMAIL_FROM: '[email protected]'

EMAIL_HOST: 'localhost'

EMAIL_HOST_USER: ''

EMAIL_HOST_PASSWORD : ''

EMAIL_PORT: 25

EMAIL_SUBJECT_PREFIX: ''

EMAIL_USE_TLS: False

EMAIL_USE_SSL: False

EMAIL_SSL_CERTFILE:

EMAIL_SSL_KEYFILE:

EMAIL_TIMEOUT:

 database
DATABASES:

default:

'ENGINE': 'django.db.backends.postgresql_psycopg2'

'NAME': 'psono'

'USER': 'psono'

'PASSWORD': 'PraUSCA@12'

'HOST': 'localhost'

'PORT': '5432'

 secret keys
python3 ~/psono-server/psono/manage.py generateserverkeys #to
generate keys

#if everything works fine I should have something like this

# Copy paste this content into your settings.yml and replace existing
occurrences

# WARNING: Do this only for a fresh installation!

# Changing those variables afterwards will break the program e.g.:

# Activation links will not work, Server will not be able to read user emails,
...

SECRET_KEY: 'zgFqxW3hkWBXoMKhPOug77AB2qaMxegwh15mwo28THgxMxgQQUjCR'

ACTIVATION_LINK_SECRET: 'gxGBTCOuCLhdWx3tRNhqBJo8BiBa9QiKI8npzIeR2ylLxHtf'

DB_SECRET: 'wHPhrlAFKoBOUbSsdXsTvArsKHOgNDk6vsSLGzcMvDU3L1xY4r6qgZC3vco'

EMAIL_SECRET_SALT: '$adkgnEndSBVNqMRFH.O'
PRIVATE_KEY: 'a1ee57e26ffa587e93604c913a1ec99e5b8c3d363e21e2eda'

PUBLIC_KEY: 'ca0fa92bba376a1d64c0e06c502ea61995cc0e77645e855'

 check if mail is working


python3 ~/psono-server/psono/manage.py sendtestmail [email protected]

 database creation
python3 ~/psono-server/psono/manage.py migrate

You might also like