Skip to content

Installation sur Debian 12

Prérequis

Serveur web

apt install apache2 libapache2-mod-wsgi-py3
systemctl enable apache2

Bases de données

apt install postgresql
systemctl enable postgresql
cat /etc/postgresql/15/main/pg_hba.conf
local all postgres peer
local ededb edeuser md5

Création d'un utilisateur:

su - postgres
createuser --pwprompt edeuser 
createdb --owner=edeuser ededb
exit

Accès à la socket Postgres:

adduser www-data postgres

Application

cd /opt/
git clone https://gitlab.insa-rouen.fr/dsi/dev/ede.git

Il faut ensuite créer un fichier conf/local_settings.py avec votre configuration. À titre d'exemple, ce fichier pourrait ressembler à ça:

DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.postgresql_psycopg2",
        "NAME": "ededb",
        "USER": "edeuser",
        "PASSWORD": "PASS",
        "HOST": "/var/run/postgresql",
    }
}
DEBUG = False
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SECURE_HSTS_PRELOAD = True
ALLOWED_HOSTS = ["ede.example.com"]
SECRET_KEY = "django-insecure--9w@7o0@qn^o$fby#equd3&()qfzyean3ew75(+lytfr0(+n*7-A-Secret-Key"

ADMINS = [
    ("Admin", "admin@example.com"),
]
EMAIL_HOST = "smtp.example.com"
EMAIL_PORT = 25
SERVER_EMAIL = "noreply@example.com"
EMAIL_SUBJECT_PREFIX = "[EDE] "

CAS_SERVER_URL = "https://cas.example.com/cas/"

LDAP_SERVER = "ldap.example.com"
LDAP_USER = "cn=manager,dc=example,dc=com"
LDAP_PASSWD = "admin"
# PosixGroups
LDAP_GROUPS = "ou=SambaGroups,dc=example,dc=com"
LDAP_GROUP_ATTR = "cn"
LDAP_USERS = "ou=people,dc=example,dc=com"
LDAP_USER_ATTR = "uid"
LDAP_USER_ID_ATTR = "uidNumber"

GROUPS = ["administratifs"]

Les analystes sont définis grâce au drapeau is_staff au niveau du compte utilisateur Django. Les analystes sont les seules personnes autorisées à gérer les campagnes et à accéder à tous les résultats.

Python

apt install python3-pip python3-poetry
cd /opt/ede
poetry config virtualenvs.in-project true
./oto.sh prod_up_2

Configuration des tâches automatiques (crontab)

30 5 * * 1-5 /opt/ede/.venv/bin/python /opt/ede/manage.py sync_ldap_users_and_groups > /dev/null
30 18 * * 1-5 /opt/ede/.venv/bin/python /opt/ede/manage.py fin_de_campagne > /dev/null

Configuration Apache

Référence: https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/modwsgi/

Exemple de configuration Apache (/etc/apache2/sites-available/ede.conf):

ServerSignature off
ServerTokens prod
ServerAdmin admin@example.com

<VirtualHost ede.example.com:80>
    Redirect permanent / https://ede.example.com/
</VirtualHost>

<VirtualHost ede.example.com:443>
    ServerName ede.example.com
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off
    SSLSessionTickets off
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/apache2/ssl/ede.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ede.key
    SSLCertificateChainFile /etc/apache2/ssl/ede.ac

    DocumentRoot /var/www/html/

    Alias /favicon.ico /opt/ede/static/images/favicon.png
    Alias /static/ /opt/ede/static/

    <Directory /opt/ede/static>
        Require all granted
    </Directory>

    WSGIDaemonProcess ede python-home=/opt/ede/.venv python-path=/opt/ede
    WSGIProcessGroup ede
    WSGIScriptAlias / /opt/ede/conf/wsgi.py process-group=ede

    <Directory /opt/ede/conf>
        <Files wsgi.py>
            Require all granted
            </Files>
    </Directory>
</VirtualHost>

a2dissite 000-default
a2ensite ede
a2enmod ssl
systemctl restart apache2