Skip to content

Installation sur Debian 12

Prérequis

Serveur web

apt install apache2 libapache2-mod-wsgi-py3
systemctl enable apache2

Bases de données

apt install postgresql
systemctl enable postgresql
cat /etc/postgresql/15/main/pg_hba.conf
local   all             postgres                                peer
local absencesdb absencesuser md5

Création d'un utilisateur:

su - postgres
createuser --pwprompt absencesuser 
createdb --owner=absencesuser absencesdb
exit

Accès à la socket Postgres:

adduser www-data postgres

Application absences

cd /opt/
git clone https://gitlab.insa-rouen.fr/dsi/dev/absences.git

On créer un dossier pour le dépôt des fichiers et donner les droits à l'utilisateur web:

mkdir /opt/absences/media
chown www-data /opt/absences/media

Il faut ensuite créer un fichier conf/local_settings.py avec votre configuration. À titre d'exemple, ce fichier pourrait ressembler à ça:

DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.postgresql_psycopg2",
        "NAME": "absencesdb",
        "USER": "absencesuser",
        "PASSWORD": "PASS",
        "HOST": "/var/run/postgresql",
    }
}
DEBUG = False
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
CSRF_COOKIE_SECURE = True
ALLOWED_HOSTS = ["absences.example.com"]
SECRET_KEY = "django-insecure--9w@7o0@qn^o$fby#equd3&()qfzyean3ew75(+lytfr0(+n*7"

ADMINS = [
    ("Admin", "admin@example.com"),
]
EMAIL_HOST = "smtp.example.com"
EMAIL_PORT = 25
SERVER_EMAIL = "noreply@example.com"

CAS_SERVER_URL = "https://cas.example.com/cas/"

LDAP_SERVER = "ldap.example.com"
LDAP_USER = "cn=manager,dc=example,dc=com"
LDAP_PASSWD = "admin"
# PosixGroups
LDAP_GROUPS = "ou=SambaGroups,dc=example,dc=com"
LDAP_GROUP_ATTR = "cn"
LDAP_USERS = "ou=people,dc=example,dc=com"
LDAP_USER_ATTR = "uid"

GROUPS_EXECUTIVES = ["administratifs"]
GROUPS_TEACHERS = ["enseignants"]

Python

apt install python3-pip python3-poetry
ln -sf /usr/bin/python3 /usr/local/bin/python
cd /opt/absences
poetry config virtualenvs.in-project true
./oto.sh prod_up_2

Configuration des tâches automatiques (crontab)

30 5 * * 1-5 /opt/absences/.venv/bin/python /opt/absences/manage.py sync_ldap_users_and_groups > /dev/null
# maj pour le lendemain
0 23 * * 2-4 /opt/absences/.venv/bin/python /opt/absences/manage.py sync_ade_creneaux > /dev/null
# maj du dimanche pour toute la semaine
0 23 * * 7 /opt/absences/.venv/bin/python /opt/absences/manage.py sync_ade_creneaux -s > /dev/null

Configuration Apache

Référence: https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/modwsgi/

Exemple de configuration Apache (/etc/apache2/sites-available/absences.conf):

ServerSignature off
ServerTokens prod
ServerAdmin admin@example.com
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None

<VirtualHost absences.example.com:80>
    Redirect permanent / https://absences.example.com/
</VirtualHost>

<VirtualHost absences.example.com:443>
    ServerName absences.example.com
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off
    SSLSessionTickets off
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/apache2/ssl/absences.crt
    SSLCertificateKeyFile /etc/apache2/ssl/absences.key
    SSLCertificateChainFile /etc/apache2/ssl/absences.ac

    Header set Content-Security-Policy "script-src 'self' https://absences.example.com"

    DocumentRoot /var/www/html/

    Alias /robots.txt /opt/absences/static/core/robots.txt
    Alias /favicon.ico /opt/absences/static/core/favicon.png

    Alias /static/ /opt/absences/static/

    <Directory /opt/absences/static>
        Require all granted
    </Directory>

    WSGIDaemonProcess absences python-home=/opt/absences/.venv python-path=/opt/absences
    WSGIProcessGroup absences
    WSGIScriptAlias / /opt/absences/conf/wsgi.py process-group=absences

    <Directory /opt/absences/conf>
        <Files wsgi.py>
            Require all granted
            </Files>
    </Directory>
</VirtualHost>

Activation des modules complémentaires et démarrage:

a2dissite 000-default
a2ensite absences
a2enmod ssl
a2enmod rewrite
a2enmod headers
systemctl restart apache2