 how to install psono in a single ubuntu container

 guide
 https://doc.psono.com/admin/installation/install-preparation.html#system-
requirements
 https://www.raffaelechiatto.com/installazione-e-configurazione-del-
password-manager-psono-su-ubuntu-server-18-04/
 https://gigazine.net/gsc_news/en/20200921-psono/
 certificate
 create the A record on dns (ovh → domain section → add and entry)
 passwords.netforfun.ovh = 51.38.81.147
 be sure there is a A record for doku.netforfun.ovh to 51.38.81.147
ping passwords.netforfun.ovh = 51.38.81.147

 use certbot container to create the ssl certificate for doku.netforfun.ovh

docker exec -ti certbot bash

certbot -d cloud.netforfun.ovh certonly

#option 3

#/var/www/html

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh #to

check generated keys

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh | grep fullchain.pem

ls -lash /etc/letsencrypt/live/cloud.netforfun.ovh | grep privkey.pem

 create the container

 check if ports are already uses for another container
docker container ps -a | grep 8085

docker container ps -a | grep 5443

docker run -dti --name psonocontlore20201121 \

-p 51.38.81.147:8085:80 \

-p 51.38.81.147:5443:443 \

-v /opt/letsencrypt:/etc/letsencrypt \

ubuntu:18.04

container ps -a | grep psonocontlore

docker exec -ti psonocontlore20201121 /bin/bash

apt-get update

 database - postgres
container ps -a | grep psonocontlore

docker exec -ti psonocontlore20201121 /bin/bash

apt-get update

apt-get install postgresql postgresql-contrib -y

su - postgress #to change user from root to

postgres

service postgresql status

service postgresql start

service postgresql status

createdb psono #to create a database called psono

psql psono

CREATE USER psono WITH PASSWORD 'password';

GRANT ALL PRIVILEGES ON DATABASE "psono" to psono;

CREATE EXTENSION IF NOT EXISTS ltree; #to install

extension

CREATE EXTENSION IF NOT EXISTS "pgcrypto"; #to install

extension

\q #to leave the

configuration

Ctrl + D #to came back to the previous user

service postgresql restart

service postgresql status

 server installation
apt-get install -y \

git \

libyaml-dev \

libpython3-dev \

libpq-dev \

libffi-dev \

python3-dev \

python-pip \

python3-pip \

python3-psycopg2 \

postgresql-client \

haveged \

libsasl2-dev \

libldap2-dev \

libssl-dev \

supervisor

pip3 install gunicorn

adduser psono #to create the user psono

su psono #to change user to psono

pwd

ls -lash
git clone https://gitlab.com/psono/psono-server.git ~/psono-server

cd

ls -lash /home/psono/ | grep psono-server

CTRL + D #per ritornare all utente di root

cd /home/psono/psono-server

pip3 install -r requirements.txt

su psono #change user to psono

mkdir ~/.psono_server #to create setting folder

ls -lash /home/psono/ | grep .psono-server

 create yaml file

nano ~/.psono_server/settings.yaml #paste the following

# python3 ~/psono-server/psono/manage.py generateserverkeys

SECRET_KEY: 'zgFqxW3hkWBXoMKhPOug77AB2qaMxegwh15mwo28THgxMxgQQUjCR'

ACTIVATION_LINK_SECRET: 'gxGBTCOuCLhdWx3tRNhqBJo8BiBa9QiKI8npzIeR2ylLxHtf'

DB_SECRET: 'wHPhrlAFKoBOUbSsdXsTvArsKHOgNDk6vsSLGzcMvDU3L1xY4r6qgZC3vco'

EMAIL_SECRET_SALT: '$adkgnEndSBVNqMRFH.O'

PRIVATE_KEY: 'a1ee57e26ffa587e93604c913a1ec99e5b8c3d363e21e2eda'

PUBLIC_KEY: 'ca0fa92bba376a1d64c0e06c502ea61995cc0e77645e855'

# The URL of the web client (path to e.g activate.html without the trailing
slash)

# WEB_CLIENT_URL: 'https://www.psono.pw'
# Switch DEBUG to false if you go into production

DEBUG: False

# Adjust this according to Django Documentation

https://docs.djangoproject.com/en/2.2/ref/settings/

ALLOWED_HOSTS: ['*']

# Should be your domain without "www.". Will be the last part of the username

ALLOWED_DOMAINS: ['psono.pw']

# If you want to disable registration, you can comment in the following line

# ALLOW_REGISTRATION: False

# If you want to disable the lost password functionality, you can comment in
the following line

# ALLOW_LOST_PASSWORD: False

# If you want to enforce that the email address and username needs to match
upon registration

# ENFORCE_MATCHING_USERNAME_AND_EMAIL: False

# If you want to restrict registration to some email addresses you can specify
here a list of domains to filter

# REGISTRATION_EMAIL_FILTER: ['company1.com', 'company2.com']

# Should be the URL of the host under which the host is reachable

# If you open the url and append /info/ to it you should have a text similar
to {"info":"{\"version\": \"....}

HOST_URL: 'https://www.psono.pw/server'

# The email used to send emails, e.g. for activation

# ATTENTION: If executed in a docker container, then "localhost" will resolve

to the docker container, so

# "localhost" will not work as host. Use the public IP or DNS record of the
server.

EMAIL_FROM: 'the-mail-for-for-example-useraccount-activations@test.com'

EMAIL_HOST: 'localhost'

EMAIL_HOST_USER: ''

EMAIL_HOST_PASSWORD : ''

EMAIL_PORT: 25

EMAIL_SUBJECT_PREFIX: ''

EMAIL_USE_TLS: False

EMAIL_USE_SSL: False

EMAIL_SSL_CERTFILE:

EMAIL_SSL_KEYFILE:

EMAIL_TIMEOUT:

# In case one wants to use mailgun, comment in below lines and provide the
mailgun access key and server name

# EMAIL_BACKEND: 'anymail.backends.mailgun.EmailBackend'

# MAILGUN_ACCESS_KEY: ''
# MAILGUN_SERVER_NAME: ''

# In case you want to offer Yubikey support, create a pair of credentials here
https://upgrade.yubico.com/getapikey/

# and update the following two lines before commenting them in

# YUBIKEY_CLIENT_ID: '123456'

# YUBIKEY_SECRET_KEY: '8I65IA6ASDFIUHGIH5021FKJA='

# If you have own Yubico servers, you can specify here the urls as a list

# YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']

# Cache enabled without belows Redis may lead to unexpected behaviour

# Cache with Redis

# By default you should use something different than database 0 or 1, e.g. 13

(default max is 16, can be configured in

# redis.conf) possible URLS are:

# redis://[:password]@localhost:6379/0

# rediss://[:password]@localhost:6379/0

# unix://[:password]@/path/to/socket.sock?db=0

# CACHE_ENABLE: False

# CACHE_REDIS: False

# CACHE_REDIS_LOCATION: 'redis://127.0.0.1:6379/13'
# Disables Throttling (necessary for unittests to pass) by overriding the
cache with a dummy cache

# https://docs.djangoproject.com/en/2.2/topics/cache/#dummy-caching-for-
development

# THROTTLING: False

# Enables the management API, required for the psono-admin-client / admin

portal

# MANAGEMENT_ENABLED: False

# Enables the fileserver API, required for the psono-fileserver

# FILESERVER_HANDLER_ENABLED: False

# Enables files for the client

# FILES_ENABLED: False

# Allows that users can search for partial usernames

# ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True

# Allows that users can search for email addresses too

# ALLOW_USER_SEARCH_BY_EMAIL: True

# Disables central security reports

# DISABLE_CENTRAL_SECURITY_REPORTS: True
# Configures a system wide DUO connection for all clients

# DUO_INTEGRATION_KEY: ''

# DUO_SECRET_KEY: ''

# DUO_API_HOSTNAME: ''

# If you are using the DUO proxy, you can configure here the necessary HTTP
proxy

# DUO_PROXY_HOST: 'the-ip-or-dns-name-goes-here'

# DUO_PROXY_PORT: 80

# DUO_PROXY_TYPE: 'CONNECT'

# If your proxy requires specific headers you can also configure these here

# DUO_PROXY_HEADERS: ''

# Normally only one of the configured second factors needs to be solved.

Setting this to True forces the client to solve all

# MULTIFACTOR_ENABLED: True

# Allows admins to limit the offered second factors in the client

# ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo']

# Your Postgres Database credentials

# ATTENTION: If executed in a docker container, then "localhost" will resolve

to the docker container, so

# "localhost" will not work as host. Use the public IP or DNS record of the
server.

DATABASES:
default:

'ENGINE': 'django.db.backends.postgresql_psycopg2'

'NAME': 'psono'

'USER': 'psono'

'PASSWORD': 'PraUSCA@12'

'HOST': 'localhost'

'PORT': '5432'

# for master / slave replication setup comment in the following (all reads
will be redirected to the slave

# slave:

# 'ENGINE': 'django.db.backends.postgresql_psycopg2'

# 'NAME': 'YourPostgresDatabase'

# 'USER': 'YourPostgresUser'

# 'PASSWORD': 'YourPostgresPassword'

# 'HOST': 'YourPostgresHost'

# 'PORT': 'YourPostgresPort'

# Update the path to your templates folder

# If you do not want to change it (yet) you can leave it like it is.

TEMPLATES: [

'BACKEND': 'django.template.backends.django.DjangoTemplates',

'DIRS': ['/home/psono/psono-server/psono/templates'],

'APP_DIRS': True,
'OPTIONS': {

'context_processors': [

'django.template.context_processors.debug',

'django.template.context_processors.request',

'django.contrib.auth.context_processors.auth',

'django.contrib.messages.context_processors.messages',

],

},

},

 change the following blocks

 to send e-mails
EMAIL_FROM: 'the-mail-for-for-example-useraccount-activations@test.com'

EMAIL_HOST: 'localhost'

EMAIL_HOST_USER: ''

EMAIL_HOST_PASSWORD : ''

EMAIL_PORT: 25

EMAIL_SUBJECT_PREFIX: ''

EMAIL_USE_TLS: False

EMAIL_USE_SSL: False

EMAIL_SSL_CERTFILE:

EMAIL_SSL_KEYFILE:

EMAIL_TIMEOUT:

 database
DATABASES:

default:

'ENGINE': 'django.db.backends.postgresql_psycopg2'

'NAME': 'psono'

'USER': 'psono'

'PASSWORD': 'PraUSCA@12'

'HOST': 'localhost'

'PORT': '5432'

 secret keys
python3 ~/psono-server/psono/manage.py generateserverkeys #to
generate keys

#if everything works fine I should have something like this

# Copy paste this content into your settings.yml and replace existing
occurrences

# WARNING: Do this only for a fresh installation!

# Changing those variables afterwards will break the program e.g.:

# Activation links will not work, Server will not be able to read user emails,
...

SECRET_KEY: 'zgFqxW3hkWBXoMKhPOug77AB2qaMxegwh15mwo28THgxMxgQQUjCR'

ACTIVATION_LINK_SECRET: 'gxGBTCOuCLhdWx3tRNhqBJo8BiBa9QiKI8npzIeR2ylLxHtf'

DB_SECRET: 'wHPhrlAFKoBOUbSsdXsTvArsKHOgNDk6vsSLGzcMvDU3L1xY4r6qgZC3vco'

EMAIL_SECRET_SALT: '$adkgnEndSBVNqMRFH.O'
PRIVATE_KEY: 'a1ee57e26ffa587e93604c913a1ec99e5b8c3d363e21e2eda'

PUBLIC_KEY: 'ca0fa92bba376a1d64c0e06c502ea61995cc0e77645e855'

 check if mail is working

python3 ~/psono-server/psono/manage.py sendtestmail mail@mail.com

 database creation
python3 ~/psono-server/psono/manage.py migrate