Install the pia back application

Summary

• Clone the pia-back repository and go in it
• Create and fill the database.yml file
• Install all dependencies
• Generate and fill the secret_key_base in your application credentials
• Get a copy of the .env example file and fill it with the adequate information
• Create the database then the tables by running the migrations
• Configure the application and generate your CLIENT ID and CLIENT SECRET
• SMTP configuration
• Configure the default locale for the authentication emails
• [OPTIONAL] Enable the authentication mode
  • Create the first admin account
  • [OPTIONAL] Enable LDAP mode
  • [OPTIONAL] Single Sign-On (SSO)

Clone the pia-back repository and go in it

Clone the repository and cd into its folder:

cd ~/ && git clone https://github.com/LINCnil/pia-back.git && sudo mv ~/pia-back /var/www && cd /var/www/pia-back

Create and fill the database.yml file

Make a copy of the example database config yaml file:

cp config/database.example.yml config/database.yml

Edit the file:

nano config/database.yml

There, fill the fields username and password for each environment with the PostgreSQL username and password created in the step Install PostgreSQL.

Install all dependencies

If needed you can overwrite the ruby version with: rbenv local x.y.z

Launch bundler to install all dependencies: bundle install

Generate and fill the secret_key_base in your application credentials

• Generate the secret_key_base with bin/rake secret.

• Add it in your credentials using EDITOR='nano' bin/rails credentials:edit:

secret_key_base: [Fill it with the secret key base you have generated]

Get a copy of the .env example file and fill it with the adequate information

Go in the root path of the pia-back project then copy the .env-example file in your own .env file, using this command line: cp .env-example .env

• Generate the DEVISE_SECRET_KEY with bin/rake secret and paste the secret key in the .env file.

• Generate the DEVISE_PEPPER with bin/rake secret and paste the secret key in the .env file.

• Also add in the .env file this key: RAILS_ENV=production

Create the database then the tables by running the migrations

• RAILS_ENV=production bin/rails db:create

• RAILS_ENV=production bin/rails db:migrate

Configure the application and generate your CLIENT ID and CLIENT SECRET

Enter the rails console with RAILS_ENV=production bin/rails c

Launch the command Doorkeeper::Application.create(name: "PIA", redirect_uri: "urn:ietf:wg:oauth:2.0:oob", scopes: ["read", "write"])

Find your Client ID and Client SECRET by using Doorkeeper::Application.select(:uid, :secret).last.uid and Doorkeeper::Application.select(:uid, :secret).last.secret

See:

You will need the CLIENT ID and the CLIENT SECRET data to enable the authentication mode in your PIA Frontend application, in the "Settings" page.

SMTP configuration

Set up the SMTP credentials using EDITOR='nano' bin/rails credentials:edit:

email_from: pia@xxxx.com
smtp_address: xxxx
smtp_port: xxxx
smtp_domain: xxxx
smtp_user_name: xxxx
smtp_password: xxxx
smtp_authentication: :cram_md5
smtp_enable_starttls_auto: true

Configure the default locale for the authentication emails

The PIA tool can send different emails when the authentication module is enabled (new user, new evaluation ready, ...).

The default locale for the content of the authentication emails is English (en).

Define DEFAULT_LOCALE="[locale key]" inside your .env file to change the locale.

For example, if you want to have French translations for the authentication emails, configure DEFAULT_LOCALE="fr" in your .env file.

Supported locales: bg, cs, da, de, el, en, es, et, fi, fr, hr, hu, it, lt, lv, nl, no, pl, pt, ro, sl, sv.

[OPTIONAL] Enable the authentication mode

Set ENABLE_AUTHENTICATION=true inside your .env file. This will enable the authentication block on the pia Frontend homepage:

Create the first admin account

Enter the rails console with RAILS_ENV=production bin/rails c

Launch the command User.create(email: 'YOUR_EMAIL', password: 'Azeazeaze123-', password_confirmation: 'Azeazeaze123-') (your password should be at least 12 characters long, with numbers and special characters).

Get your user, add him all roles and unlock him with the unlock_access! method:

    a = User.last
    a.is_technical_admin = true
    a.is_functional_admin = true
    a.is_user = true
    a.unlock_access!
    a.save

[OPTIONAL] Enable LDAP mode

If you want to use the LDAP authentification mode, set DEVISE_LDAP_LOGGER=true inside your .env file.

Set up the environment credentials variables using EDITOR='nano' rails credentials:edit:

ldap_host: [Fill it with the LDAP host]
ldap_port: [Fill it with the LDAP port]
ldap_attribute: [Fill it with the LDAP attribute]
ldap_base: [Fill it with the LDAP base]
ldap_ssl: [true or false]

If admin user binding is a necessity, set DEVISE_LDAP_LOGGER_ADMIN_BIND=true inside your .env file and set up LDAP admin user credentials:

ldap_admin_user: [Fill it with the LDAP admin user]
ldap_admin_user_password: [Fill it with admin user password]

[OPTIONAL] Single Sign-On (SSO)

DISCLAIMER: SSO is not yet part of the master branch but it's available on the sso branch.

The following information are required to enable SSO mode, make sure you have them all:

• "entity_id (issuer)"
• "sso_service_url (idp_sso_target_url)"
• "idp_cert (idp_cert_fingerprint)"

Set this inside your .env file:

ENABLE_SSO=true
IDP_ENTITY_ID=[ENTITY ID VALUE]
IDP_SSO_TARGET_URL=[SSO TARGET URL]
IDP_SLO_TARGET_URL=[SSO TARGET URL] (same URL than IDP_SSO_TARGET_URL)
IDP_CERT=[SSO CERTIFICATE VALUE]
SSO_FRONTEND_REDIRECTION=[FRONT END URL]

Restart your pia-back rails app.