1. Provided installation guide
The installation procedure has been based on guides prepared for Centos available on https://docs.getindico.io/en/stable/installation/production/centos/
Initial steps
1.1. Eduteams service provider registration
1.2. Email account configuration
1.3. Configuration
1.4. Basic configuration
# General settings SQLALCHEMY_DATABASE_URI = 'postgresql:///indico' SECRET_KEY = b'_B\x11=\x8e\x8b\x7f\xdd\xf1\xe8>in\xd6\xb8m\xcb\xcf\x86\x05\xc0W\xc3\x02\x03\xb1\x7f\xf8Y\xb4\xa6\\' BASE_URL = 'https://indico-test.eufus.psnc.pl' CELERY_BROKER = 'redis://127.0.0.1:6379/0' REDIS_CACHE_URL = 'redis://127.0.0.1:6379/1' DEFAULT_TIMEZONE = 'Europe/Warsaw' DEFAULT_LOCALE = 'en_US' ENABLE_ROOMBOOKING = False CACHE_DIR = '/opt/indico/cache' TEMP_DIR = '/opt/indico/tmp' LOG_DIR = '/opt/indico/log' STORAGE_BACKENDS = {'default': 'fs:/opt/indico/archive'} ATTACHMENT_STORAGE = 'default' STATIC_FILE_METHOD = ('xaccelredirect', {'/opt/indico': '/.xsf/indico'})
1.5. Integration with EduTEAMS
... AUTH_PROVIDERS = { 'eduteams': { 'type': 'authlib', 'title': 'Eurofusion EduTEAMS', 'authlib_args': { 'client_id': '##########', 'client_secret': '##########', 'server_metadata_url': 'https://proxy.acc.eurofusion.eduteams.org/.well-known/openid-configuration', 'client_kwargs': {'scope': 'openid email profile'} }, 'callback_uri': '/multipass/authlib/eduteams', 'user_info_endpoint': 'https://proxy.acc.eurofusion.eduteams.org/OIDC/userinfo', 'use_id_token': False, }, ... # other authentication provider defs goes here } IDENTITY_PROVIDERS = { 'eduteams': { 'type': 'authlib', 'title': 'Eurofusion IDP', 'mapping': { 'first_name': 'given_name', 'last_name': 'family_name', 'email': 'email' }, 'trusted_email': True, 'synced_fields': {'first_name', 'last_name'} }, # other idps goes here ... } PROVIDER_MAP = { 'eduteams': 'eduteams', ... # other idps mappings goes here }
1.6. Integration with other OIDC IDP provider
AUTH_PROVIDERS = { ... 'keycloakdev': { 'type': 'authlib', 'title': 'Devel KEYCLOAK [test puprose]', 'authlib_args': { 'client_id': 'indico-test.eufus.psnc.pl', 'client_secret': '##########', 'server_metadata_url': 'https://keycloak-dev.apps.paas-dev.psnc.pl/auth/realms/indico-oneprovider.onedata.edu.pl/.well-known/openid-configuration', 'client_kwargs': {'scope': 'openid email profile'} }, 'callback_uri': '/multipass/authlib/keycloakdev', 'use_id_token': True, } } IDENTITY_PROVIDERS = { ... 'keycloakdev': { 'type': 'authlib', 'title': 'KeycloakDEV IDP', 'mapping': { 'first_name': 'given_name', 'last_name': 'family_name', 'email': 'email' }, 'trusted_email': True, } } PROVIDER_MAP = { ... 'keycloakdev': 'keycloakdev' }
1.7. Email communication
# Email settings SMTP_SERVER = ('smtp.man.poznan.pl', 587) SMTP_USE_TLS = True SMTP_LOGIN = '##########' SMTP_PASSWORD = '##########' SUPPORT_EMAIL = '############' PUBLIC_SUPPORT_EMAIL = '##########' NO_REPLY_EMAIL = 'no-reply@indico-test.eufus.psnc.pl'
1.8. SSL certificates
SSL certificates are located in `/etc/letsencrypt/live/indico-test.eufus.psnc.pl/`
Obtaining a new SSL certificate based on certbot
sudo certbot --nginx --rsa-key-size 4096 --no-redirect --staple-ocsp -d indico-test.eufus.psnc.pl
Obtained certificates are located in `/etc/letsencrypt/live/indico-test.eufus.psnc.pl/` directory.
Configuration of used SSL certificates is described in `/etc/nginx/conf.d/indico.conf`