Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # generate the following six parameters with the following command
- # docker run --rm -ti psono/psono-server:latest python3 ./psono/manage.py generateserverkeys
- SECRET_KEY: 'OeNd_42X7\\/`i":c`,.Y#4Km]`QB{?@*"wQF/G#l0:!TCo7pmf'
- ACTIVATION_LINK_SECRET: 'xv*%n;F3f"5^f(aH-(;6<gd&&at2l.0SAp8Z,oAsf>ML_S,N@&'
- DB_SECRET: '<Sc%"}LO"t=Bzju2ag2Z("#dQ^}P1BCWDB,aKF|9zz`fDDh5"y'
- EMAIL_SECRET_SALT: '$2b$12$iNURlPdbMglVMdGOuVZEMu'
- PRIVATE_KEY: '92257488cbb780a3770ef7b6b31b2e5759ce9a2a8f899008f2d9ef25349b2f0c'
- PUBLIC_KEY: '518249c521a825d98126e89cfc6521b74cadfda64a60d608b3c6b9d20e60423b'
- # The URL of the web client (path to e.g activate.html without the trailing slash)
- # WEB_CLIENT_URL: 'https://www.psono.pw'
- # Switch DEBUG to false if you go into production
- DEBUG: False
- # Adjust this according to Django Documentation https://docs.djangoproject.com/en/1.10/ref/settings/
- ALLOWED_HOSTS: ['*']
- # Should be your domain without "www.". Will be the last part of the username
- ALLOWED_DOMAINS: ['psono.securedtech.co.za']
- # If you want to disable registration, you can comment in the following line
- # ALLOW_REGISTRATION: False
- # If you want to disable the lost password functionality, you can comment in the following line
- # ALLOW_LOST_PASSWORD: False
- # If you want to restrict registration to some email addresses you can specify here a list of domains to filter
- # REGISTRATION_EMAIL_FILTER: ['company1.com', 'company2.com']
- # Should be the URL of the host under which the host is reachable
- # If you open the url and append /info/ to it you should have a text similar to {"info":"{\"version\": \"....}
- HOST_URL: 'https://www.psono.securedtech.co.za/server'
- # The email used to send emails, e.g. for activation
- # ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
- # "localhost" will not work as host. Use the public IP or DNS record of the server.
- EMAIL_FROM: 'psono@securedtech.co.za'
- EMAIL_HOST: 'smtp-relay.gmail.com'
- EMAIL_HOST_USER: ''
- EMAIL_HOST_PASSWORD : ''
- EMAIL_PORT: 587
- EMAIL_SUBJECT_PREFIX: ''
- EMAIL_USE_TLS: False
- EMAIL_USE_SSL: False
- EMAIL_SSL_CERTFILE:
- EMAIL_SSL_KEYFILE:
- EMAIL_TIMEOUT:
- # In case one wants to use mailgun, comment in below lines and provide the mailgun access key and server name
- # EMAIL_BACKEND: 'anymail.backends.mailgun.EmailBackend'
- # MAILGUN_ACCESS_KEY: ''
- # MAILGUN_SERVER_NAME: ''
- # In case you want to offer Yubikey support, create a pair of credentials here https://upgrade.yubico.com/getapikey/
- # and update the following two lines before commenting them in
- # YUBIKEY_CLIENT_ID: '123456'
- # YUBIKEY_SECRET_KEY: '8I65IA6ASDFIUHGIH5021FKJA='
- # If you have own Yubico servers, you can specify here the urls as a list
- # YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']
- # Cache enabled without belows Redis may lead to unexpected behaviour
- # Cache with Redis
- # By default you should use something different than database 0 or 1, e.g. 13 (default max is 16, can be configured in
- # redis.conf) possible URLS are:
- # redis://[:password]@localhost:6379/0
- # rediss://[:password]@localhost:6379/0
- # unix://[:password]@/path/to/socket.sock?db=0
- # CACHE_ENABLE: False
- # CACHE_REDIS: False
- # CACHE_REDIS_LOCATION: 'redis://127.0.0.1:6379/13'
- # Disables Throttling (necessary for unittests to pass) by overriding the cache with a dummy cache
- # https://docs.djangoproject.com/en/1.11/topics/cache/#dummy-caching-for-development
- # THROTTLING: False
- # The server will automatically connect to the license server to get a license for 10 users.
- # For paying customers we offer the opportunity to get an offline license code.
- #
- # LICENSE_CODE: |
- # 0abcdefg...
- # 1abcdefg...
- # 2abcdefg...
- # 3abcdefg...
- # 4abcdefg...
- # 5abcdefg...
- # 6abcdefg...
- # 7abcdefg...
- # 8abcdefg...
- # Enables the management API, required for the psono-admin-client / admin portal
- # MANAGEMENT_ENABLED: False
- # Enables the fileserver API, required for the psono-fileserver
- # FILESERVER_HANDLER_ENABLED: False
- # Enables files for the client
- # FILES_ENABLED: False
- # Allows that users can search for partial usernames
- # ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True
- # Allows that users can search for email addresses too
- # ALLOW_USER_SEARCH_BY_EMAIL: True
- # Allows admins to limit the offered second factors in the client
- # ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo']
- # Enforce the user to setup a second factor
- # COMPLIANCE_ENFORCE_2FA: True
- # Disables recovery codes
- # COMPLIANCE_DISABLE_RECOVERY_CODES: True
- # Disables file repositories
- # COMPLIANCE_DISABLE_FILE_REPOSITORIES: True
- # Disables emergency codes
- # COMPLIANCE_DISABLE_EMERGENCY_CODES: True
- # Disables the export of passwords
- # COMPLIANCE_DISABLE_EXPORT: True
- # Disables API keys
- # COMPLIANCE_DISABLE_API_KEYS: True
- # Only necessary if the psono-client runs on a sub path (no trailing slash) e.g. "https://wwww.psono.pw"
- # WEB_CLIENT_URL: ''
- # Prevents the use of the last X passwords. 0 disables it.
- # DISABLE_LAST_PASSWORDS: 0
- # If you want to use LDAP, then you can configure it like this
- #
- # LDAP_URL: Any valid LDAP string, preferable with ldaps. usual urls are 'ldaps://example.com:636' or 'ldap://192.168.0.1:389'
- # LDAP_DOMAIN: Your LDAP domain, is added at the end of the username to form the full username
- # LDAP_BIND_DN: One User that can be used to search your LDAP
- # LDAP_BIND_PASS: The password of the user specified in LDAP_BIND_DN
- # LDAP_ATTR_GUID: The uuid attribute. e.g. on Windows 'objectGUID', but common are 'GUID' or 'entryUUID', default 'objectGUID'
- # LDAP_OBJECT_CLASS_USER: The objectClass value to filter user objects e.g. on Windows 'user', default 'user'
- # LDAP_OBJECT_CLASS_GROUP: The objectClass value to filter group objects e.g. on Windows 'group', default 'group'
- # LDAP_SEARCH_USER_DN: The "root" from which downwards we search for the users
- # LDAP_SEARCH_GROUP_DN: The "root" from which downwards we search for the groups
- # LDAP_ATTR_USERNAME: The username attribute to try to match against. e.g. on Windows 'sAMAccountName', default 'sAMAccountName'
- # LDAP_ATTR_EMAIL: The attribute of the user objects that holds the mail address e.g. on Windows 'mail', default 'mail'
- # LDAP_ATTR_GROUPS: The attribute of the user objects that holds the groups e.g. on Windows 'memberOf', default 'memberOf'
- # LDAP_CA_CERT_FILE: If you want to use ldaps and don't have a publicly trusted and signed certificate you can specify here the path to your ca certificate
- #
- # To help you setup LDAP, we have created a small "testldap" command that should make things alot easier. You can execute it like:
- # python3 psono/manage.py testldap username@something.com thePassWord
- #
- # For Windows AD it could look like this:
- #
- # LDAP : [
- # {
- # 'LDAP_URL': 'ldaps://192.168.0.1:636',
- # 'LDAP_DOMAIN': 'example.com',
- # 'LDAP_BIND_DN': 'CN=LDAPPsono,OU=UsersTech,OU=example.com,DC=example,DC=com',
- # 'LDAP_BIND_PASS': 'hopefully_not_123456',
- # 'LDAP_SEARCH_USER_DN': 'OU=Users,OU=example.com,DC=example,DC=com',
- # 'LDAP_SEARCH_GROUP_DN': 'OU=Groups,OU=example.com,DC=example,DC=com',
- # },
- # ]
- #
- # For OpenLDAP it could look like this:
- #
- # LDAP : [
- # {
- # 'LDAP_URL': 'ldaps://192.168.0.1:636',
- # 'LDAP_DOMAIN': 'example.com',
- # 'LDAP_BIND_DN': 'CN=LDAPPsono,OU=UsersTech,OU=example.com,DC=example,DC=com',
- # 'LDAP_BIND_PASS': 'hopefully_not_123456',
- # 'LDAP_SEARCH_USER_DN': 'OU=Users,OU=example.com,DC=example,DC=com',
- # 'LDAP_SEARCH_GROUP_DN': 'OU=Groups,OU=example.com,DC=example,DC=com',
- # 'LDAP_OBJECT_CLASS_USER': 'simpleSecurityObject',
- # 'LDAP_ATTR_USERNAME': 'cn',
- # 'LDAP_ATTR_GUID': 'entryUUID',
- # },
- # ]
- #
- # ATTENTION: API kays currently bypass LDAP authentication, that means API keys can still access secrets even if the
- # user was disabled in LDAP. API keys can be disabled with COMPLIANCE_DISABLE_API_KEYS
- # You also have to comment in the line below if you want to use LDAP (default: ['AUTHKEY'])
- # AUTHENTICATION_METHODS: ['AUTHKEY', 'LDAP']
- # Enable Audit logging
- # LOGGING_AUDIT: True
- # To log to another destination you can specify this here, default '/var/log/psono'
- # Never really necessary, as we will run the psono server in a docker container and can mount /var/log/psono to any
- # location on the underlying docker host.
- # LOGGING_AUDIT_FOLDER: '/var/log/psono'
- # If you prefer server time over utc, you can do that like below (default 'time_utc')
- # LOGGING_AUDIT_TIME: 'time_server'
- # If the server logs too much for you can either whitelist or blacklist events by their event code. (default: [])
- # LOGGING_AUDIT_WHITELIST: []
- # LOGGING_AUDIT_BLACKLIST: []
- # Your Postgres Database credentials
- # ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
- # "localhost" will not work as host. Use the public IP or DNS record of the server.
- DATABASES:
- default:
- 'ENGINE': 'django.db.backends.postgresql_psycopg2'
- 'NAME': 'psono'
- 'USER': 'psono'
- 'PASSWORD': 'password'
- 'HOST': '192.168.88.205'
- 'PORT': '5432'
- # for master / slave replication setup comment in the following (all reads will be redirected to the slave
- # slave:
- # 'ENGINE': 'django.db.backends.postgresql_psycopg2'
- # 'NAME': 'YourPostgresDatabase'
- # 'USER': 'YourPostgresUser'
- # 'PASSWORD': 'YourPostgresPassword'
- # 'HOST': 'YourPostgresHost'
- # 'PORT': 'YourPostgresPort'
- # The path to the template folder can be "shadowed" if required later
- TEMPLATES: [
- {
- 'BACKEND': 'django.template.backends.django.DjangoTemplates',
- 'DIRS': ['/root/psono/templates'],
- 'APP_DIRS': True,
- 'OPTIONS': {
- 'context_processors': [
- 'django.template.context_processors.debug',
- 'django.template.context_processors.request',
- 'django.contrib.auth.context_processors.auth',
- 'django.contrib.messages.context_processors.messages',
- ],
- },
- },
- ]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement