API tools faq
paste
Advertisement
Guest User

test

a guest
May 7th, 2019
1,272
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.28 KB | None | 0 0
raw download clone embed print report
  1. # generate the following six parameters with the following command
  2. # docker run --rm -ti psono/psono-server:latest python3 ./psono/manage.py generateserverkeys
  3. SECRET_KEY: 'OeNd_42X7\\/`i":c`,.Y#4Km]`QB{?@*"wQF/G#l0:!TCo7pmf'
  4. ACTIVATION_LINK_SECRET: 'xv*%n;F3f"5^f(aH-(;6<gd&&at2l.0SAp8Z,oAsf>ML_S,N@&'
  5. DB_SECRET: '<Sc%"}LO"t=Bzju2ag2Z("#dQ^}P1BCWDB,aKF|9zz`fDDh5"y'
  6. EMAIL_SECRET_SALT: '$2b$12$iNURlPdbMglVMdGOuVZEMu'
  7. PRIVATE_KEY: '92257488cbb780a3770ef7b6b31b2e5759ce9a2a8f899008f2d9ef25349b2f0c'
  8. PUBLIC_KEY: '518249c521a825d98126e89cfc6521b74cadfda64a60d608b3c6b9d20e60423b'
  9.  
  10. # The URL of the web client (path to e.g activate.html without the trailing slash)
  11. # WEB_CLIENT_URL: 'https://www.psono.pw'
  12.  
  13. # Switch DEBUG to false if you go into production
  14. DEBUG: False
  15.  
  16. # Adjust this according to Django Documentation https://docs.djangoproject.com/en/1.10/ref/settings/
  17. ALLOWED_HOSTS: ['*']
  18.  
  19. # Should be your domain without "www.". Will be the last part of the username
  20. ALLOWED_DOMAINS: ['psono.securedtech.co.za']
  21.  
  22. # If you want to disable registration, you can comment in the following line
  23. # ALLOW_REGISTRATION: False
  24.  
  25. # If you want to disable the lost password functionality, you can comment in the following line
  26. # ALLOW_LOST_PASSWORD: False
  27.  
  28. # If you want to restrict registration to some email addresses you can specify here a list of domains to filter
  29. # REGISTRATION_EMAIL_FILTER: ['company1.com', 'company2.com']
  30.  
  31. # Should be the URL of the host under which the host is reachable
  32. # If you open the url and append /info/ to it you should have a text similar to {"info":"{\"version\": \"....}
  33. HOST_URL: 'https://www.psono.securedtech.co.za/server'
  34.  
  35. # The email used to send emails, e.g. for activation
  36. # ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
  37. # "localhost" will not work as host. Use the public IP or DNS record of the server.
  38. EMAIL_FROM: 'psono@securedtech.co.za'
  39. EMAIL_HOST: 'smtp-relay.gmail.com'
  40. EMAIL_HOST_USER: ''
  41. EMAIL_HOST_PASSWORD : ''
  42. EMAIL_PORT: 587
  43. EMAIL_SUBJECT_PREFIX: ''
  44. EMAIL_USE_TLS: False
  45. EMAIL_USE_SSL: False
  46. EMAIL_SSL_CERTFILE:
  47. EMAIL_SSL_KEYFILE:
  48. EMAIL_TIMEOUT:
  49.  
  50. # In case one wants to use mailgun, comment in below lines and provide the mailgun access key and server name
  51. # EMAIL_BACKEND: 'anymail.backends.mailgun.EmailBackend'
  52. # MAILGUN_ACCESS_KEY: ''
  53. # MAILGUN_SERVER_NAME: ''
  54.  
  55. # In case you want to offer Yubikey support, create a pair of credentials here https://upgrade.yubico.com/getapikey/
  56. # and update the following two lines before commenting them in
  57. # YUBIKEY_CLIENT_ID: '123456'
  58. # YUBIKEY_SECRET_KEY: '8I65IA6ASDFIUHGIH5021FKJA='
  59.  
  60. # If you have own Yubico servers, you can specify here the urls as a list
  61. # YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']
  62.  
  63. # Cache enabled without belows Redis may lead to unexpected behaviour
  64.  
  65. # Cache with Redis
  66. # By default you should use something different than database 0 or 1, e.g. 13 (default max is 16, can be configured in
  67. # redis.conf) possible URLS are:
  68. # redis://[:password]@localhost:6379/0
  69. # rediss://[:password]@localhost:6379/0
  70. # unix://[:password]@/path/to/socket.sock?db=0
  71. # CACHE_ENABLE: False
  72. # CACHE_REDIS: False
  73. # CACHE_REDIS_LOCATION: 'redis://127.0.0.1:6379/13'
  74.  
  75. # Disables Throttling (necessary for unittests to pass) by overriding the cache with a dummy cache
  76. # https://docs.djangoproject.com/en/1.11/topics/cache/#dummy-caching-for-development
  77. # THROTTLING: False
  78.  
  79. # The server will automatically connect to the license server to get a license for 10 users.
  80. # For paying customers we offer the opportunity to get an offline license code.
  81. #
  82. # LICENSE_CODE: |
  83. # 0abcdefg...
  84. # 1abcdefg...
  85. # 2abcdefg...
  86. # 3abcdefg...
  87. # 4abcdefg...
  88. # 5abcdefg...
  89. # 6abcdefg...
  90. # 7abcdefg...
  91. # 8abcdefg...
  92.  
  93. # Enables the management API, required for the psono-admin-client / admin portal
  94. # MANAGEMENT_ENABLED: False
  95.  
  96. # Enables the fileserver API, required for the psono-fileserver
  97. # FILESERVER_HANDLER_ENABLED: False
  98.  
  99. # Enables files for the client
  100. # FILES_ENABLED: False
  101.  
  102. # Allows that users can search for partial usernames
  103. # ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True
  104.  
  105. # Allows that users can search for email addresses too
  106. # ALLOW_USER_SEARCH_BY_EMAIL: True
  107.  
  108. # Allows admins to limit the offered second factors in the client
  109. # ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo']
  110.  
  111. # Enforce the user to setup a second factor
  112. # COMPLIANCE_ENFORCE_2FA: True
  113.  
  114. # Disables recovery codes
  115. # COMPLIANCE_DISABLE_RECOVERY_CODES: True
  116.  
  117. # Disables file repositories
  118. # COMPLIANCE_DISABLE_FILE_REPOSITORIES: True
  119.  
  120. # Disables emergency codes
  121. # COMPLIANCE_DISABLE_EMERGENCY_CODES: True
  122.  
  123. # Disables the export of passwords
  124. # COMPLIANCE_DISABLE_EXPORT: True
  125.  
  126. # Disables API keys
  127. # COMPLIANCE_DISABLE_API_KEYS: True
  128.  
  129. # Only necessary if the psono-client runs on a sub path (no trailing slash) e.g. "https://wwww.psono.pw"
  130. # WEB_CLIENT_URL: ''
  131.  
  132. # Prevents the use of the last X passwords. 0 disables it.
  133. # DISABLE_LAST_PASSWORDS: 0
  134.  
  135. # If you want to use LDAP, then you can configure it like this
  136. #
  137. # LDAP_URL: Any valid LDAP string, preferable with ldaps. usual urls are 'ldaps://example.com:636' or 'ldap://192.168.0.1:389'
  138. # LDAP_DOMAIN: Your LDAP domain, is added at the end of the username to form the full username
  139. # LDAP_BIND_DN: One User that can be used to search your LDAP
  140. # LDAP_BIND_PASS: The password of the user specified in LDAP_BIND_DN
  141. # LDAP_ATTR_GUID: The uuid attribute. e.g. on Windows 'objectGUID', but common are 'GUID' or 'entryUUID', default 'objectGUID'
  142. # LDAP_OBJECT_CLASS_USER: The objectClass value to filter user objects e.g. on Windows 'user', default 'user'
  143. # LDAP_OBJECT_CLASS_GROUP: The objectClass value to filter group objects e.g. on Windows 'group', default 'group'
  144. # LDAP_SEARCH_USER_DN: The "root" from which downwards we search for the users
  145. # LDAP_SEARCH_GROUP_DN: The "root" from which downwards we search for the groups
  146. # LDAP_ATTR_USERNAME: The username attribute to try to match against. e.g. on Windows 'sAMAccountName', default 'sAMAccountName'
  147. # LDAP_ATTR_EMAIL: The attribute of the user objects that holds the mail address e.g. on Windows 'mail', default 'mail'
  148. # LDAP_ATTR_GROUPS: The attribute of the user objects that holds the groups e.g. on Windows 'memberOf', default 'memberOf'
  149. # LDAP_CA_CERT_FILE: If you want to use ldaps and don't have a publicly trusted and signed certificate you can specify here the path to your ca certificate
  150. #
  151. # To help you setup LDAP, we have created a small "testldap" command that should make things alot easier. You can execute it like:
  152. # python3 psono/manage.py testldap username@something.com thePassWord
  153. #
  154. # For Windows AD it could look like this:
  155. #
  156. # LDAP : [
  157. # {
  158. # 'LDAP_URL': 'ldaps://192.168.0.1:636',
  159. # 'LDAP_DOMAIN': 'example.com',
  160. # 'LDAP_BIND_DN': 'CN=LDAPPsono,OU=UsersTech,OU=example.com,DC=example,DC=com',
  161. # 'LDAP_BIND_PASS': 'hopefully_not_123456',
  162. # 'LDAP_SEARCH_USER_DN': 'OU=Users,OU=example.com,DC=example,DC=com',
  163. # 'LDAP_SEARCH_GROUP_DN': 'OU=Groups,OU=example.com,DC=example,DC=com',
  164. # },
  165. # ]
  166. #
  167. # For OpenLDAP it could look like this:
  168. #
  169. # LDAP : [
  170. # {
  171. # 'LDAP_URL': 'ldaps://192.168.0.1:636',
  172. # 'LDAP_DOMAIN': 'example.com',
  173. # 'LDAP_BIND_DN': 'CN=LDAPPsono,OU=UsersTech,OU=example.com,DC=example,DC=com',
  174. # 'LDAP_BIND_PASS': 'hopefully_not_123456',
  175. # 'LDAP_SEARCH_USER_DN': 'OU=Users,OU=example.com,DC=example,DC=com',
  176. # 'LDAP_SEARCH_GROUP_DN': 'OU=Groups,OU=example.com,DC=example,DC=com',
  177. # 'LDAP_OBJECT_CLASS_USER': 'simpleSecurityObject',
  178. # 'LDAP_ATTR_USERNAME': 'cn',
  179. # 'LDAP_ATTR_GUID': 'entryUUID',
  180. # },
  181. # ]
  182. #
  183. # ATTENTION: API kays currently bypass LDAP authentication, that means API keys can still access secrets even if the
  184. # user was disabled in LDAP. API keys can be disabled with COMPLIANCE_DISABLE_API_KEYS
  185.  
  186. # You also have to comment in the line below if you want to use LDAP (default: ['AUTHKEY'])
  187. # AUTHENTICATION_METHODS: ['AUTHKEY', 'LDAP']
  188.  
  189. # Enable Audit logging
  190. # LOGGING_AUDIT: True
  191.  
  192. # To log to another destination you can specify this here, default '/var/log/psono'
  193. # Never really necessary, as we will run the psono server in a docker container and can mount /var/log/psono to any
  194. # location on the underlying docker host.
  195. # LOGGING_AUDIT_FOLDER: '/var/log/psono'
  196.  
  197. # If you prefer server time over utc, you can do that like below (default 'time_utc')
  198. # LOGGING_AUDIT_TIME: 'time_server'
  199.  
  200. # If the server logs too much for you can either whitelist or blacklist events by their event code. (default: [])
  201. # LOGGING_AUDIT_WHITELIST: []
  202. # LOGGING_AUDIT_BLACKLIST: []
  203.  
  204. # Your Postgres Database credentials
  205. # ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
  206. # "localhost" will not work as host. Use the public IP or DNS record of the server.
  207. DATABASES:
  208. default:
  209. 'ENGINE': 'django.db.backends.postgresql_psycopg2'
  210. 'NAME': 'psono'
  211. 'USER': 'psono'
  212. 'PASSWORD': 'password'
  213. 'HOST': '192.168.88.205'
  214. 'PORT': '5432'
  215. # for master / slave replication setup comment in the following (all reads will be redirected to the slave
  216. # slave:
  217. # 'ENGINE': 'django.db.backends.postgresql_psycopg2'
  218. # 'NAME': 'YourPostgresDatabase'
  219. # 'USER': 'YourPostgresUser'
  220. # 'PASSWORD': 'YourPostgresPassword'
  221. # 'HOST': 'YourPostgresHost'
  222. # 'PORT': 'YourPostgresPort'
  223.  
  224. # The path to the template folder can be "shadowed" if required later
  225. TEMPLATES: [
  226. {
  227. 'BACKEND': 'django.template.backends.django.DjangoTemplates',
  228. 'DIRS': ['/root/psono/templates'],
  229. 'APP_DIRS': True,
  230. 'OPTIONS': {
  231. 'context_processors': [
  232. 'django.template.context_processors.debug',
  233. 'django.template.context_processors.request',
  234. 'django.contrib.auth.context_processors.auth',
  235. 'django.contrib.messages.context_processors.messages',
  236. ],
  237. },
  238. },
  239. ]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!