kanidm/book/src/server_configuration.md

# Configuring the Server

## Configuring server.toml

You need a configuration file in the volume named `server.toml`. (Within the container it should be
`/data/server.toml`) Its contents should be as follows:

```toml
{{#rustdoc_include ../../examples/server_container.toml}}
```

This example is located in
[examples/server_container.toml](https://github.com/kanidm/kanidm/blob/master/examples/server_container.toml).

<!-- deno-fmt-ignore-start -->

{{#template templates/kani-warning.md
imagepath=images
title=Warning!
text=You MUST set the `domain` name correctly, aligned with your `origin`, else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly!
}}

<!-- deno-fmt-ignore-end -->

## Check the configuration is valid

You should test your configuration is valid before you proceed.

```bash
docker run --rm -i -t -v kanidmd:/data \
    kanidm/server:latest /sbin/kanidmd configtest -c /data/server.toml
```

## Default Admin Account

Then you can setup the initial admin account and initialise the database into your volume. This
command will generate a new random password for the admin account.

<!-- deno-fmt-ignore-start -->

{{#template templates/kani-warning.md
imagepath=images
title=Warning!
text=The server must not be running at this point, as it requires exclusive access to the database.
}}

<!-- deno-fmt-ignore-end -->

```bash
docker run --rm -i -t -v kanidmd:/data \
    kanidm/server:latest /sbin/kanidmd recover-account -c /data/server.toml admin
# success - recovery of account password for admin: vv...
```

After the recovery is complete the server can be started again.

## Run the Server

Now we can run the server so that it can accept connections. This defaults to using
`-c /data/server.toml`

```bash
docker run -p 443:8443 -v kanidmd:/data kanidm/server:latest
```

## Using the NET\_BIND\_SERVICE capability

If you plan to run without using docker port mapping or some other reverse proxy, and your
bindaddress or ldapbindaddress port is less than `1024` you will need the `NET_BIND_SERVICE` in
docker to allow these port binds. You can add this with `--cap-add` in your docker run command.

```bash
docker run --cap-add NET_BIND_SERVICE --network [host OR macvlan OR ipvlan] \
    -v kanidmd:/data kanidm/server:latest
```

<!-- deno-fmt-ignore-start -->

{{#template templates/kani-alert.md
imagepath=images
title=Tip
text=However you choose to run your server, you should document and keep note of the docker run / create command you chose to start the instance. This will be used in the upgrade procedure.
}}

<!-- deno-fmt-ignore-end -->
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`# Configuring the Server`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`## Configuring server.toml`
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			You need a configuration file in the volume named `server.toml`. (Within the container it should be
			`/data/server.toml`) Its contents should be as follows:
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			```toml
Book updates (#1067) * blep * more blep * fixed book build issues, updooted some FAQ and troubleshooting things * more random updoots * dat yak thoe 2022-09-21 05:05:32 +02:00			`{{#rustdoc_include ../../examples/server_container.toml}}`
			```
fixes #571 (#572) 2021-08-22 08:05:28 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`This example is located in`
			`[examples/server_container.toml](https://github.com/kanidm/kanidm/blob/master/examples/server_container.toml).`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`<!-- deno-fmt-ignore-start -->`

			`{{#template templates/kani-warning.md`
			`imagepath=images`
			`title=Warning!`
			text=You MUST set the `domain` name correctly, aligned with your `origin`, else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly!
			`}}`

			`<!-- deno-fmt-ignore-end -->`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`## Check the configuration is valid`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
20220501 fix logging (#730) 2022-05-01 05:34:19 +02:00			`You should test your configuration is valid before you proceed.`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`docker run --rm -i -t -v kanidmd:/data \`
			`kanidm/server:latest /sbin/kanidmd configtest -c /data/server.toml`
			```
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`## Default Admin Account`
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`Then you can setup the initial admin account and initialise the database into your volume. This`
			`command will generate a new random password for the admin account.`
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00			`<!-- deno-fmt-ignore-start -->`

			`{{#template templates/kani-warning.md`
			`imagepath=images`
			`title=Warning!`
			`text=The server must not be running at this point, as it requires exclusive access to the database.`
			`}}`

			`<!-- deno-fmt-ignore-end -->`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`docker run --rm -i -t -v kanidmd:/data \`
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00			`kanidm/server:latest /sbin/kanidmd recover-account -c /data/server.toml admin`
			`# success - recovery of account password for admin: vv...`
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00			`After the recovery is complete the server can be started again.`

Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`## Run the Server`
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`Now we can run the server so that it can accept connections. This defaults to using`
			`-c /data/server.toml`
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`docker run -p 443:8443 -v kanidmd:/data kanidm/server:latest`
			```
Add net bind service docs (#1070) 2022-09-21 05:51:23 +02:00
Fix the book again (#1302) * fixing templates and making the book build script quit harder on failures 2022-12-29 04:02:51 +01:00			`## Using the NET\_BIND\_SERVICE capability`
Add net bind service docs (#1070) 2022-09-21 05:51:23 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`If you plan to run without using docker port mapping or some other reverse proxy, and your`
			bindaddress or ldapbindaddress port is less than `1024` you will need the `NET_BIND_SERVICE` in
			docker to allow these port binds. You can add this with `--cap-add` in your docker run command.
Improve book and errors related to domain name and origin mismatch (#617) 2021-11-24 23:37:50 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`docker run --cap-add NET_BIND_SERVICE --network [host OR macvlan OR ipvlan] \`
			`-v kanidmd:/data kanidm/server:latest`
			```
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00
			`<!-- deno-fmt-ignore-start -->`

			`{{#template templates/kani-alert.md`
			`imagepath=images`
			`title=Tip`
			`text=However you choose to run your server, you should document and keep note of the docker run / create command you chose to start the instance. This will be used in the upgrade procedure.`
			`}}`

			`<!-- deno-fmt-ignore-end -->`