2022-12-29 04:02:51 +01:00
# Configuring the Server
2021-07-24 03:12:35 +02:00
2022-12-29 04:02:51 +01:00
## Configuring server.toml
2021-11-24 23:37:50 +01:00
2022-12-26 23:52:03 +01:00
You need a configuration file in the volume named `server.toml` . (Within the container it should be
2023-10-05 03:11:27 +02:00
`/data/server.toml` ) The following is a commented example configuration.
2021-07-24 03:12:35 +02:00
2023-10-31 10:15:35 +01:00
The full options and explanations are in the
[kanidmd_core::config::ServerConfig ](https://kanidm.github.io/kanidm/master/rustdoc/kanidmd_core/config/struct.ServerConfig.html )
for your particular build.
2022-12-29 04:02:51 +01:00
```toml
2022-09-21 05:05:32 +02:00
{{#rustdoc_include ../../examples/server_container.toml}}
```
2021-08-22 08:05:28 +02:00
2022-12-26 23:52:03 +01:00
This example is located in
[examples/server_container.toml ](https://github.com/kanidm/kanidm/blob/master/examples/server_container.toml ).
2021-07-24 03:12:35 +02:00
2022-12-29 04:02:51 +01:00
<!-- deno - fmt - ignore - start -->
{{#template templates/kani-warning.md
imagepath=images
title=Warning!
text=You MUST set the `domain` name correctly, aligned with your `origin` , else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly!
}}
<!-- deno - fmt - ignore - end -->
2021-07-24 03:12:35 +02:00
2022-12-29 04:02:51 +01:00
## Check the configuration is valid
2021-07-24 03:12:35 +02:00
2023-07-24 02:05:10 +02:00
You should test your configuration is valid before you proceed. This defaults to using
`-c /data/server.toml` .
2021-07-24 03:12:35 +02:00
2022-12-26 23:52:03 +01:00
```bash
docker run --rm -i -t -v kanidmd:/data \
2023-07-24 02:05:10 +02:00
kanidm/server:latest /sbin/kanidmd configtest
2022-12-26 23:52:03 +01:00
```
2021-11-24 23:37:50 +01:00
2022-12-29 04:02:51 +01:00
## Run the Server
2021-11-24 23:37:50 +01:00
2022-12-26 23:52:03 +01:00
Now we can run the server so that it can accept connections. This defaults to using
2023-07-24 02:05:10 +02:00
`-c /data/server.toml` .
2021-07-24 03:12:35 +02:00
2022-12-26 23:52:03 +01:00
```bash
docker run -p 443:8443 -v kanidmd:/data kanidm/server:latest
```
2022-09-21 05:51:23 +02:00
2022-12-29 04:02:51 +01:00
## Using the NET\_BIND\_SERVICE capability
2022-09-21 05:51:23 +02:00
2022-12-26 23:52:03 +01:00
If you plan to run without using docker port mapping or some other reverse proxy, and your
bindaddress or ldapbindaddress port is less than `1024` you will need the `NET_BIND_SERVICE` in
docker to allow these port binds. You can add this with `--cap-add` in your docker run command.
2021-11-24 23:37:50 +01:00
2022-12-26 23:52:03 +01:00
```bash
docker run --cap-add NET_BIND_SERVICE --network [host OR macvlan OR ipvlan] \
-v kanidmd:/data kanidm/server:latest
```
2023-03-02 03:47:23 +01:00
<!-- deno - fmt - ignore - start -->
{{#template templates/kani-alert.md
imagepath=images
title=Tip
text=However you choose to run your server, you should document and keep note of the docker run / create command you chose to start the instance. This will be used in the upgrade procedure.
}}
<!-- deno - fmt - ignore - end -->
2023-07-24 02:05:10 +02:00
## Default Admin Account
Now that the server is running, you can initialise the default admin account. This command will
generate a new random password for the admin account. You must run this command as the same user as
the kanidmd process or as root. This defaults to using `-c /data/server.toml` .
```bash
docker exec -i -t < container name > \
kanidmd recover-account admin
# new_password: "xjgG4..."
```
