mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/book/src/server_configuration.md
James Hodgkinson ef96ca6aa1
started writing docs and ended up in another rabbit hole (#2267) 
* started writing docs and ended up in another rabbit hole
* updoots
* dangit fedora
2023-10-31 19:15:35 +10:00

2.5 KiB
Raw Blame History

Configuring the Server

Configuring server.toml

You need a configuration file in the volume named server.toml. (Within the container it should be /data/server.toml) The following is a commented example configuration.

The full options and explanations are in the kanidmd_core::config::ServerConfig for your particular build.

{{#rustdoc_include ../../examples/server_container.toml}}

This example is located in examples/server_container.toml.

{{#template templates/kani-warning.md imagepath=images title=Warning! text=You MUST set the domain name correctly, aligned with your origin, else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly! }}

Check the configuration is valid

You should test your configuration is valid before you proceed. This defaults to using -c /data/server.toml.

docker run --rm -i -t -v kanidmd:/data \
    kanidm/server:latest /sbin/kanidmd configtest

Run the Server

Now we can run the server so that it can accept connections. This defaults to using -c /data/server.toml.

docker run -p 443:8443 -v kanidmd:/data kanidm/server:latest

Using the NET_BIND_SERVICE capability

If you plan to run without using docker port mapping or some other reverse proxy, and your bindaddress or ldapbindaddress port is less than 1024 you will need the NET_BIND_SERVICE in docker to allow these port binds. You can add this with --cap-add in your docker run command.

docker run --cap-add NET_BIND_SERVICE --network [host OR macvlan OR ipvlan] \
    -v kanidmd:/data kanidm/server:latest

{{#template templates/kani-alert.md imagepath=images title=Tip text=However you choose to run your server, you should document and keep note of the docker run / create command you chose to start the instance. This will be used in the upgrade procedure. }}

Default Admin Account

Now that the server is running, you can initialise the default admin account. This command will generate a new random password for the admin account. You must run this command as the same user as the kanidmd process or as root. This defaults to using -c /data/server.toml.

docker exec -i -t <container name> \
  kanidmd recover-account admin
#  new_password: "xjgG4..."