一,前言
一直想用ratticdb这个有web界面的密码管理工具,百度了一下居然没有找到中文的部署文档,访问官网也是notfound。找到了官方的部署指南:https://github.com/tildaslash/RatticWeb/wiki/Development,感觉写的太简略了,部署中出了很多问题无法解决。
然后我又找了一篇印度小哥写的部署指南:https://linoxide.com/tools/setup-ratticdb-ubuntu-16-04/ ,写的很详细,但是我的系统是centos7的,还是有些差别,于是一路摸索终于部署成功,在此记录下部署步骤,也算是对印度小哥文章的汉化和centos版。可惜的是ratticdb已于2015年8月停止更新,本文使用ratticdb最后一个版本进行安装。
二,部署准备
机器配置:2核4G
磁盘:50G
操作系统:centos7.3
数据库版本:5.5.56-MariaDB
三,部署以及配置
1,安装apache,mysql和相关依赖包
yum install httpd php git gcc mariadb mariadb-client python-setuptools gcc openssl libxml2 python-dev libxml2-dev libxslt1-dev zlib1g-dev libldap2-dev python-ldap python-mysqldb gettext apache2-dev libmysqlclient-dev libsasl2-dev python-dev libldap2-dev libssl-dev pyflakes python-pip libevent-devel libxml2 libxslt libxslt-devel
2,安装pip工具
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py
3,添加主机名解析
vim /etc/hosts
172.16.1.1 test.mima.com
此处ip和域名仅作为示例,请根据实际情况做调整,下文出现的域名和ip配置同理。
4,创建程序目录并下载安装ratticweb
cd /opt
mkdir apps
cd apps
git clone https://github.com/tildaslash/RatticWeb.git
cd RatticWeb/
/usr/local/bin/pip install -r requirements-mysql.txt -r requirements-dev.txt
5,在mysql里创建数据库和用户
mysql -u root -p
mysql> create database rattic CHARACTER SET utf8;
Query OK, 1 row affected (0.00 sec)
mysql> SET GLOBAL innodb_file_per_table = ON, innodb_file_format = Barracuda, innodb_large_prefix = ON;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON rattic.* TO 'rattic'@'localhost' identified by 'somepassword';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
6, 配置RatticWeb
vim /opt/apps/RatticWeb/conf/defaults.cfg 进行如下配置没有的就新增
[ratticweb]
secretkey = 123456
timezone = Asia/Shanghai
hostname = test.mima.com #此处填写你自己的域名
static = /opt/apps/RatticWeb/static
[database]
engine = django.db.backends.mysql
# The name of the database (or its filename for sqllite)
name = rattic
user = rattic
password = somepasswd
host = localhost
port = 3306
7,修改Python配置并进行rattic初始化
cd /usr/lib/python2.7/site-packages/
rm -rf kombu/transport/django/migrations djcelery/migrations
mv kombu/transport/django/south_migrations kombu/transport/django/migrations
mv djcelery/south_migrations djcelery/migrations
cd /opt/apps/RatticWeb/
root@demohost:/opt/apps/RatticWeb# ./manage.py syncdb
root@demohost:/opt/apps/RatticWeb# ./manage.py migrate 【创建和配置数据库】
root@demohost:/opt/apps/RatticWeb# mkdir static 【创建静态目录】
root@demohost:/opt/apps/RatticWeb# ./manage.py collectstatic -c --noinput 【填充静态文件目录】
root@demohost:/opt/apps/RatticWeb# ./manage.py demosetup【创建初始用户accoun】
8,安装配置mod_wsgi
yum install mod_wsgi
yum install mod_ssl
安装完成之后,mod_wsgi.so会在Apache的modules目录中
在/etc/httpd/conf/httpd.conf文件中添加以下内容
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so
9,生成证书并配置apache的ssl服务
这里生成的是自签名证书,如果对于安全性有更高的要求请使用权威CA机构颁发的证书文件
mkdir /etc/ssl/private/
mkdir /etc/ssl/certs
root@demohost:~# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/demohost.com.key -out /etc/ssl/certs/demohost.com.crt
Generating a 2048 bit RSA private key
........................................+++
.......+++
writing new private key to 'demohost.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:xiaoxun
Common Name (eg, your name or your server's hostname) []:test.mima.com 【这一项写自己需要配置的域名】
Email Address []:
vim /etc/httpd/conf/httpd.conf
新增
ServerAdmin root@localhost
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
vim /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
<IfModule mod_ssl.c>
<VirtualHost *:443>
#ServerAdmin webmaster@demohost.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/demohost.com.crt
SSLCertificateKeyFile /etc/ssl/private/demohost.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1
Alias /media/ /opt/apps/RatticWeb/media/
Alias /static/ /opt/apps/RatticWeb/static/
<Directory /opt/apps/RatticWeb/static>
Require all granted
</Directory>
<Directory /opt/apps/RatticWeb/media>
Require all granted
</Directory>
WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/wsgi.py
WSGIPassAuthorization On
WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}
WSGIProcessGroup rattic
<Directory /opt/apps/RatticWeb/ratticweb>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
</VirtualHost>
</IfModule>
10,重启Apache
systemctl restart httpd.service
11,用浏览器访问网页
访问https://test.mima.com
必须域名访问,不然会报400错误
没有做公网解析的域名可以通过给自己电脑配置hosts访问。
Windows下hosts文件的地址是:C:\Windows\System32\drivers\etc\hosts