README.md

   1 # Installation
   2 Requires 3.
   3 To install:
   4 ```
   5 virtualenv -p python3 .
   6 . bin/activate
   7 pip install -r requirements.txt
   8 ```
   9 Then edit config.py.example into config.py with your database connection
  10
  11 To debug-run linux:
  12 ```
  13 LANG=C.UTF-8 FLASK_DEBUG=1 FLASK_APP=motion.py flask run
  14 ```
  15
  16 To debug-run windows:
  17 ```
  18 set LANG=C.UTF-8
  19 set FLASK_DEBUG=1
  20 set FLASK_APP=motion.py
  21 flask run
  22 ```
  23
  24 For unit testing use config values from config.py.example:
  25 ```
  26 python -m unittest tests/test_motion.py
  27 ```
  28
  29 The database schema is automatically installed when the table "schema_version" does not exist and the application is started.
  30
  31 # Usage
  32
  33 Within the motion content markdown can be used for formatting e.g.
  34 * To add a line break add two lines
  35 * to enter a link use `[text](https//domain.tld/link)`
  36
  37 ## Settings for nginx
  38
  39 To control the access this map is used:
  40
  41 ```
  42 map "$host:$ssl_client_serial:$ssl_client_i_dn" $motion_user_role {
  43 "host.domain.tld:serialnumber:/issuername" 'username/create:* vote:* cancel:* audit:*';
  44 ...
  45 default "<invalid>/";
  46 }
  47 ```
  48
  49 example taken from motions.board.wpia.club:
  50 ```
  51 map "$host:$ssl_client_serial:$ssl_client_i_dn" $motion_user_role {
  52 "motions.board.wpia.club:0a0000000a1234567890abcdef1234567890abcde:/CN=Orga 2019-2/O=TC InterimCA/OU=TC InterimCAs/C=AT" 'president/create:* vote:* cancel:* audit:*';
  53 ...
  54 default "<invalid>/";
  55 }
  56 ```
  57
  58
  59 ## configuration
  60 ```
  61 listen 0.0.0.0:443 ssl;
  62 listen [::]:443 ssl;
  63 server_name host.domain.tld;
  64 gzip on;
  65 ssl_certificate /etc/ssl/private/host.domain.tld.crt;
  66 ssl_certificate_key /etc/ssl/private/host.domain.tld.key;
  67
  68 ssl_client_certificate /etc/ssl/host.domain.tld.pem;
  69 ssl_verify_client on;
  70 ssl_verify_depth 4;
  71 access_log /tmp/host.domain.tld.log motion-cert;
  72
  73 location / {
  74 fastcgi_param QUERY_STRING $query_string;
  75 fastcgi_param REQUEST_METHOD $request_method;
  76 fastcgi_param CONTENT_TYPE $content_type;
  77 fastcgi_param CONTENT_LENGTH $content_length;
  78 fastcgi_param REQUEST_URI $request_uri;
  79 fastcgi_param PATH_INFO $document_uri;
  80 fastcgi_param REMOTE_ADDR $remote_addr;
  81 fastcgi_param REMOTE_PORT $remote_port;
  82 fastcgi_param SERVER_NAME $host;
  83 fastcgi_param SERVER_PORT '443';
  84 fastcgi_param SERVER_PROTOCOL 'https';
  85 fastcgi_param USER_ROLES $motion_user_role;
  86 fastcgi_pass unix:/motion-socket/motion.fcgi;
  87 }
  88 ```