add acme, boto, xmltodict
This commit is contained in:
Jasmine Schladen
parent
d4643d760a
commit
824a4b5910
|
|
@ -154,9 +154,10 @@ An issuer may take some time to actually issue a certificate for an order. In t
|
||||||
# retrieve an order, and check if there is an issued certificate attached to it
|
# retrieve an order, and check if there is an issued certificate attached to it
|
||||||
|
|
||||||
`cancel_ordered_certificate()` should be implemented to allow an ordered certificate to be canceled before it is issued::
|
`cancel_ordered_certificate()` should be implemented to allow an ordered certificate to be canceled before it is issued::
|
||||||
def cancel_ordered_certificate(self, pending_cert, **kwargs):
|
|
||||||
# pending_cert should contain the necessary information to match an order
|
def cancel_ordered_certificate(self, pending_cert, **kwargs):
|
||||||
# kwargs can be given to provide information to the issuer for canceling
|
# pending_cert should contain the necessary information to match an order
|
||||||
|
# kwargs can be given to provide information to the issuer for canceling
|
||||||
|
|
||||||
Destination
|
Destination
|
||||||
-----------
|
-----------
|
||||||
|
|
@ -286,7 +287,7 @@ The `ExportPlugin` object requires the implementation of one function::
|
||||||
|
|
||||||
|
|
||||||
Custom TLS Provider
|
Custom TLS Provider
|
||||||
------
|
-------------------
|
||||||
|
|
||||||
Managing TLS at the enterprise scale could be hard and often organizations offer custom wrapper implementations. It could
|
Managing TLS at the enterprise scale could be hard and often organizations offer custom wrapper implementations. It could
|
||||||
be ideal to use those while making calls to internal services. The `TLSPlugin` would help to achieve this. It requires the
|
be ideal to use those while making calls to internal services. The `TLSPlugin` would help to achieve this. It requires the
|
||||||
|
|
|
||||||
|
|
@ -501,7 +501,7 @@ rely on celery to create the DNS record. This will change when we implement mix
|
||||||
|
|
||||||
To create a HTTP compatible Authority, you first need to create a new destination that will be used to deploy the
|
To create a HTTP compatible Authority, you first need to create a new destination that will be used to deploy the
|
||||||
challenge token. Visit `Admin` -> `Destination` and click `Create`. The path you provide for the destination needs to
|
challenge token. Visit `Admin` -> `Destination` and click `Create`. The path you provide for the destination needs to
|
||||||
be the exact path that is called when the ACME providers calls ``http://<domain>/.well-known/acme-challenge/`. The
|
be the exact path that is called when the ACME providers calls `http://<domain>/.well-known/acme-challenge/`. The
|
||||||
token part will be added dynamically by the acme_upload.
|
token part will be added dynamically by the acme_upload.
|
||||||
Currently only the SFTP and S3 Bucket destination support the ACME HTTP challenge.
|
Currently only the SFTP and S3 Bucket destination support the ACME HTTP challenge.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -148,7 +148,7 @@ Before Lemur will run you need to fill in a few required variables in the config
|
||||||
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT
|
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT
|
||||||
|
|
||||||
Set Up Postgres
|
Set Up Postgres
|
||||||
--------------
|
---------------
|
||||||
|
|
||||||
For production, a dedicated database is recommended, for this guide we will assume postgres has been installed and is on the same machine that Lemur is installed on.
|
For production, a dedicated database is recommended, for this guide we will assume postgres has been installed and is on the same machine that Lemur is installed on.
|
||||||
|
|
||||||
|
|
@ -186,6 +186,7 @@ In addition to creating a new user, Lemur also creates a few default email notif
|
||||||
Your database installation requires the pg_trgm extension. If you do not have this installed already, you can allow the script to install this for you by adding the SUPERUSER permission to the lemur database user.
|
Your database installation requires the pg_trgm extension. If you do not have this installed already, you can allow the script to install this for you by adding the SUPERUSER permission to the lemur database user.
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
sudo -u postgres -i
|
sudo -u postgres -i
|
||||||
psql
|
psql
|
||||||
postgres=# ALTER USER lemur WITH SUPERUSER
|
postgres=# ALTER USER lemur WITH SUPERUSER
|
||||||
|
|
@ -202,6 +203,7 @@ Additional notifications can be created through the UI or API. See :ref:`Creati
|
||||||
.. note:: If you added the SUPERUSER permission to the lemur database user above, it is recommended you revoke that permission now.
|
.. note:: If you added the SUPERUSER permission to the lemur database user above, it is recommended you revoke that permission now.
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
sudo -u postgres -i
|
sudo -u postgres -i
|
||||||
psql
|
psql
|
||||||
postgres=# ALTER USER lemur WITH NOSUPERUSER
|
postgres=# ALTER USER lemur WITH NOSUPERUSER
|
||||||
|
|
@ -210,7 +212,7 @@ Additional notifications can be created through the UI or API. See :ref:`Creati
|
||||||
.. note:: It is recommended that once the ``lemur`` user is created that you create individual users for every day access. There is currently no way for a user to self enroll for Lemur access, they must have an administrator create an account for them or be enrolled automatically through SSO. This can be done through the CLI or UI. See :ref:`Creating Users <CreatingUsers>` and :ref:`Command Line Interface <CommandLineInterface>` for details.
|
.. note:: It is recommended that once the ``lemur`` user is created that you create individual users for every day access. There is currently no way for a user to self enroll for Lemur access, they must have an administrator create an account for them or be enrolled automatically through SSO. This can be done through the CLI or UI. See :ref:`Creating Users <CreatingUsers>` and :ref:`Command Line Interface <CommandLineInterface>` for details.
|
||||||
|
|
||||||
Set Up a Reverse Proxy
|
Set Up a Reverse Proxy
|
||||||
---------------------
|
----------------------
|
||||||
|
|
||||||
By default, Lemur runs on port 8000. Even if you change this, under normal conditions you won't be able to bind to port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need to set up a simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx.
|
By default, Lemur runs on port 8000. Even if you change this, under normal conditions you won't be able to bind to port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need to set up a simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,10 @@
|
||||||
# from requirements-docs.txt
|
# from requirements-docs.txt
|
||||||
# However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here
|
# However, dependabot doesn't use `make up-reqs`, so we have to replicate the necessary dependencies here
|
||||||
# Without including these dependencies, the docs are unable to include generated autodocs
|
# Without including these dependencies, the docs are unable to include generated autodocs
|
||||||
|
acme
|
||||||
arrow
|
arrow
|
||||||
|
boto3
|
||||||
|
botocore
|
||||||
cryptography
|
cryptography
|
||||||
dnspython3
|
dnspython3
|
||||||
Flask
|
Flask
|
||||||
|
|
@ -27,6 +30,7 @@ pyjwt
|
||||||
pyOpenSSL
|
pyOpenSSL
|
||||||
raven[flask]
|
raven[flask]
|
||||||
SQLAlchemy-Utils
|
SQLAlchemy-Utils
|
||||||
|
xmltodict
|
||||||
|
|
||||||
# docs specific
|
# docs specific
|
||||||
sphinx
|
sphinx
|
||||||
|
|
|
||||||
|
|
@ -4,12 +4,18 @@
|
||||||
#
|
#
|
||||||
# pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
|
# pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
|
||||||
#
|
#
|
||||||
|
acme==1.12.0
|
||||||
|
# manual debug
|
||||||
alabaster==0.7.12
|
alabaster==0.7.12
|
||||||
# via sphinx
|
# via sphinx
|
||||||
arrow==0.17.0
|
arrow==0.17.0
|
||||||
# manual debug
|
# manual debug
|
||||||
babel==2.8.0
|
babel==2.8.0
|
||||||
# via sphinx
|
# via sphinx
|
||||||
|
boto3==1.17.7
|
||||||
|
# manual debug
|
||||||
|
botocore==1.20.7
|
||||||
|
# manual debug
|
||||||
certifi==2020.12.5
|
certifi==2020.12.5
|
||||||
# via requests
|
# via requests
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
|
|
@ -111,6 +117,8 @@ sqlalchemy-utils==0.36.8
|
||||||
# manual debug
|
# manual debug
|
||||||
urllib3==1.25.8
|
urllib3==1.25.8
|
||||||
# via requests
|
# via requests
|
||||||
|
xmltodict==0.12.0
|
||||||
|
# manual debug
|
||||||
|
|
||||||
# The following packages are considered to be unsafe in a requirements file:
|
# The following packages are considered to be unsafe in a requirements file:
|
||||||
# setuptools
|
# setuptools
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue