Commit c288f8c623c13d63eeb8b0628b092a99e99a3b60
1 parent
80851f81
Exists in
master
and in
1 other branch
- updated documentation
Showing
1 changed file
with
13 additions
and
7 deletions
Show diff stats
README.md
| @@ -9,7 +9,7 @@ This can be done using the system package management, downloaded from [http://ww | @@ -9,7 +9,7 @@ This can be done using the system package management, downloaded from [http://ww | ||
| 9 | - Installing from the system package management: | 9 | - Installing from the system package management: |
| 10 | - OSX: `port install python36` | 10 | - OSX: `port install python36` |
| 11 | - FreeBSD: `pkg install python36 py36-sqlite3` | 11 | - FreeBSD: `pkg install python36 py36-sqlite3` |
| 12 | - - Linux: `apt-get install ???` | 12 | + - Linux: `apt-get install ???` (not available yet?) |
| 13 | - Installing from sources: | 13 | - Installing from sources: |
| 14 | - Download from [http://www.python.org]() | 14 | - Download from [http://www.python.org]() |
| 15 | - `unxz Python-3.6.tar.xz` | 15 | - `unxz Python-3.6.tar.xz` |
| @@ -53,7 +53,7 @@ Note: If you want to always install python modules on the user account, edit the | @@ -53,7 +53,7 @@ Note: If you want to always install python modules on the user account, edit the | ||
| 53 | Replace USER by your bitbucket username: | 53 | Replace USER by your bitbucket username: |
| 54 | 54 | ||
| 55 | cd path/to/some/directory | 55 | cd path/to/some/directory |
| 56 | - git clone https://USER@bitbucket.org/USER/aprendizations.git | 56 | + git clone https://USER@bitbucket.org/mjsb/aprendizations.git |
| 57 | 57 | ||
| 58 | A directory `aprendizations` will be created with the software: | 58 | A directory `aprendizations` will be created with the software: |
| 59 | 59 | ||
| @@ -71,14 +71,19 @@ First we need to create a database: | @@ -71,14 +71,19 @@ First we need to create a database: | ||
| 71 | 71 | ||
| 72 | ### SSL Certificates | 72 | ### SSL Certificates |
| 73 | 73 | ||
| 74 | +We need certificates for https. Certificates can be self-signed or certificates validated by a trusted authority. | ||
| 75 | +Self-signed can be used for development, but browsers will complain. | ||
| 76 | +LetsEncrypt issues trusted and free certificates, but the served must have a fixed IP and a domain name (not dynamic). | ||
| 77 | + | ||
| 74 | #### Selfsigned | 78 | #### Selfsigned |
| 75 | -We also need certificates for https. Generate selfsigned certificates using openssl: | 79 | + |
| 80 | +Generate selfsigned certificates using | ||
| 76 | 81 | ||
| 77 | openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes | 82 | openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes |
| 78 | 83 | ||
| 79 | and place them in `aprendizations/certs`. | 84 | and place them in `aprendizations/certs`. |
| 80 | 85 | ||
| 81 | -#### LetsEcrypt | 86 | +#### LetsEncrypt |
| 82 | 87 | ||
| 83 | sudo pkg install py27-certbot # FreeBSD | 88 | sudo pkg install py27-certbot # FreeBSD |
| 84 | 89 | ||
| @@ -90,8 +95,7 @@ Shutdown any server running and the firewall, and then run the script to generat | @@ -90,8 +95,7 @@ Shutdown any server running and the firewall, and then run the script to generat | ||
| 90 | 95 | ||
| 91 | Certificates are saved under `/usr/local/etc/letsencrypt/live/bit.xdi.uevora.pt/` which is readable only by root. | 96 | Certificates are saved under `/usr/local/etc/letsencrypt/live/bit.xdi.uevora.pt/` which is readable only by root. |
| 92 | 97 | ||
| 93 | -Copy them to `aprendizations/certs` with names `cert.pem` and `key.pem`. And change permissions to be readble (FIXME how to do it with security?) | ||
| 94 | - | 98 | +Copy them to `aprendizations/certs` with names `cert.pem` and `key.pem`. And change permissions to be readble (FIXME how to do it securily?) |
| 95 | 99 | ||
| 96 | ### Testing | 100 | ### Testing |
| 97 | 101 | ||
| @@ -101,6 +105,8 @@ Run a demonstration: | @@ -101,6 +105,8 @@ Run a demonstration: | ||
| 101 | 105 | ||
| 102 | and open a browser at `https://127.0.0.1:8443`. | 106 | and open a browser at `https://127.0.0.1:8443`. |
| 103 | 107 | ||
| 108 | +Logging level can be adjusted in `config/logger.yaml`. | ||
| 109 | + | ||
| 104 | ### Firewall configuration | 110 | ### Firewall configuration |
| 105 | 111 | ||
| 106 | Ports 80 and 443 are only usable by root. For security reasons it is better to run the server as a regular user on higher ports like 8080 for http and 8443 for https. In this case, we should configure port forwarding in the firewall to redirect incoming tcp traffic from 80 to 8080 and 443 to 8443. | 112 | Ports 80 and 443 are only usable by root. For security reasons it is better to run the server as a regular user on higher ports like 8080 for http and 8443 for https. In this case, we should configure port forwarding in the firewall to redirect incoming tcp traffic from 80 to 8080 and 443 to 8443. |
| @@ -149,7 +155,7 @@ Which students have already done at least one topic? | @@ -149,7 +155,7 @@ Which students have already done at least one topic? | ||
| 149 | 155 | ||
| 150 | How many topics have done each student? | 156 | How many topics have done each student? |
| 151 | 157 | ||
| 152 | - sqlite3 students.db "select student_id, count(topic_id) from studenttopic group by student_id" | 158 | + sqlite3 students.db "select student_id, count(topic_id) from studenttopic group by student_id order by count(topic_id) desc" |
| 153 | 159 | ||
| 154 | 160 | ||
| 155 | What questions have more wrong answers? | 161 | What questions have more wrong answers? |