I’m trying to create a docker container from scratch to run privacyidea.
To test the installation, I’ve created an empty Ubuntu 18.04 Virtual Machine and ran through the installation using:
sudo apt-get install privacyidea
I deliberately didn’t use the nginx/apache option, as I’m planning to expose PrivacyIdea through a reverse proxy like Citrix ADC.
Is there any reason to keep PrivacyIdea running behind nginx or Apache?
Or can I just use pi-manage runserver -d <IP> -p 5000
?
Hello and welcome to privacyIDEA community.
runserver
has only one thread and you can only handle one request at a time. Thus you will very quickly get blocking requests and you will loose requests! In theory it is possible. But it is no no no practical
Do not do this!
Hi Cornelius,
Thanks for the welcome. Thought it would be better to ask questions here instead of keeping you spammed through Twitter
So basically, to create our own container:
- Take the ubuntu base image
- Follow the docs to install through apt-get install privacyidea
- Use the internal SQLite or setup pi.cfg to refer to an externally running database server
- Manually configure a webserver to use WSGI/uWSGI
- Expose that service
My “beef” with apt-get install privacyidea-apache/nginx is that it automatically installs mysql locally as well.
In the documentation you refer to a package privacyidea-mysql but I can’t seem to find it on your repository from NetKnights?!
Cheers,
Jan
There is no need to use the meta package privacyidea-apache2
or privacyidea-nginx
.
These are meta packages for the convenience of standalone installations.
Of course you can use your own setup of apache or nginx with your own database.
Additionally to @cornelinux comment the runserver
should only be used for development.
The cleanest way to run privacyIDEA with docker would be to use a python base image and install privacyIDEA in the container via pip. Then You can also install gunicorn
and run privacyIDEA in the container with
gunicorn "privacyidea.app:create_app()"
Of course the complete configuration and db container must be created/initialized then beforehand.