The aim of this project is to provide a very simple web form for users to be able to change their SSH key stored in LDAP or Active Directory (Samba 4 AD). It’s built with Bottle, a WSGI micro web-framework for Python.
Clone this repository and install dependencies:
git clone [email protected]:jceloria/adkey.git
cd adkey
pip install -r requirements.txt
Read the next sections to learn how to run it.
Configuration is read from the file
settings.ini. You may change location of the
settings file using the environment variable CONF_FILE.
There are multiple ways how to run it:
-
with the built-in default WSGI server based on wsgiref,
-
under a WSGI server like uWSGI, Waitress, Gunicorn, … (recommended)
-
as a CGI script.
Simply execute the adkey.py:
python3 adkey.py
Then you can access the app on http://localhost:8080. The port and host may be changed in settings.ini.
cd adkey
waitress-serve --listen=*:8080 app:application
If you have many micro-apps like this, it’s IMO kinda overkill to run each in a separate uWSGI process, isn’t it? It’s not so well known, but uWSGI allows to “mount” multiple application in a single uWSGI process and with a single socket.
Sample uWSGI configuration:.
[uwsgi]
plugins = python3
socket = /run/uwsgi/main.sock
chdir = /var/www/scripts
logger = file:/var/log/uwsgi/main.log
processes = 1
threads = 2
# map URI paths to applications
mount = /admin/adkey=adkey/adkey.py
#mount = /admin/change-world=change-world/adkey.py
manage-script-name = true
Sample nginx configuration as a reverse proxy in front of uWSGI:.
server {
listen 443 ssl;
server_name example.org;
ssl_certificate /etc/ssl/nginx/nginx.crt;
ssl_certificate_key /etc/ssl/nginx/nginx.key;
# uWSGI scripts
location /admin/ {
uwsgi_pass unix:/run/uwsgi/main.sock;
include uwsgi_params;
}
}
This project is licensed under MIT License. For the full text of the license, see the LICENSE file.