The AutoDeploy feature simplifies the automated installation and configuration of LiveConfig. On the first start LiveConfig checks if the file /etc/liveconfig/autodeploy.json
exists. This file may contain a JSON object, the following configuration options are supported:
Key |
Version |
Value |
Description |
---|---|---|---|
|
2.7.0 |
Number: |
Version number of the file format. Needs to be |
|
2.7.0 |
JSON object |
Settings for the admin account:
|
|
2.7.0 |
JSON object |
Key/value pairs which will be saved into the table |
|
2.7.0 |
String |
License key (for automated license activation) |
|
2.7.0 |
JSON object |
Fetch additional AutoDeploy data. This will be merged with the contents of autodeploy.json, existing settings will be overwritten by fetched values:
|
|
2.7.2 |
JSON object |
pre-configure services with LiveConfig:
|
Security
As this file may contain sensitive informations, it should belong to the user root:root and be only accessible by him (mode 0600).
Example
{
"version": 1,
"admin": {
"password": "{PBKDF2}32e6$ldzp8GDnr9s=$lfmOwnQ52MQ4bGJZgo6HuQ==",
"change-password": true
},
"lcdefaults": {
"login.help.url": "https://example.org/cms/help/login",
"mail.aliases.limit": "20"
},
"licensekey": "XXXXX-XXXXX-XXXXX",
"services": {
"web": {
"apache": {
"ips": "*"
}
}
}
}
Creating PBKDF2 password hashes
The following PHP code shows the generation of PBKDF2 password hashes for LiveConfig:
<?php
# Example code for creating PBKDF2 password hashes for LiveConfig
$password = "LiVeCoNfIg";
$iterations = rand(10000,65535);
$salt = openssl_random_pseudo_bytes(8);
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, 16, true);
$data = '{PBKDF2}' . dechex($iterations) . '$' . base64_encode($salt) . '$' . base64_encode($hash);
print "Hash: $data\n";
?>
Loading AutoDeploy settings via HTTP(S)
Using the include option, AutoDeploy settings can be loaded from a URL. The minimal settings in autodeploy.json
have to look like this:
{
"version": 1,
"include": {
"url": "https://intra.example.org/liveconfig/autodeploy.php"
}
}
The called URL must respond with a single JSON object with Content-Type application/json
. The returned data then is merged with autodeploy.json
.
The corresponding server can be identified by the clients’ IP address (e.g. PHP: $_SERVER['REMOTE_ADDR']
) and so can be configured individually (particularly license code and initialization password).