License Portal
Deutsch

AutoDeploy

The AutoDeploy feature simplifies the automated installation and configuration of LiveConfig. On the first start LiveConfig checks if the file /etc/liveconfig/autodeploy.json exists. This file may contain a JSON object, the following configuration options are supported:

Key

Version

Value

Description

version

2.7.0

Number: 1

Version number of the file format. Needs to be 1.

admin

2.7.0

JSON object

Settings for the admin account:

  • password (String): PBKDF2 password hash (see example code below)

  • change-password (Boolean): force password change by user on first login

lcdefault

2.7.0

JSON object

Key/value pairs which will be saved into the table LCDEFAULTS (see LiveConfig Default Settings). IMPORTANT: these values always have to be entered as string (with quotes)!

licensekey

2.7.0

String

License key (for automated license activation)

include

2.7.0

JSON object

Fetch additional AutoDeploy data. This will be merged with the contents of autodeploy.json, existing settings will be overwritten by fetched values:

  • url (String): URL to fetch AutoDeploy data from. The Content-Type must be application/json.

services

2.7.2

JSON object

pre-configure services with LiveConfig:

  • web (JSON object): pre-configure web server. Example:

    {
    "web": {
        "apache": {
            "ips": "198.51.100.10"
        },
        "nginx": {
            "ips": [ "198.51.100.11", "198.51.100.12" ]
        }
    }
}

    Optionally you can set ips to * to configure that service on all detected IPs on that server.

Security

As this file may contain sensitive informations, it should belong to the user root:root and be only accessible by him (mode 0600).

Example

{
    "version": 1,
    "admin": {
        "password": "{PBKDF2}32e6$ldzp8GDnr9s=$lfmOwnQ52MQ4bGJZgo6HuQ==",
        "change-password": true
    },
    "lcdefaults": {
        "login.help.url": "https://example.org/cms/help/login",
        "mail.aliases.limit": "20"
    },
    "licensekey": "XXXXX-XXXXX-XXXXX",
    "services": {
        "web": {
            "apache": {
                "ips":  "*"
            }
        }
    }
}

Creating PBKDF2 password hashes

The following PHP code shows the generation of PBKDF2 password hashes for LiveConfig:

<?php
# Example code for creating PBKDF2 password hashes for LiveConfig

$password = "LiVeCoNfIg";

$iterations = rand(10000,65535);
$salt = openssl_random_pseudo_bytes(8);
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, 16, true);

$data = '{PBKDF2}' . dechex($iterations) . '$' . base64_encode($salt) . '$' . base64_encode($hash);

print "Hash: $data\n";

?>

Loading AutoDeploy settings via HTTP(S)

Using the include option, AutoDeploy settings can be loaded from a URL. The minimal settings in autodeploy.json have to look like this:

{
  "version": 1,
  "include": {
    "url": "https://intra.example.org/liveconfig/autodeploy.php"
  }
}

The called URL must respond with a single JSON object with Content-Type application/json. The returned data then is merged with autodeploy.json.

The corresponding server can be identified by the clients’ IP address (e.g. PHP: $_SERVER['REMOTE_ADDR']) and so can be configured individually (particularly license code and initialization password).

Last updated on Apr 13, 2020.
next: Database
previous: CentOS/RHEL