AutoDeploy¶

The AutoDeploy feature simplifies the automated installation and configuration of LiveConfig. On the first start LiveConfig checks if the file /etc/liveconfig/autodeploy.json exists. This file may contain a JSON object, the following configuration options are supported:

Key	Version	Value	Description
`version`	2.7.0	Number: `1`	Version number of the file format. Needs to be `1`.
`admin`	2.7.0	JSON object	Settings for the admin account: `password` (String): PBKDF2 password hash (see example code below) `change-password` (Boolean): force password change by user on first login `email` (String): e-mail address of admin user (i.e. for reset password e-mail)
`include`	2.7.0	JSON object	Fetch additional AutoDeploy data. This will be merged with the contents of autodeploy.json, existing settings will be overwritten by fetched values: `url` (String): URL to fetch AutoDeploy data from. The Content-Type must be `application/json`.
`lcdefault`	2.7.0	JSON object	Key/value pairs which will be saved into the table `LCDEFAULTS` (see LiveConfig Default Settings). IMPORTANT: these values always have to be entered as string (with quotes)!
`licensekey`	2.7.0	String	License key (for automated license activation)
`services`	2.7.2	JSON object	pre-configure services with LiveConfig: `web` (JSON object): pre-configure web server. Example: { "web": { "apache": { "ips": "198.51.100.10" }, "nginx": { "ips": [ "198.51.100.11", "198.51.100.12" ] } } } Optionally you can set `ips` to `*` to configure that service on all detected IPs on that server.

Security

As this file may contain sensitive informations, it should belong to the user root:root and be only accessible by him (mode 0600).

Example

                  {
    "version": 1,
    "admin": {
        "password": "{PBKDF2}32e6$ldzp8GDnr9s=$lfmOwnQ52MQ4bGJZgo6HuQ==",
        "change-password": true,
        "email": "hostmaster@example.org"
    },
    "lcdefaults": {
        "login.help.url": "https://example.org/cms/help/login",
        "login.privacy.url": "https://example.org/privacy/",
        "mail.aliases.limit": "20"
    },
    "licensekey": "XXXXX-XXXXX-XXXXX",
    "services": {
        "web": {
            "apache": {
                "ips":  "*"
            }
        }
    }
}

                

Creating PBKDF2 password hashes

The following PHP code shows the generation of PBKDF2 password hashes for LiveConfig:

                  <?php
# Example code for creating PBKDF2 password hashes for LiveConfig

$password = "LiVeCoNfIg";

$iterations = rand(10000,65535);
$salt = openssl_random_pseudo_bytes(8);
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, 16, true);

$data = '{PBKDF2}' . dechex($iterations) . '$' . base64_encode($salt) . '$' . base64_encode($hash);

print "Hash: $data\n";

?>

Loading AutoDeploy settings via HTTP(S)

Using the include option, AutoDeploy settings can be loaded from a URL. The minimal settings in autodeploy.json have to look like this:

                  {
  "version": 1,
  "include": {
    "url": "https://intra.example.org/liveconfig/autodeploy.php"
  }
}

                

The called URL must respond with a single JSON object with Content-Type application/json. The returned data then is merged with autodeploy.json.

The corresponding server can be identified by the clients’ IP address (e.g. PHP: $_SERVER['REMOTE_ADDR']) and so can be configured individually (particularly license code and initialization password).