strongTNC Policy Manager¶
Installation and Configuration¶
strongTNC is a web application based on the Django framework which itself makes use of the Python scripting language. At least Django 1.6 and Python 2.6.5 are required. For the following installation and configuration steps we assume an Ubuntu Linux platform but the procedure on other Linux distributions is quite similar.
Install strongTNC¶
The strongTNC project is hosted on GitHub. The latest release can be installed as follows
wget https://github.com/strongswan/strongTNC/archive/master.zip unzip master.zip sudo mv strongTNC-master /var/www/tnc sudo chown -R www-data:www-data /var/www/tnc
Install Python/Django¶
If not present yet, install the following Ubuntu packages
sudo apt-get install python-pip python-dev libxml2-dev libxslt1-dev
In the /var/www/tnc directory execute the command
sudo pip install -r requirements.txt
which updates the Django version if necessary and installs various Python modules.
Configure strongTNC¶
Copy config/settings.sample.ini to /etc/strongTNC/settings.ini and adapt the settings to your preferences.
[debug] DEBUG=0 TEMPLATE_DEBUG=0 DEBUG_TOOLBAR=0 [db] DJANGO_DB_URL=sqlite:////var/www/tnc/django.db STRONGTNC_DB_URL = sqlite:////etc/pts/config.db [localization] LANGUAGE_CODE=en-us TIME_ZONE=Europe/Zurich [admins] Your Name: jane.doe@strongswan.org Another Admin: joe.doe@strongswan.org [security] SECRET_KEY=<secret key>
Newer strongTNC versions do not come with a default django.db database where the login passwords are stored. If the database is missing create /var/www/tnc/django.db with the following command
sudo python /var/www/tnc/manage.py migrate --database meta
Next set the strongTNC access password to "demo" in our example:
sudo python /var/www/tnc/manage.py setpassword --> Please enter a new password for admin-user: <admin-user password> --> Granting write_access permission. Looking for readonly-user in database... --> Please enter a new password for readonly-user: <readonly-user password> Passwords updated succesfully!
In order to get a correct display of the strongTNC web pages you have to execute the following command
sudo python /var/www/tnc/manage.py collectstatic
Install Apache Web Server¶
An Apache web server equipped with a Web Server Gateway Interface (WSGI) module is installed on Ubuntu by the single command
sudo apt-get install apache2 libapache2-mod-wsgi
Configure strongTNC Virtual Web Server¶
In the /etc/apache2/sites-available directory create the following configuration file and name it e.g. tnc:
WSGIPythonPath /var/www/tnc
<VirtualHost *:80>
ServerName tnc.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/tnc
<Directory /var/www/tnc/config>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
WSGIScriptAlias / /var/www/tnc/config/wsgi.py
WSGIPassAuthorization On
ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
</VirtualHost>
Initialize PTS Database¶
I you haven't done so yet during the strongSwan TNC server installation, initialize the PTS SQLite database and give group "www-data" write permission:
sudo mkdir /etc/pts cd /usr/share/strongswan/templates/database/imv/ sudo cat tables.sql data.sql | sqlite3 /etc/pts/config.db sudo chgrp www-data /etc/pts /etc/pts/config.db sudo chmod g+w /etc/pts /etc/pts/config.db
Start strongTNC Virtual Web Server¶
Now enable the virtual web server in the /etc/apache2/sites-enabled directory and start it:
cd /etc/apache2/sites-enabled sudo ln -s ../sites-available/tnc tnc sudo service apache2 restart
Login¶
Enter the strongTNC access password which is "demo" in our example.
Overview¶
Consult the overview page for further instructions.
