diff --git a/README.md b/README.md index 6b22048..b9d05b4 100644 --- a/README.md +++ b/README.md @@ -1,120 +1,23 @@ # eduroam-freeradius -### Commands for installing FreeRadius on CentOS 8: - -## Install FreeRadius -sudo dnf install -y @freeradius freeradius-utils freeradius-mysql - -## Enable and start radiusd service: -sudo systemctl enable --now radiusd.service - -## Add firewall rule for Radius in Firewalld: -sudo firewall-cmd --add-service=radius --permanent &&\ - sudo firewall-cmd --reload - - - -## Install MariaDB: -sudo dnf module install mariadb - -## Enable and start MariaDB: -sudo systemctl enable --now mariadb.service - -## Securely configure MariaDB: -sudo mysql_secure_installation - - - -## Create SQL database in MariaDB for Radius: -mysql -u root -p - -MariaDB [(none)]> CREATE DATABASE radius; -Query OK, 1 row affected (0.000 sec) - -MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "SuperStrongPassword"; -Query OK, 0 rows affected (0.000 sec) - -MariaDB [(none)]> FLUSH PRIVILEGES; -Query OK, 0 rows affected (0.000 sec) - -MariaDB [(none)]> quit; -Bye - - -## Initialize database for Radius (as root): -sudo su - -mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql - -## Exit root shell: -exit - -## Enable MySQL mod for Radius: -sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/ - -## Edit the SQL config file to point to MySQL database: -sudo vim /etc/raddb/mods-available/sql - -## Uncomment or add and configure the following parts of the SQL config file undert the 'sql {' section: - driver = "rlm_sql_mysql" - dialect = "mysql" - # Connection info: - # - server = "localhost" - port = 3306 - login = "radius" - password = "SuperStrongPassword" - -## Change group ownership of SQL config file and restart Radius: -sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql &&\ - sudo systemctl restart radiusd - -## Install Apache + PHP for Daloradius web interface: -sudo dnf -y install @httpd @php -sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear} -sudo pear install MDB2 DB - -## Start and enable Apache and php-fpm: -sudo systemctl enable --now httpd.service php-fpm.service - -## Configure Firewalld for Apache: -sudo firewall-cmd --add-service={http,https} --permanent -sudo firewall-cmd --reload - -## Download Daloradius (as root): -sudo su - -curl -L -O 'https://github.com/lirantal/daloradius/archive/master.zip' &&\ - unzip master.zip &&\ - rm master.zip &&\ - mv daloradius-master/ /opt/daloradius - -## Import Daloradius database tables (as root): -mysql -u root -p radius < /opt/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql -mysql -u root -p radius < /opt/daloradius/contrib/db/mysql-daloradius.sql - -## Exit root shell: -exit - -## Remove default Apache web root and replace with Daloradius, fixing permissions as well: -sudo rm -rf /var/www/html &&\ - sudo cp -r /opt/daloradius /var/www/html &&\ - sudo chown -R apache:apache /var/www/html/ - -## Edit Daloradius' config file: -sudo vim /var/www/html/library/daloradius.conf.php - -## Specifically, the following values should be edited: - $configValues['CONFIG_DB_USER'] = 'radius'; - $configValues['CONFIG_DB_PASS'] = 'SuperStrongPassword'; - $configValues['CONFIG_DB_NAME'] = 'radius'; - -## Restart Apache and Radius: -sudo systemctl restart radiusd.service httpd.service - -## Configure SELinux to allow Apache to access Daloradius web root: -sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?" -sudo restorecon -Rv /var/www/html/ - - -## Daloradius should now be accessible on port 80 (http) of the host. Default creds are: -username: administrator -password: radius +### How to deploy the eduroam FreeRadius docker container on a docker-enabled host: + +## Run the container directly: + docker run -d -p 443:443 -p 1812:1812/udp -p 1813:1813/udp tier/eduroam-freeradius:3.0-20200221 + +## Below are settings for thhe container and their default values, wihchh can be overridden at run-time: + DB_LOCATION=local + DB_DRIVER=rlm_sql_mysql + DB_DIALECT=mysql + DB_HOST=localhost + DB_PORT=3306 + DB_ROOT_PWD=SuperStrongPassword + DB_USER=radius + DB_USER_PWD=SuperStrongPassword + DB_NAME=radius + ENV=dev + USERTOKEN=nothing + +## The Daloradius UI should now be accessible on port 443 (https) of the host (with a self-signed cert). Default creds are: + username: administrator + password: radius diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml index 28e58f3..aa74b60 100644 --- a/test-compose/docker-compose.yml +++ b/test-compose/docker-compose.yml @@ -3,8 +3,7 @@ version: "3.3" services: radius: - image: - - "tier/eduroam-radius:3.0-20200222 + image: "tier/eduroam-freeradius:3.0-20200221" ports: - "1812:1812/udp" - "1813:1813/udp"