Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: Jørn Åne de Jong <jornane.dejong AT surf.nl>
- To: Christian Mittring <christian.mittring AT rz.uni-augsburg.de>, geteduroam AT lists.geant.org
- Subject: Re: letswifi-portal modifications
- Date: Thu, 8 May 2025 10:03:12 +0200
On 07/05/2025 08:33, Christian Mittring wrote:
Hello,
my name is Christian, I am from the university of augsburg in germany.
We are currently panning to change our eduroam setup from eap-ttls to eap-tls and geteduroam.
To deploy user-certificates we would like to use the geteduroam Apps so we started to install the corresponding portal: https://github.com/ geteduroam/letswifi-portal.
We found some small documentation and a script to install the portal under Ubuntu: https://github.com/geteduroam/letswifi-portal/blob/main/ contrib/install/install-letswifi-portal.sh
but we would like to do some further
adjustments.
We would like to add our own sub-ca for certificate creation. (radius certificate is not from same sub-ca as used for the portal but from same root-ca)
We would like to use mysql or even better MariaDB or Postgress instead of sqlite-db.
Is there some further documentation how to do this in the correct way?
As far as I understood the code until now, some code adjustments are necessary to achieve this without modifying the DB after installation.
Can you help us to implement these changes or should we start with a fork and a pull-request at the end?
Hello Christian
Thank you for you message, great to hear you're looking into using geteduroam at your institution!
The script you found is intended to get a installation up and running quickly, but it's not the only way to install the letswifi-portal. The adjustments you mention, using your own sub-ca and using MySQL or MariaDB, those are already possible with the portal as-is. Postgress support is something we're looking into, it'll probably be supported in the future.
In order to do this, you can change the 'pdo.*' settings in letswifi.conf.php [1], set 'pdo.dsn' to something like 'mysql:dbname=testdb;host=127.0.0.1' and set the username and password in the other variables. The schema you'll find in the sql directory [2].
Regarding the CA, you can add your CA directly to the database, or use the script in bin/import-ca.php and pipe a PEM file consisting of intermediate, root and private key of the intermediate. Then you can set the intermediate in the `realm_signer` table, there is currently no programmatic way of doing this.
We are actively working on the improvements you're asking about, better documentation and a way to make these changes without accessing the database directly. If you're interested, please take a look at the code in the "beta" branch [3] and the installation documentation there [4].
In the beta version we make more use of inline-documented configuration files to make it easier to make these kind of changes, and we're working on a command-line tool for the administrator to make these changes in a controlled way.
The beta is nearly done; all user-facing components work reliably, but the command-line still has issues we're working on. Maybe you can try it out and see if it works for you?
We can also schedule a call if you like.
[1] https://github.com/geteduroam/letswifi-portal/blob/main/etc/letswifi.conf.dist.php#L12-L14
[2] https://github.com/geteduroam/letswifi-portal/blob/main/sql/letswifi.mysql.sql
[3] https://github.com/geteduroam/letswifi-portal/tree/beta
[4] https://github.com/geteduroam/letswifi-portal/blob/beta/INSTALL.md
--
Jørn Åne de Jong
geteduroam board member
-
Re: letswifi-portal modifications,
Jørn Åne de Jong, 05/08/2025
-
Re: letswifi-portal modifications,
Christian Mittring, 05/09/2025
- Re: letswifi-portal modifications, Jørn Åne de Jong, 05/09/2025
-
Re: letswifi-portal modifications,
Christian Mittring, 05/09/2025
Archive powered by MHonArc 2.6.24.