4/6/11

Setup Snowy in Maverick+ for Note Synchronization with HTTPS

This is a walk through of installing and setting up Snowy (http://live.gnome.org/Snowy) on your Lucid Lynx system for Tomboy (http://live.gnome.org/Tomboy) note synchronization. This really is me taking information from a few different areas and putting it in one spot. If you aren't using Ubuntu and still want to follow this some paths may be different and the packages will be but other than that you should be fine.



Packages to Install/Prep Work

This will install apache with wsgi and ssl support as well as the supporting libraries for Snowy. 

apt-get install python-libxslt1 python-libxml2 python-tz python-sqlite python-setuptools python-dateutil python-simplejson libapache2-mod-wsgi python-django libapache2-mod-gnutls apache2-mpm-prefork openssl python-django-openid-auth



Generating OpenSSL Authority


Quickly go through creating an authority and signing a server key.  Skip this part if you already have SSL and certificates setup.

Step 1: Setup your own CA (Certificate Authority)

openssl genrsa -des3 -out my_ca.key 2048

Generate the certificate:

openssl req -new -x509 -days 3650 -key my_ca.key -out my_ca.crt


Step 2: Make a key and a certificate for the web server:

openssl genrsa -des3 -out snowy.key 1024

openssl req -new -key snowy.key -out snowy.csr
# I skipped the challenge passowrd part
Sign the key with my CA from above i.e. udc.key

openssl x509 -req -in snowy.csr -out snowy.crt -sha1 -CA my_ca.crt -CAkey my_ca.key -CAcreateserial -days 3650

 chmod 0400 *.key

copy both the snowy.csr and the snowy.key to /etc/apache2/ssl


*Note: I keep my SSL keys in /etc/apache2/ssl it really is up to you where they are, you will need to reference them in your apache configuration.  In this walk-through I will assume all of the keys are in /etc/apache2/ssl


Installing Snowy

Check out Snowy to the location that you want your website to be in

git clone http://git.gnome.org/browse/snowy


Configure local_settings.py

cd snowy_directory
cp local_settings.py.in local_settings.py


Example configuration
------
# Local Django settings for snowy project.
DEBUG = True
TEMPLATE_DEBUG = DEBUG


DATABASE_ENGINE = 'sqlite3'    # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
# You should pick a path for the DB that is not accessible via the web.
DATABASE_NAME = 'snowy.db'  # Or path to database file if using sqlite3.


# Fill in this information from
# http://recaptcha.net/api/getkey?app=snowy
RECAPTCHA_ENABLED = False
RECAPTCHA_PUBLIC_KEY = ''
RECAPTCHA_PRIVATE_KEY = ''


EMAIL_PORT = 1025
URI_SCHEME = 'https'


# End configuration
----

Setting up the django portion


Initialize Django and create your first user.

python manage.py syncdb

At this point you can test that everything is going well by doing the following.
*You will be prompted for a username and a password, don't forget this!


python manage.py runserver

Point your browser at http://loaclhost:8000 and login with the username and password you created when you ran syncdb.

If you get any errors it is most likely due to python packages, install the module python is complaining about and refresh your browser. Rinse repeat.


You login now with openid which is great!

to modify settings and allow new users

http://server/admin


Technically you can stop but for those who want to run snowy using apache read the next section


Setup Apache host and wsgi file for Snowy

This section will walk you through setting up snowy as a Web Server Gateway Interface (WSGI) file.


Create a snowy.wsgi file

snowy.wsgi
---
import os
import sys
sys.path.append('/home/httpd/html/clevar/snowy')
sys.path.append('/home/httpd/html/clevar')

os.environ['DJANGO_SETTINGS_MODULE'] = 'snowy.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
---

Apache snowy site configuration
Create an apache configuration with SSL support:


/etc/apache2/sites-available/snowy_ssl:
      




    WSGIPassAuthorization On
    WSGIDaemonProcess snowy user=cowbud home=/home/cowbud/vendsrc/snowy
    WSGIProcessGroup snowy
    WSGIScriptAlias / /home/cowbud/vendsrc/snowy.wsgi

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/snowy.crt
    SSLCertificateKeyFile /etc/apache2/ssl/snowy.key

     
         Options -Indexes FollowSymLinks
         AllowOverride AuthConfig FileInfo
         Order allow,deny
         Allow from all
     

       Alias /media/ /usr/share/pyshared/django/contrib/admin/media/
       
                Options -Indexes FollowSymLinks
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
       

---



Enable the site you just created.

sudo a2ensite snowy_ssl

Enable the SSL module

sudo a2enmod ssl

Restart apache:

/etc/init.d/apache2 restart

You will need to enter your key password here from the cert we created up top.

That is it you should be ale to go to https://localhost and see the same page you saw when you run the Django server manually.

Once you have verified it works go to https://localhost/admin and login with your user account that you created previously

You need to set the sites variable to the site name you are going to be connecting to.

https://localhost/admin/sites/site/

Update example.com to have your hostname.

Client side setup 

once you have verified the web server is running
  1. Open up Tomboy
  2. Go to Search All Notes
  3. In that Dialog go to Edit -> Preferences, The Synchronization Tab
  4. Select Service Tomboy Web
  5. Server https://your_server
Connect

Allow access in the web browser

Save

and Sync


DONE!


Links:


------------
If you followed all of the above and this isn't working (Like you are on Natty) it is due to piston having a bug that is currently being worked on:
https://bugzilla.gnome.org/show_bug.cgi?id=638480

18 comments: