CONFIGURATION

Basic configuration update

To update basic configuration (server name, database connection, languages, or set workers number or timeout), run:

sudo dpkg-reconfigure geotrek-admin

The basic configuration is stored in /opt/geotrek-admin/var/conf/env file, not to be changed manually. This file also contains the PostgreSQL authentification details, if you need to access your Geotrek-admin database.

NGINX configuration

NGINX configuration is controlled by Geotrek-admin and will be erased at each upgrade. Do not modify /etc/nginx/sites-available/geotrek.conf or /etc/nginx/sites-enable/geotrek.conf. Modify /opt/geotrek-admin/var/conf/nginx.conf.in instead. To update nginx.conf, then run:

sudo dpkg-reconfigure geotrek-admin

Activate SSL / HTTPS

To activate https, you need firstly to change custom.py and add :

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

After this, edit nginx.conf.in to add your certificate.

If you generate it with letsencrypt : You can use certbot to add the certificate in your configuration. But you will have to move the configuration automatically added into nginx.conf, to the file nginx.conf.in in /opt/geotrek-admin/var/conf/ directory

You have to move the configuration to the file nginx.conf.in because nginx.conf is automatically changed during command dpkg-reconfigure geotrek-admin.

Users management

Geotrek-admin relies on Django authentication and permissions system. Users belong to groups. Permissions can be assigned at user or group-level.

The whole configuration of user, groups and permissions is available in the AdminSite, if you did not enable External authent (see below).

By default four groups are created:

  • Readers
  • Path managers
  • Trek managers
  • Editor

Once the application is installed, it is possible to modify the default permissions of these existing groups, create new ones etc…

If you want to allow the users to access the AdminSite, give them the staff status using the dedicated checkbox.

Database users

It is not safe to use the geotrek user in QGIS, or to give its password to many collaborators.

A wise approach, is to create a read-only user, or with specific permissions.

With pgAdmin, you can create database users like this:

CREATE ROLE lecteur LOGIN;
ALTER USER lecteur PASSWORD 'passfacile';
GRANT CONNECT ON DATABASE geotrekdb TO lecteur;

And give them permissions by schema :

GRANT USAGE ON SCHEMA public TO lecteur;
GRANT USAGE ON SCHEMA geotrek TO lecteur;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO lecteur;
GRANT SELECT ON ALL TABLES IN SCHEMA geotrek TO lecteur;

You can also create groups, etc. See PostgreSQL documentation.

Advanced Configuration

See advanced configuration