CONFIGURATION
Basic configuration update
To update basic configuration (server name, database connection, languages, or set workers number or timeout), run:
sudo dpkg-reconfigure geotrek-admin
The basic configuration is stored in /opt/geotrek-admin/var/conf/env file, not to be changed manually.
This file also contains the PostgreSQL authentification details, if you need to access your Geotrek-admin database.
NGINX configuration
NGINX configuration is controlled by Geotrek-admin and will be erased at each upgrade.
Do not modify /etc/nginx/sites-available/geotrek.conf or /etc/nginx/sites-enable/geotrek.conf.
Modify /opt/geotrek-admin/var/conf/nginx.conf.in instead. To update nginx.conf, then run:
sudo dpkg-reconfigure geotrek-admin
Activate SSL / HTTPS
To activate https, you need firstly to change custom.py and add :
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
After this, edit nginx.conf.in to add your certificate.
If you generate it with letsencrypt : You can use certbot to add the certificate in your configuration. But you will have to move the configuration automatically added into nginx.conf, to the file nginx.conf.in in /opt/geotrek-admin/var/conf/ directory
You have to move the configuration to the file nginx.conf.in because nginx.conf is automatically changed during command dpkg-reconfigure geotrek-admin.
Users management
Geotrek-admin relies on Django authentication and permissions system. Users belong to groups. Permissions can be assigned at user or group-level.
The whole configuration of user, groups and permissions is available in the AdminSite, if you did not enable External authent (see below).
By default four groups are created:
Readers
Path managers
Trek managers
Editor
Once the application is installed, it is possible to modify the default permissions of these existing groups, create new ones etc…
If you want to allow the users to access the AdminSite, give them the staff status using the dedicated checkbox.
Database users
It is not safe to use the geotrek user in QGIS, or to give its password to
many collaborators.
A wise approach, is to create a read-only user, or with specific permissions.
With pgAdmin, you can create database users like this:
CREATE ROLE lecteur LOGIN;
ALTER USER lecteur PASSWORD 'passfacile';
GRANT CONNECT ON DATABASE geotrekdb TO lecteur;
And give them permissions by schema :
GRANT USAGE ON SCHEMA public TO lecteur;
GRANT USAGE ON SCHEMA geotrek TO lecteur;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO lecteur;
GRANT SELECT ON ALL TABLES IN SCHEMA geotrek TO lecteur;
You can also create groups, etc. See PostgreSQL documentation.