1.3. Installation of FRED¶
This section of documentation explains required steps that need to be done to install software required for the operation of FRED registry.
Please be advised that the current version of FRED(2026.1) is only supported by Debian 12. If you need to use a different system, you can build FRED daemons manually using the source code available here https://gitlab.nic.cz/fred/.
1.3.1. Multinode setup¶
This installation will guide you through installing FRED in a multinode setup (separate individual applications logically from each other). This method is recommended by us. It is possible to divide individual applications onto machines according to your preferences.
For a test installation and to try out FRED, you can install everything on a single virtual machine with Debian 12, or try the demo image we have published at https://fred-demo.nic.cz/.
1.3.2. VMs preparation¶
To install FRED, prepare the following machines, ideally KVMs:
Node |
Specs(minimum recommended for production use) |
OS |
Description |
|---|---|---|---|
|
4vCPU, 16GB RAM, 250GB SSD STORAGE |
Up to you |
Postgresql 17 database. |
|
8vCPU, 16GB RAM, 100GB SSD STORAGE |
Debian 12 |
Core FRED registry backend. |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Debian 12 |
Registrar interface. |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Up to you |
Docker server used for administration(FERDA). |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Debian 12 |
Docker server used for web apps(WebWHOIS, RDAP…), also used for UNIX whois. |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Debian 12 |
Postgresql 17 database. |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Up to you |
Postgresql 17 database. |
|
4vCPU, 8GB RAM, 50GB SSD STORAGE |
Debian 12 |
Postgresql 17 database. |
For testing purposes, it is not necessary to have the same hardware resources as described above; for each domain registry, the hardware specifications should be modified according to the possibilities and expected traffic.
1.3.3. Nodes installation¶
1.3.3.1. DB node¶
# OS is up to you, postgresql 17 is required
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Install postgresql 17
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee /etc/apt/sources.list.d/pgdg.list
apt update
apt -y install postgresql-17 postgresql-client-17
# Set psql timezone to UTC, set correct listen addresses and setup pg_hba correctly
sed -i~ -e "s/^#\?\s*timezone\s*=.*/timezone = 'UTC'/" /etc/postgresql/17/main/postgresql.conf
sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/" /etc/postgresql/17/main/postgresql.conf
systemctl restart postgresql
# Initialize fred and fredlog database
mkdir -p /var/lib/postgresql/17/fred
cp -r files/db-config/* /var/lib/postgresql/17/fred/
sudo -u postgres psql -c "CREATE USER fred WITH ENCRYPTED PASSWORD '<strong-password>';"
sudo -u postgres psql -c "CREATE USER logd WITH ENCRYPTED PASSWORD '<strong-password>';"
sudo -u postgres psql -c 'CREATE DATABASE fred;'
sudo -u postgres psql -c 'CREATE DATABASE fredlog;'
sudo -u postgres psql -c 'ALTER DATABASE fred OWNER TO fred;'
sudo -u postgres psql -c 'ALTER DATABASE fredlog OWNER TO logd;'
sudo -u postgres psql -c 'GRANT ALL PRIVILEGES ON DATABASE fred TO fred;'
sudo -u postgres psql -c 'GRANT ALL PRIVILEGES ON DATABASE fredlog TO logd;'
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U fred -d fred -f 17/fred/structure.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U fred -d fred -f 17/fred/fred_db.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U logd -d fredlog -f 17/fred/structure.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U logd -d fredlog -f 17/fred/logdb_db.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U logd -d fredlog -f 17/fred/fix-seq.sql"
# Initialize cdnskey_processor database
sudo -u postgres psql -c "CREATE USER cdnskey_processor WITH ENCRYPTED PASSWORD '<strong-password>';"
sudo -u postgres psql -c 'CREATE DATABASE cdnskey_processor;'
sudo -u postgres psql -c 'ALTER DATABASE cdnskey_processor OWNER TO cdnskey_processor;'
sudo -u postgres psql -c 'GRANT ALL PRIVILEGES ON DATABASE cdnskey_processor TO cdnskey_processor;'
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0001_schema.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0002_delete_cascade_scan_queue.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0003_enum_tables_to_enum_type.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0004_worker_name_not_null_constraint.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0005_scan_results_indexes.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0006_get_raw_scan_results.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0007_split_scan_batch_table.sql"
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -f 17/fred/cdnskey/0008_scan_result_evaluation.sql"
# Add akm-worker into the cdnskey_processor database
su - postgres -c "PGPASSWORD='<strong-password>' psql -h 127.0.0.1 -U cdnskey_processor -d cdnskey_processor -c \"INSERT INTO worker (name) VALUES ('worker-1');\""
# Dont forget to configure /etc/postgresql/17/main/pg_hba.conf with correct ip addresses
1.3.3.2. APP node¶
# OS: Debian 12
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Add cznic keyring for fred packages
mkdir -p /usr/share/keyrings/
curl https://archive.nic.cz/dists/cznic-archive-keyring.gpg >/usr/share/keyrings/cznic-archive-keyring.gpg
# Add source list for FRED
if [ ! -f /etc/apt/sources.list.d/fred.list ]; then
cat << EOT >> /etc/apt/sources.list.d/fred.list
deb [signed-by=/usr/share/keyrings/cznic-archive-keyring.gpg] http://archive.nic.cz/public $(lsb_release -sc) main
EOT
fi
# Copy FRED pin list to /etc/apt/preferences.d/fred
cp files/fred /etc/apt/preferences.d/fred
apt update
# Installation of FRED
apt -y install fred-backend-logger fred-backend-logger-corba fred-backend-registry fred-backend-notify fred-backend-public-request fred-backend-zone fred-zone-generator fred-backend-dbreport fred-rifd fred-pifd fred-adifd fred-akm-ng fred-accifd libapache2-mod-eppd python3-fred-epplib fred-eppic
# Remove installation files created by packages, and use example confs from demo repository - it is expected that you will change these configurations according to your needs
rm -rf /etc/fred/*
cp -r files/configs/* /etc/fred/
cp files/configs/eppic.conf /etc/eppic/eppic.conf
rm /etc/fred/eppic.conf
# Initial FRED registry setup - create system registrar, your initial registrar, add EPP access, create zone etc..
# More usage can be found in manual page of fred-admin
# You can name the system registrar as you want - but then dont forget to change it in FRED configurations in /etc/fred/
# REG-SYSTEM is the default one
/usr/sbin/fred-admin --registrar_add --handle=REG-SYSTEM --reg_name=REG-SYSTEM --organization=SYSTEM --street1=SYSTEM --city=SYSTEM --email=SYSTEM --url=SYSTEM --country=CZ --dic=12345 --no_vat --system
# Create your registrar that will be used to register domains, contacts, nssets etc..
fred-admin --registrar_add --handle "REG-YOUR_HANDLE" --country "EXAMPLE COUNTRY CODE(2)" --ico "123456789" --reg_name "REG-NAME" --organization "Your org" --street1 "Your street" --city "Your city" --postalcode "00000" --telephone "+000.123456789" --email "someemail@something.com" --url "https://webpage.com" --dic "DEMO12345678" --system
# Add EPP access to your registrar
# Please change the certificate used to your own generated certificate(authority used to generate the certificate needs to be configured on EPP node - as shown below)
# Also the password should be something strong - max. 16 chars
# Fingerprint of certificate can be obtained via `openssl x509 -noout -fingerprint -md5 -in /path/to/cert.crt`
fred-admin --registrar_acl_add --handle REG-YOUR_HANDLE --certificate "Certificate MD5 fingerprint" --password <strong-password>
# Create zone you want to manage using FRED
fred-admin --zone_add --zone_fqdn=<zone> --hostmaster hostmaster@domain.something \
--ns_fqdn some.ns.test.something
fred-admin --zone_ns_add --zone_fqdn=<zone> --ns_fqdn=other.ns.test.something
# Ensure the log files are created
touch /var/log/fred-zone-services.log
chown fred /var/log/fred-zone-services.log
# Restart all of the Fred daemons
systemctl restart 'fred-*'
# Mask services not included in public release(they are not usable)
systemctl mask fred-auction-warehouse
systemctl mask fred-dbreport-services
rm /lib/systemd/system/fred-auction-warehouse.service
systemctl reset-failed
# If any of the services are failing to start, you can debug them using manual run, for example if you want to debug why `fred-backend-logger.service` is not starting use: `sudo -u fred fred-logger-services --config /etc/fred/fred-logger-services.conf` - it will show you what's wrong
1.3.3.3. EPP node¶
# OS: Debian 12
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Add cznic keyring for fred packages
mkdir -p /usr/share/keyrings/
curl https://archive.nic.cz/dists/cznic-archive-keyring.gpg >/usr/share/keyrings/cznic-archive-keyring.gpg
# Add source list for FRED
if [ ! -f /etc/apt/sources.list.d/fred.list ]; then
cat << EOT >> /etc/apt/sources.list.d/fred.list
deb [signed-by=/usr/share/keyrings/cznic-archive-keyring.gpg] http://archive.nic.cz/public $(lsb_release -sc) main
EOT
fi
# Copy FRED pin list to /etc/apt/preferences.d/fred
cp files/fred /etc/apt/preferences.d/fred
apt update
# Installation of FRED packages
apt -y install apache2 libapache2-mod-corba libapache2-mod-eppd python3-fred-epplib
# Enable apache2 modules required by EPP
a2enmod corba eppd ssl
# Enable eppd site in apache
a2ensite 02-fred-mod-eppd-apache
# Change logger configuration to point to correct name
sed -i 's/\(CorbaObject[[:space:]]*\)"Logger"\([[:space:]]*"Logger_alias"\)/\1"LoggerNew"\2/' /etc/apache2/sites-enabled/02-fred-mod-eppd-apache.conf
# Do not forget to edit configuration to suit your needs (/etc/apache2/sites-enabled/), then you can restart
# In this configuration you can specify certification authority that is used to authenticate registrars via EPP
systemctl restart apache2
# After installation you should be able to see apache2 listening on port 700, and you should be able to connect via fred-eppic to this node
1.3.3.4. ADMIN node¶
# OS: Up to you - this is a docker server
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo nginx-full
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Docker installation
sudo mkdir -m 0755 -p /etc/apt/keyrings
# Add docker gpg key
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add docker repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install required docker packages
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Install and configure nginx
# Also consider using LE certificate or your own self-signed TLS cert to secure the webpage
apt install -y nginx-full
rm /etc/nginx/sites-enabled/default
# In this file `ferda` change the server name and certificates used
cp -r /tmp/files/docker-apps/nginx-demo/ferda /etc/nginx/sites-available/
ln -sf /etc/nginx/sites-available/ferda /etc/nginx/sites-enabled/ferda
systemctl restart nginx
# Create directory, where docker apps will store its configurations
mkdir -p /var/docker-apps
# Prepare Ferda app directory
cp -r /tmp/files/docker-apps/ferda /var/docker-apps/
# Move into Ferda directory
cd /var/docker-apps/ferda/
# There you should edit .env file without your configuration - that means correct addresses of registry services, address of database node for ferda etc...
# After you configure these options you can run ferda containers
docker compose up -d
# You should be able to see ferda containers in the output of `docker ps`, if so run migrations, and create superuser
docker compose run --rm ferda_uwsgi django-admin migrate
docker compose run -e DJANGO_SUPERUSER_USERNAME=<admin_username> -e DJANGO_SUPERUSER_EMAIL=<your-email-address> -e DJANGO_SUPERUSER_PASSWORD=<strong-password> --rm ferda_uwsgi django-admin createsuperuser --noinput
# After that you can login at your Ferda domain as a created superuser
1.3.3.5. WEB node¶
# OS: Debian 12 - altough it is a docker server, Debian 12 is needed for UNIX whois
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo whois
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Install UNIX WHOIS
## Add cznic keyring for fred packages
mkdir -p /usr/share/keyrings/
curl https://archive.nic.cz/dists/cznic-archive-keyring.gpg >/usr/share/keyrings/cznic-archive-keyring.gpg
## Add source list for FRED
if [ ! -f /etc/apt/sources.list.d/fred.list ]; then
cat << EOT >> /etc/apt/sources.list.d/fred.list
deb [signed-by=/usr/share/keyrings/cznic-archive-keyring.gpg] http://archive.nic.cz/public $(lsb_release -sc) main
EOT
fi
## Copy FRED pin list to /etc/apt/preferences.d/fred
cp files/fred /etc/apt/preferences.d/fred
apt update
## Installation of FRED packages
apt -y install apache2 libapache2-mod-corba libapache2-mod-whoisd
## Enable apache2 modules required by EPP
a2enmod corba whoisd ssl
## Enable eppd site in apache
a2ensite 02-fred-mod-whoisd-apache
# Change logger configuration to point to correct name
sed -i 's/\(CorbaObject[[:space:]]*\)"Logger"\([[:space:]]*"Logger_alias"\)/\1"LoggerNew"\2/' /etc/apache2/sites-enabled/02-fred-mod-whoisd-apache.conf
## Do not forget to edit configuration to suit your needs (/etc/apache2/sites-enabled/), then you can restart
## In this configuration you can specify certification authority that is used to authenticate registrars via EPP
systemctl restart apache2
## After the installation you should be able to see apache2 listening on port 53, and you should be able to ask for domain using `whois` command
# Install other "public" docker apps - RDAP, WebWHOIS
## Docker installation
sudo mkdir -m 0755 -p /etc/apt/keyrings
## Add docker gpg key
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
## Add docker repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
## Install required docker packages
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
## Install and configure nginx
## Also consider using LE certificate or your own self-signed TLS cert to secure the webpage
apt install -y nginx-full
rm /etc/nginx/sites-enabled/default
## In these files `webwhois` and `rdap` change the server name and certificates used
cp -r /tmp/files/docker-apps/nginx-demo/webwhois /etc/nginx/sites-available/
cp -r /tmp/files/docker-apps/nginx-demo/rdap /etc/nginx/sites-available/
ln -sf /etc/nginx/sites-available/webwhois /etc/nginx/sites-enabled/webwhois
ln -sf /etc/nginx/sites-available/rdap /etc/nginx/sites-enabled/rdap
systemctl restart nginx
## Create directory, where docker apps will store its configurations
mkdir -p /var/docker-apps
## Prepare apps config directories
cp -r /tmp/files/docker-apps/ferda /var/docker-apps/
## Configure and start the apps
## Edit network locations to match your FRED configuration
vim /var/docker-apps/webwhois/.env
vim /var/docker-apps/rdap/.env
## After you configure these options you can run both apps
cd /var/docker-apps/webwhois/ && docker compose up -d
cd /var/docker-apps/rdap/ && docker compose up -d
## You should be able to see rdap and webwhois containers in the output of `docker ps`
## After that you can check both websites using your browser
1.3.3.6. HM node¶
# OS: Debian 12
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Add cznic keyring for fred packages
mkdir -p /usr/share/keyrings/
curl https://archive.nic.cz/dists/cznic-archive-keyring.gpg >/usr/share/keyrings/cznic-archive-keyring.gpg
# Add source list for FRED
if [ ! -f /etc/apt/sources.list.d/fred.list ]; then
cat << EOT >> /etc/apt/sources.list.d/fred.list
deb [signed-by=/usr/share/keyrings/cznic-archive-keyring.gpg] http://archive.nic.cz/public $(lsb_release -sc) main
EOT
fi
# Copy FRED pin list to /etc/apt/preferences.d/fred
cp files/fred /etc/apt/preferences.d/fred
apt update
# Installation of FRED packages
apt -y install fred-zone-generator
# Remove installation files created by packages, and use example confs from demo repository - it is expected that you will change these configurations according to your needs
rm -rf /etc/fred/*
cp -r files/configs/fred-zone-generator.conf /etc/fred/
# Configure zone-generator to match your FRED configuration
vim /etc/fred/fred-zone-generator.conf
# After the installation and configuration you should be able to generate zone via fred-zone-generator command
1.3.3.7. BACKEND node¶
# OS: Up to you - this is a docker server
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo nginx-full
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Docker installation
sudo mkdir -m 0755 -p /etc/apt/keyrings
# Add docker gpg key
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add docker repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install required docker packages
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Install and configure nginx
# Also consider using LE certificate or your own self-signed TLS cert to secure the webpage
apt install -y nginx-full
rm /etc/nginx/sites-enabled/default
# In this file `secretary` change the server name and certificates used
cp -r /tmp/files/docker-apps/nginx-demo/secretary /etc/nginx/sites-available/
ln -sf /etc/nginx/sites-available/secretary /etc/nginx/sites-enabled/secretary
systemctl restart nginx
# Create directory, where docker apps will store its configurations
mkdir -p /var/docker-apps
# Prepare docker app directories
cp -r /tmp/files/docker-apps/secretary /var/docker-apps/
cp -r /tmp/files/docker-apps/messenger /var/docker-apps/
cp -r /tmp/files/docker-apps/fileman /var/docker-apps/
# Move into secretary directory
# There you should edit .env file with your configuration - DB connection, secret token..
# And the same goes for the other docker apps - configure them to match your FRED installation
vim /var/docker-apps/secretary/.env
vim /var/docker-apps/messenger/.env
vim /var/docker-apps/fileman/.env
# Create volume for secretary files
docker volume create secretary_media
# Create also volume for fileman
mkdir -p /var/lib/fileman
docker volume create --driver local --opt type=none --opt device=/var/lib/fileman --opt o=bind fileman_files
# Create fileman user - needed to correctly mount fileman_files volume - GID and UID can be changed - but dont forget to change it in fileman docker compose too
sudo groupadd -g 30002 fileman
sudo useradd -u 30002 -g 30002 -M -s /usr/sbin/nologin fileman
chown -R 30002:30002 /var/lib/fileman
# Create secretary user - needed to correctly mount secretary_media volume - GID and UID can be changed - but dont forget to change it in secretary docker compose too
sudo groupadd -g 30001 secretary
sudo useradd -u 30001 -g 30001 -M -s /usr/sbin/nologin secretary
chown -R 30001:30001 /var/lib/docker/volumes/secretary_media/
# After you configure these options you can run all of the docker apps
cd /var/docker-apps/secretary/ && docker compose up -d
cd /var/docker-apps/messenger/ && docker compose up -d
cd /var/docker-apps/fileman/ && docker compose up -d
# You should be able to see secretary, messenger and fileman containers in the output of `docker ps`
# If you see secretary running - create superuser and load templates
mv /tmp/files/secretary-templates /tmp/
cd /var/docker-apps/secretary
docker compose run --rm -v /tmp/secretary-templates:/app/secretary-templates:ro -w /app/secretary-templates secretary_uwsgi python3 load_templates.py fred-migration.yml
docker compose run --rm -v /tmp/secretary-templates:/app/secretary-templates:ro -w /app/secretary-templates secretary_uwsgi python3 load_templates.py fred-templates.yml
docker compose run --rm -v /tmp/secretary-templates:/app/secretary-templates:ro -w /app/secretary-templates secretary_uwsgi python3 load_templates.py pdf-templates.yml
docker compose run -e DJANGO_SUPERUSER_USERNAME=<admin-user> -e DJANGO_SUPERUSER_EMAIL=<your-email> -e DJANGO_SUPERUSER_PASSWORD=<strong-password> --rm secretary_uwsgi django-admin createsuperuser --noinput
# For messenger - create master trigger file
mkdir -p /etc/master
touch /etc/master/messenger-sender
# After that you can browse secretary in your browser - templates or /admin for admin interface
# Also messenger and fileman container should be visible as up and running in the output of `docker ps`
1.3.3.8. AKM node¶
# OS: Debian 12
apt update
apt install -y ca-certificates curl gnupg lsb-release git sudo
# Clone repo with configurations(.sql structures of databases)
cd /tmp/
git clone https://gitlab.nic.cz/fred/demo-install.git
# Move conf files to /tmp
mv demo-install/files /tmp/
# Add cznic keyring for fred packages
mkdir -p /usr/share/keyrings/
curl https://archive.nic.cz/dists/cznic-archive-keyring.gpg >/usr/share/keyrings/cznic-archive-keyring.gpg
# Add keyring for rabbitmq
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
# Add source list for rabbitmq
if [ ! -f /etc/apt/sources.list.d/rabbitmq.list ]; then
sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
deb [arch=amd64 signed-by=/usr/share/keyrings/com.rabbitmq.team.gpg] https://deb1.rabbitmq.com/rabbitmq-erlang/debian/bookworm bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/com.rabbitmq.team.gpg] https://deb2.rabbitmq.com/rabbitmq-erlang/debian/bookworm bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/com.rabbitmq.team.gpg] https://deb1.rabbitmq.com/rabbitmq-server/debian/bookworm bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/com.rabbitmq.team.gpg] https://deb2.rabbitmq.com/rabbitmq-server/debian/bookworm bookworm main
EOF
fi
# Add source list for FRED
if [ ! -f /etc/apt/sources.list.d/fred.list ]; then
cat << EOT >> /etc/apt/sources.list.d/fred.list
deb [signed-by=/usr/share/keyrings/cznic-archive-keyring.gpg] http://archive.nic.cz/public $(lsb_release -sc) main
EOT
fi
# Copy FRED pin list to /etc/apt/preferences.d/fred
cp files/fred /etc/apt/preferences.d/fred
apt update
# Installation of FRED
apt -y install cdnskey-scanner cdnskey-processor-common cdnskey-processor-master cdnskey-processor-api cdnskey-processor-worker
## Install Erlang packages
sudo apt-get install -y erlang-base \
erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
erlang-runtime-tools erlang-snmp erlang-ssl \
erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
## Install rabbitmq-server and its dependencies
sudo apt-get install rabbitmq-server -y --fix-missing
# Create vhost in rabbitmq for cdnskey-processor
# vhost
rabbitmqctl add_vhost cdnskey-processor
# api
rabbitmqctl add_user api 'password'
rabbitmqctl set_permissions -p cdnskey-processor api "^queue_results$" "^(exchange_response|queue_results)$" "^queue_results$"
# worker
rabbitmqctl add_user worker 'password'
rabbitmqctl set_permissions -p cdnskey-processor worker "^(queue_(insecure|diag)_[-\\w]+)$" "^(queue_diag|queue_secure|queue_insecure_[-\\w]+|exchange_insecure_fanout)$" "^(exchange_diag|exchange_response|exchange_insecure_fanout|queue_secure|queue_(insecure|diag)_[-\\w]+)$"
# admin
rabbitmqctl add_user admin 'password'
rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
rabbitmqctl set_user_tags admin administrator
# Copy rabbitmq configs
cp -r files/rabbitmq-config/* /etc/rabbitmq/
# Restart rabbitmq
systemctl restart rabbitmq-server
# Configure these services to match your FRED configuration, then restart them
# Restart cdnskey_processor services
systemctl restart cdnskey-processor-api.service
systemctl restart cdnskey-processor-worker.service
systemctl restart cdnskey-processor-producer.service
systemctl restart cdnskey-processor-consumer.service
After completing all of the above steps, you should have FRED running. If you encounter any problems, please do not hesitate to contact us.
