brianr/StandalonePasswordChange
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
StandalonePasswordChange/python-flask/smeserver-password-app/DEPLOYMENT.md

5.2 KiB
Raw Permalink Blame History

SME Server Password Change Application - Deployment Guide

Overview

This Python Flask application provides a web interface for changing user passwords on SME Server systems. It interfaces with the smeserver configuration database and uses signal-event password-update to properly apply password changes.

Features

  • Web interface matching the original SME Server design
  • Integration with SME Server configuration database
  • Password strength validation
  • Current password verification
  • Uses signal-event password-update for proper password updates
  • Responsive design for mobile and desktop
  • Error handling and security measures
  • Demo mode for testing

System Requirements

  • SME Server 10 or 11
  • Python 3.6 or higher
  • Flask and Flask-CORS Python packages
  • Root access for installation

Installation Methods

Method 1: Automated Installation (Recommended)

  1. Copy the entire application directory to your SME Server
  2. Run the installation script as root: 
    sudo ./install.sh
  3. The script will:
    • Install Python dependencies
    • Create a systemd service
    • Start the application automatically
    • Configure it to start on boot

Method 2: Manual Installation

  1. Install Python dependencies:

    pip3 install Flask==2.3.3 Flask-CORS==4.0.0

  2. Copy application files to /opt/smeserver-password-app/

  3. Create systemd service file at /etc/systemd/system/smeserver-password-web.service:

    [Unit]
Description=SME Server Password Change Web Application
After=network.target

[Service]
Type=simple
User=root
WorkingDirectory=/opt/smeserver-password-app
Environment=FLASK_ENV=production
ExecStart=/usr/bin/python3 /opt/smeserver-password-app/app.py
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

  4. Enable and start the service:

    systemctl daemon-reload
systemctl enable smeserver-password-web
systemctl start smeserver-password-web

Configuration

Port Configuration

By default, the application runs on port 5000. To change the port:

  1. Edit app.py and modify the port in the last line
  2. Restart the service: systemctl restart smeserver-password-web

Security Configuration

  • The application runs as root to access SME Server system commands
  • Change the secret key in production by setting the SECRET_KEY environment variable
  • Consider using a reverse proxy (nginx/apache) for SSL termination

Firewall Configuration

Open the application port in the SME Server firewall:

# For port 5000
db configuration setprop httpd-admin TCPPort 5000
signal-event remoteaccess-update

Usage

Accessing the Application

  • Open a web browser and navigate to: http://your-server-ip:5000
  • Fill in the form with:
    • Your account username
    • Current password
    • New password (twice for verification)
  • Click "Change Password"

Password Requirements

  • Minimum 7 characters
  • Maximum 127 characters
  • Must contain at least one letter and one number
  • Cannot contain certain special characters (: ; | & ! \ " ')

Testing

Demo Mode

For testing without SME Server tools, use the demo mode:

python3 demo_mode.py

Demo users available:

  • Username: testuser, Password: oldpassword123
  • Username: admin, Password: adminpass456
  • Username: john, Password: johnpass789

Production Testing

  1. Verify the service is running: systemctl status smeserver-password-web
  2. Check logs: journalctl -u smeserver-password-web -f
  3. Test with a non-critical user account first

Troubleshooting

Service Won't Start

  • Check logs: journalctl -u smeserver-password-web
  • Verify Python dependencies are installed
  • Ensure port is not in use by another service

Password Changes Fail

  • Verify the user account exists in the SME Server accounts database
  • Check that signal-event command is available
  • Ensure the application has root privileges

Permission Errors

  • The application must run as root to access system commands
  • Verify file permissions in the application directory

Security Considerations

  • This application requires root privileges to function properly
  • Use HTTPS in production environments
  • Consider implementing rate limiting for password change attempts
  • Monitor logs for suspicious activity
  • Keep the application updated

File Structure

smeserver-password-app/
├── app.py                    # Main Flask application
├── smeserver_utils.py        # SME Server integration utilities
├── demo_mode.py             # Demo version for testing
├── requirements.txt         # Python dependencies
├── install.sh              # Automated installation script
├── templates/
│   └── password_change.html # Web interface template
├── static/
│   └── css/
│       └── style.css       # Styling to match SME Server design
├── README.md               # Project documentation
└── DEPLOYMENT.md          # This deployment guide

Support

For issues or questions:

  1. Check the application logs
  2. Verify SME Server system status
  3. Test with demo mode to isolate issues
  4. Review the source code for customization needs