Canopy Client Portal configuration¶
This page contains instructions for configuring the Canopy Client Portal with a Canopy instance, after installation.
Canopy Portal is in beta testing at the moment. Once it is generally available, instructions will be provided on how to gain access to a license for running this additional service.
Installation on Ubuntu 16.04/18.04 or RHEL/OEL/CentOS 7¶
Install Canopy Portal
Ensure you are installing one of the supported versions available from https://clients.checksec.com. The below filenames are for illustration purposes only.
apt install -f ./canopyportal_0.0.2~18.04_amd64.deb
yum install -y ./canopyportal-0.0.2.el7.x86_64.rpm
Initialise the DB:
canopyportal-manage setupdb --prod
Create the first user (Use an email address for username):
Setup a webserver to act as reverse proxy:
Restart the service:
systemctl restart canopyportal
Confirm restart was sucessfull by viewing logs:
journalctl -u canopyportal
Creating Portal users¶
Create and link Portal users to the appropriate Canopy client(s):
Portal users not linked to any clients, will not be able to log into the standard (non-admin) web interface, even if they are super/admin users.
Select a user from the Portal’s administration user list.
Select the client(s) whose data that user needs access to, in the Clients field (at the time of writing, it is the last field on the page).
(Optional) Log into the Portal with users associated with clients, to check that the expected data is accessible.
To force a sync with the newly added Portal, select the Portal from the Portal list (Admin → Portals) in Canopy and click the Manually synchronize portal toolbar button. All portals can also be manually synced via the command line by running:
canopy-manage portals --sync
Canopy Portal uses systemd for logging but by default most Linux distributions do not persist systemd logs. The following commands will configure systemd/journald to persist its logs to disk:
mkdir /var/log/journal systemctl restart systemd-journald
If systemd is not configured to persist logs then they will not survive reboots.
Additionally one should adjust the default rate limit for logging as there might be times when Canopy Portal emits large bursts of logs.
In /etc/systemd/journald.conf, set the following:
RateLimitBurst=0 # Disable rate limiting
and reload journald:
systemctl restart systemd-journald
Please see man journald.conf or https://www.freedesktop.org/software/systemd/man/journald.conf.html for more information on how to configure logging.