Getting Started¶

Ansible Deployment¶

Ansible offers the easiest way of creating a BounCA deployment for hosting your Certificate Authority.

You need to have (root) access to a fresh installed Debian Jessie (virtual) machine. On your local machine you need to have a recent 2+ Ansible installation. Create your playbook install-bounca.yml:

- hosts: all
  remote_user: root
  roles:
    - { role: repleo.bounca,
         bounca_timezone: /usr/share/zoneinfo/Europe/Amsterdam,
         bounca_db_user: bounca,
         bounca_db_password: <YOUR DB PASSWORD>,
         bounca_db_host: localhost,
         bounca_db_name: bouncadb,

         bounca_secret_key: <DJANGO SECRET>,
         bounca_email_host: localhost,
         bounca_admin_mail: bounca-admin@<YOURDOMAIN>,
         bounca_from_mail: no-reply@<YOURDOMAIN>
    }

Ansible will install the database, webserver and so on. The parameters you provide in the playbook are used to instantiate the services. After you created the playbook, you can install BounCA by executing the following commands:

ansible-galaxy install repleo.bounca -p ./roles
ansible-playbook install-bounca.yml -i <HOSTNAME_OR_IP>,

The first collects the ansible roles from Ansible’s galaxy. The second command installs the actual BounCA system.

Docker Deployment¶

If you want to try BounCA or you want to create a couple of self-signed certificates without having a persistent CA, the Docker deployment is the fastest way of getting BounCA. Docker offers the ability to run BounCA as an application on your local machine by running a single command.

Make sure you have installed Docker including docker-compose and docker-machine. Clone the BounCA docker release script from the github repo: https://github.com/repleo/docker-compose-bounca. The only prerequisite is a working Docker installation.

Create your BounCA installation with the following one-liner:

# Cool one-liner

Manual Install¶

In case you want to customize the installation of BounCA, you can install it manually. BounCA requires the following installed and configured packages:

• nginx
• uwsg
• postgresql-9.4
• python-3.4
• virtualenv-3.4

Download BounCA from github and unpack it in your web application directory, for example /srv/www/.

Go to the root of your installation and create a virtual environment and install the python packages pip3.4 -r requirements.txt.

Create a database and database user in postgresql.

Create the BounCA configuration file /etc/bounca/main.ini for the machine specific configuration. It should contain the following parameters:

[database]
DATABASE_USER: <value>
DATABASE_PASSWORD: <value>
DATABASE_HOST: <value>
DATABASE_NAME: <value>

[secrets]
SECRET_KEY: <value-django-secret-just-a-random-salt-string>

[email]
EMAIL_HOST: <value>
ADMIN_MAIL: <value>
FROM_MAIL: <value>

Replace the <value> placeholder with the right values for your installation

Next step is to collect the static files: python3 manage.py collectstatic --noinput and create the database: python3 manage.py migrate --noinput

The last step is to configure uWSGI and NGINX. The uWSGI config might look like the following example:

[uwsgi]
thread=4
master=1
processes=80
vacuum=true
uid = www-data
gid = www-data
chmod-socket = 700
chown-socket = www-data
socket = /run/uwsgi/app/bounca/socket
logto = /var/log/uwsgi/bounca/log
chdir = /srv/www/bounca
home  = /srv/www/bounca/env
module = bounca.wsgi

The NGINX config should contain a proxypass on the root and a location for the static files. For example the following server block

server {

    listen 80;
    server_name example.org;
    charset utf-8;

    location /static {
        root /srv/www/bounca/media;
        include mime.types;
    }

    location / {
        include uwsgi_params;
        uwsgi_read_timeout 9600;
        uwsgi_send_timeout 9600;
        uwsgi_pass unix://run/uwsgi/app/bounca/socket;
    }

}

You should restart uWSGI and NGINX to load the changes. BounCA should be up and running.