You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,6 +59,7 @@ CHANGELOG
59
59
-`intelmq.bots.outputs.smtp_batch.output`: Added a bot to gathering the events and sending them by e-mails at a stroke as CSV files (PR#2253 by Edvard Rejthar)
60
60
61
61
### Documentation
62
+
- API: update API installation to be aligned with the rewritten API, and clarify some missing steps.
62
63
63
64
### Tests
64
65
- New decorator `skip_installation` and environment variable `INTELMQ_TEST_INSTALLATION` to skip tests requiring an IntelMQ installation on the test host by default (PR#2370 by Sebastian Wagner, fixes #2369)
Copy file name to clipboardExpand all lines: docs/user/intelmq-api.rst
+79-10Lines changed: 79 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@
6
6
IntelMQ API
7
7
###########
8
8
9
-
`intelmq-api` is a `hug <http://hug.rest>`_ based API for the `IntelMQ <https://github.com/certtools/intelmq/>`_ project.
9
+
`intelmq-api` is a `FastAPI <https://fastapi.tiangolo.com/>`_ based API for the `IntelMQ <https://github.com/certtools/intelmq/>`_ project.
10
10
11
11
.. contents::
12
12
@@ -23,31 +23,84 @@ For the list of supported distributions, please see the intelmq :doc:`installati
23
23
Our repository page gives `installation instructions for various operating systems <https://software.opensuse.org/download.html?project=home:sebix:intelmq&package=intelmq-api>`_.
24
24
No additional set-up steps are needed if you use these packages.
25
25
26
-
The `intelmq-api` provides the route ``/api`` for managing the IntelMQ installation.
26
+
The `intelmq-api` provides the route ``/v1/api`` for managing the IntelMQ installation.
27
27
28
-
For development purposes and testing you can also run `intelmq-api` directly using ``hug``:
28
+
For development purposes and testing you can also run `intelmq-api` using development script
29
+
from its `repository <https://github.com/certtools/intelmq-api>`_:
29
30
30
31
.. code-block:: bash
31
32
32
-
hug -m intelmq_api.serve
33
+
./scripts/run_dev.sh
34
+
35
+
The API is then served on ``127.0.0.1:8000/v1/api``, and the interactive documentation on ``127.0.0.1:8000/docs``.
36
+
Please refer to the repository README for more development tips.
33
37
34
38
Installation using pip
35
39
^^^^^^^^^^^^^^^^^^^^^^
36
40
37
-
The `intelmq-api` packages ship a configuration file in ``${PREFIX}/etc/intelmq/api-config.json``, a positions configuration for the manager in ``{PREFIX}/etc/intelmq/manager/positions.conf``, a virtualhost configuration file for Apache 2 in ``${PREFIX}/etc/intelmq/api-apache.conf`` and a sudoers configuration file in ``${PREFIX}/etc/intelmq/api-sudoers.conf``.
41
+
.. note::
42
+
43
+
Native system packages (DEB, RPM) should automatically prepare steps described in this section. If
44
+
you wish to base on package from pip, you may need need to do them manually, as described below.
45
+
46
+
To configure your system to serve the API for not-development purposes, you need to prepare a
47
+
configuration for IntelMQ API, a position config for the IntelMQ Manager as well as a web application
48
+
server and a (reverse)proxy. For all those steps we have prepared example configuration, intended
49
+
to work with `Gunicorn <https://gunicorn.org/>`_ as the web server and `Apache 2 <https://httpd.apache.org/>`_
50
+
as the proxy.
51
+
52
+
The `intelmq-api` packages ship following example files:
53
+
- ``${PREFIX}/etc/intelmq/api-config.json`` - the API configuration,
54
+
- ``${PREFIX}/etc/intelmq/manager/positions.conf`` - a positions configuration for the manager,
55
+
- ``${PREFIX}/etc/intelmq/api-apache.conf`` - a virtualhost configuration file for Apache 2,
56
+
- ``${PREFIX}/etc/intelmq/api-sudoers.conf`` - a sudoers configuration file,
57
+
- ``${PREFIX}/etc/intelmq/intelmq-api.service`` - a systemd service unit configuration for Gunicorn,
58
+
- ``${PREFIX}/etc/intelmq/intelmq-api.socket`` - a systemd socket unit configuration.
59
+
38
60
The value of ``${PREFIX}`` depends on your environment and is something like ``/usr/local/lib/pythonX.Y/dist-packages/`` (where ``X.Y`` is your Python version).
39
61
62
+
You need to install Gunicorn and Apache2 on your own, e.g., using apt:
63
+
64
+
.. code-block:: bash
65
+
66
+
apt install gunicorn apache2
67
+
68
+
Then, if you didn't use it before, ensure to enable the ``proxy_http`` module for Apache:
69
+
70
+
.. code-block:: bash
71
+
72
+
a2enmod proxy_http
73
+
74
+
40
75
The file ``${PREFIX}/etc/intelmq/api-apache.conf`` needs to be placed in the correct place for your Apache 2 installation.
41
76
- On Debian and Ubuntu, move the file to ``/etc/apache2/conf-available.d/api-apache.conf`` and then execute ``a2enconf api-apache``.
42
77
- On CentOS, RHEL and Fedora, move the file to ``/etc/httpd/conf.d/``.
43
78
- On openSUSE, move the file to ``/etc/apache2/conf.d/``.
44
-
Don't forget to reload your webserver afterwards.
79
+
Don't forget to reload the Apache2 afterwards.
80
+
81
+
The systemd configuration files (``intelmq-api.service`` and ``intelmq-api.socket``) are responsible
82
+
for instructing systemd daemon to start and keep running Gunicorn (that serves the API), and
83
+
forwarding requests between proxy and the Gunicorn instance.
84
+
85
+
- Files ``${PREFIX}/etc/intelmq/intelmq-api.service`` and ``${PREFIX}/etc/intelmq/intelmq-api.socket``
86
+
should be placed in ``/lib/systemd/system/`` directory. Then adapt the webserver user name in
87
+
``intelmq-api.service``.
88
+
89
+
After moving files, you can enable the service by executing ``systemctl enable intelmq-api`` to
90
+
start it on the system startup.
45
91
46
92
- The file ``${PREFIX}/etc/intelmq/api-config.json`` needs to be moved to ``/etc/intelmq/api-config.json``.
47
93
- The file ``${PREFIX}/etc/intelmq/manager/positions.conf`` needs to be moved to ``/etc/intelmq/manager/positions.conf``.
48
94
- Last but not least move the file ``${PREFIX}/etc/intelmq/api-sudoers.conf`` to ``/etc/sudoers.d/01_intelmq-api`` and adapt the webserver user name in this file. Set the file permissions to ``0o440``.
49
95
50
-
Afterwards continue with the section Permissions below.
96
+
Afterwards continue with the section Permissions below. When you finish the configuration,
97
+
you can start the service using ``systemctl start intelmq-api``. You may need to restart the service
98
+
after any configuration change.
99
+
100
+
.. note::
101
+
102
+
The example Apache2 and Gunicorn configurations serve the IntelMQ API under ``/intelmq`` prefix,
103
+
what means that you should be able to get, e.g., the documentation under ``/intelmq/docs`` etc.
51
104
52
105
IntelMQ 2.3.1 comes with a tool ``intelmqsetup`` which performs these set-up steps automatically.
53
106
Please note that the tool is very new and may not detect all situations correctly. Please report us any bugs you are observing.
@@ -61,13 +114,13 @@ Depending on your setup you might have to install ``sudo`` to make it possible f
61
114
62
115
``intelmq-api`` is configured using a configuration file in ``json`` format.
63
116
``intelmq-api`` tries to load the configuration file from ``/etc/intelmq/api-config.json`` and ``${PREFIX}/etc/intelmq/api-config.json``, but you can override the path setting the environment variable ``INTELMQ_API_CONFIG``.
64
-
(When using Apache, you can do this by modifying the Apache configuration file shipped with ``intelmq-api``, the file contains an example)
117
+
(When using Gunicorn and systemd service, you can do this by modifying the ``intelmq-api.service`` configuration file shipped with ``intelmq-api``, the file contains an example)
65
118
66
-
When running the API using ``hug``, you can set the environment variable like this:
119
+
When running the API using development mode, you can set the environment variable like this:
The default configuration which is shipped with the packages is also listed here for reference:
@@ -211,6 +264,22 @@ sqlite3.OperationalError: attempt to write a readonly database
211
264
SQLite does not only need write access to the database itself, but also the folder the database file is located in. Please check that the webserver has write permissions to the folder
212
265
the session file is located in.
213
266
267
+
Can I use other web server or proxy?
268
+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
269
+
270
+
Yes, the proposed setup with Gunicorn and Apache 2 is just one of many possibilities. You can
271
+
refer to the `FastAPI documentation <https://fastapi.tiangolo.com/deployment/>`_ for another
272
+
examples.
273
+
274
+
How to debug API running as system service?
275
+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
276
+
277
+
If you experience any issues with the API, please first check the logs provided in journal:
0 commit comments