This repository contains the back-end for use with the Improved Intra browser extension.
This guide is written with Debian 11 ("Bullseye") in mind. It should also work on Windows Subsystem for Linux.
sudo apt update && sudo apt upgrade
sudo apt install git nginx openssl
git clone https://github.com/FreekBes/improved_intra_server.git /opt/improved_intra_server
sudo chown -R www-data:www-data /opt/improved_intra_server
cd /opt/improved_intra_server
sudo apt install -y wget lsb-release gnupg2
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update && sudo apt install -y postgresql
More installation options available here.
# Enable PostgreSQL at boot
sudo systemctl enable postgresql
# Start PostgreSQL now
sudo service postgresql start
# Launch and enter a PostgreSQL console
sudo -u postgres psql postgres
--- Set password for postgres user to 'postgres' (you can modify this)
ALTER USER postgres PASSWORD 'postgres';
--- Create database (optional, __init__.py will do this for you)
CREATE DATABASE "iintra" WITH OWNER "postgres" ENCODING 'UTF8';
--- Exit PostgreSQL console
EXIT;
sudo apt install -y python3 python3-pip python-setuptools libpq-dev python3-virtualenv virtualenv
# Create a virtual environment
sudo virtualenv -p python3 .venv
sudo chown -R www-data:www-data /opt/improved_intra_server
# Activate the virtual environment
. .venv/bin/activate
# Install packages
sudo .venv/bin/pip install -r requirements.txt
Copy the .secret.env.example
file, rename it to .secret.env
and fill it in.
cp useful/iintra-server.service /etc/systemd/system/
sudo systemctl start iintra-server.service
sudo systemctl enable iintra-server.service
# Copy custom nginx config snippets
cp ./useful/*.nginx.snippet.conf /etc/nginx/snippets/
# Remove default nginx server
rm -f /etc/nginx/sites-enabled/default
# Create SSL certificate for HTTPS support
sudo mkdir -p /etc/nginx/ssl
sudo openssl req -newkey rsa:2048 -x509 -days 365 -nodes \
-keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.pem \
-subj "/C=NL/ST=North-Holland/L=Amsterdam/O=ImprovedIntra/CN=iintra.freekb.es/"
# Copy server config
cp ./useful/nginx.example.ssl.conf /etc/nginx/sites-available/iintra.freekb.es.conf
ln -s /etc/nginx/sites-available/iintra.freekb.es.conf /etc/nginx/sites-enabled/
# Restart nginx
sudo systemctl restart nginx
Useful if you want to add a certificate yourself, for example using certbot
.
# Copy server config
cp ./useful/nginx.example.conf /etc/nginx/sites-available/iintra.freekb.es.conf
ln -s /etc/nginx/sites-available/iintra.freekb.es.conf /etc/nginx/sites-enabled/
# Restart nginx
sudo systemctl restart nginx
# Pull latest updates
cd /opt/improved_intra_server
git pull
# Activate the virtual environment
. .venv/bin/activate
# Install and update dependencies
sudo .venv/bin/pip install -r requirements.txt
# Fix permissions
sudo chown -R www-data:www-data /opt/improved_intra_server
# Restart the wsgi server
cp useful/iintra-server.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl restart iintra-server.service
# Update nginx snippets
cp ./useful/*.nginx.snippet.conf /etc/nginx/snippets/
# Do not run this step if you do not use a self-signed certificate but do use SSL/HTTPS
cp ./useful/nginx.example.conf /etc/nginx/sites-available/iintra.freekb.es.conf
# Restart nginx
sudo systemctl restart nginx
There are several log files used by the Improved Intra server:
- logs/access.log: contains all requests made to the server
- logs/error.log: contains all errors encountered by the server
- logs/server.log: contains specific logging done by the server, such as requests made to the Intra API and logging for runners
- wsgi.log: contains all logging done in development mode
Additionally, there is another log maintained by the systemd service. This log contains errors encountered by the systemd service itself, such as errors encountered when starting the server. But also, very importantly: errors encountered by the server itself are logged here as well (any print
statement). This is probably the most important log file to look at when something goes wrong.
# To view the log
sudo journalctl -u iintra-server.service
# To view the last 100 lines of the log
sudo journalctl -u iintra-server.service -n 100 --no-pager
# Or, to follow the log (like with tail -f)
sudo journalctl -u iintra-server.service -f
If you wish to reset all extension sessions, effectively logging out all extension sessions, you can do so by changing the SESSION_KEY in the .secret.env
file. This will invalidate all existing Flask server sessions and force the extension to reauthenticate the user. Normally, this would happen without the user having to do anything - because of the ext_token
or user_token
implementation. However, if you wish to force the user to reauthenticate by logging in to the Intranet again, you also do this by deleting all user_tokens
from the database (use with caution):
START TRANSACTION;
DELETE FROM user_tokens;
COMMIT;
On a user machine, modify the hosts file to point to your development server. Don't forget to remove those lines after development!
# Replace 127.0.0.1 with the IP address of your server if not on localhost
sudo echo '127.0.0.1 darkintra.freekb.es' >> /etc/hosts
sudo echo '127.0.0.1 iintra.freekb.es' >> /etc/hosts
- Run
notepad.exe
as an administrator - Open the file
C:\Windows\System32\drivers\etc\hosts
- Add the following lines at the bottom of the file (replace the
127.0.0.1
with the IP address of your server if not on localhost):
# Improved Intra development server
127.0.0.1 darkintra.freekb.es
127.0.0.1 iintra.freekb.es
- Visit iintra.freekb.es in your Chromium-based browser (after running above steps for your OS)
- Select any spot in the "Your connection is not secure" page
- Type
thisisunsafe
on your keyboard - Profit
This method will also work for any XMLHttpRequests sent by code! Isn't it great?