Skip to content

Latest commit

 

History

History
151 lines (101 loc) · 5.54 KB

server.rst

File metadata and controls

151 lines (101 loc) · 5.54 KB

Running your server

Running the pre-packaged server that comes with the conan installers (or pip packages) is simple. Just open a terminal and type:

$ conan_server

Note

On Windows, you might experience problems with the server, if you run it under bash/msys. It is better to launch it in a regular cmd window.

This server is mainly for testing (though it might work fine for small teams). If you need a more stable, responsive and robust server, you should run it from source:

Running from source (linux)

The conan installer includes a simple executable conan_server for a server quick start. But you can use the conan server through the WSGI application, which means that you can use gunicorn to run the app, for example.

First, clone the conan repository from source and install the requirements:

$ git clone https://github.com/conan-io/conan.git
$ cd conan
$ git checkout master
$ pip install -r conans/requirements.txt
$ pip install -r conans/requirements_server.txt
$ pip install gunicorn
  • Run the server aplication with gunicorn. In the following example we will run server on port 9300 with 4 workers and a timeout of 2 minutes (for big uploads/downloads):
$ gunicorn -b 0.0.0.0:9300 -w 4 -t 120 conans.server.server_launcher:app

Server configuration

Your server configuration lives in ~/.conan_server/server.conf. You can change values there, prior to launching the server. Note that the server is not reloaded when the values are changed. You have to stop and restart it manually.

The server configuration file is by default:

[server]
jwt_secret: MnpuzsExftskYGOMgaTYDKfw
jwt_expire_minutes: 120

ssl_enabled: False
port: 9300
public_port:
host_name: localhost

store_adapter: disk
authorize_timeout: 1800

# Just for disk storage adapter
disk_storage_path: ~/.conan_server/data
disk_authorize_timeout: 1800

updown_secret: NyiSWNWnwumTVpGpoANuyyhR


[write_permissions]
# "opencv/2.3.4@lasote/testing": default_user, default_user2

[read_permissions]
# opencv/1.2.3@lasote/testing: default_user default_user2
# By default all users can read all blocks
*/*@*/*: *

[users]
demo: demo

Server parameters

  • The client server authorization is done with JWT. jwt_secret is a random string used to generate authentication tokens. You can change it safely anytime (in fact it is a good practice), the change will just force users to log in again. jwt_expire_minutes is the amount of time that users remain logged-in within the client without having to introduce their credentials again.
  • ssl_enabled: is deprecated and actually doesn't do what it seems (bad naming, sorry)
  • Server settings are defined with host_name and port. This is the address in which the server will be launched. You must use the IP of the machine you are running your server, something like host_name: 192.168.1.100. There is another parameter public_port, which might be needed if running virtualized, docker or any other kind of port redirection. Files uploads/downloads are served with their own URLs, generated by the system, so the file storage backend is independent. Those URLs need the public port they have to communicate from the outside. If you leave it blank, it will use the port value.
  • Conan has implemented an extensible storage backend, based on the abstract class StorageAdapter. Currently the server only supports storage in disk. The folder in which uploaded packages are stored (i.e., the folder you would want to backup) is defined in disk_storage_path. The storage backend might use a different channel, and uploads/downloads are authorized up to a maximum of authorize_timeout seconds. The value should be enough so large downloads/uploads are not rejected, but not too big to prevent hanging up the file transfers. The value disk_authorize_timeout is not currently used. File transfers are authorized with their own tokens, generated with the secret updown_secret. This value should be different from the above jwt_secret`.

Permissions parameters

By default, the server configuration is similar to the conan.io server. Read can be done anonymous, but uploading requires registered users. Users can be easily registered in the [users] section, defining a pair of login: password for each one. Yes, plain text passwords at the moment, but as the server is on-premises (behind firewall), you just need to trust your sysadmin :)

If you want to restrict read/write access to specific packages, configure it in the [read_permissions] and [write_permissions] sections. These sections allow a sequence of patterns and allowed users, in the form:

package/version@user/channel: allowed_user1, allowed_user2

E.g.:

*/*@*/*: * # allow all users to all packages
PackageA/*@*/*: john, peter # allow john and peter access to any PackageA
*/*@project/*: john # Allow john to access any package from the "project" user

The rules are evaluated in order, if the left side of the pattern matches, the rule is applied and it will not look further.

Got any doubts? Please check out our :ref:`FAQ section <faq>` or write us.