aboutsummaryrefslogtreecommitdiff
path: root/doc/administration
diff options
context:
space:
mode:
authorDaniel Schadt <kingdread@gmx.de>2022-11-20 00:43:16 +0100
committerDaniel Schadt <kingdread@gmx.de>2022-11-20 00:43:16 +0100
commitb117ddcde172c4a9c2c377ac5aa08f5ede345f2d (patch)
tree87eb96d960c8df04eed0f4e2191bc6044fa9e773 /doc/administration
parent97835c471bc10bd20e1253e1bbfd71e5e71b2883 (diff)
parent20fd6620deb79f214cd2b7c9474b5df0d2fbda5b (diff)
downloadfietsboek-b117ddcde172c4a9c2c377ac5aa08f5ede345f2d.tar.gz
fietsboek-b117ddcde172c4a9c2c377ac5aa08f5ede345f2d.tar.bz2
fietsboek-b117ddcde172c4a9c2c377ac5aa08f5ede345f2d.zip
Merge branch 'tile-proxy'
Diffstat (limited to 'doc/administration')
-rw-r--r--doc/administration/configuration.rst197
-rw-r--r--doc/administration/installation.rst12
2 files changed, 167 insertions, 42 deletions
diff --git a/doc/administration/configuration.rst b/doc/administration/configuration.rst
index 5268903..feb3e40 100644
--- a/doc/administration/configuration.rst
+++ b/doc/administration/configuration.rst
@@ -36,51 +36,164 @@ Most of the configuration is in the ``[app:main]`` category and looks like this:
sqlalchemy.url = sqlite:///%(here)s/fietsboek.sqlite
fietsboek.data_dir = %(here)s/data
+ redis.url = redis://localhost/
retry.attempts = 3
-* You should leave the ``use``, ``pyramid.reload_templates`` and
- ``pyramid.debug_*`` settings as they are.
-* ``pyramid.default_locale_name`` can be used to set the default language of
- the installation. Note that Fietsboek will try to detect the user's language,
- so the ``default_locale_name`` is used as a fallback.
-* ``available_locales`` sets the list of available languages. Currently,
- Fietsboek ships with English ("en") and German ("de"). Removing a language
- from this list will make it unavailable. If you create a custom language
- locally, make sure to add it to this list here!
-* ``enable_account_registration`` can be used to enable and disable the
- creation of new accounts via the web interface, for example if you want to
- have a private instance. New accounts can always be created using the CLI
- management tool.
-* ``session_key`` should be set to a random string of characters. This is the
- key used to sign session data, so it should not get into wrong hands!
-* ``sqlalchemy.url`` is the URL to the database. See the `SQLAlchemy
- documentation
- <https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls>`__ for
- more information.
-* ``fietsboek.data_dir`` sets the directory for data uploads. This directory
- must be writable by the Fietsboek process, as Fietsboek will save track
- images in there.
-* ``fietsboek.pages`` see :doc:`custom-pages`.
-* ``email.from`` sets the sender of emails, for example for account verifications.
-* ``email.smtp_url`` sets the URL of the SMTP server. The following formats are accepted:
-
- * ``debug://`` a debug implementation that simply prints emails to the
- standard output. Should not be used in production, as no emails would ever
- arrive.
- * ``smtp://host:port`` use the given SMTP server (without transport encryption!)
- * ``smtp+ssl://host:port`` use the given SMTP server over a SSL connection
- * ``smtp+starttls://host:port`` use the given SMTP server and the STARTTLS
- command to start an encrypted channel.
-
-* ``email.username`` and ``email.password`` can be used to set the login
- information for the SMTP server.
-* ``thunderforest.api_key`` can be set to an API key of `Thunderforest
- <https://www.thunderforest.com/>`__ to enable support for the OpenCycleMap,
- Landscape and Outdoors maps.
+General Settings
+----------------
+Use ``enable_account_registration`` enable or disable the creation of new
+accounts via the web interface, for example if you want to have a private
+instance. New accounts can always be created using the CLI management tool.
+
+Set ``session_key`` to a random string of characters. This is the key used to
+sign session data, so it should not get into wrong hands!
+
+You can set up custom pages using ``fietsboek.pages``. See :doc:`custom-pages`
+for more information.
+
+Pyramid Settings
+----------------
+
+You should leave the ``use``, ``pyramid.reload_templates`` and
+``pyramid.debug_*`` settings as they are. Refer to the `Pyramid documentation
+<https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html>`__
+for more information.
+
+Language Settings
+-----------------
+
+You can set the default language with the ``pyramid.default_locale_name``
+setting. Note that Fietsboek will try to detect the user's language, so the
+``default_locale_name`` is used as a fallback.
+
+You can use ``available_locales`` to set the list of available languages.
+Currently, Fietsboek ships with English ("en") and German ("de"). Removing a
+language from this list will make it unavailable. If you create a custom
+language locally, make sure to add it to this list here!
+
+Database Settings
+-----------------
+
+Fietsboek uses three different databases:
+A SQL database for persistent data (like user accounts), a file storage on the
+disk for big files (like images), and a redis server for ephemeral data (like
+cached tiles).
+
+Set ``sqlalchemy.url`` to the URL of the SQL database. See the `SQLAlchemy
+documentation
+<https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls>`__ for more
+information on available URL formats. Make sure to install the driver necessary
+to communicate with your database (e.g. ``psycopg2`` for PostreSQL)!
+
+Set ``fietsboek.data_dir`` to the directory for data uploads. This directory
+must be writable by the Fietsboek process, as Fietsboek will save track images
+in there.
+
+Set ``redis.url`` to the URL of the redis instance. See the `redis module
+documentation
+<https://redis.readthedocs.io/en/latest/connections.html#redis.Redis.from_url>`__
+for information about the possible syntaxes of this URL. Note that the redis
+server is only used for caching and temporary data, so don't sweat to make it
+persistent. A container running redis is fine.
+
+.. note::
+
+ Fietsboek will cache map tiles in the redis server.
+ To avoid using up too much memory, consider setting a maximum memory size
+ and policy in redis:
+
+ https://redis.io/docs/management/config/#configuring-redis-as-a-cache
+
+Email Settings
+--------------
+
+Use ``email.from`` to set the sender of emails, for example for account verifications.
+
+Set ``email.smtp_url`` to the URL of the SMTP server. The following formats are
+accepted:
+
+* ``debug://`` a debug implementation that simply prints emails to the
+ standard output. Should not be used in production, as no emails would ever
+ arrive.
+* ``smtp://host:port`` use the given SMTP server (without transport encryption!)
+* ``smtp+ssl://host:port`` use the given SMTP server over a SSL connection
+* ``smtp+starttls://host:port`` use the given SMTP server and the STARTTLS
+ command to start an encrypted channel.
+
+Use ``email.username`` and ``email.password`` to set the login credentials for
+the SMTP server.
+
+Map Layers & Thunderforest Integration
+--------------------------------------
+
+By default, Fietsboek offers the following map layers:
+
+* ``osm``: `OpenStreetMap <https://www.openstreetmap.org>`__
+* ``osmde``: `OpenStreetMap Deutschland <https://www.openstreetmap.de/>`__
+* ``satellite``: Satellite imaging from `Esri <https://www.esri.com>`__
+* ``opentopo``: `OpenTopoMap <https://opentopomap.org/>`__
+* ``topplusopen``: `TopPlus-Open
+ <https://www.bkg.bund.de/SharedDocs/Produktinformationen/BKG/EN/P-2017/171114-TopPlus-Web-Open.html>`__
+
+As well as the following overlay layers:
+
+* ``opensea``: `OpenSeaMap <https://openseamap.org>`__
+* ``cycling``: `Waymarked Trails: Cycling <https://cycling.waymarkedtrails.org>`__
+* ``hiking``: `Waymarked Trails: Hiking <https://hiking.waymarkedtrails.org/>`__
+
+You can use ``fietsboek.default_tile_layers`` to set the list of activated
+layers (by default, all of them), for example:
+
+.. code:: ini
+
+ fietsboek.default_tile_layers = osm osmde cycling
+
+You can enable `Thunderforest <https://www.thunderforest.com>`__ support by
+setting ``thunderforest.api_key``, and ``thunderforest.maps`` to a list of
+Thunderforest maps (e.g. "cycle" or "landscape"). By default, only logged in
+users will be able to use the Thunderforest maps (to protect your quota), this
+can be changed by setting ``thunderforest.access = public`` (default is
+"restricted").
+
+You can add custom tile layers in the following way:
+
+.. code:: ini
+
+ fietsboek.tile_layer.ID = My Custom Layer
+ fietsboek.tile_layer.ID.url = https://tiles.example.com/{z}/{x}/{y}.png
+ # Optional, set the type (base or overlay), default base
+ fietsboek.tile_layer.ID.type = base
+ # Optional, set the maximum zoom factor, default 22
+ fietsboek.tile_layer.ID.zoom = 22
+ # Optional, set the attribution
+ fietsboek.tile_layer.ID.attribution = Copyright Example
+ # Optional, set the access restriction (public or restricted), default
+ # public
+ fietsboek.tile_layer.ID.access = public
+
+``ID`` must be an alphanumerical identifier.
+
+By default, Fietsboek will proxy all tile requests through the Fietsboek
+instance. While this can slow down the user experience, it has the following
+benefits:
+
+* Your users' IPs stay private and protected, as no third party is contacted.
+ The tile servers will only see the IP from the Fietsboek server.
+* If you use private tile servers or servers that require a key, your key is
+ protected as it will not be given out to the users.
+* Fietsboek caches tile requests, which reduces the strain on the providers and
+ might even make maps faster if many people use them.
+
+You can disable the tile proxy by setting ``fietsboek.tile_proxy.disable =
+true``. This will cause the tiles to be loaded directly by the client.
.. warning::
- The API key will be embedded in the source of the website, therefore it is
- possible for visitors to "steal" the API key. Keep that in mind when
- setting an API key for a publicly accessible site!
+ If you disable the tile proxy, all tile source URLs will be given to the
+ user. If you use API keys or other private sources, **those keys will be
+ leaked to the users**.
+
+ In addition, depending on the jurisdiction, you might be required to tell
+ your users that third party content is included in your site, and that
+ their IP will be accessible to the third party.
diff --git a/doc/administration/installation.rst b/doc/administration/installation.rst
index b8ede06..4af0941 100644
--- a/doc/administration/installation.rst
+++ b/doc/administration/installation.rst
@@ -3,6 +3,18 @@ Installation
This document will outline the installation process of Fietsboek, step-by-step.
+Requirements
+------------
+
+Fietsboek has the following requirements (apart from the Python modules, which
+will be installed by ``pip``):
+
+* Python 3.7 or later
+* A `redis <https://redis.com/>`__ server, used for caching and temporary data
+* (Optionally) an SQL database server like `PostgreSQL
+ <https://www.postgresql.org/>`__ or `MariaDB <https://mariadb.org/>`__ (if
+ SQLite is not enough)
+
Creating an Environment
-----------------------