Installation
============
macOS
-----
.. note:: macOS is not a recommended platform for hosting an MDM. However, you can use it to test commandment.
Manual Installation
^^^^^^^^^^^^^^^^^^^
- Install `Homebrew `_.
- Install Pre-requisites::
$ brew install python3
$ brew install uwsgi --with-python --with-python3
$ brew install nginx
- *TODO: upload release tarball. For now you will need to git clone* Unpack commandment to :file:`/usr/local/commandment`.
- Use this example NGiNX configuration (:download:`download `).
Copy the downloaded file to :file:`/usr/local/etc/nginx/servers/commandment.conf`.
- Use this example uWSGI configuration (:download:`download `).
Copy the downloaded file to :file:`/usr/local/etc/uwsgi/apps-enabled/uwsgi-commandment.ini`.
SSL
^^^
MDM more or less requires an SSL certificate. The example NGiNX configuration file above expects a private key, located
at :file:`/usr/local/commandment/server.key` and a certificate, located at :file:`/usr/local/commandment/server.crt`.
For a production instance, you will require an SSL certificate issued by a 3rd party for the chosen domain. However,
as this is a macOS installation guide, You may also use a self-signed certificate.
.. note:: Creating SSL certificates is outside of the scope of this document.
Push Notification Certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You need a push certificate to tell devices when to check-in.
You have three options:
- Sign up for an Apple Enterprise Developer Account (ca. $400 USD). Enable the MDM option and sign your own Push Certificate
request.
- Register on `mdmcert.download `_.
- Export the Push Certificate from Profile Manager (really not supported).
This guide follows the **mdmcert.download** workflow.
- First, register on `mdmcert.download `_. The e-mail address you use will be the one that
receives all notifications and certificate signing requests.
- *TODO* visit ``/apns/mdmcert`` using the web ui to request a new CSR.
- *TODO* upload the CSR received in your e-mail to this same page.
- *TODO* download the decrypted CSR for upload to the APNS portal.
- Go to the Apple Push Certificate Portal and upload the CSR.
- Download the resulting push certificate.
.. note:: At this stage you should have an MDM Push Certificate and SSL Certificate ready so that your devices will talk
to the MDM service. You should also decide whether to use `SCEPy `_ for testing or
another SCEP service such as Microsoft NDES.
Configuration
^^^^^^^^^^^^^
An example configuration file, called :file:`settings.cfg.example` is supplied with commandment.
You should copy this file to a file named :file:`settings.cfg` and make updates as needed.
Each setting is documented within the file.