How to install on Azure?

[alig26]

Does anyone have the documentation on how to install this on Azure? The blog site by Craig McLaren doesn't exist anymore.

Thanks

[pglombardo]

At least for me, I haven't ever deployed to Azure although I know they have fair documentation on how to deploy containers and container sets.

If it helps, we have a docker-compose file available here that Azure should be able to import as well.

Issue #175 also covered some Azure details.

Hopefully someone else will jump in with some Azure experience.

I'll remove the link to the now removed blog post soon.

[alig26]

Thanks, we figured it out, we were able to import the docker into Azure and it worked.
Thank you

[jlucgauthier]

Hi, it could be a bit late, but you could also use the Azure App Service. It's quite simple and you can also link your repo for simple deployment. Docker his easy too, but if your looking at the easiest way, App Service -from my experience, is the way to go.

P.N. there's many ways to get to a point, what's most important... it's using the one your the most confortable with!

[pglombardo]

Thanks for pointing this out. I agree and would love if someone would contribute documentation on this. I tried the App Service once but couldn't get it to work and haven't had a chance to revisit it yet.

There are a good number of Azure users. Not having documentation on the how isn't ideal for this project.

[Ramses26]

We tried the App Service route, but ended up using it as an Azure Docker, App Service would probably be better since we can easily update it by linking the repo. Could you share how you did it, and anyone likes can publish our steps for future reference for everyone.

[jlucgauthier]

Hi, yes I can. I could also get you an ARM model or Bicep file. I'll give you the info as soons as I can and you'll be able to let me know what you think about it.

[jlucgauthier]

@Ramses26, did you use the Docker option via App Service or Azure Docker -the real deal?! The App Service let you use a container based on Docker. I'm using the firts option, as I see it, it's the better of both wolrd. I'll get you posted.

[jlucgauthier]

To use PasswordPusher on Azure via App Service, there's a few options you got and should look at:

1. Use your own domain name -optional.
2. Add your own certificate -optional and linked with the previous point..
3. How many people could/would use the app -optimize the cost.
4. From container or code source.

The firts step is to create, if you don't already have one, an App Service plan. I suggest the Free Tier (F1) for Dev/Test if you would like to get around and test it first. This plan, doesn't have the personal domain or SSL options and you'll use the default Azure service DNS and SSL certificate -that's find for dev/test.

If you already have an App Service Plan, you can go to the App Service section.

App Service Plan

1. In your Azure Resource Group, use the + Create option.
   
2. In the Create resource window, search for App Service Plan and select it. You'll then click on Create.
   
3. Type in your service plan name, stay with Linux for the OS, choose your region -not every region give access to the free tier option you'll maybe have the change it acordingly. In Pricing Tier, click on Change and go to Dev/Test and select the F1 plan and hit Apply.
4. Click on Review + create and then Create.
   
5. Once finished, you'll have acces to your new plan.

App Service - w/Docker

1. Go back to your resource group and use the + Create option.
2. In the Create resource window, click on Web App in the Popular products list and then click on Create.
   
3. Enter the name of your app, select Docker Container, use Linux, make sure the region and Linux plan are correct an click on Next Docker.
   
4. Use Single Container for options and Docker Hub for the image source. Public should already be selected for Access Type and for Image an tag enter pglombardo/pwpush-ephemeral:latest. Click on Review + create and then Create.
   
5. When the resource is created, you'll see on the right side, the URL of your application. You can also use the Browse option in the menu bar.
   
6. Wait for about 15 minutes before accessing the web site, even if the resource is functional, the deployment isn't finished yet. Go to the left panel and select Deployment Center and click on Logs. It's only when you get the confirmation that the application is ready to go!
   

Change default language

1. In the left panel of your App, select Configuration.
2. Use the option + New application setting from the Application setting section.
3. For the name use: PWP_DEFAULT_LOCALE
4. For the language, use the 2 digit code, ex: fr
   
5. Hit Ok, the Save in the menu bar.
   P.N. if the langage didn't change, you only need to restart the application.

Security Basic Best Practice

1. Disable FTP acces or set it to FTPS
   
2. Use an identity provider -if you can. There's a few available:
   
3. Once selected, you'll need to configure app id, secret, etc. depending on the provider.

I'll add the App Service w/Code version soon.

BTW, my first language is french so if there's errors or misspelled words, feel free to correct me!

[Rameez96]

How can I deploy it on EC2 AWS?

[pglombardo]

Documentation on how to deploy a docker container to Amazon LightSail or ECS is here:
https://aws.amazon.com/getting-started/guides/deploy-webapp-decision/?pg=gs&sec=lyfa

Added #391 to document the AWS process.

[jnhrv]

Hi, I love the tool - thank you @pglombardo - and I'm kinda new to Azure App Service and Docker things but managed to deploy the image to Azure App Service according to the instructions provided by @jlucgauthier . However, I would like to customize our instance and change CSS and logo images directly in the docker image. Does anyone know how to access the image in the Azure App Service Docker container and replace the files? I'm not sure what to google for and if it is possible. Thank you!

[pglombardo]

Hi @jnhrv!

Password Pusher supports rebranding out of the box via environment variables or a custom settings.yml file. See these links for info:

1. https://github.com/pglombardo/PasswordPusher/blob/master/Configuration.md
2. Rebranding details
3. If you need to customize beyond what's supported in branding, see here.

Hopefully this helps. Let me know if you have any issues.

[jgudmundson-RETSD]

I tweaked this during my deployment, but the instructions works well. I just need it to be backed by a database.

1. docker image and tag needs to be changed to "pglombardo/pwpush-postgres:release"
2. Create "Azure Database for PostgreSQL flexible server"
3. app service\configuration\app settings. add app setting. Name: "DATABASE_URL" Value: "postgresql://REPLACEDBUSER:[email protected]:5432/REPLACEWITHDATABASE". Make sure to check "Deployment Slot Setting"

[Manu-H]

Hey!

I also deployed Password Pusher to an Azure WebAPp thanks to the input from @jlucgauthier
Everything works fine.

I'm just curious if its possible to change the "text" (from config/locales/localization.it.yml) if Password Pusher is deployed through Azure Web App?
I'd like to modify a few text settings...

Anyone an Idea?

Thanks!

[pglombardo]

Hi @Manu-H - I'll put a response into the issue you posted in #1439

[ghost]

Can I create the application by pulling from my repository and cloning it from yours? example: in the Full Image Name and Tag part I put myrepository/pwpush-ephemeral:latest

[pglombardo]

Hi @rafabiasotto - if you are building your own Docker containers and pushing them to your Docker Hub account - then yes.

Also a side note. There is now a single universal Docker container (pglombardo/pwpush). See here for info.

[ghost]

Tks pglombardo for the answer, I need another help. I create a webapp with Identity Provider, but other users can´t access

How can I give this permissions the other user can view?

[pglombardo]

Hi @rafabiasotto - My Portuguese is poor but I believe that is a firewall message. You may have to approve the URL with your company IT team.

This message is not from Password Pusher and is open by default (no blocking).

Let me know how it goes.

[jgudmundson-RETSD]

@rafabiasotto, to me that looks suspiciously like the image below. It's for Entra AD Application Consent (OAUTH permissions) control.
I'm with @pglombardo I don't think its related to pwpush, unless we recently got logins with OAUTH.... Which TBH would be handy.
https://learn.microsoft.com/en-us/entra/identity-platform/application-consent-experience

[ghost]

I fogot to give admin consent. Thanks for help.

[az-pz]

I created an azure web app by using the docker image and mapping port 80 to 5100. I am attaching the ARM template for others to use. I am sure there are better ways to do it but I could get it work only this way.
template.json

[BNWEIN]

I have been able to get it up and running on azure, but can't get it to connect to the postgres DB

@jgudmundson-RETSD dont suppose you have any additional info to share on the way you did that?

under config > Application Settings > Connection Strings, i already had some values from when the resource was created (I created it with postgres)

I have tried also adding a new application setting:
"Database_URL"
with a value of:
"postgresql://username:[email protected]:5432/dbname"

However i am getting:

2024-01-25T22:40:22.297Z ERROR - Container pwpushapp_1_ccdff39e didn't respond to HTTP pings on port: 5100, failing site start. See container logs for debugging.
2024-01-25T22:40:22.334Z INFO - Stopping site pwpushapp because it failed during startup.

[pglombardo]

Hi @BNWEIN,

See container logs for debugging.

If you could post the container logs, that will tell us exactly where the issue is.

Two other things to make note of:

1. The Guide to DATABASE_URL if needed
2. See Database hostnames with underscores are not supported #1602

[BNWEIN]

Hi @BNWEIN,

See container logs for debugging.

If you could post the container logs, that will tell us exactly where the issue is.

Two other things to make note of:

1. The Guide to DATABASE_URL if needed
2. See Database hostnames with underscores are not supported #1602

Thanks. I got this sorted by changing the network settings on the postgres server

[RafaelBiasotto]

@pglombardo Can I change the name on footer: © 2023 Peter Giacomo Lombardo ?

[RafaelBiasotto]

@pglombardo we try to change theme but Isnt work

And we can change this name bar

[pglombardo]

@pglombardo Can I change the name on footer: © 2023 Peter Giacomo Lombardo ?

You can but that is the entirety of my compensation for this project. 😂

If you want to change it, you can always fork the repo and build custom containers. It's not configurable currently. I have no strong feelings about it though. Feel free.

@pglombardo we try to change theme but Isnt work

Set the environment variable PWP_PRECOMPILE=true for the container. That setting in settings.yml has a bug.

Make sure to read this section:

Note: Precompiling all application assets for a new theme on container boot can add 30-90 seconds to the boot process (depending on the system). Make sure to allow this time in your health checks before declaring the container as unresponsive.

[LucasDouradoLinx]

@pglombardo we can change this name bar?

Moved this request to #1892 cc: @RafaelBiasotto

[Julian0o]

Hi there, im trying to host passwordpusher on Azure with persistent storage. A seperate "Azure Database for PostgreSQL flexible server" costs about 15 $ per month. Is there another way to do that? I tried to bin a storage account but i did not get it working.

Has anybody get i working with persistent storage without paying extra fees for a PostgreSQL Server?

[pglombardo]

Hi @Julian0o - you could use the SQLite3 database backend as persistent storage if you mounted a persistent volume to /opt/PasswordPusher/db. The default SQLite3 database file path is /opt/PasswordPusher/db/db.sqlite3.

Other users have done this. See the SQLite3 docs here.

Note though the SQLite3 isn't the best at concurrency so if you expect a lot of users, this will have it's limits. But for light traffic it's fine.

[Julian0o]

Hi @Julian0o - you could use the SQLite3 database backend as persistent storage if you mounted a persistent volume to /opt/PasswordPusher/db. The default SQLite3 database file path is /opt/PasswordPusher/db/db.sqlite3.

Other users have done this. See the SQLite3 docs here.

Note though the SQLite3 isn't the best at concurrency so if you expect a lot of users, this will have it's limits. But for light traffic it's fine.

Thank you! I got it working. In Azure Web App you can use the /home Folder for persistent storage. All you have to do is set the following Environment Variables via Azure Web Interface:

DATABASE_URL
sqlite3:/home/db.sqlite3

WEBSITES_ENABLE_APP_SERVICE_STORAGE
true

I think we will use it for a max of 100 Passwords per day. Do you think sqlite will do this fine?

[pglombardo]

Excellent - I think 100 passwords/day should be fine.

[pglombardo]

Hi all - just an update here that a community user has graciously contributed new Azure installation documentation.

[Jr7468]

Hi there, I have pwpush deployed on Azure and I'm struggling to get an admin user added. I can't find a way to access the console to run the necessary commands.

[pglombardo]

Hi @Jr7468 - It seems more than a few users have trouble accessing an application console in Azure. I just updated the Admin Dashboard docs with instructions on how to mark a user via SQL.

Related: #2719 (comment)