( the installation is showed by***)This tutorial of the Lemur certificate management software on Ubuntu 16.04 LTS.  Lemur is an source that is open of NetFlix and regularly produce the certificates for customers/clients. The dashboard of the certificate manager in this article, we will set up a Python-based virtual environment, install the required packages, configure the basic web service and access. It is assumed that you have a clean Ubuntu 16.04 LTS instance running, e.g. in the Cloud (like AWS) or a local environment that is virtualized. 


Some fundamental prerequisites which you’ll want to require to be able to run Lemur:

  • Linux operating-system (Ubuntu 16.04 LTS is employed within guide).
  • Python 3.5 or greater.
  • PostgreSQL 9.4 or greater.
  • Nginx Web host.

Installing develop Dependencies

whenever you install Lemur on a bare Ubuntu OS, you will have to grab the next packages so Lemur can precisely build its dependencies:

.. code-block:: bash

sudo apt-get update
sudo apt-get install nodejs nodejs-legacy python-pip python-dev python3-dev libpq-dev build-essential libssl-dev libffi-dev libsasl2-dev libldap2-dev nginx git manager npm postgresql

Install Build dependencies

The above demand will install nodejs, pip, nginx , git, npm, and PostgreSQL database packages. 

Note: setting up the node package supervisor may produce the nodejs container at /usr/bin/nodejs course as opposed to /usr/bin/node. Run the command that is following create a soft link at the desired path.

sudo ln -s /user/bin/nodejs /usr/bin/node

Now, install virtualenv package using following command.

sudo pip install -U virtualenv

Install virtualenv

Setting up the build environment

In this guide, Lemur will be installed in the /www directory, yourself write permission (lemur user is the created in this tutorial):

sudo useradd lemur
sudo passwd lemur
sudo mkdir /home/lemur
sudo chown lemur:lemur /home/lemur

Add a user for lemur

sudo git clone https://github.com/Netflix/lemur
sudo chown -R lemur lemur/

Clone lemur source code

Also, create the virtual environment, activate it and enter Lemur’s directory:

su lemur
virtualenv -p python3 lemur

Create virtualenv

source /www/lemur/bin/activate
cd lemur

source lemur directory

Activating the environment adjusts PATH environment variable , so that things like pip now install into the virtualenv by default.( so you need to create that directory first:

sudo mkdir /www
cd /www

Create the www directory

Now, clone Lemur latest source inside the just created directory and give****)

Installing Lemur from supply

After creating the device, ensure that you come in the virtualenv to operate “make release” demand.

which python

Check python release

And run the next demand to put in npm dependencies including compile fixed assets.

 make release

Build the release code

Creating Lemur setup

(we must create a valid configuration file for it***)Before we run Lemur. The Lemur command line interface comes with a command that is simple allow you to get ready to go quickly. The command that is following create a default configuration under “~/.lemur/lemur.conf.py” and this location can be specify by passing the config_path parameter to the create_config command.

 lemur create_config

Create lemur configuration

Update Lemur configuration

Once created, you will need to update the configuration file with information about your environment, such as which database to talk to, where keys are stored etc.

vi ~/.lemur/lemur.conf.py

The SQLALCHEMY_DATABASE_URI string of Postgresql can be broken up like this***************)”postgresql that is:[email protected]<database-fqdn>:<database-port>/<database-name>”

The below offered screenshot demonstrates that after needed factors are filled in setup file:


Update lemur config

Setup Postgres Database

For manufacturing, a separate database is advised. With this guide, i am going to assume postgres happens to be set up and it is regarding machine that is same Lemur is installed on.

First, set a password for the postgres user. For this guide, we shall utilize lemur for instance you should make use of the database password created by Lemur:

sudo -u postgres -i

Add lemur user in postgres

postgres=# CREATE CONSUMER lemur WITH PASSWORD ‘lemur’;

Create user

Once effective, kind CTRL-D to leave the Postgres shell.

Next, we’ll produce our brand new database:

sudo -u postgres createdb lemur

Create the database

Initializing Lemur certification Manager 

Lemur provides a command that is helpful will initialize your database for you. It creates a default user (lemur) that is used by Lemur to help certificates that are associate cannot have an owner. This really is most frequently the scenario whenever Lemur has found certificates from a party source that is third. This is also a default user that can be used to administer Lemur.

In addition to creating a user that is new Lemur additionally produces a couple of standard e-mail notifications. These notifications depend on a configuration that is few such as LEMUR_SECURITY_TEAM_EMAIL. They basically guarantee that every certificate within Lemur will send one expiration notification to the security team.

Make note of the password used as this will be used during first login to the Lemur UI.

cd /www/lemur/lemur 

lemur init

Initiate lemur

The following snapshot shows the output of the “lemur init” command.

Lemur init command

NGINX web server configuration for Lemur

By default, Lemur runs on port 8000. Even you won’t be able to bind to port 80 if you change this, under normal conditions. A simple web proxy to get around this (and to avoid running Lemur as a privileged user, which you shouldn’t), we need setup. There are many web that is different you can make use of with this, we like and suggest Nginx.

Add after lines in setup file “/etc/nginx/sites-available/default“.

location /api {
proxy_next_upstream error timeout invalid_header http_500 http_( http_( that is*****************************************************************************************************************************************************************************************************) http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
root /www/lemur/lemur/static/dist;
include mime.types;
index index.html;

Configure nginx as proxy for lemur

After making these changes, restart Nginx service to apply them:

sudo service nginx restart

Restart nginx

Starting the Web Service

Lemur provides a web that is built-in (running on gunicorn and eventlet) to give you from the ground quickly. To start out the net host, you merely utilize “lemur begin“.

Start lemur web server

You can login aided by the standard individual developed during Initializing Lemur or any individual you have developed.You should now manage to test the net solution by going to ( could be the internet protocol address for the Lemur device).

Login to lemur certificate manager

The Dashboard for the Lemur is shown above. It really is regularly produce certificates self that is using or root certification Authorities. 


In this guide, the Lemur certification supervisor is set up regarding latest Ubuntu LTS variation. The objective of Lemur is always to produce and handle certificates. Additionally supports various functions of users. 

Utilizing IRB to Explore Ruby

Previous article

Just how to Install Pearl Extension in ISPManager Hosting Control Interface

Next article

You may also like


Leave a Reply

More in Linux