Linux (Ubuntu) Installation - Supporting Software - 18.04: Difference between revisions
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
We begin by install a [http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 Lamp] server | We begin by install a [http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 Lamp] server | ||
(You can find more help [https://help.ubuntu.com/community/ApacheMySQLPHP here]): | (You can find more help [https://help.ubuntu.com/community/ApacheMySQLPHP here]): | ||
< | <pre> | ||
sudo tasksel install lamp-server | sudo tasksel install lamp-server | ||
</ | </pre> | ||
If you have never used mysql on your system, you will be asked to set the 'root' password for mysql. We will refer to this password as XXXXX below. | If you have never used mysql on your system, you will be asked to set the 'root' password for mysql. We will refer to this password as XXXXX below. | ||
'''Important''': Make sure your email system is correctly configured. Under a default Ubuntu installation, you can do this with one of two commands: | '''Important''': Make sure your email system is correctly configured. Under a default Ubuntu installation, you can do this with one of two commands: | ||
< | <pre> | ||
sudo apt install postfix | sudo apt install postfix | ||
sudo dpkg-reconfigure postfix | sudo dpkg-reconfigure postfix | ||
</ | </pre> | ||
Follow the on-screen instructions to set up email on your system. For additional help with installing Postfix, look at these [https://help.ubuntu.com/community/PostfixBasicSetupHowto instructions]. On Debian systems, the same commands can be used, but <tt>exim4</tt> is the default MTA instead of <tt>postfix</tt> | Follow the on-screen instructions to set up email on your system. For additional help with installing Postfix, look at these [https://help.ubuntu.com/community/PostfixBasicSetupHowto instructions]. On Debian systems, the same commands can be used, but <tt>exim4</tt> is the default MTA instead of <tt>postfix</tt> | ||
Line 33: | Line 33: | ||
==Configuring MYSQL== | ==Configuring MYSQL== | ||
Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set: | Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set: | ||
< | <pre> | ||
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf | sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf | ||
</ | </pre> | ||
< | <pre> | ||
query_cache_limit = 4M | query_cache_limit = 4M | ||
query_cache_size = 64M | query_cache_size = 64M | ||
</ | </pre> | ||
Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable. | Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable. | ||
< | <pre> | ||
sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf | sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf | ||
</ | </pre> | ||
< | <pre> | ||
[mysqld] | [mysqld] | ||
sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" | sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" | ||
</ | </pre> | ||
If not already configured, set up the MySQL system and root login: | If not already configured, set up the MySQL system and root login: | ||
< | <pre> | ||
sudo mysql_secure_installation | sudo mysql_secure_installation | ||
</ | </pre> | ||
To configure MySQL so iHRIS can create needed functions: | To configure MySQL so iHRIS can create needed functions: | ||
< | <pre> | ||
mysql -u root -p | mysql -u root -p | ||
</ | </pre> | ||
Enter the password you set above (XXXXX) for MySQL. '''If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled:''' | Enter the password you set above (XXXXX) for MySQL. '''If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled:''' | ||
< | <pre> | ||
sudo mysql | sudo mysql | ||
</ | </pre> | ||
You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '. Type these commands: | You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '. Type these commands: | ||
< | <pre> | ||
SET GLOBAL log_bin_trust_function_creators = 1; | SET GLOBAL log_bin_trust_function_creators = 1; | ||
exit | exit | ||
</ | </pre> | ||
Now restart mysql so these changes take affect. | Now restart mysql so these changes take affect. | ||
< | <pre> | ||
sudo service mysql restart | sudo service mysql restart | ||
</ | </pre> | ||
[SETTING THE PASSWORD MANUALLY IS OPTIONAL] | [SETTING THE PASSWORD MANUALLY IS OPTIONAL] | ||
Line 83: | Line 83: | ||
Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work) | Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work) | ||
< | <pre> | ||
LOW Length >= 8 | LOW Length >= 8 | ||
MEDIUM Length >= 8, numeric, mixed case, and special characters | MEDIUM Length >= 8, numeric, mixed case, and special characters | ||
STRONG Length >= 8, numeric, mixed case, special characters and dictionary | STRONG Length >= 8, numeric, mixed case, special characters and dictionary | ||
</ | </pre> | ||
< | <pre> | ||
$ sudo mysql | $ sudo mysql | ||
> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere'; | > ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere'; | ||
</ | </pre> | ||
To confirm the password is set run this and you should see the column with User=root has a password hash. | To confirm the password is set run this and you should see the column with User=root has a password hash. | ||
< | <pre> | ||
> SELECT User, Host, HEX(authentication_string) FROM mysql.user; | > SELECT User, Host, HEX(authentication_string) FROM mysql.user; | ||
</ | </pre> | ||
[END SETTING MySQL PASSWORD] | [END SETTING MySQL PASSWORD] | ||
Line 103: | Line 103: | ||
We need to install a few Pear and PECL packages for PHP. For the Pear packages you can do: | We need to install a few Pear and PECL packages for PHP. For the Pear packages you can do: | ||
< | <pre> | ||
sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid | sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid | ||
</ | </pre> | ||
===APCu=== | ===APCu=== | ||
To install APCu you need to run this command: | To install APCu you need to run this command: | ||
< | <pre> | ||
sudo apt install php-apcu | sudo apt install php-apcu | ||
</ | </pre> | ||
During certain activities like installation and upgrades you may need more memory than APC uses by default. We also want to turn off the ''slam defense.'' We need to edit the configuration file file for apcu: | During certain activities like installation and upgrades you may need more memory than APC uses by default. We also want to turn off the ''slam defense.'' We need to edit the configuration file file for apcu: | ||
< | <pre> | ||
sudo gedit /etc/php/7.2/mods-available/apcu.ini | sudo gedit /etc/php/7.2/mods-available/apcu.ini | ||
</ | </pre> | ||
It should look like this: | It should look like this: | ||
< | <pre> | ||
extension=apcu.so | extension=apcu.so | ||
apc.enabled=1 | apc.enabled=1 | ||
Line 127: | Line 127: | ||
apc.slam_defense=0 | apc.slam_defense=0 | ||
apc.enable_cli=1 | apc.enable_cli=1 | ||
</ | </pre> | ||
See [http://pecl.php.net/bugs/bug.php?id=16843 slam defense] and [http://t3.dotgnu.info/blog/php/user-cache-timebomb this]. | See [http://pecl.php.net/bugs/bug.php?id=16843 slam defense] and [http://t3.dotgnu.info/blog/php/user-cache-timebomb this]. | ||
Line 134: | Line 134: | ||
====Debian Squeeze==== | ====Debian Squeeze==== | ||
If you are using Debian Squeeze, then the value of ''apc.shm_size'' should be: | If you are using Debian Squeeze, then the value of ''apc.shm_size'' should be: | ||
< | <pre> | ||
apc.shm_size=100 | apc.shm_size=100 | ||
</ | </pre> | ||
===Install Memcached=== | ===Install Memcached=== | ||
Line 149: | Line 149: | ||
To install, simply do | To install, simply do | ||
< | <pre> | ||
sudo apt install php-memcached memcached | sudo apt install php-memcached memcached | ||
</ | </pre> | ||
===Set ZendOpcache options=== | ===Set ZendOpcache options=== | ||
Edit the opcache config file with this command: | Edit the opcache config file with this command: | ||
< | <pre> | ||
sudo gedit /etc/php/7.2/mods-available/opcache.ini | sudo gedit /etc/php/7.2/mods-available/opcache.ini | ||
</ | </pre> | ||
It should look like this for a production system: | It should look like this for a production system: | ||
< | <pre> | ||
; configuration for php ZendOpcache module | ; configuration for php ZendOpcache module | ||
; priority=05 | ; priority=05 | ||
Line 169: | Line 169: | ||
opcache.fast_shutdown=1 | opcache.fast_shutdown=1 | ||
opcache.enable_cli=1 | opcache.enable_cli=1 | ||
</ | </pre> | ||
For a development system you should modify revalidate_freq from 60 to 2: | For a development system you should modify revalidate_freq from 60 to 2: | ||
< | <pre> | ||
opcache.revalidate_freq=2 | opcache.revalidate_freq=2 | ||
</ | </pre> | ||
==Configuring Apache Web Server== | ==Configuring Apache Web Server== | ||
Line 182: | Line 182: | ||
You will see later we are using the apache rewrite module. To enable the module: | You will see later we are using the apache rewrite module. To enable the module: | ||
< | <pre> | ||
sudo a2enmod rewrite | sudo a2enmod rewrite | ||
</ | </pre> | ||
===Enable .htaccess Configuration=== | ===Enable .htaccess Configuration=== | ||
Now we need to make sure we can use the ''.htaccess'' file. | Now we need to make sure we can use the ''.htaccess'' file. | ||
< | <pre> | ||
sudo gedit /etc/apache2/apache2.conf | sudo gedit /etc/apache2/apache2.conf | ||
</ | </pre> | ||
Change: | Change: | ||
< | <pre> | ||
<Directory /var/www/> | <Directory /var/www/> | ||
Options Indexes FollowSymLinks | Options Indexes FollowSymLinks | ||
Line 197: | Line 197: | ||
Require all granted | Require all granted | ||
</Directory> | </Directory> | ||
</ | </pre> | ||
to: | to: | ||
< | <pre> | ||
<Directory /var/www/> | <Directory /var/www/> | ||
Options Indexes FollowSymLinks MultiViews | Options Indexes FollowSymLinks MultiViews | ||
Line 205: | Line 205: | ||
Require all granted | Require all granted | ||
</Directory> | </Directory> | ||
</ | </pre> | ||
Save and quit. | Save and quit. | ||
Line 213: | Line 213: | ||
==Restart Apache== | ==Restart Apache== | ||
You'll need to restart Apache after making these changes. | You'll need to restart Apache after making these changes. | ||
< | <pre> | ||
sudo service apache2 restart | sudo service apache2 restart | ||
</ | </pre> | ||
[[Category:Installation]] | [[Category:Installation]] |
Revision as of 18:39, 1 March 2019
This document describes the needed installation and configuration of supporting software for iHRIS on Ubuntu 16.04 LTS, Xenial Xerus. This will only work with iHRIS 4.3 or greater (or additional local changes). iHRIS 4.3 is currently available for testing and should not be used in production yet.
Getting Ready
Here are instructions for installing the supporting software for iHRIS on a Linux (Ubuntu) system. If you need help installing Ubuntu you may want to take a look at these directions for installing a Server or a Desktop system. For a server setup, we recommend using a LTS (long term support) version of Ubuntu.
Note: Unless specifically mentioned, all the commands below are run using a terminal. You can start this in Ubuntu by going to Applications -> Accessories -> Terminal. Any time a command begins with sudo it will prompt for your password because this will be run with administrative privileges. When you run sudo multiple times, only the first time will ask for your password.
Note: Some installation commands will prompt for inputs in the terminal window, usually with a blue background. The mouse doesn't work to click on options here. You can use Tab to move between options and the space bar to check or uncheck selections.
Note: Some commands will launch the gedit file editor. Look at the documentation if you need additional help.
We begin by install a Lamp server (You can find more help here):
sudo tasksel install lamp-server
If you have never used mysql on your system, you will be asked to set the 'root' password for mysql. We will refer to this password as XXXXX below.
Important: Make sure your email system is correctly configured. Under a default Ubuntu installation, you can do this with one of two commands:
sudo apt install postfix sudo dpkg-reconfigure postfix
Follow the on-screen instructions to set up email on your system. For additional help with installing Postfix, look at these instructions. On Debian systems, the same commands can be used, but exim4 is the default MTA instead of postfix
If you are using another Linux distribution, make sure your system can send email properly before continuing.
Configuring MYSQL
Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set:
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
query_cache_limit = 4M query_cache_size = 64M
Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable.
sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf
[mysqld] sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
If not already configured, set up the MySQL system and root login:
sudo mysql_secure_installation
To configure MySQL so iHRIS can create needed functions:
mysql -u root -p
Enter the password you set above (XXXXX) for MySQL. If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled:
sudo mysql
You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '. Type these commands:
SET GLOBAL log_bin_trust_function_creators = 1; exit
Now restart mysql so these changes take affect.
sudo service mysql restart
[SETTING THE PASSWORD MANUALLY IS OPTIONAL]
If the password you set above doesn't work, you can run the following set of commands to set it manually in the database;
Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work)
LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary
$ sudo mysql > ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere';
To confirm the password is set run this and you should see the column with User=root has a password hash.
> SELECT User, Host, HEX(authentication_string) FROM mysql.user;
[END SETTING MySQL PASSWORD]
Installing PHP Packages
We need to install a few Pear and PECL packages for PHP. For the Pear packages you can do:
sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid
APCu
To install APCu you need to run this command:
sudo apt install php-apcu
During certain activities like installation and upgrades you may need more memory than APC uses by default. We also want to turn off the slam defense. We need to edit the configuration file file for apcu:
sudo gedit /etc/php/7.2/mods-available/apcu.ini
It should look like this:
extension=apcu.so apc.enabled=1 apc.write_lock=1 apc.shm_size=100M apc.slam_defense=0 apc.enable_cli=1
See slam defense and this.
Debian Squeeze
If you are using Debian Squeeze, then the value of apc.shm_size should be:
apc.shm_size=100
Install Memcached
With version 4.0.4 and greater of iHRIS you can use memcached to improve performance
Note: Memcached is used to cache data from the database. Thus if you are an a sitaution where you would need to restart the webserver by
sudo systemctl restart apache2
you should now do
sudo systemctl restart apache2 && sudo systemctl restart memcached
To install, simply do
sudo apt install php-memcached memcached
Set ZendOpcache options
Edit the opcache config file with this command:
sudo gedit /etc/php/7.2/mods-available/opcache.ini
It should look like this for a production system:
; configuration for php ZendOpcache module ; priority=05 zend_extension=opcache.so opcache.memory_consumption=128M opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.revalidate_freq=60 opcache.fast_shutdown=1 opcache.enable_cli=1
For a development system you should modify revalidate_freq from 60 to 2:
opcache.revalidate_freq=2
Configuring Apache Web Server
Document Root
In Ubuntu 18.04, the default document root is /var/www/html so when installing any iHRIS applications you will need to use the new directory to place the symlinks. If you are upgrading you may or may not need to update these depending on if you replaced the Apache configuration files during the previous upgrade.
Enable Rewrite Module
You will see later we are using the apache rewrite module. To enable the module:
sudo a2enmod rewrite
Enable .htaccess Configuration
Now we need to make sure we can use the .htaccess file.
sudo gedit /etc/apache2/apache2.conf
Change:
<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
to:
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted </Directory>
Save and quit.
Restart Apache
You'll need to restart Apache after making these changes.
sudo service apache2 restart