Linux (Ubuntu) Installation - Supporting Software - 18.04: Difference between revisions

From IHRIS Wiki
No edit summary
No edit summary
Line 16: Line 16:
We begin by install a [http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 Lamp] server
We begin by install a [http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 Lamp] server
(You can find more help [https://help.ubuntu.com/community/ApacheMySQLPHP here]):
(You can find more help [https://help.ubuntu.com/community/ApacheMySQLPHP here]):
<source lang="bash">
<pre>
sudo tasksel install lamp-server
sudo tasksel install lamp-server
</source>
</pre>
If you have never used mysql on your system, you will be asked to set the 'root' password for mysql.  We will refer to this password as XXXXX below.
If you have never used mysql on your system, you will be asked to set the 'root' password for mysql.  We will refer to this password as XXXXX below.


'''Important''': Make sure your email system is correctly configured.  Under a default Ubuntu installation, you can do this with one of two commands:
'''Important''': Make sure your email system is correctly configured.  Under a default Ubuntu installation, you can do this with one of two commands:
<source lang="bash">
<pre>
sudo apt install postfix
sudo apt install postfix
sudo dpkg-reconfigure postfix
sudo dpkg-reconfigure postfix
</source>
</pre>


Follow the on-screen instructions to set up email on your system.  For additional help with installing Postfix, look at these [https://help.ubuntu.com/community/PostfixBasicSetupHowto instructions].  On Debian systems, the same commands can be used, but <tt>exim4</tt> is the default MTA instead of <tt>postfix</tt>
Follow the on-screen instructions to set up email on your system.  For additional help with installing Postfix, look at these [https://help.ubuntu.com/community/PostfixBasicSetupHowto instructions].  On Debian systems, the same commands can be used, but <tt>exim4</tt> is the default MTA instead of <tt>postfix</tt>
Line 33: Line 33:
==Configuring MYSQL==
==Configuring MYSQL==
Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set:
Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set:
<source lang="bash">
<pre>
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
</source>
</pre>
<source lang="ini">
<pre>
query_cache_limit      = 4M
query_cache_limit      = 4M
query_cache_size        = 64M
query_cache_size        = 64M
</source>
</pre>


Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable.
Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable.
<source lang="bash">
<pre>
sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf
sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf
</source>
</pre>


<source lang="ini">
<pre>
[mysqld]
[mysqld]
sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
</source>
</pre>


If not already configured, set up the MySQL system and root login:
If not already configured, set up the MySQL system and root login:
<source lang="bash">
<pre>
sudo mysql_secure_installation
sudo mysql_secure_installation
</source>
</pre>


To configure MySQL so iHRIS can create needed functions:
To configure MySQL so iHRIS can create needed functions:
<source lang="bash">
<pre>
mysql -u root -p
mysql -u root -p
</source>
</pre>


Enter the password you set above (XXXXX) for MySQL.  '''If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled:'''
Enter the password you set above (XXXXX) for MySQL.  '''If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled:'''
<source lang="bash">
<pre>
sudo mysql
sudo mysql
</source>
</pre>


You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '.  Type these commands:
You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '.  Type these commands:
<source lang="mysql">
<pre>
SET GLOBAL log_bin_trust_function_creators = 1;
SET GLOBAL log_bin_trust_function_creators = 1;
exit
exit
</source>
</pre>


Now restart mysql so these changes take affect.
Now restart mysql so these changes take affect.
<source lang="bash">
<pre>
sudo service mysql restart
sudo service mysql restart
</source>
</pre>


[SETTING THE PASSWORD MANUALLY IS OPTIONAL]
[SETTING THE PASSWORD MANUALLY IS OPTIONAL]
Line 83: Line 83:
Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work)
Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work)


<source>
<pre>
LOW    Length >= 8
LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary
STRONG Length >= 8, numeric, mixed case, special characters and dictionary
</source>
</pre>


<source lang="bash">
<pre>
$ sudo mysql
$ sudo mysql
> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere';
> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere';
</source>
</pre>


To confirm the password is set run this and you should see the column with User=root has a password hash.
To confirm the password is set run this and you should see the column with User=root has a password hash.
<source lang="bash">
<pre>
> SELECT User, Host, HEX(authentication_string) FROM mysql.user;
> SELECT User, Host, HEX(authentication_string) FROM mysql.user;
</source>
</pre>
[END SETTING MySQL PASSWORD]
[END SETTING MySQL PASSWORD]


Line 103: Line 103:


We need to install a few Pear and PECL packages for PHP.  For the Pear packages you can do:
We need to install a few Pear and PECL packages for PHP.  For the Pear packages you can do:
<source lang="bash">
<pre>
sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid
sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid
</source>
</pre>




===APCu===
===APCu===
To install APCu you need to run this command:  
To install APCu you need to run this command:  
<source lang='bash'>
<pre>
sudo apt install php-apcu
sudo apt install php-apcu
</source>
</pre>




During certain activities like installation and upgrades you may need more memory than APC uses by default.  We also want to turn off the ''slam defense.''  We need to edit the configuration file file for apcu:
During certain activities like installation and upgrades you may need more memory than APC uses by default.  We also want to turn off the ''slam defense.''  We need to edit the configuration file file for apcu:
<source lang="bash">
<pre>
sudo gedit /etc/php/7.2/mods-available/apcu.ini
sudo gedit /etc/php/7.2/mods-available/apcu.ini
</source>
</pre>
It should look like this:
It should look like this:
<source lang="ini">
<pre>
extension=apcu.so
extension=apcu.so
apc.enabled=1
apc.enabled=1
Line 127: Line 127:
apc.slam_defense=0
apc.slam_defense=0
apc.enable_cli=1
apc.enable_cli=1
</source>
</pre>
See [http://pecl.php.net/bugs/bug.php?id=16843 slam defense] and [http://t3.dotgnu.info/blog/php/user-cache-timebomb this].
See [http://pecl.php.net/bugs/bug.php?id=16843 slam defense] and [http://t3.dotgnu.info/blog/php/user-cache-timebomb this].


Line 134: Line 134:
====Debian Squeeze====
====Debian Squeeze====
If you are using Debian Squeeze, then the value of ''apc.shm_size'' should be:
If you are using Debian Squeeze, then the value of ''apc.shm_size'' should be:
<source lang='bash'>
<pre>
apc.shm_size=100
apc.shm_size=100
</source>
</pre>


===Install Memcached===
===Install Memcached===
Line 149: Line 149:


To install,  simply do
To install,  simply do
<source lang='bash'>
<pre>
  sudo apt install php-memcached memcached
  sudo apt install php-memcached memcached
</source>
</pre>


===Set ZendOpcache options===
===Set ZendOpcache options===
Edit the opcache config file with this command:
Edit the opcache config file with this command:
<source lang="bash">
<pre>
sudo gedit /etc/php/7.2/mods-available/opcache.ini
sudo gedit /etc/php/7.2/mods-available/opcache.ini
</source>
</pre>
It should look like this for a production system:
It should look like this for a production system:
<source lang="ini">
<pre>
; configuration for php ZendOpcache module
; configuration for php ZendOpcache module
; priority=05
; priority=05
Line 169: Line 169:
opcache.fast_shutdown=1
opcache.fast_shutdown=1
opcache.enable_cli=1
opcache.enable_cli=1
</source>
</pre>
For a development system you should modify revalidate_freq from 60 to 2:
For a development system you should modify revalidate_freq from 60 to 2:
<source lang="ini">
<pre>
opcache.revalidate_freq=2
opcache.revalidate_freq=2
</source>
</pre>


==Configuring Apache Web Server==
==Configuring Apache Web Server==
Line 182: Line 182:


You will see later we are using the apache rewrite module.  To enable the module:
You will see later we are using the apache rewrite module.  To enable the module:
<source lang="bash">
<pre>
sudo a2enmod rewrite
sudo a2enmod rewrite
</source>
</pre>
===Enable .htaccess Configuration===
===Enable .htaccess Configuration===
Now we need to make sure we can use the ''.htaccess'' file.
Now we need to make sure we can use the ''.htaccess'' file.
<source lang="bash">
<pre>
sudo gedit /etc/apache2/apache2.conf
sudo gedit /etc/apache2/apache2.conf
</source>
</pre>
Change:
Change:
<source lang="apache">
<pre>
<Directory /var/www/>
<Directory /var/www/>
         Options Indexes FollowSymLinks
         Options Indexes FollowSymLinks
Line 197: Line 197:
Require all granted
Require all granted
</Directory>
</Directory>
</source>
</pre>
to:
to:
<source lang="apache">
<pre>
<Directory /var/www/>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
Options Indexes FollowSymLinks MultiViews
Line 205: Line 205:
Require all granted
Require all granted
</Directory>
</Directory>
</source>
</pre>
Save and quit.
Save and quit.


Line 213: Line 213:
==Restart Apache==
==Restart Apache==
You'll need to restart Apache after making these changes.
You'll need to restart Apache after making these changes.
<source lang="bash">
<pre>
sudo service apache2 restart
sudo service apache2 restart
</source>
</pre>


[[Category:Installation]]
[[Category:Installation]]

Revision as of 18:39, 1 March 2019

This document describes the needed installation and configuration of supporting software for iHRIS on Ubuntu 16.04 LTS, Xenial Xerus. This will only work with iHRIS 4.3 or greater (or additional local changes). iHRIS 4.3 is currently available for testing and should not be used in production yet.

For other versions, see Linux (Ubuntu) Installation - Supporting Software (versions) .


Getting Ready

Here are instructions for installing the supporting software for iHRIS on a Linux (Ubuntu) system. If you need help installing Ubuntu you may want to take a look at these directions for installing a Server or a Desktop system. For a server setup, we recommend using a LTS (long term support) version of Ubuntu.

Note: Unless specifically mentioned, all the commands below are run using a terminal. You can start this in Ubuntu by going to Applications -> Accessories -> Terminal. Any time a command begins with sudo it will prompt for your password because this will be run with administrative privileges. When you run sudo multiple times, only the first time will ask for your password.

Note: Some installation commands will prompt for inputs in the terminal window, usually with a blue background. The mouse doesn't work to click on options here. You can use Tab to move between options and the space bar to check or uncheck selections.

Note: Some commands will launch the gedit file editor. Look at the documentation if you need additional help.

We begin by install a Lamp server (You can find more help here): 

sudo tasksel install lamp-server

If you have never used mysql on your system, you will be asked to set the 'root' password for mysql. We will refer to this password as XXXXX below.

Important: Make sure your email system is correctly configured. Under a default Ubuntu installation, you can do this with one of two commands: 

sudo apt install postfix
sudo dpkg-reconfigure postfix

Follow the on-screen instructions to set up email on your system. For additional help with installing Postfix, look at these instructions. On Debian systems, the same commands can be used, but exim4 is the default MTA instead of postfix

If you are using another Linux distribution, make sure your system can send email properly before continuing.

Configuring MYSQL

Make sure you have in /etc/mysql/mysql.conf.d/mysqld.cnf the following values set: 

sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf

query_cache_limit       = 4M
query_cache_size        = 64M

Create /etc/mysql/mysql.conf.d/sql-mode.cnf and set the sql-mode variable. 

sudo gedit /etc/mysql/mysql.conf.d/sql-mode.cnf

[mysqld]
sql-mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"

If not already configured, set up the MySQL system and root login: 

sudo mysql_secure_installation

To configure MySQL so iHRIS can create needed functions: 

mysql -u root -p

Enter the password you set above (XXXXX) for MySQL. If the password isn't working, try running it as the root user as the auth_socket authorization may be enabled: 

sudo mysql

You will now be able to send commands to MySQL and the prompt should always begin with 'mysql> '. Type these commands: 

SET GLOBAL log_bin_trust_function_creators = 1;
exit

Now restart mysql so these changes take affect. 

sudo service mysql restart

[SETTING THE PASSWORD MANUALLY IS OPTIONAL]

If the password you set above doesn't work, you can run the following set of commands to set it manually in the database;

Replace _putyourpasswordhere_ with a MEDIUM strength password by the following criteria. (Only Medium or Strong password will work) 

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary

$ sudo mysql
> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'putyourpasswordhere';

To confirm the password is set run this and you should see the column with User=root has a password hash. 

> SELECT User, Host, HEX(authentication_string) FROM mysql.user;

[END SETTING MySQL PASSWORD]

Installing PHP Packages

We need to install a few Pear and PECL packages for PHP. For the Pear packages you can do: 

sudo apt install php-pear php-gd php-tidy php-intl php-bcmath php-text-password php-mbstring php-uuid


APCu

To install APCu you need to run this command: 

sudo apt install php-apcu


During certain activities like installation and upgrades you may need more memory than APC uses by default. We also want to turn off the slam defense. We need to edit the configuration file file for apcu: 

sudo gedit /etc/php/7.2/mods-available/apcu.ini

It should look like this: 

extension=apcu.so
apc.enabled=1
apc.write_lock=1
apc.shm_size=100M
apc.slam_defense=0
apc.enable_cli=1

See slam defense and this.


Debian Squeeze

If you are using Debian Squeeze, then the value of apc.shm_size should be: 

apc.shm_size=100

Install Memcached

With version 4.0.4 and greater of iHRIS you can use memcached to improve performance

Note: Memcached is used to cache data from the database. Thus if you are an a sitaution where you would need to restart the webserver by 

sudo systemctl restart apache2

you should now do 

sudo systemctl restart apache2 && sudo systemctl restart memcached

To install, simply do 

 sudo apt install php-memcached memcached

Set ZendOpcache options

Edit the opcache config file with this command: 

sudo gedit /etc/php/7.2/mods-available/opcache.ini

It should look like this for a production system: 

; configuration for php ZendOpcache module
; priority=05
zend_extension=opcache.so
opcache.memory_consumption=128M
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1

For a development system you should modify revalidate_freq from 60 to 2: 

opcache.revalidate_freq=2

Configuring Apache Web Server

Document Root

In Ubuntu 18.04, the default document root is /var/www/html so when installing any iHRIS applications you will need to use the new directory to place the symlinks. If you are upgrading you may or may not need to update these depending on if you replaced the Apache configuration files during the previous upgrade.

Enable Rewrite Module

You will see later we are using the apache rewrite module. To enable the module: 

sudo a2enmod rewrite

Enable .htaccess Configuration

Now we need to make sure we can use the .htaccess file. 

sudo gedit /etc/apache2/apache2.conf

Change: 

<Directory /var/www/>
        Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

to: 

<Directory /var/www/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Require all granted
</Directory>

Save and quit.



Restart Apache

You'll need to restart Apache after making these changes. 

sudo service apache2 restart
Retrieved from "https://wiki.ihris.org/mediawiki/index.php?title=Linux_(Ubuntu)_Installation_-_Supporting_Software_-_18.04&oldid=55381"