Update INSTALL-rhel.md

made some changes to the installation of cerebrate, after new version requirements and lessons learnt.
pull/116/head
jacobkarapatakis 2022-11-21 12:56:37 +02:00 committed by GitHub
parent f9edd98f9c
commit 37b418e0b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 27 deletions

View File

@ -1,12 +1,14 @@
# Installing Cerebrate on RedHat Enterprise Linux (RHEL 8)
>This installation instructions assume SELinux is enabled, and in Enforcing mode.
# Installing Cerebrate on RedHat Enterprise Linux
>Instructions adapted from https://doc.cerebrate-project.org/install/
>This installation instructions assume, you have RHEL 8 with SELinux enabled, and in Enforcing mode.
>and that you want to keep it that way :)
>You need to be root when running these commands.
## Prerequisites
>Install needed packages:
```Shell
dnf install @httpd mariadb-server git @php unzip sqlite vim wget php-intl php-ldap php-mysqlnd php-pdo php-zip
dnf install @httpd mariadb-server git unzip sqlite vim wget \
@php:8.0 php-intl php-ldap php-mysqlnd php-pdo php-zip
```
## Install composer
>Instructions taken from https://getcomposer.org/download/
@ -39,9 +41,11 @@ FLUSH PRIVILEGES;
QUIT;
```
## Allow ports through the firewall
> 8001 for local access, (e.g. curl) and
> 8443 for remote access with proper certificates (SSL TLS).
```Shell
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-port=8001/tcp --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent
```
> reload firewall and show applied firewall rules
```Shell
@ -51,11 +55,19 @@ firewall-cmd --zone public --list-all
## Main Cerebrate Installation
>Steps to install Cerebrate on RHEL
>in order to run some commands you need to (temporarily) allow the apache user
>to login using *bash shell*
```Shell
usermod -s /bin/bash apache
# in the end you need to set the login shell to *nologin*
# usermod -s /sbin/nologin apache;
```
### Clone this repository
```Shell
mkdir /var/www/cerebrate
git clone https://github.com/cerebrate-project/cerebrate.git /var/www/cerebrate
mkdir -p /var/www/cerebrate;
sudo chown apache:apache /var/www/cerebrate;
sudo -u apache git clone https://github.com/cerebrate-project/cerebrate.git /var/www/cerebrate;
```
### Run composer
@ -64,25 +76,21 @@ mkdir -p /var/www/.composer
chown -R apache.apache /var/www/.composer
chown -R apache.apache /var/www/cerebrate
cd /var/www/cerebrate
composer install
sudo -H -u apache composer install
```
>you will see a prompt: \
>`Do you trust "cakephp/plugin-installer" to execurte code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]` \
>*repond with* `y` \
>`Do you trust "dealerdirect/phpcodesniffer-composer-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]` \
>*repond with* `y`
### Create your local configuration and set the db credentials
```Shell
cp -a /var/www/cerebrate/config/app_local.example.php /var/www/cerebrate/config/app_local.php
cp -a /var/www/cerebrate/config/config.example.json /var/www/cerebrate/config/config.json
cp -a /var/www/cerebrate/config/app_local.example.php /var/www/cerebrate/config/app_local.php;
cp -a /var/www/cerebrate/config/config.example.json /var/www/cerebrate/config/config.json;
```
### Modify the Datasource -> default array's in file `app_local.php`
>Simply modify the `Datasources` section, to reflect your values for: username, password, and database
>fields, as configured in the above [#create-a-new-database-user-and-password-for-cerebrate](<#create-a-new-database-user-and-password-for-cerebrate>)
```Shell
vim /var/www/cerebrate/config/app_local.php
sudo -u apache vim /var/www/cerebrate/config/app_local.php;
```
```PHP
'Datasources' => [
@ -96,18 +104,12 @@ vim /var/www/cerebrate/config/app_local.php
### Run the database schema migrations
```Shell
usermod -s /bin/bash apache
chown -R apache.apache /var/www/.composer;
chown -R apache.apache /var/www/cerebrate;
chown -R apache.apache /var/www/.composer
chown -R apache.apache /var/www/cerebrate
su apache <<'EOFi'
/var/www/cerebrate/bin/cake migrations migrate
/var/www/cerebrate/bin/cake migrations migrate -p tags
/var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth
EOFi
usermod -s /sbin/nologin apache
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate;
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate -p tags;
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth;
```
@ -118,13 +120,14 @@ rm /var/www/cerebrate/tmp/cache/persistent/*
```
### copy the Apache httpd template to the default apache configuration folder
> in our case we used apache to serve this website, NGINX could also be used.
> in our case we use apache to serve this website.
```Shell
cp -v /var/www/cerebrate/INSTALL/cerebrate_apache_dev.conf /etc/httpd/conf.d/.
mkdir /var/log/apache2
chown apache.root -R /var/log/apache2
restorecon -Rv /etc/httpd/conf.d/*
restorecon -Rv /var/log/*
### Relabeled /var/log/apache2 from unconfined_u:object_r:var_log_t:s0 to unconfined_u:object_r:httpd_log_t:s0
```
### Make changes to the apache httpd site configuration file
>Edit the file `/etc/httpd/conf.d/cerebrate_apache_dev.conf` change the two references of port 8000 to 8001
@ -149,6 +152,8 @@ chown apache.apache /var/www/cerebrate
```
systemctl enable httpd
systemctl restart httpd
# do not forget to set nologin for user apache
usermod -s /sbin/nologin apache;
```
## Point your browser to: http://localhost:8001
@ -158,3 +163,52 @@ systemctl restart httpd
Username: admin
Password: Password1234
```
## Optional: Enable HTTPS secure connection to the site
> if you also want to enable SSL TLS certificates, you need to do the following
### copy the certificates in place
vi /etc/pki/tls/certs/cerebrate-chain.pem
vi /etc/pki/tls/private/cerebrate-key.pem
chmod 600 /etc/pki/tls/private/cerebrate-key.pem
### edit the configuration file to include the SSL Section.
vim /etc/httpd/conf.d/cerebrate_apache_dev.conf
```Shell
Listen 8443 https
<VirtualHost <your IP address:8443>
ErrorLog /var/log/apache2/cerebrate_ssl_error_log
TransferLog /var/log/apache2/cerebrate_ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/cerebrate-chain.pem
SSLCertificateKeyFile /etc/pki/tls/private/cerebrate-key.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
ServerName mycerebrate.<csirt.eu>
DocumentRoot /var/www/cerebrate/webroot
<Directory /var/www/cerebrate/webroot>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/cerebrate_ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
```