Update INSTALL-rhel.md
made some changes to the installation of cerebrate, after new version requirements and lessons learnt.pull/116/head
parent
f9edd98f9c
commit
37b418e0b3
|
@ -1,12 +1,14 @@
|
|||
# Installing Cerebrate on RedHat Enterprise Linux (RHEL 8)
|
||||
>This installation instructions assume SELinux is enabled, and in Enforcing mode.
|
||||
# Installing Cerebrate on RedHat Enterprise Linux
|
||||
>Instructions adapted from https://doc.cerebrate-project.org/install/
|
||||
>This installation instructions assume, you have RHEL 8 with SELinux enabled, and in Enforcing mode.
|
||||
>and that you want to keep it that way :)
|
||||
>You need to be root when running these commands.
|
||||
|
||||
## Prerequisites
|
||||
>Install needed packages:
|
||||
```Shell
|
||||
dnf install @httpd mariadb-server git @php unzip sqlite vim wget php-intl php-ldap php-mysqlnd php-pdo php-zip
|
||||
dnf install @httpd mariadb-server git unzip sqlite vim wget \
|
||||
@php:8.0 php-intl php-ldap php-mysqlnd php-pdo php-zip
|
||||
```
|
||||
## Install composer
|
||||
>Instructions taken from https://getcomposer.org/download/
|
||||
|
@ -39,9 +41,11 @@ FLUSH PRIVILEGES;
|
|||
QUIT;
|
||||
```
|
||||
## Allow ports through the firewall
|
||||
> 8001 for local access, (e.g. curl) and
|
||||
> 8443 for remote access with proper certificates (SSL TLS).
|
||||
```Shell
|
||||
firewall-cmd --zone=public --add-service=http --permanent
|
||||
firewall-cmd --zone=public --add-port=8001/tcp --permanent
|
||||
firewall-cmd --zone=public --add-port=8443/tcp --permanent
|
||||
```
|
||||
> reload firewall and show applied firewall rules
|
||||
```Shell
|
||||
|
@ -51,11 +55,19 @@ firewall-cmd --zone public --list-all
|
|||
|
||||
## Main Cerebrate Installation
|
||||
>Steps to install Cerebrate on RHEL
|
||||
>in order to run some commands you need to (temporarily) allow the apache user
|
||||
>to login using *bash shell*
|
||||
```Shell
|
||||
usermod -s /bin/bash apache
|
||||
# in the end you need to set the login shell to *nologin*
|
||||
# usermod -s /sbin/nologin apache;
|
||||
```
|
||||
|
||||
### Clone this repository
|
||||
```Shell
|
||||
mkdir /var/www/cerebrate
|
||||
git clone https://github.com/cerebrate-project/cerebrate.git /var/www/cerebrate
|
||||
mkdir -p /var/www/cerebrate;
|
||||
sudo chown apache:apache /var/www/cerebrate;
|
||||
sudo -u apache git clone https://github.com/cerebrate-project/cerebrate.git /var/www/cerebrate;
|
||||
```
|
||||
|
||||
### Run composer
|
||||
|
@ -64,25 +76,21 @@ mkdir -p /var/www/.composer
|
|||
chown -R apache.apache /var/www/.composer
|
||||
chown -R apache.apache /var/www/cerebrate
|
||||
cd /var/www/cerebrate
|
||||
composer install
|
||||
sudo -H -u apache composer install
|
||||
```
|
||||
>you will see a prompt: \
|
||||
>`Do you trust "cakephp/plugin-installer" to execurte code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]` \
|
||||
>*repond with* `y` \
|
||||
>`Do you trust "dealerdirect/phpcodesniffer-composer-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]` \
|
||||
>*repond with* `y`
|
||||
|
||||
|
||||
### Create your local configuration and set the db credentials
|
||||
```Shell
|
||||
cp -a /var/www/cerebrate/config/app_local.example.php /var/www/cerebrate/config/app_local.php
|
||||
cp -a /var/www/cerebrate/config/config.example.json /var/www/cerebrate/config/config.json
|
||||
cp -a /var/www/cerebrate/config/app_local.example.php /var/www/cerebrate/config/app_local.php;
|
||||
cp -a /var/www/cerebrate/config/config.example.json /var/www/cerebrate/config/config.json;
|
||||
```
|
||||
|
||||
### Modify the Datasource -> default array's in file `app_local.php`
|
||||
>Simply modify the `Datasources` section, to reflect your values for: username, password, and database
|
||||
>fields, as configured in the above [#create-a-new-database-user-and-password-for-cerebrate](<#create-a-new-database-user-and-password-for-cerebrate>)
|
||||
```Shell
|
||||
vim /var/www/cerebrate/config/app_local.php
|
||||
sudo -u apache vim /var/www/cerebrate/config/app_local.php;
|
||||
```
|
||||
```PHP
|
||||
'Datasources' => [
|
||||
|
@ -96,18 +104,12 @@ vim /var/www/cerebrate/config/app_local.php
|
|||
|
||||
### Run the database schema migrations
|
||||
```Shell
|
||||
usermod -s /bin/bash apache
|
||||
chown -R apache.apache /var/www/.composer;
|
||||
chown -R apache.apache /var/www/cerebrate;
|
||||
|
||||
chown -R apache.apache /var/www/.composer
|
||||
chown -R apache.apache /var/www/cerebrate
|
||||
|
||||
su apache <<'EOFi'
|
||||
/var/www/cerebrate/bin/cake migrations migrate
|
||||
/var/www/cerebrate/bin/cake migrations migrate -p tags
|
||||
/var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth
|
||||
EOFi
|
||||
|
||||
usermod -s /sbin/nologin apache
|
||||
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate;
|
||||
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate -p tags;
|
||||
sudo -u apache /var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth;
|
||||
```
|
||||
|
||||
|
||||
|
@ -118,13 +120,14 @@ rm /var/www/cerebrate/tmp/cache/persistent/*
|
|||
```
|
||||
|
||||
### copy the Apache httpd template to the default apache configuration folder
|
||||
> in our case we used apache to serve this website, NGINX could also be used.
|
||||
> in our case we use apache to serve this website.
|
||||
```Shell
|
||||
cp -v /var/www/cerebrate/INSTALL/cerebrate_apache_dev.conf /etc/httpd/conf.d/.
|
||||
mkdir /var/log/apache2
|
||||
chown apache.root -R /var/log/apache2
|
||||
restorecon -Rv /etc/httpd/conf.d/*
|
||||
restorecon -Rv /var/log/*
|
||||
### Relabeled /var/log/apache2 from unconfined_u:object_r:var_log_t:s0 to unconfined_u:object_r:httpd_log_t:s0
|
||||
```
|
||||
### Make changes to the apache httpd site configuration file
|
||||
>Edit the file `/etc/httpd/conf.d/cerebrate_apache_dev.conf` change the two references of port 8000 to 8001
|
||||
|
@ -149,6 +152,8 @@ chown apache.apache /var/www/cerebrate
|
|||
```
|
||||
systemctl enable httpd
|
||||
systemctl restart httpd
|
||||
# do not forget to set nologin for user apache
|
||||
usermod -s /sbin/nologin apache;
|
||||
```
|
||||
|
||||
## Point your browser to: http://localhost:8001
|
||||
|
@ -158,3 +163,52 @@ systemctl restart httpd
|
|||
Username: admin
|
||||
Password: Password1234
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Optional: Enable HTTPS secure connection to the site
|
||||
> if you also want to enable SSL TLS certificates, you need to do the following
|
||||
|
||||
### copy the certificates in place
|
||||
vi /etc/pki/tls/certs/cerebrate-chain.pem
|
||||
vi /etc/pki/tls/private/cerebrate-key.pem
|
||||
chmod 600 /etc/pki/tls/private/cerebrate-key.pem
|
||||
|
||||
### edit the configuration file to include the SSL Section.
|
||||
vim /etc/httpd/conf.d/cerebrate_apache_dev.conf
|
||||
```Shell
|
||||
Listen 8443 https
|
||||
|
||||
<VirtualHost <your IP address:8443>
|
||||
ErrorLog /var/log/apache2/cerebrate_ssl_error_log
|
||||
TransferLog /var/log/apache2/cerebrate_ssl_access_log
|
||||
LogLevel warn
|
||||
SSLEngine on
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
SSLCertificateFile /etc/pki/tls/certs/cerebrate-chain.pem
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/cerebrate-key.pem
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
ServerName mycerebrate.<csirt.eu>
|
||||
DocumentRoot /var/www/cerebrate/webroot
|
||||
<Directory /var/www/cerebrate/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
|
||||
CustomLog /var/log/apache2/cerebrate_ssl_request.log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
</VirtualHost>
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue