* `debian-jessie` for Debian 8
* `ubuntu-xenial` for Ubuntu 16.04
* `ubuntu-bionic` for Ubuntu 18.04
+ * `centos` for CentOS 8 (experimental)
+ * `rhel` for RedHat Enterprise Linux 8 (Experimental)
Patches and suggestions for improvement from users of these distributions,
or others, are welcome!
on your server. You can generally accept the defaults by pressing <return>
for all of the prompts, except for the country configuration.
+[NOTE]
+===========================================================================
+The CentOS/RHEL options will automatically add extra repositories to allow
+RPM package installation, and will download and install EJabberD from the
+project website.
+===========================================================================
+
Preamble: Developer instructions
--------------------------------
1. Stop ejabberd before making any changes to its configuration by issuing the
following command as the *root* Linux account:
+
-.(Debian / Ubuntu Xenial / Ubuntu Bionic) Stopping ejabberd
+.Stopping ejabberd
[source, bash]
---------------------------------------------------------------------------
systemctl stop ejabberd.service
-----------------------
+
g. Uncomment or add the `mod_legacy_auth` directive
+
+(CentOS/RHEL) Ejabberd 20.x::
+Open `/opt/ejabberd/conf/ejabberd.yml` and make the following
+changes:
+ a. Define your public and private domains in the `hosts` directive. For
+ example:
++
+[source, bash]
+---------------------------------------------------------------------------
+hosts:
+ - "localhost"
+ - "private.localhost"
+ - "public.localhost"
+---------------------------------------------------------------------------
++
+ b. Change `starttls_required` to false
+ c. Change `shaper:` `normal` and `fast` values to 500000
+ d. Increase the `max_user_sessions:` `all:` value to 10000
+ e. Comment out the `mod_offline` directive
++
+-----------------------
+##mod_offline:
+ ##access_max_user_messages: max_user_offline_messages
+-----------------------
++
+ f. Add the `mod_legacy_auth` directive under the `modules` section
+(indent 2 spaces):
++
+-----------------------
+modules:
+ ....
+ mod_version:
+ show_os: false
+ mod_legacy_auth: {}
+-----------------------
++
+ g. Add the following lines under the `## Local Variables`:
+
-----------------------
-mod_legacy_auth: {}
+auth_method: internal
+auth_password_format: plain
-----------------------
+
3. Restart the ejabberd server to make the changes take effect:
+
-.(Debian / Ubuntu Xenial / Ubuntu Bionic) Starting ejabberd
+.Starting ejabberd
[source, bash]
---------------------------------------------------------------------------
systemctl start ejabberd.service
1. Install websocketd (latest stable release from http://websocketd.com/)
+
-.(Debian, Ubuntu)
[source,bash]
---------------------------------------------------------------------------
cd /tmp
2. Run websocketd
+
Choose option a or b, below.
-+
+
[NOTE]
===========================================================================
websocketd does not offer a configurable inactivity timeout, meaning
to be exposed to web clients on port 443 instead of its internal port,
which may simplify firewall configuration.
===========================================================================
-+
+
a. Run websocketd as 'opensrf'
+
[NOTE]
This choice requires one of the proxy configurations mentioned below.
===========================================================================
+
-.(Debian, Ubuntu)
[source,bash]
---------------------------------------------------------------------------
/usr/local/bin/websocketd --port 7682 /openils/bin/osrf-websocket-stdio &
+
b. Run websocketd without a proxy
+
-.(Debian, Ubuntu)
[source,bash]
---------------------------------------------------------------------------
sudo -b /usr/local/bin/websocketd --port 7682 --ssl --sslcert=/etc/apache2/ssl/server.crt \
1. Enable mod_remoteip
+
+.(Debian, Ubuntu)
[source,bash]
---------------------------------------------------------------------------
sudo a2enmod remoteip
---------------------------------------------------------------------------
+
+For CentOS/RHEL, create a file at `/etc/httpd/20-remoteip.conf` with the following line:
++
+.(CentOS/RHEL)
+[source,bash]
+---------------------------------------------------------------------------
+LoadModule remoteip_module modules/mod_remoteip.so
+---------------------------------------------------------------------------
++
2. Enable remote IP settings by uncommenting and modifying as needed the
Apache configuration variables starting with RemoteIP* in the sample Apache
configuration file opensrf.conf.
3. Configure Apache to listen on port 7080 for HTTP and port 7443 for HTTPS
and ensure that it is not listening on ports 80 and 443, then restart Apache.
+
+[NOTE]
+===============================================================================
+On CentOS and RHEL, SELinux must be configured to allow Apache to access
+and execute files in the non-standard `/openils` directory and to run on alternate
+ports. Assuming `/openils` is the installation directory, issue the following
+before restarting Apache.
+===============================================================================
++
+.(CentOS/RHEL)
+[source, bash]
+----------------------------------------------------------------------------
+semanage fcontext -a -t httpd_sys_content_t "/openils(/.*)?"
+semanage fcontext -a -t httpd_log_t "/openils/var/log(/.*)?"
+semanage fcontext -a -t httpd_sys_script_exec_t "/openils/lib(/.*)?"
+semanage port -a -t http_port_t -p tcp 7080
+semanage port -a -t http_port_t -p tcp 7443
+restorecon -Rv /openils
+----------------------------------------------------------------------------
++
4. If you didn't run `configure` with the `--with-websockets-port=443` option,
edit `<PREFIX>/javascript/opensrf_ws.js` and `<PREFIX>/javascript/opensrf_ws_shared.js`
and change
var WEBSOCKET_PORT_SSL = 443;
---------------------------------------------------------------------------
-
Optional: Using NGINX as a proxy
--------------------------------
NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other
1. Install NGINX if not already present:
+
+.(Debian/Ubuntu)
[source, bash]
---------------------------------------------------------------------------
apt-get install nginx
---------------------------------------------------------------------------
+
+.(CentOS/RHEL)
+[source, bash]
+-----------------------
+yum install nginx
+-----------------------
++
2. Copy the example NGINX configuration file into place and remove default.
+
+.(Debian/Ubuntu)
[source, bash]
---------------------------------------------------------------------------
cd /path/to/opensrf-OSRFVERSION
rm /etc/nginx/sites-enabled/default
---------------------------------------------------------------------------
+
-3. Edit `/etc/nginx/sites-available/osrf-ws-http-proxy` to set the location
+.(CentOS/RHEL)
+[source, bash]
+---------------------------------------------------------------------------
+cp examples/nginx/osrf-ws-http-proxy /etc/nginx/conf.d/
+---------------------------------------------------------------------------
++
+3. Edit `/etc/nginx/sites-available/osrf-ws-http-proxy` (Debian/Ubuntu) or
+ `/etc/nginx/conf.d/osrf-ws-http-proxy` (CentOS/RHEL) to set the location
of the SSL certificate and private key.
4. Generate a dhparam file in the directory specified in the nginx config.
+
+.(Debian/Ubuntu)
[source, bash]
---------------------------------------------------------------------------
# Default config stores dhparam.pem in the Apache2 ssl directory.
openssl dhparam -out /etc/apache2/ssl/dhparam.pem 2048
---------------------------------------------------------------------------
+
+.(CentOS/RHEL)
+[source, bash]
+---------------------------------------------------------------------------
+mkdir /etc/httpd/ssl
+openssl dhparam -out /etc/httpd/ssl/dhparam.pem 2048
+---------------------------------------------------------------------------
++
5. Start NGINX
+
[source, bash]
---------------------------------------------------------------------------
-/etc/init.d/nginx start
+systemctl start nginx
---------------------------------------------------------------------------
Optional: Using HAProxy as a proxy
# make -f Makefile.install debian-jessie
# - or -
# make -f Makefile.install ubuntu-xenial
-# - or -
-# make -f Makefile.install ubuntu-bionic
+# - or -
+# make -f Makefile.install ubuntu-bionic
# - or -
# make -f Makefile.install fedora
+# - or -
+# make -f Makefile.install centos
+# - or -
+# make -f Makefile.install rhel
#
# ---------------------------------------------------------------------
LBITS=$(shell getconf LONG_BIT)
APT_TOOL=apt-get -yq
+FEDORA_YUM_TOOL=dnf -y
+CENTOS_YUM_TOOL=yum -y
+RHEL_YUM_TOOL=yum -y
+EJABBERD_VERSION=20.01
+EJABBERD_URL=https://www.process-one.net/downloads/downloads-action.php?file=/$(EJABBERD_VERSION)
+EJABBERD_RPM=ejabberd-$(EJABBERD_VERSION)-0.x86_64.rpm
# Debian dependencies
DEBS = \
zip\
zlib1g-dev
-FEDORAS = \
+RPMS = \
autoconf \
automake \
check \
check-devel \
- ejabberd \
expat-devel \
gcc \
gdbm-devel \
libmemcached \
libmemcached-devel \
libtool \
- libxml-libxml-perl \
- libxml-libxslt-perl \
libxml2-devel \
- libxml2-python \
libxslt-devel \
make \
memcached \
mod_perl \
+ perl-B-COW \
perl-Cache-Memcached \
- perl-Class-DBI \
- perl-Class-DBI-AbstractSearch \
- perl-Class-DBI-SQLite \
+ perl-Clone \
+ perl-CPAN \
+ perl-CPAN-Meta-Check \
+ perl-DateTime \
perl-DateTime-Format-Builder \
perl-DateTime-Format-ISO8601 \
perl-DateTime-Format-Mail \
- perl-DateTime-Set \
+ perl-DBI \
perl-devel \
+ perl-Devel-Peek \
perl-Error \
- perl-File-Find-Rule \
perl-JSON-XS \
perl-libwww-perl \
perl-Log-Log4perl \
perl-Module-Build \
perl-Net-DNS \
perl-Net-Server \
- perl-SQL-Abstract-Limit \
+ perl-open \
+ perl-Pod-Parser \
+ perl-Sub-Quote \
perl-Template-Toolkit \
+ perl-Test \
perl-Test-Deep \
perl-Test-Exception \
perl-Test-Pod \
+ perl-Test-Warn \
+ perl-Text-Balanced \
perl-Tie-IxHash \
perl-UNIVERSAL-require \
perl-Unix-Syslog \
perl-XML-LibXSLT \
perl-XML-Simple \
psmisc \
- python-devel \
- python-dns \
- python-memcached \
- python-setuptools \
- python-simplejson \
+ python2-devel \
+ python2-dns \
+ python2-lxml \
+ python2-memcached \
+ python2-pip \
+ python2-setuptools \
readline-devel \
tar
apache2-dev \
libncurses5-dev
+EXTRA_RPMS_FEDORA = \
+ ejabberd \
+ perl-Class-DBI \
+ perl-Class-DBI-AbstractSearch \
+ perl-Class-DBI-SQLite \
+ perl-SQL-Abstract-Limit
+
+CPAN_MODULES_RHEL = \
+ Test::More \
+ Class::DBI \
+ SQL::Abstract \
+ SQL::Abstract::Limit \
+ Class::DBI::AbstractSearch \
+ Class::DBI::SQLite \
+ Params::Validate \
+ DateTime::Set \
+
+PIP_MODULES_RHEL = \
+ simplejson
+
# ----------------------------------------------------------------------------
all:
jessie: install_extra_debs_jessie debian_sys_config
generic_debian: install_debs
-fedora: install_fedora_rpms
+fedora: install_rpms_fedora install_extra_rpms_fedora
+centos: install_powertools_centos install_epel_centos install_rpms_rhel install_cpan_modules_rhel install_pip_modules_rhel install_ejabberd
+rhel: enable_builder_repo_rhel install_epel_rhel install_rpms_rhel install_cpan_modules_rhel install_pip_modules_rhel install_ejabberd
ubuntu-xenial: generic_ubuntu xenial apache_mpm_prefork_mods apache_perl_mod
ubuntu-bionic: generic_ubuntu bionic apache_mpm_prefork_mods apache_perl_mod
apache_perl_mod:
a2enmod perl
-# Fedora
-install_fedora_rpms:
- yum -y install $(FEDORAS)
+# CentOS/RHEL
+enable_builder_repo_rhel:
+ subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
+
+install_powertools_centos:
+ $(CENTOS_YUM_TOOL) install dnf-plugins-core
+ $(CENTOS_YUM_TOOL) config-manager --set-enabled PowerTools
+
+install_epel_centos:
+ $(CENTOS_YUM_TOOL) install epel-release
+
+install_epel_rhel:
+ $(RHEL_YUM_TOOL) install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+
+install_cpan_modules_rhel:
+ for m in $(CPAN_MODULES_RHEL); do cpan $$m; done;
+
+install_pip_modules_rhel:
+ for m in $(PIP_MODULES_RHEL); do pip2 install $$m; done;
+
+install_ejabberd:
+ wget -O /tmp/$(EJABBERD_RPM) $(EJABBERD_URL)/$(EJABBERD_RPM)
+ $(RHEL_YUM_TOOL) install /tmp/$(EJABBERD_RPM)
+ cp /opt/ejabberd-$(EJABBERD_VERSION)/bin/ejabberd.service /lib/systemd/system/
+ systemctl daemon-reload
+ systemctl enable --now ejabberd.service
+ ln -sf /opt/ejabberd-$(EJABBERD_VERSION)/bin/ejabberdctl /usr/local/sbin/ejabberdctl
+ for i in erl iex epmd; do ln -sf /opt/ejabberd-$(EJABBERD-VERSION)/bin/$i /usr/local/bin/$i; done;
+
+# Fedora/CentOS
+install_rpms_fedora:
+ $(FEDORA_YUM_TOOL) install $(RPMS)
+
+install_rpms_rhel:
+ $(RHEL_YUM_TOOL) install $(RPMS)
+
+install_extra_rpms_fedora:
+ $(FEDORA_YUM_TOOL) install $(EXTRA_RPMS_FEDORA)
# vim:noet:sw=4:ts=4:
projects / working / OpenSRF.git / commitdiff