Installation guide Toolbox PSC - Joinup …...Installation guide Toolbox PSC Installing all the...

•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Installation guide Toolbox PSC

Installing all the elements

Author(s) Ashley Chacuto, Leon de JongVersion 1.1Status finalThe Hague, 12-18-2009

Installation guide Toolbox PSC 2/22

•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Document information

ColophonAuthor(s) Status

Ashley Chacuto, Leon de Jong Fout: Bron van verwijzing nietgevonden

Project Date

Toolbox PSC 12-18-2009Organisation Classification

Title Location

Installation guide Toolbox PSC Version

1.1

HistoryDate Version Changes Status Processed by

09-29-09 0.1 Initial document draft Ashley10-29-09 0.9 Further amendments draft Leon11-09-09 0.91 Further amendments Draft Leon11-11-09 1.0 Further amendments final Leon12-18-09 1.1 Security changes final Ashley

Distribution listDate Distribution Presentation Version

ApprovalDate Name Version


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Preface

This documentation describes how to install the required software to run the Toolbox website components. The installation is based on a Debian(Linux) operating system installation and therefore are the given commands also based on this operating system.

The baseline of our servers is Debian GNU/Linux 5, 64bit edition. In general these systems have 16 GB local storage, a single CPU core and 1024 MB RAM at their disposal. During the initial install we only installed the base packages and openssh.

The first chapter describes howto install the PSC Website component. The second chapter is for the messagebox component. The third chapter is an appendix with additional documentation about the authentication.

To perform this installation atleast a LPI certified training level knowledge is required.


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Table of contents

1 The PSC Website 41.1 An overview 41.2 Installation and configuration of the PSC Website 51.2.1 Install mysql server 5.0.x 51.2.2 Installation OpenLDAP 61.3 Configuration of Application Server 71.3.1 Installation of Java 71.3.2 Installation of Apache 81.3.3 Installation of Tomcat 101.3.4 Installation of Apache ActiveMQ 121.4 Deploying the Toolbox Application 14

2 Messagebox Customisation per server type 172.1 Web/application server 172.2 Database server 182.3 Mailrelay server 192.4 AV/Batch server 202.5 Logging server 202.6 Proxy server 222.7 Messagebox Application Deployment 22

3 Appendix A: Additional Documentation 23


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

1 The PSC Website

1.1 An overview

This overview is for reference only, the choice to combine or separate services over different servers is subject to scaling and security requirements.


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

1.2 Installation and configuration of the PSC Website

This chapter describes how to install and configure the database server. Not all the commands are described, given the author of this documentation favours the use of “vi” to edit files; which is not every administrators favourite editor.

1.2.1 Install mysql server 5.0.x

• Install mysql server 5.0.x

# apt-get install mysql-server-5.0

• Edit my.cnf • After the [mysqld] tag add the following stanza:

lower_case_table_names=1

• Modify "bind-address=127.0.0.1" to "#bind-address=127.0.0.1"

• restart mysql

/etc/init.d/mysql restart

• Create databasesLog into mysql from the command line and create the following databases:

– slide_ictu– projectdata_ictu

#mysql -u<mysql admin user> -p<password mysql admin user> #mysql> create database slide_database; #mysql> create database project_database;

• Create database user, and give the user permission to write and read the previously created databases.

#mysql> grant all privileges on slide_database.* to 'repository'@'%' identified by <password> ; #mysql> grant all privileges on project_database.* to 'repository'@'%' identified by <password> ;#mysql> flush privileges ; exit mysql: #mysql>quit


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

1.2.2 Installation OpenLDAP

• Install openldap

# apt-get install slapd ldap-utils

• Edit slapd.confLocate the “include” tags and add the following stanza:

include /etc/ldap/schema/ictubl.schema

• Locate the “moduleload” tags and add the following line:

moduleload back_bdb

• At the end of slapd.conf add following stanza:

# BDB database definitions database bdb suffix "ou=ictu,dc=overheid,dc=nl" rootdn "cn=administrator,ou=ictu,dc=overheid,dc=nl" rootpw <password> directory ./data index objectClass eq index cn eq,sub

• Copy the ictubl.schema to the "/etc/ldap/schema/" directory. • Restart OpenLDAP

# /etc/init.d/slapd restart

• Populate the ldap database by using the following file:

-export.ldif # ldapadd -h <hostname> -x -D "cn=administrator,ou=ictu,dc=overheid,dc=nl" -f <path-to-your-file-location>export.ldif -w <password>


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

1.3 Configuration of Application Server

1.3.1 Installation of Java

This paragraph describes how to install and configure the application server.

• Add the following to /etc/apt/sources.listAlways use apt-get update, otherwise these changes won’t sort any success.

deb http://ftp.nl.debian.org/debian/ lenny main contrib non-freedeb-src http://ftp.nl.debian.org/debian/ lenny main contrib non-free

• Install Sun Java JDK 1.6.In order to run Apache Tomcat, it is required to install a java jdk.We have choosen the Sun Java JDK 1.6 and therefore we do not offer any support on

other JDK flavors.

# apt-get install sun-java6-jdk

Read and accept the license agreement to continue the installation.

1.3.2 Installation of Apache

• Install and configure apache2 webserver.

Apache 2 webserver is used for proxing the different ports of the each tomcat instances on which the toolbox application is running.

• Install apache2

# apt-get install apache2

This will install apache 2 webserver with all the basic modules.

• Enable apache modulesSome extra modules are needed and must therefore be enabled.

# a2enmod proxy # a2enmod proxy_http # a2enmod ssl


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

• Create the Toolbox specific configuration file for apache.In the /etc/apache2/site-available directory create a file called “toolbox”To this file add the following stanza:

<VirtualHost *:80> ServerName repository.toolbox.example.com ServerAlias repository.toolbox.example.com ProxyPass / http://repository.toolbox.example.com:18080/ ProxyPassReverse / http://repository.toolbox.example.com:18080/ <Proxy http://repository.toolbox.example.com:18080> allow from all </Proxy> </VirtualHost> <VirtualHost *:80> ServerName preview.toolbox.example.com ServerAlias preview.toolbox.example.com ProxyPass / http://preview.toolbox.example.com:8080/ ProxyPassReverse / http://preview.toolbox.example.com:8080/ <Proxy http://preview.toolbox.example.com:8080> allow from all </Proxy> </VirtualHost> <VirtualHost *:80> ServerName www.toolbox.example.com ServerAlias www.toolbox.example.com ProxyPass / http://www.toolbox.example.com:8080/ ProxyPassReverse / http://www.toolbox.example.com:8080/ <Proxy http://www.toolbox.example.com:8080> allow from all </Proxy> </VirtualHost> <VirtualHost *:80> ServerName cms.toolbox.example.com ServerAlias cms.toolbox.example.com ProxyPass / http://cms.toolbox.example.com:28080/ ProxyPassReverse / http://cms.toolbox.example.com:28080/ <Proxy http://cms.toolbox.example.com:28080> allow from all </Proxy> </VirtualHost>

<VirtualHost *:80> ServerName sct.toolbox.example.com ServerAlias sct.toolbox.example.com ProxyPass / http://sct.toolbox.example.com:48080/


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

ProxyPassReverse / http://sct.toolbox.example.com:48080/ <Proxy http://sct.toolbox.example.com:48080> allow from all </Proxy> </VirtualHost>

• Disable the default enabled Apache configurations and enable the toolbox configuration file.

# rm /etc/apache2/sites-enables/*# cd /etc/apache2/sites-enables/# ln -s /etc/apache2/sites-available/toolbox 003-toolbox

• Restart Apache 2

# /etc/init.d/apache2 restart

1.3.3 Installation of Tomcat

• Create "tomcat" user for the application.

# useradd -m -d /usr/local/tomcat tomcat

• Install and configure Apache tomcat. • Download apache-tomcat-6.0.x• Unzip tomcat in /usr/local/

cd /usr/local/ tar xvzf /tmp/apache-tomcat-6.0.18.tar.gz

Given /tmp is the directory to which tomcat is downloaded.

• Make a symlink for tomcat

# ln -s apache-tomcat-6.0.18 tomcat

• Create multiple instances of tomcat for the application.

mkdir /var/tomcat/ mkdir /var/tomcat/repo mkdir /var/tomcat/cms mkdir /var/tomcat/site


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

mkdir /var/tomcat/sct

cp -r /usr/local/tomcat/bin /var/tomcat/repo/ cp -r /usr/local/tomcat/conf /var/tomcat/repo/ cp -r /usr/local/tomcat/webapps /var/tomcat/repo/ cp -r /usr/local/tomcat/logs /var/tomcat/repo/ cp -r /usr/local/tomcat/temp/ /var/tomcat/repo/ cp -r /usr/local/tomcat/work/ /var/tomcat/repo/ cp -r /var/tomcat/repo /var/tomcat/cms cp -r /var/tomcat/repo /var/tomcat/site cp -r /var/tomcat/repo /var/tomcat/sct

• Edit the catalina.sh file of each tomcat instance.

- /var/tomcat/repo/bin - /var/tomcat/cms/bin - /var/tomcat/site/bin - /var/tomcat/sct/bin

Add the following entries at the beginning of the file:

CATALINA_HOME=/usr/local/tomcat CATALINA_BASE=/var/tomcat/<instance> <instance> must be replaced with the name of the instance directory, for example: CATALINA_BASE=/var/tomcat/repo CATALINA_BASE=/var/tomcat/cms

** Make sure these are the first "CATALINA_HOME" entries.

• Edit the server.xml file of each tomcat instance.

- /var/tomcat/repo/conf/ - /var/tomcat/cms/conf/ - /var/tomcat/site/conf/ - /var/tomcat/sct/conf/

• Modify the connector ports:

repository instance: <Connector port="18080" protocol ....


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

cms instance: <Connector port="28080" protocol ....

sct instance: <Connector port="48080" protocol ....

• Modify the Shutdown ports:

repository instance: <Server port="18005" shutdown="SHUTDOWN">

cms instance: <Server port="28005" shutdown="SHUTDOWN">

sct instance: <Server port="48005" shutdown="SHUTDOWN">

• Modify the “Host name” and “defaulHost” entries:

repository instance: <Engine name="Catalina" defaultHost="repository.toolbox.antwoordvoorbedrijven.n"> <Host name="repository.toolbox.example.com" ....

cms instance:<Engine name="Catalina" defaultHost="cms.toolbox.example.com"> <Host name="cms.toolbox.example.com" ....site instance:<Engine name="Catalina" defaultHost="www.toolbox.example.com">

<Host name="www.toolbox.example.com" ....sct instance:<Engine name="Catalina" defaultHost="sct.toolbox.example.com">

<Host name="sct.toolbox.example.com" ....

• Set user rights on directory and create application specific directories.

#chown -R tomcat:tomcat /var/tomcat #chown -R tomcat:tomcat /usr/local/

1.3.4 Installation of Apache ActiveMQ

• Install and configure apache activemq.

• Download activemq. • Unzip activemq in /usr/local/


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

#cd /usr/local/ # tar xvzf /tmp/apache-activemq-5.2.0-bin.tar.gz

• Create symlink.

# ln -s apache-activemq-5.2.0 activemq

• Set user rights on directory

- chmod -R 754 /usr/local/activemq - chown -R tomcat:tomcat /usr/local/activemq

• Copy the necessary libraries to the lib directory of tomcat:

- Copy the following jars from: /usr/local/activemq/lib to /usr/local/tomcat/lib

• commons-logging-1.1.jar• activemq-core-5.2.0.jar• geronimo-j2ee-management_1.0_spec-1.0.jar• geronimo-jms_1.1_spec-1.1.1.jar• geronimo-jta_1.0.1B_spec-1.0.1.jar

- Copy the following jars from the delivered lib <installdir>/ directory to /usr/local/tomcat/lib

• mysql-connector-java-5.0.5.jar• xalan-2.7.0.jar• xercesImpl-2.8.1.jar• log4j-1.2.15.jar

• Set user rights on the tomcat lib directory

# chown -R tomcat:tomcat /usr/local/tomcat/lib

• Modify hostfile:Add the following entries to /etc/hosts:

<ipadress of db host> db.toolbox.example.com<ipadress of db host> db.example.com<ipadress of db host> ldap.toolbox.example.com127.0.0.1 repository.toolbox.example.com127.0.0.1 preview.toolbox.example.com127.0.0.1 www.toolbox.example.com127.0.0.1 redactie.toolbox.example.com127.0.0.1 feed.toolbox.example.com127.0.0.1 xsd.toolbox.example.com


Date 12-18-2009 | Version 1.1 | |

http://repo1.maven.org/maven/mysql/jars/mysql-connector-java-5.0.5.jar

http://repo1.maven.org/maven/log4j/jars/log4j-1.2.15.jar

http://repo1.maven.org/maven/xerces/jars/xercesImpl-2.8.1.jar

http://repo1.maven.org/maven/xalan/jars/xalan-2.7.0.jar


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

127.0.0.1 sct.toolbox.example.com

1.4 Deploying the Toolbox Application

This chapter explains how to deploy the application and in which order to start the tomcat instances.

• Deploying the application

The application can be deployed by copying each component to the specific tomcat instance.

• site.war• repo.war• xsd.war• cms.war

Copy the Repository war to /var/tomcat/repo/webapps# cp repo.war /var/tomcat/repo/webapps/ictu.warCopy the CMS war to /var/tomcat/cms/webapps# cp cms.war /var/tomcat/cms/webapps/ROOT.warCopy the SITE war to /var/tomcat/site/webapps# cp site.war /var/tomcat/site/webapps/ROOT.warCopy the XDS war to /var/tomcat/site/hosts/xsd# cp xsd.war /var/tomcat/site/hosts/xsd/ROOT.war

• Set user rights on wars

# chown tomcat:tomcat /var/tomcat/repo/webapps/ictu.war# chown tomcat:tomcat /var/tomcat/cms/webapps/ROOT.war# chown tomcat:tomcat /var/tomcat/site/webapps/ROOT.war# chown tomcat:tomcat /var/tomcat/sct/webapps/ROOT.war# chown tomcat:tomcat /var/tomcat/sct/hosts/xsd/ROOT.war

• Starting the application.

Before we can start the toolbox, we must first start activemq and wait about 30 second so that is completly started.

#cd /usr/local/activemq/bin/# su tomcat -c “./activemq &”


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

In order to run the application each instance of tomcat must be started in the given order.

Repo instance#su tomcat -c “/var/tomcat/repo/bin/startup.sh”

Site instance#su tomcat -c “/var/tomcat/site/bin/startup.sh”

CMS instance#su tomcat -c “/var/tomcat/cms/bin/startup.sh”

SCT instance#su tomcat -c “/var/tomcat/sct/bin/startup.sh”


Date 12-18-2009 | Version 1.1 | |

•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

2 Messagebox Customisation per server type

2.1 Web/application serverThe webservers run using Sun Java JDK 1.6.x and Apache Tomcat 6.0.20.

apt-get install sun-java6-jdk

Make sure the 64bit version of Java is used by default:

update-alternatives --set java /usr/lib/jvm/java-6-sun/jre/bin/java

We use the vanilla 6.0.20 version that is available via de apache website. It was unpacked /usr/local/tomcat-6.0.20Create the user tomcat and make this user the owner of the tomcat installation directory.

groupadd -g 113 tomcatuseradd -u 111 -g 113 -d /home/tomcat -s /bin/bash -c "Tomcat" -m tomcatchown -R tomcat:tomcat [path to tomcat directory]

Most properties for the application are stored in /etc/bbox/ and /etc/aselect/The first time the application is deployed to the webserver, there are some additional steps that need to be completed. First, a JNDI entry is needed in [TOMCAT_ROOT]/conf/context.xml :

<Context> ....

 <Resource name="jdbc/BBoxDatabase" auth="Container" type="javax.sql.DataSource" username="[ADD_YOUR_MYSQL_USER]" password="[ADD_YOUR_MYSQL_PASSWORD]" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://[ADD_YOUR_MYSQL_SERVERNAME]:3306/bbox?autoReconnect=true&characterEncoding=UTF-8" maxActive="8" maxIdle="4"/>

.... </Context>

Next, enable a https capable instance in the tomcat configuration ( [TOMCAT_ROOT]/conf/server.xml ) :


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" disableUploadTimeout=false maxPostSize=102400 />

Lastly, edit [TOMCAT_ROOT]/bin/catalina.sh to alter startup arguments :

CATALINA_OPTS=-Dfile.encoding=UTF-8

JAVA_OPTS="-Xmx1536m -XX:MaxPermSize=512m"

2.2 Database serverThe vanilla MySQL 5.1 was downloaded from MySQL/SUN (mysql-5.1.38-linux-x86_64-glibc23.tar.gz) and unpacked in /usr/local/mysql-5.1.38/The following settings are relevant in /etc/mysql/my.cnf :

[mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/english skip-external-locking key_buffer = 16M max_allowed_packet = 16M thread_stack = 128K thread_cache_size = 8 myisam-recover = BACKUP query_cache_limit = 1M query_cache_size = 16M expire_logs_days = 10 max_binlog_size = 100M skip-bdb default-character-set=utf8 default-storage-engine=innodb


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

A template firewall ruleset :

# Generated by iptables-save v1.4.2 on Thu Sep 17 13:38:18 2009 *filter :INPUT DROP [19267:2085562] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 10.10.10.10/32 -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Thu Sep 17 13:38:18 2009

2.3 Mailrelay serverThe mail relay server uses postfix that is available from the standard Debian repositories which can be installed using apt-get. If the script from appendix A was used to setup the server, the server already has postfix installed. Then it will only need a configuration similar to this :

/etc/postfix$ more main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no

# appending .domain is the MUA's job. append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h

readme_directory = no

myhostname = [FULL QUALIFIED DOMAIN NAME]alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = [FULL QUALIFIED DOMAIN NAME], localhost.localnet, localhost#relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.10.10.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = +


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

inet_interfaces = all

2.4 AV/Batch serverThe av/batch server will need the clamav daemon and freshclam to recieve antivirus updates.

apt-get install clamav-daemon clamav-freshclam

The clamav daemon is run listining to socket 3310. A specific firewall to allow the webservers access is needed. The /etc/clamav/clamd.conf needs some specific settings. Please refer to the application documentation for the latest on this :

$ grep -v ^# /etc/clamav/clamd.conf | grep -v ^$ LogFile /tmp/clamd.log LogTime yes LogClean yes TemporaryDirectory /tmp LocalSocket /tmp/clamd.socket TCPSocket 3310 TCPAddr 10.10.10.10 StreamMaxLength 100M Debug yes LeaveTemporaryFiles yes

Template firewall ruleset :

$ more /etc/network/iptables # Generated by iptables-save v1.4.2 on Fri Sep 18 14:02:28 2009 *filter :INPUT DROP [40864:3989900] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3310 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Sep 18 14:02:28 2009


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

2.5 Logging serverThe logging service uses the rsyslog packages available in the standard Debian repositories. The filtering of events into separate logfiles has yet to be determined.

Template firewall rules :

# Generated by iptables-save v1.4.2 on Fri Sep 18 09:38:07 2009 *filter :INPUT DROP [42056:4192963] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 10.10.10.0/24 -p udp -m udp --dport 514 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Sep 18 09:38:07 2009


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

2.6 Proxy serverThe Proxy server is used to route outgoing web requests. At this moment this is mostly traffic from the applications/webservers to the SMS gateway service. The proxy service could be used to secure outgoing SSL encrypted traffic that requires specific client side certificates. At this time the proxyserver is running the squid3 packages that are available in the standard Debian repositories. The only options needed are a couple of ACL entries in /etc/squid3/squid.conf :

acl webservers src X.X.X.X/XX http_access allow webservers

Template firewall rules :

$ more /etc/network/iptables # Generated by iptables-save v1.4.2 on Wed Sep 30 12:35:00 2009 *filter :INPUT DROP [4609:754542] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Wed Sep 30 12:35:00 2009

2.7 Messagebox Application DeploymentA message box release comes in a ZIP file containing precompiled applications containers, template properties files and documentation. The documentation bundled in this zip should always be checked for changes. Instructions in the document your are reading are more generic. Basically releasing a new version of the message box applications contains the following steps :

• Take the site offline or redirect all traffic to another node

• stop tomcat

• clear the [TOMCAT_ROOT]/webapps/, [TOMCAT_ROOT]/work/ and [TOMCAT_ROOT]/logs/ directories

• Copy the new war archives to [TOMCAT_ROOT]/webapps

• start tomcat

• Check [TOMCAT_ROOT]/logs/catalina.out for errors


Date 12-18-2009 | Version 1.1 | |


•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

3 Appendix A: Additional Documentation

For the installation of the authentication componentv Anoigo has supplied additional documentation:

• Deployment Guide Installation Instructions.odt• Deployment Guide SAML 2.0 Identity Provider.odt• Deployment Guide SAML 2.0 Service Provider.odt• Deployment Guide SRM.odt• Installation Quickstart SRM.odt• Installation Quickstart.odt• Technical Overview DOA.odt


Date 12-18-2009 | Version 1.1 | |

Installation guide Toolbox PSC - Joinup …...Installation guide Toolbox PSC Installing all the...

Documents

Transcript of Installation guide Toolbox PSC - Joinup …...Installation guide Toolbox PSC Installing all the...