OpenRIMS-PVM - Installation Chapter 1

From OpenRIMS Wiki
Revision as of 17:36, 25 July 2023 by Khoppenworth (talk | contribs)
Jump to navigation Jump to search

Pre-Requisites

You need a server to install on. Local or Cloud.

In this example we are deploying on an Oracle OCI server.

The server is accessed using SSH.

Basic Web Server Setup

sudo apt update
sudo apt install apache2

Then enable Proxy which will be used for the .Net api:

a2enmod proxy proxy_http proxy_html
sudo systemctl restart apache2

Oracle OCI specific:

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 3306 -j ACCEPT
sudo netfilter-persistent save

Basic MySQL Setup

sudo apt install mysql-server
sudo mysql

Configure root user password:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Create database user named openrimspvm with your password of choice:

CREATE USER 'openrimspvm'@'%' IDENTIFIED WITH authentication_plugin BY 'password';

.NET CORE 6 RUNTIME

curl -SL -o dotnet.tar.gz https://download.visualstudio.microsoft.com/download/pr/33c6e1e3-e81f-44e8-9de8-91934fba3c94/9105f95a9e37cda6bd0c33651be2b90a/dotnet-sdk-6.0.201-linux-arm64.tar.gz
sudo mkdir -p /usr/share/dotnet
sudo tar -zxf dotnet.tar.gz -C /usr/share/dotnet
sudo ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet

APP and API

Please send an email to info@openrims.org to download the required files.

TIP - Install Midnight Commander for easy file navigation in the Linux commandline: sudo apt install mc (Install midnight commander for file management and permissions)

wget app and api (from openrims.org/GitHub)

Copy to /var/www/html/app

Copy to /var/www/html/api

Make dll executable:

chmod -x PViMS.API.dll

Edit appsettings.json connection string to MySQL with password

Test API with direct dotnet command:

dotnet PViMS.API.dll
  • Check for red text errors in the CLI window e.g. wrong database connection
  • Check that the database has been created in MySQL

Stop dotnet with Ctrl+C

CONFIGURE THE SERVICE

We need auto start in case of reboot


cd /etc/systemd/system
sudo nano openrimspvm.service

The system file must contain something like:

[Unit]

Description=Example .NET Web API App OpenRIMS-PVM running on Linux


[Service]

WorkingDirectory=/var/www/html/api

ExecStart=/usr/bin/dotnet /var/www/html/api/PViMS.API.dll

Restart=always

# Restart service after 10 seconds if the dotnet service crashes:

RestartSec=10

KillSignal=SIGINT

SyslogIdentifier=dotnet-example

User=www-data

Environment=ASPNETCORE_ENVIRONMENT=Production

Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false


[Install]

WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl start openrimspvm.service
sudo systemctl restart apache2

SECURE THE WEBSITE

sudo apt install certbot python3-certbot-apache
sudo certbot

WEBSERVER CONFIG

We need to separate vhost: One for APP and one for API

Vhost on port 80 for redirect to APP

Vhost on 443 pointing to APP (Then API as <Location /> with reverse proxy?)

Vhost on port 80 for redirect API

This one is just a reverse proxy to port 5000 where Kestrel is running the dotnet PViMS.API.dll

SAMPLE Apache .conf file:

<IfModule mod_ssl.c>

<VirtualHost *:443>

       # The ServerName directive sets the request scheme, hostname and port that

       # the server uses to identify itself. This is used when creating

       # redirection URLs. In the context of virtual hosts, the ServerName

       # specifies what hostname must appear in the request's Host: header to

       # match this virtual host. For the default virtual host (this file) this

       # value is not decisive as it is used as a last resort host regardless.

       # However, you must set it for any further virtual host explicitly.

       ServerName pv.openrims.org


       # ServerAdmin webmaster@localhost

       DocumentRoot /var/www/html/app


       # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

       # error, crit, alert, emerg.

       # It is also possible to configure the loglevel for particular

       # modules, e.g.

       #LogLevel info ssl:warn


       ErrorLog ${APACHE_LOG_DIR}/error.log

       CustomLog ${APACHE_LOG_DIR}/access.log combined


       # For most configuration files from conf-available/, which are

       # enabled or disabled at a global level, it is possible to

       # include a line for only one particular virtual host. For example the

       # following line enables the CGI configuration for this host only

       # after it has been globally disabled with "a2disconf".

       #Include conf-available/serve-cgi-bin.conf


Include /etc/letsencrypt/options-ssl-apache.conf

#ServerAlias pv-api.openrims.org

SSLCertificateFile /etc/letsencrypt/live/pv-api.openrims.org/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/pv-api.openrims.org/privkey.pem

</VirtualHost>

</IfModule>

<IfModule mod_ssl.c>

<VirtualHost *:443>

       # The ServerName directive sets the request scheme, hostname and port that

       # the server uses to identify itself. This is used when creating

       # redirection URLs. In the context of virtual hosts, the ServerName

       # specifies what hostname must appear in the request's Host: header to

       # match this virtual host. For the default virtual host (this file) this

       # value is not decisive as it is used as a last resort host regardless.

       # However, you must set it for any further virtual host explicitly.

       ServerName pv-api.openrims.org


       # ServerAdmin webmaster@localhost

       #DocumentRoot /var/www/html


       # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

       # error, crit, alert, emerg.

       # It is also possible to configure the loglevel for particular

       # modules, e.g.

       #LogLevel info ssl:warn


       ErrorLog ${APACHE_LOG_DIR}/error.log

       CustomLog ${APACHE_LOG_DIR}/access.log combined

      # For most configuration files from conf-available/, which are

       # enabled or disabled at a global level, it is possible to

       # include a line for only one particular virtual host. For example the

       # following line enables the CGI configuration for this host only

       # after it has been globally disabled with "a2disconf".

       #Include conf-available/serve-cgi-bin.conf

       <Location />

              ProxyPreserveHost On

              ProxyPass http://0.0.0.0:5000/

              ProxyPassReverse http://0.0.0.0:5000/

      </Location>


Include /etc/letsencrypt/options-ssl-apache.conf

#ServerAlias pv-api.openrims.org

SSLCertificateFile /etc/letsencrypt/live/pv-api.openrims.org/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/pv-api.openrims.org/privkey.pem

</VirtualHost>

</IfModule>