page title decoration image

Rillsoft Integration Server auf Debian 12

  • Home
  • Rillsoft Integration Server auf Debian 12

1. Utils

sudo apt update -y 
sudo apt install -y lsb-release apt-transport-https ca-certificates wget unzip gnupg2
sudo apt install -y cron

2. Preparation - Create passwords to use further in the installation

yourJWTpassword
yourDBpassword
yourRISSecret
yourServerName - e.g. www.yourName.local
yourEmailSender - e.g. noreply@yourName.local
yourEmailAdmin - e.g. admin@yourName.local
yourEmailError - e.g. error@yourName.local

3. Nginx

sudo apt install -y nginx
Test

Test command:

systemctl status nginx

Expected result:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running)
       Docs: man:nginx(8)
    Process: 26921 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 26924 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 26925 (nginx)
      Tasks: 3 (limit: 4687)
     Memory: 2.4M
        CPU: 24ms
     CGroup: /system.slice/nginx.service
             ├─26925 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             ├─26926 "nginx: worker process"
             └─26927 "nginx: worker process"

4. Firewall

sudo apt install -y firewalld 

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https

sudo systemctl reload firewalld

5. PostgreSQL


sudo apt update -y
sudo apt upgrade -y
sudo apt install -y postgresql postgresql-contrib
Test

Test command:

pg_config --version

Expected result:

PostgreSQL 15.6 (Debian 15.6-0+deb12u1)

6. Redis

sudo apt install -y redis
Test

Test command:

redis-server --version

Expected result:

Redis server v=7.0.15 ...

7 PHP v8.3

sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
sudo apt update -y 
sudo apt install -y php8.3 \
 php8.3-common \
 php8.3-cli \
 php8.3-fpm \
 php8.3-xml \
 php8.3-cli \
 php8.3-bcmath \
 php8.3-dba \
 php8.3-gd \
 php8.3-intl \
 php8.3-mbstring \
 php8.3-pgsql \
 php8.3-pdo \
 php8.3-soap \
 php8.3-opcache \
 php8.3-imagick \
 php8.3-apcu \
 php8.3-redis \
 php8.3-ldap
Test

Test command:

php -v

Expected result:

Cannot load Zend OPcache - it was already loaded
PHP 8.3.4 (cli) (built: Mar 29 2024 05:24:33) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.4, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.4, Copyright (c), by Zend Technologies

8 PHP ris.so

export DOWNLOAD_USER=
export DOWNLOAD_PASSWORD=
cd ~
sudo wget -q --http-user=$DOWNLOAD_USER --http-passwd=$DOWNLOAD_PASSWORD https://www.rillsoft.de/download/ris/debian12/php83/ris.so 
sudo mv ris.so /usr/lib/php/20230831/
sudo chmod 644 /usr/lib/php/20230831/ris.so

echo "extension=ris.so" | sudo tee -a /etc/php/8.3/mods-available/ris.ini
sudo chmod 644 /etc/php/8.3/mods-available/ris.ini
sudo phpenmod -v 8.3 ris
Test

Test command:

php -m

Expected result:

...
ris
...

9. user.ini (php.ini)

sudo vi /etc/php/8.3/00-user.ini
date.timezone = Europe/Berlin

engine = Off
output_buffering = 4096
realpath_cache_size = 4096k
realpath_cache_ttl = 600
expose_php = Off
max_execution_time = 900
max_input_time = 300
memory_limit = 256M
post_max_size = 30M
upload_max_filesize = 15M
max_file_uploads = 20
allow_url_fopen = on
user_agent="PHP" 
mail.add_x_header = Off
cgi.fix_pathinfo = 0
log_errors_max_len = 8192
sudo ln -s /etc/php/8.3/00-user.ini /etc/php/8.3/cli/conf.d/00-user.ini
sudo ln -s /etc/php/8.3/00-user.ini /etc/php/8.3/fpm/conf.d/00-user.ini
Test

Test command:

php -r "phpinfo();" | grep -i timezone

Expected result:

...
date.timezone => Europe/Berlin => Europe/Berlin
...

10. www.conf Replace content

sudo vi /etc/php/8.3/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = 9000
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
pm.max_requests = 100
pm.status_path = /status

11. Create DB

sudo -u postgres psql
CREATE DATABASE ris;
CREATE USER ris WITH ENCRYPTED PASSWORD 'yourDBpassword';
GRANT ALL PRIVILEGES ON DATABASE ris TO ris;

ALTER DATABASE ris OWNER TO ris;

12. RIS

cd ~

sudo rm -R -f /var/www/
sudo mkdir -p /var/www/

sudo wget -q --http-user=$DOWNLOAD_USER --http-passwd=$DOWNLOAD_PASSWORD https://www.rillsoft.de/download/ris/ris9_pgsql_on_premise.zip 
sudo unzip -o ris9_pgsql_on_premise.zip -d /var/www >&-
rm -f ris9_pgsql_on_premise.zip
cd /var/www/

sudo openssl genrsa -passout pass:yourJWTpassword -out config/jwt/private.pem -aes256 4096
sudo openssl rsa -passin pass:yourJWTpassword -pubout -in config/jwt/private.pem -out config/jwt/public.pem
sudo vi /var/www/.env
###> symfony/framework-bundle ###
APP_ENV=prod
APP_SECRET=yourRISSecret
###< symfony/framework-bundle ###

###> skyfox/propel-bundle ###
DATABASE_DNS=pgsql:host=localhost;dbname=ris
DATABASE_DRIVER=pgsql
DATABASE_PASSWORD=yourDBpassword
DATABASE_USER=ris
###< skyfox/propel-bundle ###

###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=yourJWTpassword
###< lexik/jwt-authentication-bundle ###

REDIS_HOST=localhost
REDIS_PORT=6379

EMAIL_SENDER=yourEmailSender
EMAIL_ADMIN=yourEmailAdmin
EMAIL_ERROR=yourEmailError

###> symfony/mailer ###
MAILER_DSN=smtp://localhost
#MAILER_DSN=smtp://user:pass@host:port/?timeout=60&encryption=ssl&auth_mode=login
#https://symfony.com/doc/5.x/mailer.html
###< symfony/mailer ###

###> symfony/amazon-mailer ###
# MAILER_DSN=ses://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
# MAILER_DSN=ses+smtp://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
###< symfony/amazon-mailer ###

###> symfony/messenger ###
MESSENGER_MAILER_TRANSPORT_DSN=redis://localhost:6379/mailer?delete_after_ack=true
###< symfony/messenger ###

## OpenLdap
LDAP_URI=ldaps://openldap
LDAP_BASE_DN=dc=rillsoft,dc=local
LDAP_LOGIN_DN=uid=%s,ou=people,dc=rillsoft,dc=local
LDAP_ATTRS=uid,givenName,sn,mail
LDAP_FILTER=(objectClass=person)

# # Micrisoft AD
# LDAP_URI=ldap://192.168.181.231
# LDAP_BASE_DN=dc=ldap,dc=jenkins,dc=local
# LDAP_LOGIN_DN=%s@ldap.jenkins.local
# LDAP_ATTRS=samAccountName,givenName,sn,mail,department,company,telephonenumber
# LDAP_FILTER=(objectClass=user)(samaccounttype=805306368)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
In work LDAPS
? sudo echo "TLS_CACERT /etc/openldap/certs/cert.pem" >> /etc/openldap/ldap.conf
? export LDAPTLS_CACERT=/etc/ssl/certs/ca-certificates.crt.
Init
cd /var/www/

sudo php bin/console cache:clear --env=prod --no-debug
sudo php bin/console assets:install --env=prod --no-debug

sudo php bin/console propel:sql:insert --force
sudo php bin/console propel:fixtures:load --dir=data/fixtures --yml

sudo php bin/console rillsoft:update --env=prod
Update opcache.ini
sudo vi /etc/php/8.3/mods-available/opcache.ini
zend_extension=opcache.so
opcache.jit=off
opcache.enable=1
opcache.preload_user=www-data
opcache.preload=/var/www/var/cache/prod/App_KernelProdContainer.preload.php
opcache.memory_consumption=1024
opcache.interned_strings_buffer=256
opcache.max_accelerated_files=30000
opcache.validate_timestamps=0
opcache.huge_code_pages=1
Update nginx conf
sudo vi /etc/nginx/sites-available/ris.conf
server {
    server_name yourServerName;
    listen 80 default;

    client_max_body_size 108M;

    root /var/www/public;

    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/(service)\.php(/|$) {
        include fastcgi_params;

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

        fastcgi_read_timeout 900;
        fastcgi_send_timeout 900;
        fastcgi_connect_timeout 900;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ ^/index\.php(/|$) {
        include fastcgi_params;

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

        fastcgi_read_timeout 900;
        fastcgi_send_timeout 900;
        fastcgi_connect_timeout 900;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # optionally set the value of the environment variables used in the application
        # fastcgi_param APP_ENV prod;
        # fastcgi_param APP_SECRET <app-secret-id>;
        # fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";

        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/index.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
        return 404;
    }

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|bat|html?|git|ini|sh|svn[^.]*|txt|tpl|xml|conf|yml)|~)$    {
        access_log off;
        log_not_found off;
        deny all;
    }

    error_log /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
}
sudo rm -f /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/ris.conf /etc/nginx/sites-enabled/ris
Test

Test command:

sudo nginx -t

Expected result:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Permission
sudo chown -R www-data:www-data /var/www/
sudo chmod -R 755 /var/www/

13. CronJobs

sudo vi /etc/cron.d/ris
*/5 * * * * root php /var/www/bin/console messenger:consume --time-limit=280 --memory-limit=512M >> /dev/null 2>&1

*/5 * * * * root php /var/www/bin/console rillsoft:notification --env=prod >> /var/www/var/log/notification.log
*/5 * * * * root php /var/www/bin/console rillsoft:timesheet:notification --env=prod >> /var/www/var/log/timesheet_notification.log
*/10 * * * * root php /var/www/bin/console rillsoft:globallink --env=prod >> /var/www/var/log/globallink.log
0 1 * * * root php /var/www/bin/console rillsoft:clear --env=prod >> /var/www/var/log/clear.log
sudo service cron restart

14. Restart

sudo service php8.3-fpm restart
sudo service nginx restart
sudo service redis restart

15. Diagnostic

Log
sudo less /var/log/nginx/access.log
sudo less /var/log/nginx/error.log

sudo less /var/log/php8.3-fpm.log

sudo less /var/www/var/log/prod.log
Info
cd /var/www/

sudo php bin/console about

sudo php bin/console debug:container --env-vars
sudo php bin/console debug:router
SQL
sudo -u postgres psql
\c ris
\dt

SELECT * FROM rill_guard_client;

16. Update RIS

export DOWNLOAD_USER=
export DOWNLOAD_PASSWORD=
cd ~

sudo wget -q --http-user=$DOWNLOAD_USER --http-passwd=$DOWNLOAD_PASSWORD https://www.rillsoft.de/download/ris/ris9_pgsql_on_premise.zip 
sudo unzip -o ris9_pgsql_on_premise.zip -d /var/www >&-
rm -f ris9_pgsql_on_premise.zip

cd /var/www/
sudo php bin/console cache:clear --env=prod --no-debug
sudo php bin/console assets:install --env=prod --no-debug
sudo php bin/console rillsoft:update --env=prod

sudo chown -R www-data:www-data /var/www/
sudo chmod -R 755 /var/www/

sudo service php8.3-fpm restart
sudo service nginx restart
sudo service redis restart