Installation instructions for VIVO 1.1 on Debian OS.
Install Apache 2 and Tomcat 6
Add 'non-free' to end of deb and deb-src
| No Format |
|---|
nano /etc/apt/sources.list
|
Update and install java
| No Format |
|---|
apt-get update
apt-get install apache2 sun-java6-jdk sun-java6-jre libtcnative-1 sudo
|
Ensure that Java was installed
Set JAVA_HOME
Add the following at the end of the file, making sure to check the version
| No Format |
|---|
export JAVA_HOME=/usr/lib/jvm/java-6-sun
export CLASSPATH=$CLASSPATH:/usr/share/java/mysql-connector-java-5.1.6.jar
export CLASSPATH=$CLASSPATH:/usr/share/java/mysql-connector-java.jar
|
Install Tomcat 6 Note: get the cores tar.gz
| No Format |
|---|
wget http://people.apache.org/~remm/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz
tar -zxvf apache-tomcat.....tar.gz
mv apache-tomcat-6.0.20/ /usr/local/tomcat
|
Create tomcat Group/user
| No Format |
|---|
groupadd tomcat
useradd -g tomcat -d /usr/local/tomcat tomcat
usermod -G www-data tomcat
|
Set Password
| No Format |
|---|
passwd tomcat VIVO123
|
Create the INIT File for Tomcat with the following text added:
| No Format |
|---|
nano /etc/init.d/tomcat
# Tomcat auto-start description: Auto-starts tomcat processname: tomcat pidfile: /var/run/tomcat.pid
export JAVA_HOME=/usr/lib/jvm/java-6-sun
case $1 in
start)
sh /usr/local/tomcat/bin/startup.sh
;;
stop)
sh /usr/local/tomcat/bin/shutdown.sh
;;
restart)
sh /usr/local/tomcat/bin/shutdown.sh
sh /usr/local/tomcat/bin/startup.sh
;;
esac
exit 0
|
Adjust permissions
| No Format |
|---|
chmod 755 /etc/init.d/tomcat
|
Add for auto-start on boot
| No Format |
|---|
update-rc.d tomcat defaults
|
Modify the default users file with the following:
| No Format |
|---|
nano /usr/local/tomcat/conf/tomcat-users.xml
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="VIVO" password="VIVO123" roles="admin,manager"/> </tomcat-users>
|
Restart tomcat
| No Format |
|---|
/etc/init.d/apache2 stop
/etc/init.d/tomcat restart
/etc/iinit.d/apache2 start
|
Test Admin
| No Format |
|---|
http://localhost:8080/manager/html/list
|
Enter username/password as shown here
| No Format |
|---|
Username: VIVO
Password: VIVO123
|
Install VIVO
Create a VIVO user for deployment
| No Format |
|---|
useradd vitro
passwd vitro
|
Enter new password:
Add user to sudoers file
| No Format |
|---|
nano /etc/sudoers
|
Change the following line
| No Format |
|---|
root,vitro ALL=(ALL) ALL
|
Stop Tomcat
| No Format |
|---|
/etc/init.d/tomcat stop
|
Install more required packages
| No Format |
|---|
apt-get update
apt-get install subversion-tools sudo ant mysql-server-5.0 libmysql-java
|
Mysql root password is set to
Download latest repository of VIVO
| No Format |
|---|
cd /tmp
wget https://downloads.sourceforge.net/project/vivo/VIVO%20Application%20Source/rel-1.1.tar.gz
tar -zxvf rel-1.1.tar.gz
|
Move downloaded directory
| No Format |
|---|
mv vivo-rel-1.1 /usr/local/vivo
|
Edit deploy.properties
| No Format |
|---|
cd /usr/local/vivo
mv example.deploy.properties deploy.properties
nano deploy.properties
VIVO.defaultNamespace=http://localhost/vivo/
VIVOConnection.DataSource.url=jdbc:mysql://localhost/VIVOdb
VIVOConnection.DataSource.username=VIVO
VIVOConnection.DataSource.password=VIVO123
|
Create directories as required in deploy.properties
| No Format |
|---|
mkdir /usr/local/vivo/data
mkdir /usr/local/vivo/data/uploads
mkdir /usr/local/vivo/data/luceneIndex
chown tomcat:www-data /usr/local/vivo/data/uploads
chmod 775 /usr/local/vivo/data/uploads
chown tomcat:www-data /usr/local/vivo/data/luceneIndex
chmod 775 /usr/local/vivo/data/luceneIndex
|
Edit globalbuild.properties in config
| No Format |
|---|
cd /usr/local/vivo/vitro-core/config
mv example.globalbuild.properties globalbuild.properties
nano globalbuild.properties
java_api=/usr/lib/jvm/java-6-sun
|
Create the source.home directory as required in globalbuild.properties file
| No Format |
|---|
mkdir /usr/local/src/Vitro
chown tomcat:www-data /usr/local/src/Vitro
chmod 775 /usr/local/src/Vitro
|
Create an empty MySQL database (password vitro123)
| No Format |
|---|
mysql -u root -p
CREATE DATABASE vitrodb CHARACTER SET utf8;
CREATE USER 'VIVO'@'localhost' IDENTIFIED BY 'vitro123';
GRANT ALL ON *.* TO 'VIVO'@'localhost';
quit;
|
Deploy vivo and start tomcat
| No Format |
|---|
/etc/init.d/tomcat stop
cd /usr/local/vivo
ant all
|
After a successful build, start Tomcat
| No Format |
|---|
/etc/init.d/tomcat start
|
Test application at
| No Format |
|---|
http://localhost:8080/vivo
|
Installation of Mod_Proxy
Enable the following Modules in Apache
| No Format |
|---|
a2enmod proxy
a2enmod proxy_http
|
Setup support in your servlet container
Note: Be careful that there is no direct HTTP listener opened by the servlet container. If, for example, there's an HTTP connector listening on port 8080 and no interceding firewall, users would be able to directly access the servlet on port 8080, which bypasses Apache. This also means they would bypass Shibboleth authentication and authorization.
| No Format |
|---|
nano /usr/local/tomcat/conf/server.xml
|
Make sure the following is in your server.xml file
| No Format |
|---|
<!-- Set context path for access to 8080 over port 80 -->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="10000" disableUploadTimeout="true"
proxyName="YOUR.DOMAIN.EDU" proxyPort="80"/>
<!-- Set context path for access over SSL -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
proxyName="YOUR.DOMAIN.EDU" proxyPort="443" />
<!-- Set docBase for root webserver application -->
<Host name="localhost" appBase="webapps/vivo">
<Context path="" docBase="." />
</Host>
|
Modify your default Apache site configuration to map requests on the proper virtual hosts to your application.
| No Format |
|---|
nano /etc/apache2/sites-available/default
ProxyRequests On
ProxyPreserveHost On
ProxyStatus On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Use proxy to restrict the need for a port in the URL
ProxyPass /vivo/ http://localhost:8080/vivo/
ProxyPassReverse /vivo/ http://localhost:8080/vivo/
ProxyPass / http://localhost/vivo/
ProxyPassReverse / http://localhost/vivo/
|
Now repeat if your virtual host will be SSL enabled.
| No Format |
|---|
nano /etc/apache2/sites-available/default-ssl
|
Add the following to your virtual host
| No Format |
|---|
ProxyRequests On
ProxyPreserveHost On
ProxyStatus On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Use proxy to restrict the need for a port in the URL
ProxyPass /vivo/ http://localhost:8080/vivo/
ProxyPassReverse /vivo/ http://localhost:8080/vivo/
ProxyPass / http://localhost/vivo/
ProxyPassReverse / http://localhost/vivo/
|
// Stop and Restart Apache/Tomcat
| No Format |
|---|
/etc/init.d/apache2 stop
/etc/init.d/tomcat restart
/etc/init.d/apache2 start
|
Installing Shibboleth 2
Install the Shibboleth 2.0 Service Provider Packages
| No Format |
|---|
apt-get update
apt-get install shibboleth-sp2-schemas libshibsp-dev
apt-get install libshibsp-doc libapache2-mod-shib2 opensaml2-tools
|
Enter Shibboleth config directory
Generate a key/certificate for Shibboleth
| No Format |
|---|
./shib-keygen -h shib.your.domain.edu
|
Make an SSL directory to store the certs
| No Format |
|---|
mkdir /etc/shibboleth/ssl
|
Copy certs and rename with your hostname
| No Format |
|---|
cp -rp /etc/shibboleth/sp-cert.pem /etc/shibboleth/ssl/YOUR.DOMAIN.EDU.cert
cp -rp /etc/shibboleth/sp-key.pem /etc/shibboleth/ssl/YOUR.DOMAIN.EDU.pem
|
Rename the default XML file
| No Format |
|---|
cd /etc/shibboleth
mv shibboleth2.xml shibboleth2.xml.bak
|
Download the Linux XML config file from your Identity Provider (IDP) at your institution
| No Format |
|---|
wget http://YOUR.IDENTITYPROVIDER.EDU/linux.shibboleth2.xml
|
Rename the XML config file
| No Format |
|---|
mv linux.shibboleth2.xml shibboleth2.xml
|
You will need to obtain a URN from your IDP.
Enabling Shibboleth Authentication
Add a line to your Apache configuration on the proper virtual host, such as
in httpd.conf, to trigger Shibboleth session initiation and authentication for
your application. The use of ShibUseHeaders On is important.
Edit virtual host
| No Format |
|---|
nano /etc/apache2/sites-available/default
|
Add the following to your virtual host.
You can enter anything to replace "shibauth". For example, you could use "/secure" or just "/" to secure the entire virtual host.
| No Format |
|---|
# Path for authentication
<Location /shibauth>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
# Shib Variables Available to entire web server
<Location />
AuthType shibboleth
ShibRequireSession Off
require valid-user
ShibUseHeaders On
require shibboleth
</Location>
|
| No Format |
|---|
nano /etc/apache2/sites-available/default-ssl
|
Add the following to your virtual host
| No Format |
|---|
<Location /shibauth>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
# Shib Variables Available to entire web server
<Location />
AuthType shibboleth
ShibRequireSession Off
require valid-user
ShibUseHeaders On
require shibboleth
</Location>
|
Installing Shibboleth Authentication Plugin
Create the following files:
| No Format |
|---|
uf_login_process.jsp
webapp/src/edu/cornell/mannlib/VIVO/webapp/controller/edit/UfAuthenticate.java (Copy of Authenticate.java, Compiled)
|
Modify the following files:
| No Format |
|---|
about_body.jsp (Add html link to UF Shib Login)
<strong>UF Shibboleth Login</strong><br/>
<a href="http://vivotest.ctrip.ufl.edu/Shibboleth.sso/Login?
target=<%= URLEncoder.encode("http://vivotest.ctrip.ufl.edu:8080/VIVO/uf_login_process.jsp" target="_self">Login »</a>
webapp/WEB-INF/web.xml (Modified to reflect new class)
<servlet>
<servlet-name>ufauthenticate</servlet-name>
<servlet-class>edu.cornell.mannlib.VIVO.webapp.controller.edit.UfAuthenticate</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ufauthenticate</servlet-name>
<url-pattern>/ufauthenticate</url-pattern>
</servlet-mapping>
|