-
Notifications
You must be signed in to change notification settings - Fork 253
Installation on Ubuntu Server 20.04 LTS (Draft)
These instructions will have you store the PWM created user data, questions & answers and store them in MySQL securely. You can also store them in Active Directory by creating
First let's run updates and install them before starting so you get all the latest version of the tools below
sudo apt-get -y update && sudo apt-get -y upgrade
Install Apache2
sudo apt-get install -y apache2
Install PHP
sudo apt-get install -y php libapache2-mod-php
Install Tomcat9 & Tomcat9 Tools
sudo apt-get install -y tomcat9 tomcat9-docs tomcat9-examples tomcat9-admin
Add roles and a user to tomcat in order to install .war files trough the browser later on: Edit /etc/tomcat9/tomcat-users.xml and add the following as children of tomcat-users. I added mine at the bottom before the
sudo vi /etc/tomcat9/tomcat-user.xml
`<role rolename="manager-gui"/>`
`<role rolename="admin-gui"/>`
`<role rolename="manager-script"/>`
`<user username="YourUsernameChange" password="YourPasswordChange" roles="manager-gui,admin-gui,manager-script"/>`
Restart tomcat for changes to take effect
sudo service tomcat9 restart
Note: Restarting may take long (couple of minutes for me). You can install haveged entropy gathering daemon to greatly reduce tomcat startup delays, but this is not required:
sudo apt-get install -y haveged
Install OpenJDK(Java Development Kit)
sudo apt install -y openjdk-14-jre-headless
Install current version of MySql 8
sudo apt install -y mysql-server
Run a MySQL Security Script to harden security for MySql
sudo mysql_secure_installationTIP: Don't forget to store/save your password in your favorite password manager app. BitWarden is free and OpenSource!
Click this link for more information https://mariadb.com/kb/en/mysql_secure_installation/
Install PHPMyAdmin to manage the MySQL database
sudo apt-get install -y phpmyadminTIP: Don't forget to store/save your password in your favorite password manager app. BitWarden is free and OpenSource! Feel free to secure PHPMyAdmin but at this stage you might cause other issues configuring down below. I usually secure everything last.
Now create your pwm databasse using PHPMyAdmin by going to http:///phpmyadmin
NOTE: I had to change the privilages on my phpmyadmin database user created during the phpmyadmin install process
sudo mysqlflush privileges;GRANT ALL PRIVILEGES ON *.* TO 'myUsernameCreatedEarlier'@'localhost';
Install and Configure AutoMySQLBackup for automatic daily, weekly and monthly MySQL backups
sudo apt-get install automysqlbackupsudo nano /etc/automysqlbackup/automysqlbackup.confCONFIG_mysql_dump_username='root'CONFIG_mysql_dump_password='password'CONFIG_mysql_dump_host='localhost'CONFIG_backup_dir='/var/backup/db'CONFIG_do_monthly="01"CONFIG_do_weekly="5"CONFIG_rotation_daily=6CONFIG_rotation_weekly=35CONFIG_rotation_monthly=150CONFIG_mysql_dump_port=3306CONFIG_mysql_dump_compression='gzip'
Create a directory for storing MySQL backups
sudo mkdir /var/backupRun the following to make your first database backups
sudo automysqlbackupAutoMySQLBackup should already automatically run daily but in case it does not run the following command
sudo ln -s /usr/local/bin/automysqlbackup /etc/cron.daily/
Install PWM through your webrowser(I suggest Firefox as Chrome has issues uploading the war file)
Download the latest version from https://www.pwm-project.org/artifacts/pwm/ and extract the pwm.war file
Go to http://server-ip:8080/manager/html in your browser and login when prompted with the credentials defined in /etc/tomcat9/tomcat-users.xml
I renamed the pwm-2.0.0-SNAPSHOT.war to pwm.war as this is what TomCat9 uses to name your website. Use the gui to install the pwm.war file by uploading it. Then you have to start the pwm website after it uploads and deploys the war file.
If you have issues issues with this, then you can upload pwm.war to the webapps folder located at /var/lib/tomcat9/webapps/ instead.
If you go to your pwm website a this point you will get a 5083 ERROR_ENVIRONMENT_ERROR (application path is not specified) on the site, please follow next step Create a folder for pwm to store config files and add it's path to pwm.
Create a folder somewhere and make 'tomcat' the owner
Example commands if you want to create the folder in /home/YourHomeFolder/:
mkdir /home/YourHomeFolder/pwm-data/sudo chown tomcat:tomcat /home/YourHomeFolder/pwm-data/
Tell pwm about the newly created folder:
``sudo vi /etc/default/tomcat9
and add in the top line the below then save it
PWM_APPLICATIONPATH=/home/YourHomeFolder/pwm-data
Note: If you rename the war for example to password.war, pwd.war, or idm.war, change PWM_ to your wars name like below
PASSWORD_APPLICATIONPATH=/home/YourHomeFolder/pwm-data Restart tomcat9 for the changes to take effect
sudo service tomcat8 restart
Sometimes this above method does not work for the 5083 error, then try the below and while not idea due to PWM upgrades would wipe it out, it does work.
Locate your tomcat9 webapps folder, mine was located at /var/lib/tomcat9/webapps/. In there you can go into the pwm folder and finally into the WEB-INF folder. In the WEB-INF folder you need to edit the web.xml file.
sudo vi /var/lib/tomcat9/webapps/pwm/WEB-INF/web.xml
find the following section and change it accordingly
> <param-name>applicationPath</param-name>
> <param-value>/home/YourHomeFolder/pwm-data</param-value>
> sudo service tomcat8 restart
Now go to http://server-ip:8080/pwm/
Configure pwm....
Still working on adding these steps as some are not super apparent what needs to be done
Test away but when done configuring I highly suggest to secure with a cert! WARNING: Until you secure your site (https) passwords are potentially being sent in the clear!
To secure follow the Tomcat9 instructions below https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html That's it, enjoy PWM!! ~T3chGuy77
Still a work in progress......