Confluence is the best Enterprise wiki IMHO. So that's how you can install and run it -
JAVA INSTALLATION:
---------------------------
1.
# cp jdk-6u18-linux-x64.bin /srv/
# cd /srv
# sh jdk-6u18-linux-x64.bin
# ln -s jdk1.6.0_18 jdk
# updatedb;locate javac |grep bin
/srv/jdk1.6.0_18/bin/javac
2.
Here /srv/jdk is the actual JAVA_HOME for your machine. Note this as you will need it to run the future commands.
alternatives --install /usr/bin/java java /srv/jdk1.6.0_18/bin/java 100
alternatives --install /usr/bin/jar jar /srv/jdk1.6.0_18/bin/jar 100
alternatives --install /usr/bin/javac javac /srv/jdk1.6.0_18/bin/bin/javac 100
3.
Finally you should configure alternative to use Sun's JVM as the default JVM. To do this type:
# /usr/sbin/alternatives --config java
4.
In the future when we update Java, we only need to update this symlink (for JAVA_HOME) and paragraph 2 and 2
/srv/jdk
5.
Last check:
# java -version
java version "1.5.0_22"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_22-b03, mixed mode)
--------------------
TOMCAT INSTALLATION:
--------------------
# wget http://apache.wildit.net.au/
# cp apache-tomcat-6.0.26.tar.gz /srv
# cd /srv/
# tar -xvzf apache-tomcat-6.0.26.tar.gz
# ln -s apache-tomcat-6.0.26 tomcat
Create Env. var. config file:
# cat /srv/tomcat/bin/setenv.sh
export JAVA_HOME=/srv/jdk
export PATH="${PATH}:${JAVA_HOME}/
CATALINA_OPTS="-server -XX:+UseParallelGC -Xms2048m -Xmx2048m -XX:MaxPermSize=1024m -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -Djava.awt.headless=true"
export CATALINA_OPTS
export CATALINA_PID="$CATALINA_HOME/
We would like to run tomcat as a tomcat user:
# groupadd tomcat
# useradd -g tomcat -c "Tomcat" -d /srv/tomcat -s "/bin/bash" tomcat
# chown -R tomcat:tomcat /srv/tomcat
# chown -R tomcat:tomcat /srv/apache-tomcat-6.0.26
2.
# su - tomcat -c '/srv/tomcat/bin/startup.sh'
Using CATALINA_BASE: /srv/tomcat
Using CATALINA_HOME: /srv/tomcat
Using CATALINA_TMPDIR: /srv/tomcat/temp
Using JRE_HOME: /srv/jdk
Using CLASSPATH: /srv/tomcat/bin/bootstrap.jar
# ps -ef | grep tom
tomcat 8672 1 1 13:10 ? 00:00:03 /srv/jdk/bin/java -Djava.util.logging.config.
3.
Checking now that tomcat can run the service and it's fine by going to http://serverIP:8080/
4.
Shutting it down:
# su - tomcat -c '/srv/tomcat/bin/shutdown.sh'
5. Create init script:
----------------------
Init script:
# cat /etc/init.d/tomcat
#!/bin/sh
#
# Startup script for Tomcat on Linux
#
# chkconfig: 35 80 20
# description: start & stop tomcat that is running CLE
# --> check
# set this to the location of tomcat
TOMCAT_HOME=/srv/tomcat
TOMCAT_USER="tomcat"
TOMCAT_PIDFILE=$TOMCAT_HOME/
TOMCAT_START_SCRIPT=$TOMCAT_
TOMCAT_STOP_SCRIPT=$TOMCAT_
TOMCAT_PID=99999
if [ -e $TOMCAT_PIDFILE ]; then
TOMCAT_PID=`cat $TOMCAT_PIDFILE`
fi
. $TOMCAT_HOME/bin/setenv.sh
case "$1" in
start)
if [ -f $TOMCAT_PIDFILE ]; then
if [ -e /proc/$TOMCAT_PID ]; then
is_running=`cat /proc/$TOMCAT_PID/cmdline|grep java`
if [ $is_running ]; then
$0 stop
fi
fi
/bin/rm -f $TOMCAT_PIDFILE
fi
echo "Starting Tomcat"
su -m -c "$TOMCAT_START_SCRIPT start" $TOMCAT_USER
;;
stop)
echo "Stopping Tomcat [takes about a minute]..."
su -m -c "$TOMCAT_STOP_SCRIPT" $TOMCAT_USER
sleep 30
if [ -f $TOMCAT_PIDFILE ]; then
kill -9 $TOMCAT_PID
/bin/rm -f $TOMCAT_PIDFILE
fi
echo " ...done"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
6.
# chmod +x /etc/init.d/tomcat
# chkconfig --add tomcat
# chkconfig tomcat on
-----------------------
CONFLUENCE INSTALLATION:
-----------------------
1.
Go to http://www.atlassian.com/
# cd /srv
# wget http://www.atlassian.com/
# tar -xvzf confluence-3.2.1_01.tar.gz
# ln -s confluence-3.2.1_01 confluence
2.# vi /srv/confluence/confluence/
confluence.home=/srv/
3.Create ROOT.xml file:
-----------------------
# cat /srv/tomcat/conf/Catalina/
<Context path="" docBase="/srv/confluence/
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/
</Context>
4.
# mkdir -p /srv/confluence.data
# chown -R tomcat:tomcat confluence confluence-3.2.1_01 confluence.data
5. Configuring Tomcat's URI encoding:
------------------------------
# vi /srv/tomcat/conf/server.xml
Add a URIEncoding="UTF-8" property to the connectors:
<Connector port="8080" protocol="HTTP/1.1"
URIEncoding="UTF-8"
connectionTimeout="20000"
redirectPort="8443" />
Make sure you're asking Tomcat to look for connection on localhost (127.0.0.1) only, meaning it'll ignore your public-facing traffic, for even tighter security.
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" address="127.0.0.1" redirectPort="8443" />
6. We need this as we would work with Oracle DB. For MySQL DB please download apropriate MySQL connector and install in in similar way.
# wget http://download.oracle.com/
# cp ojdbc14.jar /srv/tomcat/lib/
# chown tomcat:tomcat /srv/tomcat/lib/ojdbc14.jar
# ls -l /srv/tomcat/lib
-rw-r--r-- 1 tomcat tomcat 1555682 Jan 11 11:33 ojdbc14.jar
7. Start the Setup Wizard
# /etc/init.d/tomcat start
# tail -f /srv/tomcat/logs/catalina.out
# tail -f confluence.data/logs/
Go to http://yourserver.com:8080
Use instructions at http://confluence.atlassian.
Choose: ->Direct (JDBC) Connection ->
Setup Standard Database
Driver Class Name: oracle.jdbc.OracleDriver
Database URL: jdbc:oracle:thin:@parsec.
User Name: Username
Password: Password
Choose: ->Example Site
Setup System Administrator -> Configure Account: admin/verysecretpassword
7a.
Go to Dashboard->Administration->
Go to Dashboard->Dashboard->
8a. Configure LDAP integration with Confluence (If you need to. But you can skip this if you only want local authentication):
First read this:
Add LDAP Integration - http://confluence.atlassian.
Automatically Add LDAP users to the confluence-users Group - http://confluence.atlassian.
Global Permissions Overview - http://confluence.atlassian.
Customising atlassian-user.xml - http://confluence.atlassian.
Add LDAP Integration For User Authentication Only - http://confluence.atlassian.
atlassian-user.xml reference - http://confluence.atlassian.
[root@vera033 confluence]# cd /srv/confluence-3.2.1_01/
[root@vera033 classes]# cp atlassian-user.xml atlassian-user.xml.orig
[root@vera033 classes]# vi atlassian-user.xml
[root@vera033 classes]# cp seraph-config.xml seraph-config.xml.orig
[root@vera033 classes]# vi seraph-config.xml
Edit files:
-----------
[root@vera070 tmp]# diff -Naur atlassian-user.xml.orig atlassian-user.xml
--- atlassian-user.xml.orig 2010-05-11 13:12:54.000000000 +1000
+++ atlassian-user.xml 2010-05-11 12:35:53.000000000 +1000
@@ -17,30 +17,28 @@
http://confluence.atlassian.
-->
- <!--
- <ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.
- <host>ldap.example.com</host>
- <port>389</port>
- <securityPrincipal>cn=admin,
- <securityCredential>secret</
- <securityProtocol>plain</
- <securityAuthentication>
- <baseContext>dc=atlassian,dc=
-
- <baseUserNamespace>dc=staff,
- <baseGroupNamespace>dc=groups,
- <usernameAttribute>cn</
- <userSearchFilter>(
- <firstnameAttribute>givenname<
+ <ldap key="ldapRepository" name="ldap://myLDAPserver.com" cache="true">
+ <host>myLDAPserver.com</host>
+ <port>4389</port>
+ <securityPrincipal></
+ <securityCredential></
+ <securityProtocol></
+ <securityAuthentication>none</
+ <baseContext>o=My University,c=AU</baseContext>
+
+ <baseUserNamespace>o=My University,c=AU</
+ <baseGroupNamespace>o=My University,c=AU</
+ <usernameAttribute>uid</
+ <userSearchFilter>(
+ <firstnameAttribute>givenName<
<surnameAttribute>sn</
<emailAttribute>mail</
<groupnameAttribute>cn</
- <groupSearchFilter>(
- <membershipAttribute>member</
- <userSearchAllDepths>false</
- <groupSearchAllDepths>false</
+ <groupSearchFilter>(
+ <membershipAttribute>
+ <userSearchAllDepths>true</
+ <groupSearchAllDepths>true</
</ldap>
- -->
<!-- END of LDAP Repository -->
<!-- Default confluence user repository -->
[root@vera070 tmp]#
[root@vera070 tmp]#
[root@vera070 tmp]# diff -Naur seraph-config.xml.orig seraph-config.xml
--- seraph-config.xml.orig 2010-05-11 13:12:38.000000000 +1000
+++ seraph-config.xml 2010-05-11 13:15:32.000000000 +1000
@@ -26,7 +26,7 @@
<rolemapper class="com.atlassian.
<controller class="com.atlassian.
- <authenticator class="com.atlassian.
+ <authenticator class="com.atlassian.
<services>
<service class="com.atlassian.seraph.
[root@vera070 tmp]#
Copy those files to the right location:
------------------------------
[root@vera070 tmp]# cp atlassian-user.xml seraph-config.xml /srv/confluence/confluence/
[root@vera070 tmp]# chown -R tomcat:tomcat /srv/confluence /srv/confluence-3.2.1_01
8b.
After configuring LDAP, login twice with your LDAP user and check in the "Browse"->"People Directory" that there are no duplicate users.
If there are, go to "Browse"->"Confluence Admin"->"Content Indexing" and rebuild the index.
Install APACHE HTTP AND MOD_JK:
------------------------------
1.
# yum install httpd httpd-devel gcc gcc-c++
2.
Go to http://tomcat.apache.org/
# wget http://apache.mirror.aussiehq.
3.
# tar -xvzf tomcat-connectors-1.2.30-src.
Read docs/webserver_howto/apache.
# cd tomcat-connectors-1.2.30-src/
# which apxs
# ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility
# make
# make install
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_
Please be sure to arrange /etc/httpd/conf/httpd.conf...
Check:
# ls -l /etc/httpd/modules/mod_jk.so
-rwxr-xr-x 1 root root 959821 Jan 7 14:10 /etc/httpd/modules/mod_jk.so
4.
# chkconfig --add httpd
# chkconfig httpd on
5.
# mkdir -p /etc/httpd/conf/vhosts.d
6. add those lines to /etc/httpd/conf/httpd.conf file:
Include /etc/httpd/conf/mod_jk.conf
Include /etc/httpd/conf/vhosts.d/*.
7. Create /etc/httpd/conf/mod_jk.conf:
# cat /etc/httpd/conf/mod_jk.conf
LoadModule jk_module modules/mod_jk.so
# mod_jk config
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile /etc/httpd/conf/workers.
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile /var/log/httpd/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Globally deny access to the WEB-INF directory
<LocationMatch '.*WEB-INF.*'>
AllowOverride None
deny from all
</LocationMatch>
8. Create /etc/httpd/conf/workers.
LoadModule jk_module modules/mod_jk.so
# cat /etc/httpd/conf/workers.
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# We define a workers named worker1 and worker2
workers.tomcat_home=/srv/
workers.java_home=/srv/jdk
ps=/
# worker.list=worker1,worker2
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=1
# worker.worker2.type=ajp13
# worker.worker2.host=somedomain
# worker.worker2.port=8009
# worker.worker2.lbfactor=1
# Load-balancing behaviour (add when you have more than 1 worker and change worker.workerX.host and worker.list accordingly)
# worker.loadbalancer.type=lb
# Status worker for managing load balancer (add when you have more than 1 worker)
# worker.status.type=status
9. Create /etc/httpd/conf/vhosts.d/
# cat /etc/httpd/conf/vhosts.d/
NameVirtualHost *:80
<VirtualHost *:80>
ServerName vera033.myserverdomain.com
ServerAdmin Leon.Kolchinsky@
ServerAlias vera033
# Just in case
DocumentRoot /srv/vera
# if not specified, the global error log is used
ErrorLog /var/log/httpd/vera033.
CustomLog /var/log/httpd/vera033.
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Add index.jsp to DirectoryIndex files
DirectoryIndex index.php index.html index.htm index.shtml index.php4 index.php3 index.phtml index.cgi index.jsp
JkMount /* worker1
# JkMount /*.jsp worker1
</VirtualHost>
9a. Create /srv/vera
# mkdir -p /srv/vera
10. Finally, you must edit $CATALINA_HOME/conf/server.xml to make sure that the AJP connection is enabled on port 8009, and to turn off clear-text traffic on port 8080. The AJP connector should NOT be commented out:
# vi /srv/tomcat/conf/server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" address="127.0.0.1" redirectPort="8443" />
Make sure you're asking Tomcat to look for connection on localhost (127.0.0.1) only, meaning it'll ignore your public-facing traffic, for even tighter security.
And the HTTP connector on port 8080 should be commented out (no need to listen on 8080 in our case):
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<!-- <Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" /> -->
Now let's instruct APACHE to handle HTTPS traffic, with Tomcat backstage:
------------------------------
1.
# yum install mod_ssl openssl
# ls -l /etc/pki/tls/certs
Option I:
---------
Generate a self-signed certificate
------------------------------
Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you will need a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
openssl genrsa -out ca.key 1024 # Generate private key
a.1) Generate private key
openssl genrsa -out ca.key 1024
a.2) Generate CSR
# openssl req -new -key ca.key -out ca.csr
b) Generate Self Signed Key
# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
c) Move the files to the correct locations
# mv ca.crt /etc/pki/tls/certs
# mv ca.key /etc/pki/tls/private/ca.key
# mv ca.csr /etc/pki/tls/private/ca.csr
d) In the /etc/httpd/conf/vhosts.d/
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Unlike Option II (Path to production) where we add 3 lines:
SSLCertificateFile /etc/pki/tls/certs/vera033.
SSLCertificateKeyFile /etc/pki/tls/private/vera033.
SSLCACertificateFile /etc/pki/tls/certs/
Option II (Path to production):
----------
http://www.linux.com/learn/
a) To create a private key without using the triple des encryption standard, use the following command:
# cd /srv/home/lkolchin/keys
# openssl genrsa -out vera033.myserverdomain.com.key 1024
b) Create a Certificate Signing Request
To obtain a certificate signed by a certificate authority, you will need to create a Certificate Signing Request (CSR). The purpose is to send the certificate authority enough information to create the certificate without sending the entire private key or compromising any sensitive information. The CSR also contains the information that will be included in the certificate, such as, domain name, locality information, etc.
* Locate the private key that you would like to creat a CSR from. Enter the following command:
You will be prompted for Locality information, common name (domain name), organizational information, etc. Check with the CA that you are applying to for information on required fields and invalid entries.
Send the CSR to the CA per their instructions.
Wait for your new certificate and/or create a self-signed certificate. A self-signed certificate can be used until you receive your certificate from the certificate authority.
**************************
[root@vera033 keys]# openssl req -new -key vera033.myserverdomain.com.key -out vera033.myserverdomain.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:AU
State or Province Name (full name) [Berkshire]:Victoria
Locality Name (eg, city) [Newbury]:Clayton
Organization Name (eg, company) [My Company Ltd]:My University
Organizational Unit Name (eg, section) []:e-Research Centre
Common Name (eg, your name or your server's hostname) []:vera033.myserverdomain.com
Email Address []:Leon.Kolchinsky@
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls -l
total 8
-rw-r--r-- 1 root root 773 Mar 3 13:39 vera033.myserverdomain.com.csr
-rw-r--r-- 1 root root 887 Mar 3 13:22 vera033.myserverdomain.com.key
c) Now go to http://www.thawte.com/ to obtain certificate, I'll get a trial for now ;)
Use this contact info:
Leon.Kolchinsky@
My University
My campus
My Road
Suburb
VIC 3204
AUSTRALIA
Select RedHat Platform.
d) # cat vera033.myserverdomain.com.csr
e) Paste Certificate Signing Request (CSR) inside the form.
f) Now when you've got the certificates let's copy them:
You'll get your "Your Thawte trial SSL certificate:" and "Thawte Test CA Root certificate"
Let's call them vera033.myserverdomain.com.crt and thawteintermediate.crt accordingly.
# cp vera033.myserverdomain.com.crt thawteintermediate.crt /etc/pki/tls/certs/
# cp vera033.myserverdomain.com.key /etc/pki/tls/private/
# chmod go-rwx /etc/pki/tls/private/vera033.
3. Edit /etc/httpd/conf/vhosts.d/
# cat /etc/httpd/conf/vhosts.d/
NameVirtualHost *:80
<VirtualHost *:80>
ServerName vera033.myserverdomain.com
ServerAdmin Leon.Kolchinsky@
ServerAlias vera033
DocumentRoot /srv/vera
# if not specified, the global error log is used
ErrorLog /var/log/httpd/vera029.
CustomLog /var/log/httpd/vera029.
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Add index.jsp to DirectoryIndex files
DirectoryIndex index.php index.html index.htm index.shtml index.php4 index.php3 index.phtml index.cgi index.jsp
# JkMount /* worker1
# JkMount /*.jsp worker1
RedirectMatch ^/$ https://vera033.
RedirectMatch ^/(.+) https://vera033.
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName vera033.myserverdomain.com:443
DocumentRoot /srv/vera
JkMount /* worker1
# JkMount /*.jsp worker1
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLCertificateFile /etc/pki/tls/certs/vera033.
SSLCertificateKeyFile /etc/pki/tls/private/vera033.
SSLCACertificateFile /etc/pki/tls/certs/
</VirtualHost>
4. Remove default "SSL Virtual Host Context"
# vi /etc/httpd/conf.d/ssl.conf
Remove all
<VirtualHost _default_:443>
.....
</VirtualHost>
5. In Confluence Admin Interface go to "Browse"->"Confluence Admin"->"General Configuration"
change
http://vera033.myserverdomain.
to
https://vera033.
Also change other configs as needd there.
I Think that's it ;)
Now you've got the best enterprised wiki on your own server!!!
Created by:
Leon Kolchinsky
Senior Software Specialist and Unix/Linux System Administrator at Monash Uni.
Comments (0)
RSS Collapse / ExpandOnly registered and authorized users can leave comments. Login or Register