Ubuntu

installing passwork on following os ubuntu 20 04 ubuntu 22 04 on this page you can switch between blocks of code to view the commands applicable to your version of ubuntu 1\ minimum system requirements passwork is not resource heavy how much disk space, ram and cpu power you will need depends on the number of active users, the amount of stored data, and your requirements for fault tolerance see the technical requirements docid 0qxzmsecr2kfjk3wtcqub if your server has 2 4 gb of ram, we recommend enabling the swap file for libraries to compile properly enabling swap file on linux docid 4bakilpetuhwcwxyd6vjf 2\ steps before installation first, gain root access and update the local packages bash sudo i apt get update then, install the git version control package, apache2 web server and curl data transfer tool bash apt get install y git apache2 unzip curl 3\ installing php install the software properties common package and add the ppa\ ondrej/php repository apt get install y software properties common add apt repository y ppa\ ondrej/php then update the local packages and repositories apt get update and install php and its extensions apt get install y php8 2 php8 2 dev php8 2 ldap php8 2 xml php8 2 bcmath php8 2 mbstring php8 2 xml php8 2 curl php8 2 opcache php8 2 readline php8 2 zip php pear 3 1 installing a php mongodb driver install php mongodb driver pecl install mongodb 1 21 0 create configuration files for php mongodb startup and activation echo "extension=mongodb so" | tee /etc/php/8 2/apache2/conf d/20 mongodb ini echo "extension=mongodb so" | tee /etc/php/8 2/cli/conf d/20 mongodb ini 3 2 installing the php phalcon extension install the php phalcon extension mkdir /tmp/install && cd /tmp/install && curl lof https //github com/phalcon/cphalcon/releases/download/v5 3 1/phalcon php8 2 nts ubuntu gcc x64 zip && unzip phalcon php8 2 nts ubuntu gcc x64 zip && cp phalcon so /usr/lib/php/20220829 && cd / && rm rf /tmp/install create configuration files for php phalcon startup and activation echo "extension=phalcon so" | tee /etc/php/8 2/apache2/conf d/30 phalcon ini echo "extension=phalcon so" | tee /etc/php/8 2/cli/conf d/30 phalcon ini 4\ installing mongodb database download and convert the mongodb gpg key into a file bash curl fssl https //www mongodb org/static/pgp/server 6 0 asc | \\ sudo gpg o /usr/share/keyrings/mongodb server 6 0 gpg \\ \ dearmor add the /etc/apt/sources list d/mongodb org 6 0 list repository line into the file ubuntu 22 04 echo "deb \[ arch=amd64,arm64 signed by=/usr/share/keyrings/mongodb server 6 0 gpg ] https //repo mongodb org/apt/ubuntu jammy/mongodb org/6 0 multiverse" | sudo tee /etc/apt/sources list d/mongodb org 6 0 list ubuntu 20 04 echo "deb \[ arch=amd64,arm64 signed by=/usr/share/keyrings/mongodb server 6 0 gpg ] https //repo mongodb org/apt/ubuntu focal/mongodb org/6 0 multiverse" | sudo tee /etc/apt/sources list d/mongodb org 6 0 list update the list of available packages apt get update install mongodb using the apt package manager apt get install y mongodb org run mongod service shell systemctl start mongod service and enable autostart shell systemctl enable mongod service 5\ managing and downloading the latest passwork via git go to /var/www/ bash cd /var/www/ add a global git configuration pointing to the safe directory bash git config global add safe directory /var/www initialize a git repository at /var/www/ bash git init add the remote passwork repository bash git remote add origin https //passwork download/passwork/passwork git get the remote repository for your local sever bash git fetch the system will ask for your credentials, which are listed on your customer portal page if you can't access the customer portal, let us know switch to the v6 branch with the latest passwork version bash git checkout v6 give www data owner privileges for the files and directories bash find /var/www/ type d exec chmod 755 {} \\; find /var/www/ type f exec chmod 644 {} \\; chown r www data\ www data /var/www/ 6\ setting up apache2 for http access to passwork open the virtual host configuration file for http bash nano /etc/apache2/sites enabled/000 default conf edit the file so it looks as follows bash \<virtualhost 80> serveradmin webmaster\@localhost documentroot /var/www/public \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all \</directory> errorlog ${apache log dir}/error log customlog ${apache log dir}/access log combined \</virtualhost> enable the url rewrite module and restart apache2 bash a2enmod rewrite service apache2 restart you can open http //passwork local or http //127 0 0 1 to test your passwork connection 7\ passwork parameter checklist when you connect to passwork for the first time, you will need to go over the checklist that includes automatic parameter checking checking connection to mongodb database generating an encryption key for mongodb license verification leave all fields as they are if you are installing a new passwork copy after finishing the checklist, you will be offered to create the first passwork user and set their login, password and email address for notifications this user is always local and the owner of passwork by default, in case of assigning ldap/sso user an owner, it will automatically become local and you will not be able to authorise in passwork 8\ setting up https connection 8 1 generating a self signed ssl certificate create a new directory to store the private key and the certificate in bash mkdir /etc/apache2/ssl/ use openssl to generate a self signed x 509 certificate for apache2 bash openssl req x509 nodes days 365 newkey rsa 2048 subj '/cn=your domain name' addext 'subjectaltname=dns your domain name' keyout /etc/apache2/ssl/apache key out /etc/apache2/ssl/apache crt common name (cn) — specify the ip of your server or host this field is important, as the certificate should match the domain or ip of your website subjectaltname (san) — alternative domain name or ip give root access to the user to secure the private key and the certificate bash chmod 600 /etc/apache2/ssl/ 8 2 configuring a virtual host to access passwork via https activate the ssl module in apache for the server to support https bash a2enmod ssl enable the website's virtual host configuration file with the ssl settings bash a2ensite default ssl open the virtual host configuration file for https connection bash nano /etc/apache2/sites enabled/default ssl conf find the section that starts with \<virtualhost default 443> and edit it as follows add the servername directive (server name or ip) and 443 port under the serveradmin line bash serveradmin webmaster\@localhost servername passwork local 443 add the \<directory> directive after servername bash \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all \</directory> locate the following changes and update the paths of files which were generated previously, or specify the private key and certificate location bash sslcertificatefile /etc/apache2/ssl/apache crt sslcertificatekeyfile /etc/apache2/ssl/apache key after editing the file, check if the virtual host configuration file matches the example bash \<ifmodule mod ssl c> \<virtualhost default 443> serveradmin webmaster\@localhost servername passwork local 443 documentroot /var/www/public \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all \</directory> sslengine on sslcertificatefile /etc/apache2/ssl/apache crt sslcertificatekeyfile /etc/apache2/ssl/apache key \</virtualhost> \</ifmodule> restart apache2 to apply the changes bash systemctl restart apache2 check the https connection to passwork using https //passwork local 8 3 setting up passwork for work over https when using a secure ssl connection (https), client browsers require certain flags to process passwork data these flags are called session cookie secure and disablesamesitecookie if these flags are not set, browsers will not be able to establish connections and the connection will be rejected, which can lead to authorisation errors — "the session of this browser tab is out of date" enable the ;session cookie secure parameter in /etc/php/8 2/apache2/php ini bash sed i '/session cookie secure =/c session cookie secure = on' /etc/php/8 2/apache2/php ini set the disablesamesitecookie parameter in /var/www/app/config/config ini to off bash sed i '/disablesamesitecookie =/c disablesamesitecookie = off' /var/www/app/config/config ini do not set these parameters or reset them to their original value if you change your mind about using ssl and work over the http protocol 9\ configure background tasks background tasks are tasks that are executed by the scheduler in the background for example, ldap synchronisation, loading favicons, and other tasks that are time consuming, persistent, or resource allocating see a guide on background tasks docid\ pj1ekrpvv2ndjc8hbpacp 10\ set up security before modifying security settings, we strongly recommend to make sure that passwork is stable and works correctly, and to back up the files you are making changes to server security is an important part of ensuring the protection of valuable company data and resources it is a process that requires planning and execution to ensure maximum protection against possible threats see our overview of security settings docid\ abhmikjranomvre2zgelg