Alma/Rocky/CentOS

installing passwork on following os centos 8 stream, alma linux 8, rocky linux 8 centos 9 stream, alma linux 9, rocky linux 9 on this page you can switch between blocks of code to view the commands applicable to your version of the os 1\ minimum system requirements passwork is not resource heavy how much disk space, ram and cpu power you will need depends on the number of active users, the amount of stored data, and your requirements for fault tolerance see the technical requirements docid 0qxzmsecr2kfjk3wtcqub if your server has 2 4 gb of ram, we recommend enabling the swap file for libraries to compile properly enabling swap file on linux docid 4bakilpetuhwcwxyd6vjf 2\ steps before installation first, gain root access and update the local packages shell sudo i yum makecache then, install the git version control package, apache2 web server and curl data transfer tool bash yum install git httpd curl y run httpd service shell systemctl start httpd service and enable autostart shell systemctl enable httpd service 2 1 installing and setting up firewalld install the dynamically managed firewall firewalld shell yum install firewalld y run firewalld service shell systemctl start firewalld service enable autostart shell systemctl enable firewalld service allow http services in firewalld shell firewall cmd permanent add service=http allow https services in firewalld shell firewall cmd permanent add service=https and apply the changes to firewalld shell firewall cmd reload 2 2 disabling selinux and restarting os edit the /etc/selinux/config configuration file shell nano /etc/selinux/config change the selinux parameter from enforcing to disabled shell selinux=disabled save the changes (ctrl+o) and exit the terminal (ctrl+x) then, restart your system to apply the changes to selinux shell reboot 3\ installing php install the epel package and yum package management tool yum y install epel release yum utils download and install the latest epel repository os 8 dnf install y https //dl fedoraproject org/pub/epel/epel release latest 8 noarch rpm os 9 dnf install y https //dl fedoraproject org/pub/epel/epel release latest 9 noarch rpm download and install the repository for access to php versions os 8 dnf install y https //rpms remirepo net/enterprise/remi release 8 rpm os 9 dnf install y https //rpms remirepo net/enterprise/remi release 9 rpm enable the php 8 2 modile from remi repository dnf module enable php\ remi 8 2 install php and its extensions dnf install y php php json php ldap php xml php bcmath php mbstring php curl gcc php pear curl devel openssl devel pcre devel php devel php mysql libtool pcre devel php pecl psr 3 1 installing a php mongodb driver install a php mongodb driver pecl install mongodb 1 21 0 create configuration files for php mongodb startup and activation echo "extension=mongodb so" | tee /etc/php d/20 mongodb ini 3 2 installing the php phalcon extension install the php phalcon extension dnf install php phalcon y 4\ installing mongodb database create a file to add mongodb into yum package manager nano /etc/yum repos d/mongodb org 6 0 repo add the following lines into the file os 8 \[mongodb org 6 0] name=mongodb repository baseurl=https //repo mongodb org/yum/redhat/8/mongodb org/6 0/x86 64/ gpgcheck=1 enabled=1 gpgkey=https //pgp mongodb com/server 6 0 asc os 9 \[mongodb org 6 0] name=mongodb repository baseurl=https //repo mongodb org/yum/redhat/9/mongodb org/6 0/x86 64/ gpgcheck=1 enabled=1 gpgkey=https //pgp mongodb com/server 6 0 asc install mongodb yum install mongodb org y run mongod service shell systemctl start mongod service and enable autostart shell systemctl enable mongod service 5\ managing and downloading the latest passwork via git go to /var/www/ shell cd /var/www/ add a global git configuration pointing to the safe directory shell git config global add safe directory /var/www initialize a git repository at /var/www/ shell git init add the remote passwork repository shell git remote add origin https //passwork download/passwork/passwork git get the remote repository for your local sever shell git fetch the system will ask for your credentials, which are listed on your customer portal page if you can't access the customer portal, let us know switch to the v6 branch with the latest passwork version shell git checkout v6 give apache owner privileges for the files and directories shell find /var/www/ type d exec chmod 755 {} \\; find /var/www/ type f exec chmod 644 {} \\; chown r apache\ apache /var/www/ 6\ setting up apache2 for http access to passwork open the virtual host configuration file for http shell nano /etc/httpd/conf d/non ssl conf edit the file so it looks as follows shell \<virtualhost 80> serveradmin webmaster\@localhost documentroot /var/www/public \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all require all granted \</directory> errorlog logs/error log transferlog logs/access log loglevel warn \</virtualhost> restart the web server ( httpd service ) shell systemctl restart httpd service you can open http //passwork local or http //127 0 0 1 to test your passwork connection 7\ passwork parameter checklist when you connect to passwork for the first time, you will need to go over the checklist that includes automatic parameter checking checking connection to mongodb database generating an encryption key for mongodb license verification after finishing the checklist, you will be offered to create the first passwork user and set their login, password and email address for notifications this user is always local and the owner of passwork by default, in case of assigning ldap/sso user an owner, it will automatically become local and you will not be able to authorise in passwork 8\ setting up https connection 8 1 generating a self signed ssl certificate install a ssl module for apache2 shell yum install mod ssl y create a new directory to store the private key and the certificate in shell mkdir /etc/ssl/private use openssl to generate a self signed x 509 certificate for apache2 shell openssl req x509 nodes days 365 newkey rsa 2048 subj '/cn=your domain name' keyout /etc/ssl/private/apache selfsigned key out /etc/ssl/certs/apache selfsigned crt common name (cn) — specify the ip of your server or host this field is important, as the certificate should match the domain or ip of your website; subjectaltname (san) — alternative domain name or ip generate diffie hellman parameters with the key length of 2048 shell openssl dhparam out /etc/ssl/certs/dhparam pem 2048 add diffie hellman parameters to the self signed certificate shell cat /etc/ssl/certs/dhparam pem | tee a /etc/ssl/certs/apache selfsigned crt give root access to the user to secure the private key and the certificate shell chmod 700 /etc/ssl/private 8 2 configuring a virtual host to access passwork via https open the virtual host configuration file for https connection shell nano /etc/httpd/conf d/ssl conf find the section that starts with \<virtualhost default 443> and edit it as follows uncomment the documentroot line and change the path to passwork's root folder /var/www/public uncomment the servername line and change www example com to the ip or the domain of the server (it should match the common name of the certificate) documentroot /var/www/public servername passwork local 443 add the \<directory> directive after servername \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all &#x9; require all granted \</directory> comment the sslprotocol and sslciphersuite lines \# sslprotocol all sslv2 \# sslciphersuite high\ medium !anull !md5 !seed !idea update the paths to certificate files, which were generated earlier shell sslcertificatefile /etc/ssl/certs/apache selfsigned crt sslcertificatekeyfile /etc/ssl/private/apache selfsigned key after editing the file, check if the virtual host configuration file matches the example shell listen 443 \<virtualhost default 443> documentroot /var/www/public servername passwork local 443 \<directory /var/www/public> options followsymlinks multiviews allowoverride all order allow,deny allow from all &#x9; require all granted \</directory> sslcertificatefile /etc/ssl/certs/apache selfsigned crt sslcertificatekeyfile /etc/ssl/private/apache selfsigned key \</virtualhost> restart the web server ( httpd service ) bash systemctl restart httpd service check the https connection to passwork using https //passwork local 8 3 setting up passwork for work over https when using a secure ssl connection (https), client browsers require certain flags to process passwork data these flags are called session cookie secure and disablesamesitecookie if these flags are not set, browsers will not be able to establish connections and the connection will be rejected, which can lead to authorisation errors — "the session of this browser tab is out of date" enable the ;session cookie secure parameter in /etc/php ini bash sed i '/session cookie secure =/c session cookie secure = on' /etc/php ini set the disablesamesitecookie parameter in /var/www/app/config/config ini to off bash sed i '/disablesamesitecookie =/c disablesamesitecookie = off' /var/www/app/config/config ini do not set these parameters or reset them to their original value if you change your mind about using ssl and work over the http protocol 9\ configure background tasks background tasks are tasks that are executed by the scheduler in the background for example, ldap synchronisation, loading favicons, and other tasks that are time consuming, persistent, or resource allocating see a guide on background tasks docid\ pj1ekrpvv2ndjc8hbpacp 10\ set up security before modifying security settings, we strongly recommend to make sure that passwork is stable and works correctly, and to back up the files you are making changes to server security is an important part of ensuring the protection of valuable company data and resources it is a process that requires planning and execution to ensure maximum protection against various threats look through the overview of security settings docid\ abhmikjranomvre2zgelg