CentOS 7

how to install passwork on centos 7 1\ get root privileges and reload local packages database su cd yum makecache change server hostname to "passwork" hostnamectl set hostname passwork /etc/init d/network restart 2\ install git and apache2, add firewall rules yum y install git httpd avahi firewalld systemctl start httpd systemctl enable httpd firewall cmd permanent add service=http firewall cmd permanent add service=https firewall cmd permanent add port=5353/udp firewall cmd reload systemctl restart avahi daemon 3\ install mongodb configure the package management system (yum) create a /etc/yum repos d/mongodb org 4 2 repo file so that you can install mongodb directly, using yum yum y install nano nano /etc/yum repos d/mongodb org 4 2 repo make it look like this \[mongodb org 4 2] name=mongodb repository baseurl=https //repo mongodb org/yum/redhat/$releasever/mongodb org/4 2/x86 64/ gpgcheck=1 enabled=1 gpgkey=https //www mongodb org/static/pgp/server 4 2 asc to install the latest stable version of mongodb, issue the following command yum y install mongodb org set selinux to disabled mode in /etc/selinux/config by setting the selinux setting to disabled nano /etc/selinux/config set selinux=disabled you must reboot the system for the changes to take effect start mongodb service su cd service mongod start enable mongod service start on the system boot systemctl enable mongod service 4\ install php7 install the remi repository configuration package yum y install epel release yum utils yum y install https //rpms remirepo net/enterprise/remi release 7 rpm yum config manager enable remi php73 install php and additional extensions yum y install php php json php ldap php xml php bcmath php mbstring 5\ install php mongo driver yum y install gcc php pear php devel openssl devel pear channel update pecl php net pecl install mongodb echo "extension=mongodb so" | tee /etc/php d/20 mongodb ini systemctl restart httpd 6\ install phalcon php framework yum y install php mysql libtool pcre devel git clone branch 3 4 x depth=1 "https //github com/phalcon/cphalcon git" cd cphalcon/build /install echo "extension=phalcon so" | tee /etc/php d/50 phalcon ini systemctl restart httpd 7\ download and install passwork clone the repository using your login and password cd /var/www git init git remote add origin https //passwork download/passwork/passwork git git fetch git checkout v4 💡 the system will ask for a login and password to the repository, which you can find in your customer portal if you don't have access to the customer portal, contact us set up permissions for the files find /var/www/ type d exec chmod 755 {} \\; find /var/www/ type f exec chmod 644 {} \\; chown r apache\ apache /var/www/ configure your apache2 create non ssl configuration file nano /etc/httpd/conf d/non ssl conf change directives accordingly the entries below \<virtualhost 80> serveradmin webmaster\@localhost documentroot /var/www/public \<directory /var/www/public> options indexes followsymlinks multiviews allowoverride all order allow,deny allow from all require all granted \</directory> errorlog logs/error log transferlog logs/access log loglevel warn \</virtualhost> restart apache systemctl restart httpd open http //passwork local http //passwork local/ or http //127 0 0 1 http //127 0 0 1/ to access website 8\ installation when you open passwork for the first time, you will see an installation wizard that will check if the server is configured correctly and allow you to enter the basic parameters 💡 leave all fields at their default values if you are installing a new copy of passwork sign up an administrator enter the username and password for the first user the user will automatically become the administrator and owner of the organization 9\ create a ssl certificate first, install the apache ssl module yum y install mod ssl create a new directory to store our private key (the /etc/ssl/certs directory is already available to hold our certificate file) mkdir /etc/ssl/private set correct permissions chmod 700 /etc/ssl/private generate a new certificate and a private key to protect it openssl req x509 nodes days 365 newkey rsa 2048 subj '/cn=your domain name' addext 'subjectaltname=dns your domain name' keyout /etc/ssl/private/apache selfsigned key out /etc/ssl/certs/apache selfsigned crt invoking this command will result in a series of prompts common name specify your server's ip address or hostname this field matters, since your certificate needs to match the domain (or ip address) for your website fill out all other fields at your own discretion example answers are shown below interactive you are about to be asked to enter information that will be incorporated into your certificate request what you are about to enter is what is called a distinguished name or a dn there are quite a few fields but you can leave some blank for some fields there will be a default value, if you enter ' ', the field will be left blank —— country name (2 letter code) \[au]\ us state or province name (full name) \[some state]\ example locality name (eg, city) \[]\ example organization name (eg, company) \[internet widgits pty ltd]\ example inc organizational unit name (eg, section) \[]\ example dept common name (e g server fqdn or your name) \[]\ passwork local email address \[]\ test\@passwork local create a strong diffie hellman group openssl dhparam out /etc/ssl/certs/dhparam pem 2048 append the generated file to the end of our self signed certificate cat /etc/ssl/certs/dhparam pem | tee a /etc/ssl/certs/apache selfsigned crt 10\ configuring the product to work correctly in chrome with ssl when working over an ssl connection (https), the chrome browser requires the secure and samesite flags for the cookies without these flags, the browser will not accept cookies, and you will not be able to log into passwork in chrome to set these flags, enable the session cookie secure parameter in the /etc/php ini file session cookie secure = on and set the parameter disablesamesitecookie ( \[application] section)in file /var/www/app/config/config ini to value off disablesamesitecookie = off 💡 do not set these parameters or reset them to their original value if you change your mind about using ssl and will be working over the http protocol 11\ configure apache to use ssl open apache's ssl configuration file in your text editor nano /etc/httpd/conf d/ssl conf locate the section that begins with \<virtualhost default 443> and make the following changes first, uncomment the documentroot line and edit the address in quotes to the location of your site's document root by default, this will be in /var/www/html next, uncomment the servername line and replace www example com with your domain name or server ip address (whichever one you put as the common name in your certificate) documentroot /var/www/public servername passwork local 443 add “directory” directive next to the “servername” \<directory /var/www/public> options indexes followsymlinks multiviews allowoverride all order allow,deny allow from all &#x9; require all granted \</directory> next, find the sslprotocol and sslciphersuite lines and either delete them or comment them out the configuration we be pasting in a moment will offer more secure settings than the default included with centos's apache \# sslprotocol all sslv2 \# sslciphersuite high\ medium !anull !md5 !seed !idea find the sslcertificatefile and sslcertificatekeyfile lines and change them to the directory we made at /etc/httpd/ssl sslcertificatefile /etc/ssl/certs/apache selfsigned crt sslcertificatekeyfile /etc/ssl/private/apache selfsigned key once these changes have been made, check that your virtual host configuration file matches the following \<virtualhost default 443> documentroot /var/www/public servername passwork local 443 \<directory /var/www/public> options indexes followsymlinks multiviews allowoverride all order allow,deny allow from all &#x9; require all granted \</directory> sslcertificatefile /etc/ssl/certs/apache selfsigned crt sslcertificatekeyfile /etc/ssl/private/apache selfsigned key \</virtualhost> we're now done with the changes within the actual virtualhost block save changes (ctr+o) and exit (ctr+x) restart apache to apply the changes systemctl restart httpd check ssl connection by going to https //passwork local https //passwork local/