Debian 10

31min
How to install Passwork on Debian 8, 9
1. Get root privileges and reload local package database
Shell
su
cd ~
apt-get update
su
cd ~
apt-get update
﻿
Change server hostname to "passwork".
Shell
hostnamectl set-hostname passwork
hostnamectl set-hostname passwork
﻿
Automatic local network configuration and discovery.
Shell
apt-get install -y avahi-daemon libnss-mdns
apt-get install -y avahi-daemon libnss-mdns
﻿
Change AVAHI_DAEMON_DETECT_LOCAL from 1 to 0.
Shell
nano /etc/default/avahi-daemon
nano /etc/default/avahi-daemon
﻿
Set:
Shell
AVAHI_DAEMON_DETECT_LOCAL = 0
AVAHI_DAEMON_DETECT_LOCAL = 0
﻿
Restart:
Shell
service avahi-daemon restart
service avahi-daemon restart
﻿
2. Install Git and Apache2
Shell
apt-get install -y git apache2
apt-get install -y git apache2
﻿
3. Install MongoDB
Import the public key used by the package management system.
Shell
apt-get install -y gnupg dirmngr lsb-release
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 4B7C549A058F8B6B
apt-get install -y gnupg dirmngr lsb-release
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 4B7C549A058F8B6B
﻿
Create a /etc/apt/sources.list.d/mongodb-org-4.2.list file for MongoDB.
Shell
echo "deb http://repo.mongodb.org/apt/debian "$(lsb_release -sc)"/mongodb-org/4.2 main" | tee /etc/apt/sources.list.d/mongodb.list
echo "deb http://repo.mongodb.org/apt/debian "$(lsb_release -sc)"/mongodb-org/4.2 main" | tee /etc/apt/sources.list.d/mongodb.list
﻿
Reload local package database.
Shell
apt-get update
apt-get update
﻿
Install the latest stable version of MongoDB.
Shell
apt-get install -y mongodb-org
apt-get install -y mongodb-org
﻿
Start MongoDB Service.
Shell
service mongod start
service mongod start
﻿
Enable mongod service start on the system boot.
Shell
systemctl enable mongod.service
systemctl enable mongod.service
﻿
4. Install PHP7
Shell
apt-get install -y apt-transport-https ca-certificates
apt-get install -y apt-transport-https ca-certificates
﻿
Get the gpg key:
Shell
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
﻿
Add the new repository to sources:
Shell
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
﻿
Install PHP and additional extensions.
Shell
apt-get update
apt-get install -y php7.3 php7.3-json  php7.3-dev php7.3-ldap php7.3-xml php7.3-bcmath php7.3-mbstring
apt-get update
apt-get install -y php7.3 php7.3-json  php7.3-dev php7.3-ldap php7.3-xml php7.3-bcmath php7.3-mbstring
﻿
5. Install PHP Mongo driver
Shell
apt-get install -y pkg-config
pecl install mongodb
echo "extension=mongodb.so" | tee /etc/php/7.3/apache2/conf.d/20-mongodb.ini
apt-get install -y pkg-config
pecl install mongodb
echo "extension=mongodb.so" | tee /etc/php/7.3/apache2/conf.d/20-mongodb.ini
﻿
6. Install Phalcon PHP framework
Shell
git clone --branch 3.4.x  --depth=1 "https://github.com/phalcon/cphalcon.git"
cd cphalcon/build
./install
echo "extension=phalcon.so" | tee /etc/php/7.3/apache2/conf.d/20-phalcon.ini
service apache2 restart
git clone --branch 3.4.x  --depth=1 "https://github.com/phalcon/cphalcon.git"
cd cphalcon/build
./install
echo "extension=phalcon.so" | tee /etc/php/7.3/apache2/conf.d/20-phalcon.ini
service apache2 restart
﻿
7. Download and install Passwork
Clone the repository using your login and password.
Shell
cd /var/www
git init
git remote add origin http://passwork.download/passwork/passwork.git
git fetch
git checkout v4
cd /var/www
git init
git remote add origin http://passwork.download/passwork/passwork.git
git fetch
git checkout v4
﻿
💡 The system will ask for a login and password to the repository, which you can find in your Customer Portal. If you don't have access to the Customer Portal, contact us.
Set up permissions for the files.
Shell
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
chown -R www-data:www-data /var/www/
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
chown -R www-data:www-data /var/www/
﻿
Configure your Apache2
Open Apache’s configuration file.
Shell
nano /etc/apache2/sites-enabled/000-default.conf
nano /etc/apache2/sites-enabled/000-default.conf
﻿
Make it look like this:
Shell
<VirtualHost *:80>
    #ServerName .....
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/public
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
    #ServerName .....
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/public
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
﻿
Enable rewrite module and restart Apache.
Shell
a2enmod rewrite
service apache2 restart
a2enmod rewrite
service apache2 restart
﻿
Open http://passwork.local or http://127.0.0.1 to access website.
8. Installation
When you open Passwork for the first time, you will see an installation wizard that will check if the server is configured correctly and allow you to enter the basic parameters.
💡 Leave all fields at their default values if you are installing a new copy of Passwork
Sign up an administrator
Enter the username and password for the first user. The user will automatically become the administrator and owner of the organization.
9. Create a SSL certificate
First, enable the Apache SSL module.
Shell
a2enmod ssl
a2enmod ssl
﻿
Activate the default Apache website.
Shell
a2ensite default-ssl
a2ensite default-ssl
﻿
Restart Apache to put these changes into effect.
Shell
service apache2 restart
service apache2 restart
﻿
Create a new directory where we can store the private key and certificate.
Shell
mkdir /etc/apache2/ssl
mkdir /etc/apache2/ssl
﻿
Generate a new certificate and a private key to protect it.
Shell
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj '/CN=your.domain.name' -addext 'subjectAltName=DNS: your.domain.name' -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj '/CN=your.domain.name' -addext 'subjectAltName=DNS: your.domain.name' -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
﻿
Invoking this command will result in a series of prompts.
Common Name: Specify your server's IP address or hostname. This field matters, since your certificate needs to match the domain (or IP address) for your website.
Fill out all other fields at your own discretion.
Example answers are shown below.
Shell
Interactive
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
——
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Example
Locality Name (eg, city) []:Example
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational Unit Name (eg, section) []:Example Dept
Common Name (e.g. server FQDN or YOUR name) []:passwork.local
Email Address []:test@passwork.local
Interactive
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
——
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Example
Locality Name (eg, city) []:Example
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational Unit Name (eg, section) []:Example Dept
Common Name (e.g. server FQDN or YOUR name) []:passwork.local
Email Address []:test@passwork.local
﻿
Set the file permissions to protect your private key and certificate.
Shell
chmod 600 /etc/apache2/ssl/*
chmod 600 /etc/apache2/ssl/*
﻿
Your certificate and the private key that protects it are now ready for Apache to use.
10. Configuring the product to work correctly in Chrome with SSL
When working over an SSL connection (HTTPS), the Chrome browser requires the Secure and SameSite flags for the cookies. Without these flags, the browser will not accept cookies, and you will not be able to log into Passwork in Chrome.
To set these flags, enable the session.cookie_secure parameter in the /etc/php/7.3/apache2/php.ini file:
Shell
session.cookie_secure = On
session.cookie_secure = On
﻿
And set the parameter disableSameSiteCookie ([application] section)in file /var/www/app/config/config.ini to value Off:
Shell
disableSameSiteCookie = Off
disableSameSiteCookie = Off
﻿
💡 Do not set these parameters or reset them to their original value if you change your mind about using SSL and will be working over the HTTP protocol
11. Configure Apache to use SSL
Open the server configuration.
Shell
nano /etc/apache2/sites-enabled/default-ssl.conf
nano /etc/apache2/sites-enabled/default-ssl.conf
﻿
Locate the section that begins with <VirtualHost _default_:443> and make the following changes.
Add a line with your server name directy below the ServerAdmin email line. This can be your domain name or IP address:
Shell
ServerAdmin webmaster@localhost
ServerName passwork.local:443
ServerAdmin webmaster@localhost
ServerName passwork.local:443
﻿
Add “Directory” directive next to the “ServerName”.
Shell
<Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
<Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
﻿
Find the following two lines, and update the paths to match the locations of the certificate and key we generated earlier. If you purchased a certificate or generated your certificate elsewhere, make sure the paths here match the actual locations of your certificate and key:
Shell
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
﻿
Once these changes have been made, check that your virtual host configuration file matches the following.
Shell
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName passwork.local:443
        DocumentRoot /var/www/public
        <Directory /var/www/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    </VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName passwork.local:443
        DocumentRoot /var/www/public
        <Directory /var/www/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    </VirtualHost>
</IfModule>
﻿
Restart Apache to apply the changes.
Shell
service apache2 restart
service apache2 restart
﻿
Check SSL connection by going to https://passwork.local.