CentOS 8 Stream

28min
💡 This installation manual isn't suitable for CentOS Linux 8 which reaches End Of Life (EOL) on December 31st, 2021
How to install Passwork on CentOS 8 Stream
1. Get root privileges and reload local packages database
Shell
su
cd ~
yum makecache
su
cd ~
yum makecache
﻿
Change server hostname to "passwork"
Shell
hostnamectl set-hostname passwork
systemctl restart NetworkManager.service
hostnamectl set-hostname passwork
systemctl restart NetworkManager.service
﻿
2. Install Git and Apache2, add firewall rules
Shell
yum -y install git httpd avahi
systemctl start httpd
systemctl enable httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=5353/udp
firewall-cmd --reload
systemctl restart avahi-daemon
yum -y install git httpd avahi
systemctl start httpd
systemctl enable httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=5353/udp
firewall-cmd --reload
systemctl restart avahi-daemon
﻿
3. Install MongoDB
Configure the package management system (yum).
Create a /etc/yum.repos.d/mongodb-org-4.2.repo file so that you can install MongoDB directly, using yum.
Shell
yum -y install nano
nano /etc/yum.repos.d/mongodb-org-4.2.repo
yum -y install nano
nano /etc/yum.repos.d/mongodb-org-4.2.repo
﻿
Make it look like this:
Shell
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
﻿
To install the latest stable version of MongoDB, issue the following command:
Shell
yum -y install mongodb-org
yum -y install mongodb-org
﻿
Set SELinux to disabled mode in /etc/selinux/config by setting the SELINUX setting to disabled
Shell
nano /etc/selinux/config
nano /etc/selinux/config
﻿
Set:
Shell
SELINUX=disabled
SELINUX=disabled
﻿
You must reboot the system for the changes to take effect
Start MongoDB Service:
Shell
su
cd ~
service mongod start
su
cd ~
service mongod start
﻿
Enable mongod service start on the system boot:
Shell
systemctl enable mongod.service
systemctl enable mongod.service
﻿
4. Install PHP7
Install the Remi repository configuration package
Shell
yum -y install epel-release yum-utils 
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module install -y php:remi-7.3
yum -y install epel-release yum-utils 
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module install -y php:remi-7.3
﻿
Install PHP and additional extensions
Shell
dnf install -y php php-json php-ldap php-xml php-bcmath php-mbstring
dnf install -y php php-json php-ldap php-xml php-bcmath php-mbstring
﻿
5. Install PHP Mongo driver
Shell
dnf config-manager --set-enabled powertools
yum -y install gcc php-pear curl-devel openssl-devel pcre-devel php-devel
pear channel-update pecl.php.net
pecl install mongodb
echo "extension=mongodb.so" | tee /etc/php.d/20-mongodb.ini
systemctl restart httpd
dnf config-manager --set-enabled powertools
yum -y install gcc php-pear curl-devel openssl-devel pcre-devel php-devel
pear channel-update pecl.php.net
pecl install mongodb
echo "extension=mongodb.so" | tee /etc/php.d/20-mongodb.ini
systemctl restart httpd
﻿
6. Install Phalcon PHP framework
Shell
yum -y install php-mysql libtool pcre-devel
git clone --branch 3.4.x  --depth=1 "https://github.com/phalcon/cphalcon.git"
cd cphalcon/build
./install
echo "extension=phalcon.so" | tee /etc/php.d/50-phalcon.ini
systemctl restart httpd
systemctl restart php-fpm
yum -y install php-mysql libtool pcre-devel
git clone --branch 3.4.x  --depth=1 "https://github.com/phalcon/cphalcon.git"
cd cphalcon/build
./install
echo "extension=phalcon.so" | tee /etc/php.d/50-phalcon.ini
systemctl restart httpd
systemctl restart php-fpm
﻿
7. Download and install Passwork
Clone the repository using your login and password
Shell
cd /var/www
git init
git remote add origin https://passwork.download/passwork/passwork.git
git fetch
git checkout v4
cd /var/www
git init
git remote add origin https://passwork.download/passwork/passwork.git
git fetch
git checkout v4
﻿
💡 The system will ask for a login and password to the repository, which you can find in your Customer Portal. If you don't have access to the Customer Portal, contact us.
Set up permissions for the files.
Shell
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
chown -R apache:apache /var/www/
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
chown -R apache:apache /var/www/
﻿
Configure your Apache2
Create non-ssl configuration file
Shell
nano /etc/httpd/conf.d/non-ssl.conf
nano /etc/httpd/conf.d/non-ssl.conf
﻿
Change directives accordingly the entries below:
Shell
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/public
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/public
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
﻿
Restart Apache:
Shell
systemctl restart httpd
systemctl restart httpd
﻿
Open http://passwork.local or http://127.0.0.1 to access website
8. Installation
When you open Passwork for the first time, you will see an installation wizard that will check if the server is configured correctly and allow you to enter the basic parameters.
💡 Leave all fields at their default values if you are installing a new copy of Passwork
Sign up an administrator
Enter the username and password for the first user. The user will automatically become the administrator and owner of the organization.
9. Create a SSL certificate
First, install the Apache SSL module:
Shell
yum -y install mod_ssl
yum -y install mod_ssl
﻿
Create a new directory to store our private key (the /etc/ssl/certs directory is already available to hold our certificate file):
Shell
mkdir /etc/ssl/private
mkdir /etc/ssl/private
﻿
Set correct permissions:
Shell
chmod 700 /etc/ssl/private
chmod 700 /etc/ssl/private
﻿
Generate a new certificate and a private key to protect it:
Shell
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj '/CN=your.domain.name' -addext 'subjectAltName=DNS: your.domain.name' -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj '/CN=your.domain.name' -addext 'subjectAltName=DNS: your.domain.name' -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
﻿
Create a strong Diffie-Hellman group.
Shell
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
﻿
Append the generated file to the end of our self-signed certificate.
Shell
cat /etc/ssl/certs/dhparam.pem | tee -a /etc/ssl/certs/apache-selfsigned.crt
cat /etc/ssl/certs/dhparam.pem | tee -a /etc/ssl/certs/apache-selfsigned.crt
﻿
10. Configuring the product to work correctly in Chrome with SSL
When working over an SSL connection (HTTPS), the Chrome browser requires the Secure and SameSite flags for the cookies. Without these flags, the browser will not accept cookies, and you will not be able to log into Passwork in Chrome.
To set these flags, enable the session.cookie_secure parameter in the /etc/php.ini file:
Shell
session.cookie_secure = On
session.cookie_secure = On
﻿
And set the parameter disableSameSiteCookie ([application] section)in file /var/www/app/config/config.ini to value Off:
Shell
disableSameSiteCookie = Off
disableSameSiteCookie = Off
﻿
💡 Do not set these parameters or reset them to their original value if you change your mind about using SSL and will be working over the HTTP protocol
11. Configure Apache to use SSL
Open Apache's SSL configuration file in your text editor.
Shell
nano /etc/httpd/conf.d/ssl.conf
nano /etc/httpd/conf.d/ssl.conf
﻿
Locate the section that begins with <VirtualHost _default_:443> and make the following changes.
First, uncomment the DocumentRoot line and edit the address in quotes to the location of your site's document root. By default, this will be in /var/www/html.
Next, uncomment the ServerName line and replace www.example.com with your domain name or server IP address (whichever one you put as the common name in your certificate):
Shell
DocumentRoot /var/www/public
ServerName passwork.local:443
DocumentRoot /var/www/public
ServerName passwork.local:443
﻿
Add “Directory” directive next to the “ServerName”.
Shell
<Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
		Require all granted
    </Directory>
<Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
		Require all granted
    </Directory>
﻿
Next, find the SSLProtocol and SSLCipherSuite lines and either delete them or comment them out. The configuration we be pasting in a moment will offer more secure settings than the default included with CentOS's Apache:
Shell
# SSLProtocol all -SSLv2
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
# SSLProtocol all -SSLv2
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
﻿
Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to the directory we made at /etc/httpd/ssl:
Shell
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
﻿
Once these changes have been made, check that your virtual host configuration file matches the following.
Shell
<VirtualHost _default_:443>
    DocumentRoot /var/www/public
    ServerName passwork.local:443
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
		Require all granted
    </Directory>
    SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
<VirtualHost _default_:443>
    DocumentRoot /var/www/public
    ServerName passwork.local:443
    <Directory /var/www/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
		Require all granted
    </Directory>
    SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
﻿
We're now done with the changes within the actual VirtualHost block. Save changes (Ctr+O) and exit (Ctr+X).
Restart Apache to apply the changes.
Shell
systemctl restart httpd
systemctl restart httpd
﻿
Check SSL connection by going to https://passwork.local.