Application Server

Elentra Platform Technical Documentation
Search…
Application Server
This documentation can be used as a reference to create both your Production Application Server and Staging Application Server on a single Red Hat Enterprise or CentOS 7 virtual machine. This is achieved by using SNI within Apache 2.
The hostnames that will be referenced throughout this document will be elentra.med.university.edu and staging.med.university.edu. These hostnames should be replaced by your actual DNS hostnames.
1.SSH into server and sudo to root:
1
ssh [email protected]
2
sudo -s
Copied!
2.Change the SELINUX variable in /etc/selinux/config to permissive to prevent unforeseen and difficult to diagnose issues:
1
SELINUX=permissive
Copied!
3.Add the following lines to /etc/hosts file:
1
127.0.0.1   elentra.med.university.edu
2
127.0.0.1   staging.med.university.edu
Copied!
4.Edit the hostname of the virtual machine in the /etc/hostname file:
1
elentra.med.university.edu
Copied!
5.Install screen, update RHEL, and reboot:
1
yum install screen
2
screen
3
yum update
4
reboot
Copied!
6.SSH back into server, and install the Inline with Upstream Stable (IUS Community) package.
1
ssh [email protected]
2
sudo -s
3
screen
4
​
5
yum -y install https://repo.ius.io/ius-release-el7.rpm \
6
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Copied!
7.Install Apache, OpenSSL, PHP, Git, HTMLDoc, mariadb (client), ClamAV, and NTP packages:
1
yum -y install git \
2
            htmldoc \
3
            curl \
4
            wget \
5
            unzip \
6
            openssl \
7
            httpd \
8
            mod_ssl \
9
            mod_php74 \
10
            php74-cli \
11
            php74-gd \
12
            php74-devel \
13
            php74-pdo \
14
            php74-mysqlnd \
15
            php74-intl \
16
            php74-mbstring \
17
            php74-bcmath \
18
            php74-ldap \
19
            php74-imap \
20
            php74-soap \
21
            php74-xml \
22
            php74-xmlrpc \
23
            php74-tidy \
24
            php74-opcache \
25
            php74-json \
26
            php74-sodium \
27
            php74-pecl-redis \
28
            php74-pecl-zip \
29
            mariadb104 \
30
            clamav \
31
            ntp \
32
            supervisor
Copied!
8.Install wkhtmltopdf from the binary package because the yum package provided by EPEL is broken:
curl -SL https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz | tar -xJC /root && cp /root/wkhtmltox/bin/* /usr/bin
9.Start Apache and Supervisor, and set to start on system startup:
systemctl enable httpd
systemctl start httpd
systemctl enable supervisord
systemctl start supervisord
10.Create a new file called /etc/php.d/elentra.ini and add the following:
1
date.timezone = America/Toronto
2
display_errors = Off
3
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
4
expose_php = Off
5
memory_limit = 512M
6
post_max_size = 512M
7
session.cookie_secure = 1
8
session.cookie_httponly = 1
9
session.cookie_samesite = Strict
10
upload_max_filesize = 512M
Copied!
11.Create an Elentra system user called production, which is used for production deployments:
1
useradd -m production
2
passwd production
Copied!
12.Create and permission the SSH authorized_keys file for the production user.
1
cd /home/production
2
mkdir /home/production/.ssh
3
touch /home/production/.ssh/authorized_keys
4
chown -R production:production /home/production/.ssh
5
chmod 700 /home/production/.ssh
6
chmod 600 /home/production/.ssh/authorized_keys
Copied!
13.Add all developers' SSH public keys (i.e. cat ~/.ssh/id_rsa.pub) that are allowed to deploy Elentra to your production environment to the new authorized_keys file.
1
vim /home/production/.ssh/authorized_keys
Copied!
14.Create an Elentra system user called staging, which is used for staging deployments:
1
useradd -m staging
2
passwd staging
Copied!
15.Create and permission the SSH authorized_keys file for the staging user.
1
cd /home/staging
2
mkdir /home/staging/.ssh
3
touch /home/staging/.ssh/authorized_keys
4
chown -R staging:staging /home/staging/.ssh
5
chmod 700 /home/staging/.ssh
6
chmod 600 /home/staging/.ssh/authorized_keys
Copied!
16.Add all developers' SSH public keys (i.e. cat ~/.ssh/id_rsa.pub) that are allowed to deploy Elentra to your staging environment to the new authorized_keys file.
1
vim /home/staging/.ssh/authorized_keys
Copied!
17.Create and appropriately permission the Apache document root and Elentra storage directories for production.
1
mkdir -p /var/www/vhosts/elentra.med.university.edu/storage/
2
mkdir /var/www/vhosts/elentra.med.university.edu/storage/annualreports
3
mkdir /var/www/vhosts/elentra.med.university.edu/storage/app
4
mkdir /var/www/vhosts/elentra.med.university.edu/storage/app/public
5
mkdir /var/www/vhosts/elentra.med.university.edu/storage/cache
6
mkdir /var/www/vhosts/elentra.med.university.edu/storage/cbme-uploads
7
mkdir /var/www/vhosts/elentra.med.university.edu/storage/cbme-uploads/advisor-files
8
mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-discussions
9
mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-galleries
10
mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-shares
11
mkdir /var/www/vhosts/elentra.med.university.edu/storage/eportfolio
12
mkdir /var/www/vhosts/elentra.med.university.edu/storage/event-files
13
mkdir /var/www/vhosts/elentra.med.university.edu/storage/exam-files
14
mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework
15
mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/cache
16
mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/cache/data
17
mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/sessions
18
mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/views
19
mkdir /var/www/vhosts/elentra.med.university.edu/storage/logs
20
mkdir /var/www/vhosts/elentra.med.university.edu/storage/lor
21
mkdir /var/www/vhosts/elentra.med.university.edu/storage/msprs
22
mkdir /var/www/vhosts/elentra.med.university.edu/storage/resource-images
23
mkdir /var/www/vhosts/elentra.med.university.edu/storage/secure-access
24
mkdir /var/www/vhosts/elentra.med.university.edu/storage/syllabi
25
mkdir /var/www/vhosts/elentra.med.university.edu/storage/user-photos
26
chown -R production:production /var/www/vhosts/elentra.med.university.edu
27
chmod -R 777 /var/www/vhosts/elentra.med.university.edu/storage/*
Copied!
18.Create and appropriately permission the Apache document root and Elentra storage directories for staging.
1
mkdir -p /var/www/vhosts/staging.med.university.edu/storage/
2
mkdir /var/www/vhosts/staging.med.university.edu/storage/annualreports
3
mkdir /var/www/vhosts/staging.med.university.edu/storage/app
4
mkdir /var/www/vhosts/staging.med.university.edu/storage/app/public
5
mkdir /var/www/vhosts/staging.med.university.edu/storage/cache
6
mkdir /var/www/vhosts/staging.med.university.edu/storage/cbme-uploads
7
mkdir /var/www/vhosts/staging.med.university.edu/storage/cbme-uploads/advisor-files
8
mkdir /var/www/vhosts/staging.med.university.edu/storage/community-discussions
9
mkdir /var/www/vhosts/staging.med.university.edu/storage/community-galleries
10
mkdir /var/www/vhosts/staging.med.university.edu/storage/community-shares
11
mkdir /var/www/vhosts/staging.med.university.edu/storage/eportfolio
12
mkdir /var/www/vhosts/staging.med.university.edu/storage/event-files
13
mkdir /var/www/vhosts/staging.med.university.edu/storage/exam-files
14
mkdir /var/www/vhosts/staging.med.university.edu/storage/framework
15
mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/cache
16
mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/cache/data
17
mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/sessions
18
mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/views
19
mkdir /var/www/vhosts/staging.med.university.edu/storage/logs
20
mkdir /var/www/vhosts/staging.med.university.edu/storage/lor
21
mkdir /var/www/vhosts/staging.med.university.edu/storage/msprs
22
mkdir /var/www/vhosts/staging.med.university.edu/storage/resource-images
23
mkdir /var/www/vhosts/staging.med.university.edu/storage/secure-access
24
mkdir /var/www/vhosts/staging.med.university.edu/storage/syllabi
25
mkdir /var/www/vhosts/staging.med.university.edu/storage/user-photos
26
chown -R staging:staging /var/www/vhosts/staging.med.university.edu
27
chmod -R 777 /var/www/vhosts/staging.med.university.edu/storage/*
Copied!
19.Generate the SSL private keys required for each of your hostnames:
1
mkdir -p /root/certificates/2020
2
cd /root/certificates/2020
3
openssl genrsa -out elentra.med.university.edu.key 2048
4
openssl genrsa -out staging.med.university.edu.key 2048
Copied!
20.Generate the SSL certificate signing requests (CSRs) for your certificate authority for each of your hostnames:
1
openssl req -new -key elentra.med.university.edu.key -out elentra.med.university.edu.csr
2
openssl req -new -key staging.med.university.edu.key -out staging.med.university.edu.csr
Copied!
You will be asked a number of questions, answer accordingly, but do not answer enter anything for "Email Address", "A challenge password", or "An optional company name":
1
You are about to be asked to enter information that will be incorporated
2
into your certificate request.
3
What you are about to enter is what is called a Distinguished Name or a DN.
4
There are quite a few fields but you can leave some blank
5
For some fields there will be a default value,
6
If you enter '.', the field will be left blank.
7
-----
8
Country Name (2 letter code) [XX]:CA
9
State or Province Name (full name) []:Ontario
10
Locality Name (eg, city) [Default City]:Kingston
11
Organization Name (eg, company) [Default Company Ltd]:Queen's University
12
Organizational Unit Name (eg, section) []:Health Sciences Education Technology Unit
13
Common Name (eg, your name or your server's hostname) []:elentra.med.university.edu
14
Email Address []:
15
Please enter the following 'extra' attributes
16
to be sent with your certificate request
17
A challenge password []:
18
An optional company name []:
Copied!
21.If you have a valid Certificate Authority certificate, you should create a .crt file foreach hostname and paste in the certificate text:
1
vim /root/certificates/2021/elentra.med.university.edu.crt
2
vim /root/certificates/2021/staging.med.university.edu.crt
Copied!
You will also likely have a certificate authority root chain certificate. Also paste this into a file called ca-certificate.crt.

22.If you are only creating self-signed certificates, you should do this for each hostname:
1
openssl x509 -req -days 365 -in elentra.med.university.edu.csr -signkey elentra.med.university.edu.key -out elentra.med.university.edu.crt
2
openssl x509 -req -days 365 -in staging.med.university.edu.csr -signkey staging.med.university.edu.key -out staging.med.university.edu.crt
Copied!
23.Install the certificates in the Apache virtual host directory:
1
mkdir /var/www/vhosts/elentra.med.university.edu/cert/
2
cp /root/certificates/2021/elentra.med.university.edu.crt /var/www/vhosts/elentra.med.university.edu/cert/
3
cp /root/certificates/2021/elentra.med.university.edu.key /var/www/vhosts/elentra.med.university.edu/cert/
4
mkdir /var/www/vhosts/staging.med.university.edu/cert/
5
cp /root/certificates/2021/staging.med.university.edu.crt /var/www/vhosts/staging.med.university.edu/cert/
6
cp /root/certificates/2021/staging.med.university.edu.key /var/www/vhosts/staging.med.university.edu/cert/
Copied!
24.Create the Apache VirtualHosts by creating a file named 000-elentra.conf and placing it /etc/httpd/conf.d/.

This file should contain the following:
1
# This will limit what information Apache reveals about itself.
2
ServerTokens Prod
3
ServerSignature Off
4
TraceEnable Off
5
​
6
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
7
​
8
# Apache performance tuning options for more connections.
9
#<IfModule mpm_prefork_module>
10
#    MaxRequestWorkers 512
11
#    ServerLimit 512
12
#</IfModule>
13
​
14
# Production
15
<VirtualHost *:80>
16
    ServerName elentra.med.university.edu
17
    ServerAdmin [email protected]
18
​
19
    RewriteEngine On
20
    RewriteCond %{HTTPS} off
21
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
22
</VirtualHost>
23
<VirtualHost *:443>
24
    ServerName elentra.med.university.edu:443
25
    ServerAdmin [email protected]
26
​
27
    SSLEngine on
28
    SSLProtocol -all +TLSv1.2
29
    SSLHonorCipherOrder on
30
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
31
​
32
    SSLCertificateFile /var/www/vhosts/elentra.med.university.edu/cert/elentra.med.university.edu.crt
33
    SSLCertificateKeyFile /var/www/vhosts/elentra.med.university.edu/cert/elentra.med.university.edu.key
34
    #SSLCACertificateFile /var/www/vhosts/elentra.med.university.edu/cert/ca-certificate.crt
35
​
36
    SSLUseStapling on
37
​
38
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
39
    Header always set X-Frame-Options SAMEORIGIN
40
​
41
    DocumentRoot /var/www/vhosts/elentra.med.university.edu/current/www-root
42
    <Directory "/var/www/vhosts/elentra.med.university.edu/current/www-root">
43
        Options FollowSymLinks
44
        Require all granted
45
        AllowOverride all
46
    </Directory>
47
</VirtualHost>
48
​
49
# Staging
50
<VirtualHost *:80>
51
    ServerName staging.med.university.edu
52
    ServerAdmin [email protected]
53
​
54
    RewriteEngine On
55
    RewriteCond %{HTTPS} off
56
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
57
</VirtualHost>
58
<VirtualHost *:443>
59
    ServerName staging.med.university.edu:443
60
    ServerAdmin [email protected]
61
​
62
    SSLEngine on
63
    SSLProtocol -all +TLSv1.2
64
    SSLHonorCipherOrder on
65
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
66
​
67
    SSLCertificateFile /var/www/vhosts/staging.med.university.edu/cert/staging.med.university.edu.crt
68
    SSLCertificateKeyFile /var/www/vhosts/staging.med.university.edu/cert/staging.med.university.edu.key
69
    #SSLCACertificateFile /var/www/vhosts/staging.med.university.edu/cert/ca-certificate.crt
70
​
71
    SSLUseStapling on
72
​
73
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
74
    Header always set X-Frame-Options SAMEORIGIN
75
​
76
    DocumentRoot /var/www/vhosts/staging.med.university.edu/current/www-root
77
    <Directory "/var/www/vhosts/staging.med.university.edu/current/www-root">
78
        Options FollowSymLinks
79
        Require all granted
80
        AllowOverride all
81
    </Directory>
82
</VirtualHost>
Copied!
25.Create a new file in the /etc/supervisord.d directory called elentra.ini, and use the following template snippet as a reference to create your own file.

Please make sure that you have the correct path in command and stdout_logfile, and that user is the correct system account that your existing cron jobs are run as.
1
[program:staging]
2
process_name=%(program_name)s_%(process_num)02d
3
command=php /var/www/vhosts/staging.elentra.med.university.edu/current/www-root/core/library/vendor/elentrapackages/elentra-1x-api/artisan queue:work --queue=high,emails,default,low --env=staging
4
autostart=true
5
autorestart=true
6
user=staging
7
numprocs=1
8
redirect_stderr=true
9
stdout_logfile=/var/www/vhosts/staging.elentra.med.university.edu/storage/logs/worker.log
10
​
11
[program:production]
12
process_name=%(program_name)s_%(process_num)02d
13
command=php /var/www/vhosts/elentra.med.university.edu/current/www-root/core/library/vendor/elentrapackages/elentra-1x-api/artisan queue:work --queue=high,emails,default,low --env=production
14
autostart=true
15
autorestart=true
16
user=production
17
numprocs=1
18
redirect_stderr=true
19
stdout_logfile=/var/www/vhosts/elentra.med.university.edu/storage/logs/worker.log
20
​
21
[group:elentra]
22
programs=staging,production
Copied!
26.Test your new Apache configuration, then restart Apache and Supervisor.
1
apachectl configtest
2
systemctl restart httpd
3
systemctl restart supervisord
Copied!
Administrators - Previous
Server Requirements
Shibboleth Single Sign-on
Last modified 5mo ago
Copy link