Application Server
This documentation can be used as a reference to create both your Production Application Server and Staging Application Server on a single Red Hat Enterprise or CentOS 7 virtual machine. This is achieved by using SNI within Apache 2.
The hostnames that will be referenced throughout this document will be elentra.med.university.edu and staging.med.university.edu. These hostnames should be replaced by your actual DNS hostnames.
  1. 1.
    SSH into server and sudo to root:
    2
    sudo -s
    Copied!
  2. 2.
    Change the SELINUX variable in /etc/selinux/config to permissive to prevent unforeseen and difficult to diagnose issues:
    1
    SELINUX=permissive
    Copied!
  3. 3.
    Add the following lines to /etc/hosts file:
    1
    127.0.0.1 elentra.med.university.edu
    2
    127.0.0.1 staging.med.university.edu
    Copied!
  4. 4.
    Edit the hostname of the virtual machine in the /etc/hostname file:
    1
    elentra.med.university.edu
    Copied!
  5. 5.
    Install screen, update RHEL, and reboot:
    1
    yum install screen
    2
    screen
    3
    yum update
    4
    reboot
    Copied!
  6. 6.
    SSH back into server, and install the Inline with Upstream Stable (IUS Community) package.
    2
    sudo -s
    3
    screen
    4
    5
    yum -y install https://repo.ius.io/ius-release-el7.rpm \
    6
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    Copied!
  7. 7.
    Install Apache, OpenSSL, PHP, Git, HTMLDoc, mariadb (client), ClamAV, and NTP packages:
    1
    yum -y install git \
    2
    htmldoc \
    3
    curl \
    4
    wget \
    5
    unzip \
    6
    openssl \
    7
    httpd \
    8
    mod_ssl \
    9
    mod_php74 \
    10
    php74-cli \
    11
    php74-gd \
    12
    php74-devel \
    13
    php74-pdo \
    14
    php74-mysqlnd \
    15
    php74-intl \
    16
    php74-mbstring \
    17
    php74-bcmath \
    18
    php74-ldap \
    19
    php74-imap \
    20
    php74-soap \
    21
    php74-xml \
    22
    php74-xmlrpc \
    23
    php74-tidy \
    24
    php74-opcache \
    25
    php74-json \
    26
    php74-sodium \
    27
    php74-pecl-redis \
    28
    php74-pecl-zip \
    29
    mariadb104 \
    30
    clamav \
    31
    ntp \
    32
    supervisor
    Copied!
  8. 8.
    Install wkhtmltopdf from the binary package because the yum package provided by EPEL is broken: curl -SL https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz | tar -xJC /root && cp /root/wkhtmltox/bin/* /usr/bin
  9. 9.
    Start Apache and Supervisor, and set to start on system startup: systemctl enable httpd systemctl start httpd systemctl enable supervisord systemctl start supervisord
  10. 10.
    Create a new file called /etc/php.d/elentra.ini and add the following:
    1
    date.timezone = America/Toronto
    2
    display_errors = Off
    3
    error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
    4
    expose_php = Off
    5
    memory_limit = 512M
    6
    post_max_size = 512M
    7
    session.cookie_secure = 1
    8
    session.cookie_httponly = 1
    9
    session.cookie_samesite = Strict
    10
    upload_max_filesize = 512M
    Copied!
  11. 11.
    Create an Elentra system user called production, which is used for production deployments:
    1
    useradd -m production
    2
    passwd production
    Copied!
  12. 12.
    Create and permission the SSH authorized_keys file for the production user.
    1
    cd /home/production
    2
    mkdir /home/production/.ssh
    3
    touch /home/production/.ssh/authorized_keys
    4
    chown -R production:production /home/production/.ssh
    5
    chmod 700 /home/production/.ssh
    6
    chmod 600 /home/production/.ssh/authorized_keys
    Copied!
  13. 13.
    Add all developers' SSH public keys (i.e. cat ~/.ssh/id_rsa.pub) that are allowed to deploy Elentra to your production environment to the new authorized_keys file.
    1
    vim /home/production/.ssh/authorized_keys
    Copied!
  14. 14.
    Create an Elentra system user called staging, which is used for staging deployments:
    1
    useradd -m staging
    2
    passwd staging
    Copied!
  15. 15.
    Create and permission the SSH authorized_keys file for the staging user.
    1
    cd /home/staging
    2
    mkdir /home/staging/.ssh
    3
    touch /home/staging/.ssh/authorized_keys
    4
    chown -R staging:staging /home/staging/.ssh
    5
    chmod 700 /home/staging/.ssh
    6
    chmod 600 /home/staging/.ssh/authorized_keys
    Copied!
  16. 16.
    Add all developers' SSH public keys (i.e. cat ~/.ssh/id_rsa.pub) that are allowed to deploy Elentra to your staging environment to the new authorized_keys file.
    1
    vim /home/staging/.ssh/authorized_keys
    Copied!
  17. 17.
    Create and appropriately permission the Apache document root and Elentra storage directories for production.
    1
    mkdir -p /var/www/vhosts/elentra.med.university.edu/storage/
    2
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/annualreports
    3
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/app
    4
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/app/public
    5
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/cache
    6
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/cbme-uploads
    7
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/cbme-uploads/advisor-files
    8
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-discussions
    9
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-galleries
    10
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/community-shares
    11
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/eportfolio
    12
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/event-files
    13
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/exam-files
    14
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework
    15
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/cache
    16
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/cache/data
    17
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/sessions
    18
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/framework/views
    19
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/logs
    20
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/lor
    21
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/msprs
    22
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/resource-images
    23
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/secure-access
    24
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/syllabi
    25
    mkdir /var/www/vhosts/elentra.med.university.edu/storage/user-photos
    26
    chown -R production:production /var/www/vhosts/elentra.med.university.edu
    27
    chmod -R 777 /var/www/vhosts/elentra.med.university.edu/storage/*
    Copied!
  18. 18.
    Create and appropriately permission the Apache document root and Elentra storage directories for staging.
    1
    mkdir -p /var/www/vhosts/staging.med.university.edu/storage/
    2
    mkdir /var/www/vhosts/staging.med.university.edu/storage/annualreports
    3
    mkdir /var/www/vhosts/staging.med.university.edu/storage/app
    4
    mkdir /var/www/vhosts/staging.med.university.edu/storage/app/public
    5
    mkdir /var/www/vhosts/staging.med.university.edu/storage/cache
    6
    mkdir /var/www/vhosts/staging.med.university.edu/storage/cbme-uploads
    7
    mkdir /var/www/vhosts/staging.med.university.edu/storage/cbme-uploads/advisor-files
    8
    mkdir /var/www/vhosts/staging.med.university.edu/storage/community-discussions
    9
    mkdir /var/www/vhosts/staging.med.university.edu/storage/community-galleries
    10
    mkdir /var/www/vhosts/staging.med.university.edu/storage/community-shares
    11
    mkdir /var/www/vhosts/staging.med.university.edu/storage/eportfolio
    12
    mkdir /var/www/vhosts/staging.med.university.edu/storage/event-files
    13
    mkdir /var/www/vhosts/staging.med.university.edu/storage/exam-files
    14
    mkdir /var/www/vhosts/staging.med.university.edu/storage/framework
    15
    mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/cache
    16
    mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/cache/data
    17
    mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/sessions
    18
    mkdir /var/www/vhosts/staging.med.university.edu/storage/framework/views
    19
    mkdir /var/www/vhosts/staging.med.university.edu/storage/logs
    20
    mkdir /var/www/vhosts/staging.med.university.edu/storage/lor
    21
    mkdir /var/www/vhosts/staging.med.university.edu/storage/msprs
    22
    mkdir /var/www/vhosts/staging.med.university.edu/storage/resource-images
    23
    mkdir /var/www/vhosts/staging.med.university.edu/storage/secure-access
    24
    mkdir /var/www/vhosts/staging.med.university.edu/storage/syllabi
    25
    mkdir /var/www/vhosts/staging.med.university.edu/storage/user-photos
    26
    chown -R staging:staging /var/www/vhosts/staging.med.university.edu
    27
    chmod -R 777 /var/www/vhosts/staging.med.university.edu/storage/*
    Copied!
  19. 19.
    Generate the SSL private keys required for each of your hostnames:
    1
    mkdir -p /root/certificates/2020
    2
    cd /root/certificates/2020
    3
    openssl genrsa -out elentra.med.university.edu.key 2048
    4
    openssl genrsa -out staging.med.university.edu.key 2048
    Copied!
  20. 20.
    Generate the SSL certificate signing requests (CSRs) for your certificate authority for each of your hostnames:
    1
    openssl req -new -key elentra.med.university.edu.key -out elentra.med.university.edu.csr
    2
    openssl req -new -key staging.med.university.edu.key -out staging.med.university.edu.csr
    Copied!
    You will be asked a number of questions, answer accordingly, but do not answer enter anything for "Email Address", "A challenge password", or "An optional company name":
    1
    You are about to be asked to enter information that will be incorporated
    2
    into your certificate request.
    3
    What you are about to enter is what is called a Distinguished Name or a DN.
    4
    There are quite a few fields but you can leave some blank
    5
    For some fields there will be a default value,
    6
    If you enter '.', the field will be left blank.
    7
    -----
    8
    Country Name (2 letter code) [XX]:CA
    9
    State or Province Name (full name) []:Ontario
    10
    Locality Name (eg, city) [Default City]:Kingston
    11
    Organization Name (eg, company) [Default Company Ltd]:Queen's University
    12
    Organizational Unit Name (eg, section) []:Health Sciences Education Technology Unit
    13
    Common Name (eg, your name or your server's hostname) []:elentra.med.university.edu
    14
    Email Address []:
    15
    Please enter the following 'extra' attributes
    16
    to be sent with your certificate request
    17
    A challenge password []:
    18
    An optional company name []:
    Copied!
  21. 21.
    If you have a valid Certificate Authority certificate, you should create a .crt file foreach hostname and paste in the certificate text:
    1
    vim /root/certificates/2021/elentra.med.university.edu.crt
    2
    vim /root/certificates/2021/staging.med.university.edu.crt
    Copied!
    You will also likely have a certificate authority root chain certificate. Also paste this into a file called ca-certificate.crt.
  22. 22.
    If you are only creating self-signed certificates, you should do this for each hostname:
    1
    openssl x509 -req -days 365 -in elentra.med.university.edu.csr -signkey elentra.med.university.edu.key -out elentra.med.university.edu.crt
    2
    openssl x509 -req -days 365 -in staging.med.university.edu.csr -signkey staging.med.university.edu.key -out staging.med.university.edu.crt
    Copied!
  23. 23.
    Install the certificates in the Apache virtual host directory:
    1
    mkdir /var/www/vhosts/elentra.med.university.edu/cert/
    2
    cp /root/certificates/2021/elentra.med.university.edu.crt /var/www/vhosts/elentra.med.university.edu/cert/
    3
    cp /root/certificates/2021/elentra.med.university.edu.key /var/www/vhosts/elentra.med.university.edu/cert/
    4
    mkdir /var/www/vhosts/staging.med.university.edu/cert/
    5
    cp /root/certificates/2021/staging.med.university.edu.crt /var/www/vhosts/staging.med.university.edu/cert/
    6
    cp /root/certificates/2021/staging.med.university.edu.key /var/www/vhosts/staging.med.university.edu/cert/
    Copied!
  24. 24.
    Create the Apache VirtualHosts by creating a file named 000-elentra.conf and placing it /etc/httpd/conf.d/. This file should contain the following:
    1
    # This will limit what information Apache reveals about itself.
    2
    ServerTokens Prod
    3
    ServerSignature Off
    4
    TraceEnable Off
    5
    6
    SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
    7
    8
    # Apache performance tuning options for more connections.
    9
    #<IfModule mpm_prefork_module>
    10
    # MaxRequestWorkers 512
    11
    # ServerLimit 512
    12
    #</IfModule>
    13
    14
    # Production
    15
    <VirtualHost *:80>
    16
    ServerName elentra.med.university.edu
    17
    ServerAdmin [email protected]
    18
    19
    RewriteEngine On
    20
    RewriteCond %{HTTPS} off
    21
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    22
    </VirtualHost>
    23
    <VirtualHost *:443>
    24
    ServerName elentra.med.university.edu:443
    25
    ServerAdmin [email protected]
    26
    27
    SSLEngine on
    28
    SSLProtocol -all +TLSv1.2
    29
    SSLHonorCipherOrder on
    30
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    31
    32
    SSLCertificateFile /var/www/vhosts/elentra.med.university.edu/cert/elentra.med.university.edu.crt
    33
    SSLCertificateKeyFile /var/www/vhosts/elentra.med.university.edu/cert/elentra.med.university.edu.key
    34
    #SSLCACertificateFile /var/www/vhosts/elentra.med.university.edu/cert/ca-certificate.crt
    35
    36
    SSLUseStapling on
    37
    38
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
    39
    Header always set X-Frame-Options SAMEORIGIN
    40
    41
    DocumentRoot /var/www/vhosts/elentra.med.university.edu/current/www-root
    42
    <Directory "/var/www/vhosts/elentra.med.university.edu/current/www-root">
    43
    Options FollowSymLinks
    44
    Require all granted
    45
    AllowOverride all
    46
    </Directory>
    47
    </VirtualHost>
    48
    49
    # Staging
    50
    <VirtualHost *:80>
    51
    ServerName staging.med.university.edu
    52
    ServerAdmin [email protected]
    53
    54
    RewriteEngine On
    55
    RewriteCond %{HTTPS} off
    56
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    57
    </VirtualHost>
    58
    <VirtualHost *:443>
    59
    ServerName staging.med.university.edu:443
    60
    ServerAdmin [email protected]
    61
    62
    SSLEngine on
    63
    SSLProtocol -all +TLSv1.2
    64
    SSLHonorCipherOrder on
    65
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    66
    67
    SSLCertificateFile /var/www/vhosts/staging.med.university.edu/cert/staging.med.university.edu.crt
    68
    SSLCertificateKeyFile /var/www/vhosts/staging.med.university.edu/cert/staging.med.university.edu.key
    69
    #SSLCACertificateFile /var/www/vhosts/staging.med.university.edu/cert/ca-certificate.crt
    70
    71
    SSLUseStapling on
    72
    73
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
    74
    Header always set X-Frame-Options SAMEORIGIN
    75
    76
    DocumentRoot /var/www/vhosts/staging.med.university.edu/current/www-root
    77
    <Directory "/var/www/vhosts/staging.med.university.edu/current/www-root">
    78
    Options FollowSymLinks
    79
    Require all granted
    80
    AllowOverride all
    81
    </Directory>
    82
    </VirtualHost>
    Copied!
  25. 25.
    Create a new file in the /etc/supervisord.d directory called elentra.ini, and use the following template snippet as a reference to create your own file.
    Please make sure that you have the correct path in command and stdout_logfile, and that user is the correct system account that your existing cron jobs are run as.
    1
    [program:staging]
    2
    process_name=%(program_name)s_%(process_num)02d
    3
    command=php /var/www/vhosts/staging.elentra.med.university.edu/current/www-root/core/library/vendor/elentrapackages/elentra-1x-api/artisan queue:work --queue=high,emails,default,low --env=staging
    4
    autostart=true
    5
    autorestart=true
    6
    user=staging
    7
    numprocs=1
    8
    redirect_stderr=true
    9
    stdout_logfile=/var/www/vhosts/staging.elentra.med.university.edu/storage/logs/worker.log
    10
    11
    [program:production]
    12
    process_name=%(program_name)s_%(process_num)02d
    13
    command=php /var/www/vhosts/elentra.med.university.edu/current/www-root/core/library/vendor/elentrapackages/elentra-1x-api/artisan queue:work --queue=high,emails,default,low --env=production
    14
    autostart=true
    15
    autorestart=true
    16
    user=production
    17
    numprocs=1
    18
    redirect_stderr=true
    19
    stdout_logfile=/var/www/vhosts/elentra.med.university.edu/storage/logs/worker.log
    20
    21
    [group:elentra]
    22
    programs=staging,production
    Copied!
  26. 26.
    Test your new Apache configuration, then restart Apache and Supervisor.
    1
    apachectl configtest
    2
    systemctl restart httpd
    3
    systemctl restart supervisord
    Copied!
Copy link