Deployment

elDoc deployment steps on CentOS 9 Linux / RedHat 9 Linux



Contents:


1. General assumptions

1.1. SELinux subsystem

This guide assumes that SELinux is disabled as such SELinux deployment steps are not covered. In case you need to keep SELinux enabled - please perform necessary adjustments according to your needs and follow the SELinux documentation.

In order to disable SELinux the followings steps are to be performed:

1) Edit file /etc/selinux/config

nano /etc/selinux/config

2) Locate line with SELINUX= parameter and set it as:

SELINUX=disabled

3) Save file, exit editor and execute command:

setenforce 0

1.2. Folders structure

It is assumed that installation will be performed in the directory /local.

The folder structure is the following:

\local
|–-elDoc
|–-mongo
|–-mongoData
|–-java
|--tessData
|–-solr
|–-solrData

|–-jmc
|--ooDocServer


2. Java installation

Steps below assume that you have downloaded Azul Zulu Java archive named zulu11.60.19-ca-jre11.0.17-linux_x64.tar.gz

1) Create directory and un-tar archive

mkdir /local/java && tar -xvzf zulu11.60.19-ca-jre11.0.17-linux_x64.tar.gz -C /local/java

ln -sfn /local/java/zulu11.60.19-ca-jre11.0.17-linux_x64/ /local/java/java_active

3) Set as default java runtime

alternatives --install /usr/bin/java java /local/java/java_active/bin/java 1

4) Configure Environment Variables

nano /etc/profile.d/java.sh

export JRE_HOME=/local/java/java_active
export PATH=$PATH:/local/java/java_active/bin

5) Verify successful Java deployment

Re-login into shell and execute: java -version

Output should be like shown below:

[root@eldoc.server.local /]# java -version
openjdk version "11.0.13" 2021-10-19 LTS
OpenJDK Runtime Environment Zulu11.52+13-CA (build 11.0.13+8-LTS)
OpenJDK 64-Bit Server VM Zulu11.52+13-CA (build 11.0.13+8-LTS, mixed mode)


3. MongoDB installation

3.1. Installation using yum repository manager (recommended)

Reference to the MongoDB website: https://www.mongodb.com/docs/v5.0/tutorial/install-mongodb-on-red-hat/

1) Create a repository config

nano /etc/yum.repos.d/mongodb-org-5.0.repo

[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc

2) Install MongoDB packages

dnf install -y mongodb-org

Note

At the time of writing this page, the MongoDB repository for version 9 RHEL-based systems doesn't contain mongodb-org installation package, as such the repository for the RHEL version 8-based systems should be used instead:

Execute commands:

update-crypto-policies --set LEGACY
reboot

Replace baseurl in the /etc/yum.repos.d/mongodb-org-5.0.repo file with the following one:

baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/5.0/x86_64/


3) Enable MongoDB Service

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)

In order to enable and launch MongoDB service - execute the following command:

systemctl enable mongod


3.2. Installation using tarball

Reference to the MongoDB official documentation: https://www.mongodb.com/docs/v5.0/tutorial/install-mongodb-on-red-hat-tarball/

1) Install prerequisites

dnf install libcurl openssl xz-libs

2) Obtain the MongoDB tarball and extract it contents

tar -xvf mongodb-linux-x86_64-rhel80-5.0.9.tgz -C /local/
mv /local/mongodb-linux-x86_64-rhel80-5.0.9.tgz/ /local/mongo

3) Adjust limits after manual installation

Please review the MongoDB recommendations on adjusting the limits: https://docs.mongodb.com/manual/reference/ulimit/

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)


3.3. Post-installation steps


3.4. Configuration and launch

Create MongoDB data directory by executing commands:

mkdir /local/mongoData && chown -R mongod:mongod /local/mongoData


Create MongoDB key-file:

openssl rand -base64 756 > /etc/mongod.key
chmod 400 /etc/mongod.key
chown mongod:mongod /etc/mongod.key


Create or edit MongoDB configuration file, which should look similar to the one provided below:

nano /local/mongo/mongod.conf

systemLog:
  destination: file
  path: /var/log/mongodb/mongod.log
  logAppend: true

storage:
  dbPath: /local/mongoData
  journal:
    enabled: true

processManagement:
  fork: true
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

net:
  bindIp: 0.0.0.0
  port: 27017

security:
  keyFile: /etc/mongod.key
# authorization: enabled

*Make sure that all paths are valid and have a read-write access for the mognod user.


Launch MongoDB Service by executing command:

systemctl start mongod


3.5. Users creation

1) Launch MongoDB shell

To launch MongoDB shell execute the following command:

mongosh

In case of manually deployed MongoDB - you may need to download and extract MongoDB Database Tools. Assuming that Database Tools were extracted to the MongoDB bin directory, you may launch MongoDB Shell manually executing the following command:

/local/mongo/bin/mongo

2) Create root user in MongoDB

use admin
db.createUser( {user: "root", pwd: "XXXXXXX", roles: [{role: "root", db: "admin"}]} )

3) Create elDoc application user (follow the pattern of the db-name as shown below)

use eldoc_cidXXX
db.createUser( {user: "cidXXX", pwd: "ZZZZZZZ", roles: [{role: "dbOwner", db: "eldoc_cidXXX"}]} )

Where cidXXX is an id of the elDoc DB user. Make sure that cidXXX used during DB creation is the same as the one stated in the elDoc config file (eldoc.conf)

4) Securely write down logins, db-names and passwords

5) Enable MongoDB authentication

Open MongoDB configuration file and uncomment the following lines:

security:
  authorization: enabled  

6) Restart MongoDB service

systemctl restart mongod


4. elDoc dependencies installation & configuration

4.1. Installation of the IDP dependencies

1) Download and install TessData

mkdir /local/tessData && cd /local/tessData
wget -O tessdata_best-4.1.0.zip https://github.com/tesseract-ocr/tessdata_best/archive/4.1.0.zip
unzip tessdata_best-4.1.0.zip
rm -f tessdata_best-4.1.0.zip

Variable idp.tessdata.path in the eldoc.conf file to be populated with the value /local/tessData/tessdata_best-4.1.0

eldoc.conf
idp.tessdata.path=/local/tessData/tessdata_best-4.1.0


4.2. Installation of the full-text search service

NOTE: This component provides full-text search functionality and is optional for deployment

1) Install prerequisites

dnf install lsof

2) Download and extract Apache Solr software

cd /local/_distr
wget
https://www.apache.org/dyn/closer.lua/solr/solr/9.0.0/solr-9.0.0.tgz?action=download -O solr-9.0.0.tgz
mkdir /local/solr && mkdir /local/solrData && mkdir /local/solrData/data && mkdir /local/solrData/logs
tar -zxvf solr-9.0.0.tgz -C /local/solr
ln -sfn /local/solr/solr-9.0.0/ /local/solr/solr
cp /local/solr/solr/server/solr/solr.xml /local/solrData/data/ && cp /local/solr/solr/server/solr/zoo.cfg /local/solrData/data/
cp /local/solr/solr/server/resources/log4j2.xml /local/solrData/

3) Deploy provided Solr Core configuration

cd /local/_distr && wget https://dms-solutions.co/downloads/configset_elDoc-v5.7.x_Solr-v9.0.x.zip
unzip configset_elDoc-v5.7.x_Solr-v9.0.x.zip

mv configset_elDoc-v5.7.x_Solr-v9.0.x/solrData/data/configsets /local/solrData/data/configsets
rm -rf configset_elDoc-v5.7.x_Solr-v9.0.x

4) Create user for Solr service

groupadd solr
useradd -gsolr -s/bin/bash -M solr
chown -R solr:solr /local/solrData

5) Install Solr service

nano /etc/systemd/system/solr.service

solr.service
[Unit]
Description=Apache Solr
After=syslog.target network.target

[Service]
Type=forking
User=solr
Restart=on-failure
LimitNOFILE=65000
LimitNPROC=65000
Environment="SOLR_INSTALL_DIR=/local/solr/solr"
Environment="SOLR_PID_DIR=/local/solrData/"
Environment="SOLR_HOME=/local/solrData/data"
Environment="LOG4J_PROPS=/local/solrData/log4j2.xml"
Environment="SOLR_LOGS_DIR=/local/solrData/logs"
Environment="SOLR_PORT=8983"
Environment="SOLR_MODULES=extraction"
Environment="SOLR_JAVA_MEM=-Xms512m -Xmx1g"
Environment="SOLR_REQUESTLOG_ENABLED=false"
Environment="SOLR_LOG_LEVEL=WARN"
PIDFile=/local/solrData/solr-8983.pid
WorkingDirectory=/local/solrData
ExecStart=/local/solr/solr/bin/solr start
ExecReload=/local/solr/solr/bin/solr restart
ExecStop=/local/solr/solr/bin/solr stop

[Install]
WantedBy=multi-user.target 

6) Enable and launch Solr service

systemctl daemon-reload && systemctl enable solr.service && systemctl start solr.service


4.3. Installation of the sync-service

NOTE: This component provides data synchronization capabilities between MongoDB and full-text search service and required to be installed only in case full-text search service was installed.

1) Download elDoc Java Mongo Connector

cd /local/_distr && wget https://dms-solutions.co/downloads/eldoc-jmc-1.3-service-distr.zip

2) Unzip and deploy required files

unzip eldoc-jmc-1.3-service-distr.zip
mv jmc /local/jmc && mv jmc.service /etc/systemd/system

mkdir /local/jmc/logs
chmod +x /local/jmc/jmc-service.sh

3) Create user and group for running synch service

groupadd jmc
useradd -gjmc -s/bin/bash -M jmc

4) Enable MongoDB replication

nano /etc/mongod.conf

replication
  replSetName: rs0

Restart MongoDB after adjusting configuration, then login to the MongoDB shell and initialize replication and create user for synch service:

mongosh
use admin

db.auth("root")
rs.initiate()
db.createUser( {user: "jmc", pwd: passwordPrompt(), roles: ["backup"]} )

Securely write down created user credentials

5) Adjust config and access reghts for the config file as required

nano /local/jmc/config-eldoc.json

Adjust access rights for the sync service configuration

chmod 600 /local/jmc/config-eldoc.json
chown -R jmc:jmc /local/jmc/

6) Install and enable sync system service

Make necessary adjustments where required

chmod +x /local/jmc/jmc-service.sh
nano /etc/systemd/system/jmc.service

jmc.service
[Unit]
Description=elDoc Java Mongo Connector Service
After=syslog.target network.target mongod.service solr.service
Requires=mongod.service solr.service

[Service]
User=jmc
Type=forking
ExecStart=/local/jmc/jmc-service.sh
ExecStop=/bin/kill -s TERM $MAINPID
WorkingDirectory=/local/jmc
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Once sync service configured you may launch it by executing the following command:

systemctl daemon-reload && systemctl enable jmc.service && systemctl start jmc


4.4. Installation of the online editing service

NOTE: This component is optional and provides online editing capabilities for the office documents.

Steps below provide procedure on installing community version of the online editing service. 

Execute the following commands:

wget https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/repodata/repomd.xml.key && sudo rpm --import repomd.xml.key
dnf install yum-utils
yum-config-manager --add-repo https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8
dnf install coolwsd CODE-brand

systemctl enable coolwsd && systemctl start coolwsd


4.5. Installation of the office conversion service

NOTE: This component is optional and provides online preview and document auto-filling functionality.

1) Office conversion service installed using standard Linux package manager

dnf install libreoffice-base libreoffice-writer libreoffice-math libreoffice-calc libreoffice-core libreoffice-draw libreoffice-emailmerge libreoffice-graphicfilter libreoffice-impress libreoffice-opensymbol-fonts libreoffice-data libreoffice-ure libreoffice-ure-common libreoffice-pyuno libreoffice-filters libreoffice-ogltrans libreoffice-pdfimport libreoffice-xsltfilter libreoffice-langpack-en libreoffice-langpack-ru libreoffice-langpack-uk libreofficekit libreoffice-headless

After executing the command above required packages will be installed in the system and automatically picked-up by the elDoc system.


4.6. Installation of the reverse-proxy service

1) Reverse-proxy (based on Nginx) is installed using standard Linux package manager. First check available versions (this step is optional for CentOS 9 / RedHat 9)

dnf module list nginx

2) Switch to the latest available version (this step is optional for CentOS 9 / RedHat 9)

dnf module enable nginx:1.20

In case of errors related to switching to the latest version - execute the command: dnf module reset nginx and try again

3) Install nginx reverse-proxy

dnf install nginx

4) Remove default configuration file

rm -f /etc/nginx/conf.d/default.conf

5) Create configuration for elDoc server by pasting the following content into the /etc/nginx/conf.d/eldoc.conf configuration file

nano /etc/nginx/conf.d/eldoc.conf

IMPORTANT: adjust parameters like (server_name, ssl_certificate, ssl_certificate_key) as required according to your environment.

/etc/nginx/conf.d/eldoc.conf
upstream eldoc {
  server localhost:8080;
}

upstream officeservice {
  server localhost:18443;
}

map $http_upgrade $proxy_connection {
  default   upgrade;
  ""        close;
}

map $cache $expires {
  1         30d;
  default   off;
}

map $cache $control {
  1         "public, no-transform";
}

map $uri $cache {
  ~*\.(ico|css|js|gif|jpe?g|png|tif?f|woff|ttf|otf|svg|woff2|eot)$    1;
}

server {
  listen                     443 ssl http2;
  server_tokens              off;
  server_name                eldoc.domain.com;
  ssl_certificate            /etc/nginx/ssl/XXXXXX.crt;
  ssl_certificate_key        /etc/nginx/ssl/XXXXXX.key;
  ssl_protocols              TLSv1.2 TLSv1.3;
  ssl_ciphers                HIGH:!aNULL:!MD5;
  client_max_body_size       100M;
  error_page                 404                 /404.xhtml;
  expires                    $expires;
  add_header                 Cache-Control       $control;

  location / {
    proxy_pass             http://eldoc/;
    proxy_connect_timeout  600;
    proxy_send_timeout     600;
    proxy_read_timeout     600;
    send_timeout           600;
    proxy_http_version     1.1;
    proxy_set_header       Upgrade             $http_upgrade;
    proxy_set_header       Connection          $proxy_connection;
    proxy_set_header       Host                $host:$server_port;
    proxy_set_header       X-Real-IP           $remote_addr;
    proxy_set_header       X-Remote-IP         $remote_addr;
    proxy_set_header       X-Forwarded-Host    $host;
    proxy_set_header       X-Forwarded-Server  $host;
    proxy_set_header       X-Forwarded-Proto   $scheme;
    proxy_set_header       X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header       Proxy-IP            $remote_addr;
    proxy_set_header       Proxy-keysize       256;
  }

  # Not required in case online editing service is not installed
  location /officeservice {
    proxy_pass             https://officeservice/;
    proxy_connect_timeout  600;
    proxy_send_timeout     600;
    proxy_read_timeout     600;
    send_timeout           600;
    proxy_http_version     1.1;
    proxy_set_header       Upgrade             $http_upgrade;
    proxy_set_header       Connection          $proxy_connection;
    proxy_set_header       Host                $host;
    proxy_set_header       X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header       X-Remote-IP         $remote_addr;
    proxy_set_header       X-Real-IP           $remote_addr;
    proxy_set_header       X-Forwarded-Host    $host/officeservice;
    proxy_set_header       X-Forwarded-Server  $host;
    proxy_set_header       X-Forwarded-Proto   $scheme;
  }
}

6) Adjust default nginx config file and remove default server blocks, minimal content of the file is provided below

nano /etc/nginx/nginx.conf

/etc/nginx/nginx.conf
user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log off;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}

7) Adjust firewall rules in case required

firewall-cmd --permanent --add-service=https && firewall-cmd --reload

8) Enable and start reverse-proxy service

systemctl enable nginx && systemctl start nginx


5. elDoc installation & configuration

1) Extract obtained elDoc distribution archive

Extract elDoc archive into /local/elDoc folder

2) Create user for running elDoc server (replace user name cidXXX with the provided name (if any), or use some meaningful user name, e.g.: eldoc for PROD, qa01 for QA, etc)

groupadd eldoc
useradd -geldoc -s/bin/bash -M cidXXX
chown -R cidXXX:eldoc /local/elDoc

3) Edit elDoc configuration file in order to configure the elDoc system

nano /local/elDoc/eldoc.conf
chmod 600 /local/elDoc/eldoc.conf

4) Edit elDoc system service file and replace respective parameters (e.g.: User=cidXXX) where required

nano /local/elDoc/eldoc.service 

5) Install elDoc as a linux service

mv /local/elDoc/eldoc.service /etc/systemd/system/
systemctl enable eldoc

6) Adjust file attributes on the server launch script

chmod +x /local/elDoc/elDoc-server.sh

7) Start elDoc server

systemctl start eldoc

8) Initial login to the elDoc system and administrator user creation

In order to perform initial login to the elDoc system you need to enable "elDoc maintenance mode" via making the necessary adjustments in the eldoc.conf file. Once admin user is created in the elDoc system you need to disable the "elDoc maintenance mode".



Updated: 31.10.2022