Line 1: |
Line 1: |
− | ===Generic Instructions for building a Web Application RPM===
| + | {{Level|Developer}} |
| + | =Generic Instructions for building a Web Application RPM= |
| | | |
| RPMS make installation more reliable and removal much easier. | | RPMS make installation more reliable and removal much easier. |
Line 5: |
Line 6: |
| This guide aims to create a common structure for building rpms | | This guide aims to create a common structure for building rpms |
| | | |
− | ====Build environment====
| + | ==Build environment== |
| | | |
− | =====Local Server=====
| + | ===Local Server=== |
− | Create a build environment on your local server, refer to the SME DevGuide | + | Create a build environment on your local server, refer to the SME Server Developer's Guide: [[:SME_Server:Documentation:Developers_Manual#III._How_to_create_an_SME_Server_package_-_step_by_step | How to create a SME Server package - step by step]] |
| | | |
− | http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/p1082.htm
| + | ===SME Build Server=== |
− | | |
− | =====SME Build Server=====
| |
| When you are comfortable building rpms, you are encouraged to put your source files on | | When you are comfortable building rpms, you are encouraged to put your source files on |
− | the SME Build Server, this allows others to more easily update and improve your rpms. | + | the SME Build Server, [[:Package Modification]], this allows others to more easily update and improve your rpms. |
− | | |
− | http://wiki.contribs.org/ReleasingContribs#Submitting_a_contrib_to_the_SME_Server_repository
| |
| | | |
− | ====The Application RPM====
| + | ==The Application RPM== |
| | | |
− | =====Application source=====
| + | ===Application source=== |
| Download the application source, eg foo.tar.gz and place in the SOURCES directory | | Download the application source, eg foo.tar.gz and place in the SOURCES directory |
| | | |
− | =====SPEC file=====
| + | ===SPEC file=== |
| Edit the following sample .spec file and place in the SPECS directory | | Edit the following sample .spec file and place in the SPECS directory |
| | | |
Line 42: |
Line 39: |
| BuildArchitectures: noarch | | BuildArchitectures: noarch |
| BuildRoot: /var/tmp/%{name}-%{version} | | BuildRoot: /var/tmp/%{name}-%{version} |
| + | BuildRequires: e-smith-devtools |
| Requires: e-smith-release >= 7.0 | | Requires: e-smith-release >= 7.0 |
| AutoReqProv: no | | AutoReqProv: no |
Line 56: |
Line 54: |
| %prep | | %prep |
| %setup -c -n %{name} | | %setup -c -n %{name} |
| + | |
| %build | | %build |
| #drop in an unchanged .tgz, if required rename directory here, eg remove version number. | | #drop in an unchanged .tgz, if required rename directory here, eg remove version number. |
Line 73: |
Line 72: |
| cd .. | | cd .. |
| rm -rf %{name} | | rm -rf %{name} |
− |
| |
− | %pre
| |
− | %preun
| |
− | %post
| |
− | %postun
| |
| | | |
| %files -f %{name}-%{version}-filelist | | %files -f %{name}-%{version}-filelist |
| %defattr(-,root,root) | | %defattr(-,root,root) |
| | | |
− | =====Build the RPM=====
| + | ===Build the RPM=== |
| rpmbuild -ba /home/e-smith/files/users/jim/home/rpms/SPECS/foo.spec | | rpmbuild -ba /home/e-smith/files/users/jim/home/rpms/SPECS/foo.spec |
| | | |
| | | |
− | =====Notes=====
| + | ===Notes=== |
| + | Permissions, may need tweaking but usually not many need changing, you don't want the webserver changing the distribution files. |
| | | |
− | Add workarounds and alternate methods here ...
| + | Check the .spec files of other contribs, see the [http://fisheye1.cenqua.com/browse/smecontribs/rpms CVS (SME Contribs)] |
| | | |
− | Permissions, may need tweaking but usually not many need changing, you don't want the webserver changing the distribution files
| + | ==SME Server Intergration RPM== |
| | | |
− | ====SME Intergration RPM====
| + | ===Create database=== |
− | | |
− | =====Create database=====
| |
| * Create password | | * Create password |
| | | |
Line 106: |
Line 99: |
| my $pw = $rec->prop('DbPassword'); | | my $pw = $rec->prop('DbPassword'); |
| return "" if $pw; | | return "" if $pw; |
− |
| + | $rec->set_prop('DbPassword', MIME::Base64::encode(int( (1000000000000000) * rand() ))); |
− | $rec->set_prop('DbPassword', sprintf("%15.0f", int( (1000000000000000) * rand() ))); | |
| } | | } |
| | | |
Line 140: |
Line 132: |
| The %post section of the spec file run the commands to initialise db values and create the db structure | | The %post section of the spec file run the commands to initialise db values and create the db structure |
| | | |
− | =====Webserver templates===== | + | ===db defaults=== |
| + | Reserve the foo name in accounts and create default settings in configuration |
| + | |
| + | Create files in these locations, with default values |
| + | |
| + | root/etc/e-smith/db/accounts/defaults/foo |
| + | root/etc/e-smith/db/accounts/defaults/foo/type > reserved |
| + | |
| + | root/etc/e-smith/db/configuration/defaults/foo |
| + | root/etc/e-smith/db/configuration/defaults/foo/type > service |
| + | root/etc/e-smith/db/configuration/defaults/foo/Name > Helpdesk |
| + | root/etc/e-smith/db/configuration/defaults/foo/PublicAccess > global-pw-remote |
| + | root/etc/e-smith/db/configuration/defaults/foo/status > enabled |
| + | root/etc/e-smith/db/configuration/defaults/foo/DbName > foo |
| + | root/etc/e-smith/db/configuration/defaults/foo/DbUser > foo |
| + | |
| + | root/etc/e-smith/templates.metadata/etc/e-smith/sql/init |
| + | root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/80foo > PERMS=0750 |
| | | |
− | * The alias fragment tailored to suit the application
| + | ===Webserver templates=== |
| | | |
| + | ====Http Template 92Foo==== |
| + | The alias fragment tailored to suit the application |
| root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo | | root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| | | |
Line 223: |
Line 234: |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
| $OUT .= " require valid-user\n"; | | $OUT .= " require valid-user\n"; |
Line 231: |
Line 243: |
| } | | } |
| | | |
− | * a workaround to enable the application to be located in a domain or subdomain root | + | ====Apache Authentication==== |
| + | In the example above, all sme users can authenticate to the web folder /opt/foo, for an application with no matter in security, it is normal but in certain case it could be dangerous. |
| + | * All users of SME Server |
| + | The original template in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| + | { |
| + | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| + | $OUT .= " AuthExternal pwauth\n"; |
| + | '''$OUT .= " require valid-user\n";''' |
| + | $OUT .= " Satisfy $satisfy\n"; |
| + | } |
| + | * one user or several users |
| + | Now you need to modify the 92foo template with these new lines |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| + | { |
| + | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| + | $OUT .= " AuthExternal pwauth\n"; |
| + | '''$OUT .= " require user admin pierre paul\n";''' |
| + | $OUT .= " Satisfy $satisfy\n"; |
| + | } |
| + | *one group or several groups with some specific users |
| + | |
| + | You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/ |
| + | For SME Server 9 a nfr is raised see [[bugzilla:3690]] |
| + | |
| + | wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz |
| + | tar xvzf pwauth-2.3.10.tar.gz |
| + | cp pwauth-2.3.10/unixgroup /usr/lib/httpd/modules/ |
| + | chown root:www /usr/lib/httpd/modules/unixgroup |
| + | chmod 750 /usr/lib/httpd/modules/unixgroup |
| + | |
| + | We need to create a new fragment<br /> |
| + | |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| + | { |
| + | $OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n"; |
| + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
| + | } |
| + | |
| + | Now you need to modify the 92foo template with these new lines |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| + | { |
| + | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| + | $OUT .= " AuthExternal pwauth\n"; |
| + | $OUT .= " GroupExternal unixgroup\n"; |
| + | $OUT .= " AuthzUserAuthoritative off\n"; |
| + | '''$OUT .= " require user admin pierre paul\n";''' |
| + | '''$OUT .= " require group virt\n";''' |
| + | $OUT .= " Satisfy $satisfy\n"; |
| + | } |
| + | |
| + | *DB command to choose groups and users |
| + | Above we have seen how to write name of groups or users directly in the template, but in the real life it is not enough good :)<br /> |
| + | |
| + | The purpose is to choose users or groups by command line. |
| | | |
− | root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80OptDomainFoo | + | -In first you have to make other DB configuration as described [[Web_Application_RPM#db_defaults]] |
| + | echo "admin" > root/etc/e-smith/db/configuration/defaults/foo/User |
| + | echo "" > root/etc/e-smith/db/configuration/defaults/foo/Group |
| + | Only the user admin is set by default |
| | | |
| + | -You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/ |
| + | wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz |
| + | tar xvzf pwauth-2.3.10.tar.gz |
| + | cp pwauth-2.3.10/unixgroup /usr/lib/httpd/modules/ |
| + | chown root:www /usr/lib/httpd/modules/unixgroup |
| + | chmod 750 /usr/lib/httpd/modules/unixgroup |
| + | We need to create a new fragment<br /> |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| { | | { |
− | my $status = $foo{'status'} || "disabled";
| + | $OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n"; |
− | return " # foo-status is disabled.\n" | + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
− | unless $status eq 'enabled';
| + | } |
| | | |
− | my $domain = $foo{'domain'} || "disabled";
| + | |
− | return " # no hostname or domain for foo defined\n"
| + | Now you need to modify the 92foo template with these new lines <br /> |
− | if $domain eq 'disabled';
| + | |
− |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
− | my $DocRoot = "/opt/foo";
| + | |
− |
| + | { |
− | $OUT = "";
| + | $OUT .= " AuthName \"$name\"\n"; |
− | $OUT .= "\n";
| + | $OUT .= " AuthType Basic\n"; |
− | $OUT .= "# Redirect an existing hostname or domain to $DocRoot.\n";
| + | $OUT .= " AuthExternal pwauth\n"; |
− | $OUT .= "<VirtualHost 0.0.0.0:80>\n";
| + | $OUT .= " GroupExternal unixgroup\n"; |
− | $OUT .= " ServerName $domain\n"; | + | $OUT .= " AuthzUserAuthoritative off\n"; |
− | $OUT .= " DocumentRoot $DocRoot\n";
| + | $OUT .= " require user $foo{'User'}\n"; |
− | $OUT .= "</VirtualHost>\n";
| + | $OUT .= " require group $foo{'Group'}\n"; |
− | $OUT .= "<VirtualHost 0.0.0.0:443>\n";
| + | $OUT .= " Satisfy $satisfy\n"; |
− | $OUT .= " ServerName $domain\n";
| + | } |
− | $OUT .= " DocumentRoot $DocRoot\n";
| + | |
− | $OUT .= " SSLEngine on\n";
| + | -change groups and users allowed by CL |
− | $OUT .= "</VirtualHost>\n";
| + | |
| + | config setprop foo User "admin toto" |
| + | config setprop foo Group "famille virt" |
| + | then |
| + | signal-event console-save |
| + | |
| + | =====SME Server 9===== |
| + | The apache authentication is made by a new file named authnz_external_module instead of auth_external_module, therefore you need to slightly modify the code above. <br /> |
| + | If it is not done you can have this error in log file and you won't be authenticated |
| + | configuration error: couldn't check user. No user file?: |
| + | See this [http://code.google.com/p/mod-auth-external/wiki/ConfigApache22 howTo]. You need to verify if your /etc/httpd/conf/httpd.conf contain these lines |
| + | AddExternalGroup unixgroup /usr/bin/unixgroup |
| + | SetExternalGroupMethod unixgroup environment |
| + | |
| + | We are waiting the default use of authenticator unixgroup in sme9 (see [[bugzilla:8008]]). For now you need to make the relevant fragment template. |
| + | |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| + | { |
| + | $OUT .= " AddExternalGroup unixgroup /usr/bin/unixgroup\n"; |
| + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
| + | } |
| + | |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| + | |
| + | { |
| + | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " '''AuthBasicProvider external'''\n"; |
| + | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthExternal pwauth\n"; |
| + | $OUT .= " GroupExternal unixgroup\n"; |
| + | $OUT .= " AuthzUserAuthoritative off\n"; |
| + | $OUT .= " require user $foo{'User'}\n"; |
| + | $OUT .= " require group $foo{'Group'}\n"; |
| + | $OUT .= " Satisfy $satisfy\n"; |
| } | | } |
| | | |
− | * a hack to get https to work, a better solution is required | + | -change groups and users allowed by CL |
| + | |
| + | config setprop foo User "admin toto" |
| + | config setprop foo Group "famille virt" |
| + | then |
| + | signal-event console-save |
| + | |
| + | ====Upload_tmp_dir==== |
| + | Since SME Server V8, you could have sometime an error is thrown by PHP and you will need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many Php applications needs this setting, most of known are wordpress, roudcube, egroupware, etc. Symptoms are that you can't upload contents to the PHP application. |
| + | |
| + | An easy way is to make a Custom Template to resolve this issue. |
| + | |
| + | see [[Uploadtmpdir]] |
| + | |
| + | ====Https_redirection==== |
| + | *a hack to get https to work, a better solution is required, you can see [[Https_redirection]] |
| | | |
| root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30FooAlias | | root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30FooAlias |
Line 275: |
Line 405: |
| } | | } |
| | | |
− | =====System file templates===== | + | *or this solution which does the automatic redirection to https protocol, you have to choose either 30FooAlias or 60FooAlias but not both. |
| + | |
| + | root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/60FooAlias |
| + | |
| + | { |
| + | my $status = $foo{'status'} || "disabled"; |
| + | return " # foo is disabled in this VirtualHost" |
| + | unless $status eq 'enabled'; |
| + | |
| + | { |
| + | if ($port ne "443") |
| + | { |
| + | $OUT .= <<'HERE'; |
| + | ## Redirect Web Address to Secure Address |
| + | RewriteEngine on |
| + | RewriteRule ^/foo https://%{HTTP_HOST}/foo |
| + | |
| + | ## End Of Redirect |
| + | HERE |
| + | } |
| + | } |
| + | |
| + | } |
| + | |
| + | *To enforce the security you can decide to prohibit all connexions which are not https. You need to add "SSLRequireSSL" in the correct position of the 92foo template. |
| + | |
| + | $OUT .= "<Directory /opt/foo>\n"; |
| + | '''$OUT .= " SSLRequireSSL\n";''' |
| + | $OUT .= " AddType application/x-httpd-php .php\n"; |
| + | |
| + | ===System file templates=== |
| | | |
| You may need to create a fragment for a system file such as crontab. | | You may need to create a fragment for a system file such as crontab. |
| | | |
− | http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/c610.htm | + | http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual |
| | | |
− | =====Application templates=====
| + | ===Application templates=== |
| | | |
− | Place a copy of the application config file in the templates directory, <br>
| + | Preferably include the original application config file in the templates directory, <br> |
| then overwrite key values, some of which we keep in SME DB's | | then overwrite key values, some of which we keep in SME DB's |
| | | |
| + | This is not always possible, eg your application modifies the config file <br> |
| + | in this case leave the config file untemplated and advise the user how to configure manually. |
| | | |
| eg . root\etc\template\opt\foo\config.php | | eg . root\etc\template\opt\foo\config.php |
Line 312: |
Line 474: |
| 10config-dist | | 10config-dist |
| | | |
− | include a copy of the distribution file here | + | { |
| + | $OUT = "require_once('config.php.dist');"; |
| + | } |
| | | |
| 20config-sme | | 20config-sme |
Line 318: |
Line 482: |
| // SME Server Settings | | // SME Server Settings |
| { | | { |
− | $OUT .= "\$CFG->dbname = \'$foo{DbName}\'\; \n";
| + | $OUT .= "\$CFG->dbname = ini_get\(\'mysql.default_host\'\)\; \n"; |
− | $OUT .= "\$CFG->dbuser = \'$foo{DbUser}\'\; \n";
| + | $OUT .= "\$CFG->dbuser = ini_get\(\'mysql.default_user\'\)\; \n"; |
− | $OUT .= "\$CFG->dbpass = \'$foo{DbPassword}\'\; \n";
| + | $OUT .= "\$CFG->dbpass = ini_get\(\'mysql.default_password\'\)\; \n"; |
− | $OUT .= "\$CFG->dirroot = \'/opt/foo'\; \n";
| + | $OUT .= "\$CFG->dirroot = \'/opt/foo'\; \n"; |
| } | | } |
| | | |
− | =====Spec file=====
| + | ===Spec file=== |
| | | |
| %define name smeserver-foo | | %define name smeserver-foo |
Line 359: |
Line 523: |
| | | |
| %build | | %build |
− | mkdir -p root/etc/e-smith/db/accounts/defaults/foo
| |
− | echo "reserved" > root/etc/e-smith/db/accounts/defaults/foo/type
| |
− |
| |
− | mkdir -p root/etc/e-smith/db/configuration/defaults/foo
| |
− | echo "Helpdesk" > root/etc/e-smith/db/configuration/defaults/foo/Name
| |
− | echo "global-pw-remote" > root/etc/e-smith/db/configuration/defaults/foo/PublicAccess
| |
− | echo "enabled" > root/etc/e-smith/db/configuration/defaults/foo/status
| |
− | echo "foo" > root/etc/e-smith/db/configuration/defaults/foo/DbName
| |
− | echo "foo" > root/etc/e-smith/db/configuration/defaults/foo/DbUser
| |
− |
| |
− | mkdir -p root/etc/e-smith/templates.metadata/etc/e-smith/sql/init
| |
− | echo "PERMS=0750" > root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/80foo
| |
| | | |
| %install | | %install |
Line 386: |
Line 538: |
| %preun | | %preun |
| %post | | %post |
− | /etc/e-smith/events/actions/initialize-default-databases
| |
− | /sbin/e-smith/expand-template /etc/e-smith/sql/init/80foo
| |
− | /etc/rc.d/init.d/mysql.init start
| |
− | /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
| |
− | /usr/bin/sv h /service/httpd-e-smith
| |
− | /sbin/e-smith/expand-template /opt/foo/config.php
| |
− | /sbin/e-smith/expand-template /etc/crontab
| |
− |
| |
− | echo ""
| |
− | echo "see http://wiki.contribs.org/foo"
| |
| | | |
| %postun | | %postun |
Line 408: |
Line 550: |
| %defattr(-,root,root) | | %defattr(-,root,root) |
| | | |
− | ====Further Information====
| + | ==Further Information== |
| | | |
− | =====Developer guide=====
| + | ===Developer guide=== |
| http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual | | http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual |
| | | |
− | =====New DB settings=====
| + | ===New DB settings=== |
| | | |
| * To disable foo. (default is enabled) | | * To disable foo. (default is enabled) |
Line 429: |
Line 571: |
| global-pw => Entire Internet(password required) | | global-pw => Entire Internet(password required) |
| global-pw-remote => Entire Internet(password required outside local network) | | global-pw-remote => Entire Internet(password required outside local network) |
| + | |
| + | *change groups and users allowed by CL |
| + | |
| + | config setprop foo User "admin toto" |
| + | config setprop foo Group "famille virt" |
| + | then |
| + | signal-event console-save |
| | | |
| * To add a different URL eg. yourserver.net/foo | | * To add a different URL eg. yourserver.net/foo |
| note, this adds another url, it doesn't remove the default | | note, this adds another url, it doesn't remove the default |
| | | |
− | config setprop foo URL school | + | config setprop foo URL newfoo |
− | | |
− | * To run foo from the root of a domain eg.
| |
− | foo.yourserver.net or <br>
| |
− | domain2.org
| |
| | | |
− | config setprop foo domain foo.yourserver.org OR
| + | * To run foo from the root of a domain, This option is buggy to remove |
− | config setprop foo domain domain2.org
| |
| | | |
− | In /server-manager ''Hostnames and Addressess'' setup foo as a hostname on one of you domains or <br>
| + | config delprop foo domain |
− | in ''Domains'' setup a new domain eg. domain2.org, this will overrule the panel setting
| |
| | | |
| To enable your changes run these commands | | To enable your changes run these commands |
| | | |
| expand-template /etc/httpd/conf/httpd.conf | | expand-template /etc/httpd/conf/httpd.conf |
− | sv h /service/httpd-e-smith | + | sv h /service/httpd-e-smith |
| | | |
| + | ===Related applications=== |
| + | * eaccelerator |
| | | |
− | =====Related applications=====
| + | php applications may be faster with [http://sourceforge.net/projects/eaccelerator eaccelerator] |
− | * eaccelerator
| |
| | | |
− | php applications may be faster with http://sourceforge.net/projects/eaccelerator
| + | RPM originally prepared for SME by MasterSleepy and is now in the SMEContribs repo. |
− | prepared for sme7 by MasterSleepy | |
− | http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewdownloaddetails&lid=314
| |
| | | |
| | | |
| <noinclude>[[Category:Howto]]</noinclude> | | <noinclude>[[Category:Howto]]</noinclude> |
| <noinclude>[[Category:Dungog]]</noinclude> | | <noinclude>[[Category:Dungog]]</noinclude> |