From 2794a06e8b7bccf1a71f4667d086a8d2a977355f Mon Sep 17 00:00:00 2001 From: Dmytro Gierman Date: Tue, 24 Feb 2026 14:31:50 +0100 Subject: [PATCH 1/2] Instructions for production install to Ubuntu24.04 --- INSTALL/INSTALL.ubuntu2204.md | 2 +- INSTALL/INSTALL.ubuntu2404.md | 201 +++++++++++++++++++ INSTALL/get_and_unpack_the_latest_release.sh | 38 ++++ 3 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 INSTALL/INSTALL.ubuntu2404.md create mode 100755 INSTALL/get_and_unpack_the_latest_release.sh diff --git a/INSTALL/INSTALL.ubuntu2204.md b/INSTALL/INSTALL.ubuntu2204.md index c279847..b0601d4 100644 --- a/INSTALL/INSTALL.ubuntu2204.md +++ b/INSTALL/INSTALL.ubuntu2204.md @@ -76,7 +76,7 @@ With this configuration: ## 1.4. Install PHP and dependencies (It's recommended to install php8 or php8.1 and all the modules of the version) ```bash -sudo apt-get install -y php8.1 php8.1-cli php8.1-common hp8.1-mysql php8.1-zip php8.1-gd php8.1-mbstring php8.1-curl php8.1-xml php8.1-bcmath php8.1-intl php8.1-imagic +sudo apt-get install -y php8.1 php8.1-cli php8.1-common php8.1-mysql php8.1-zip php8.1-gd php8.1-mbstring php8.1-curl php8.1-xml php8.1-bcmath php8.1-intl php8.1-imagick ``` ## 1.5 Apply PHP configuration settings in your php.ini diff --git a/INSTALL/INSTALL.ubuntu2404.md b/INSTALL/INSTALL.ubuntu2404.md new file mode 100644 index 0000000..7d1d538 --- /dev/null +++ b/INSTALL/INSTALL.ubuntu2404.md @@ -0,0 +1,201 @@ +Installation on Ubuntu 24.04 +============================ + +# 1. Dependencies + +Install some utilities, database, webserver +```bash +sudo apt update +sudo apt-get install -y curl jq mariadb-client mariadb-server apache2 +``` + +Install PHP and its dependencies (the default php version in Ubuntu 24.04 is php8.3): +```bash +sudo apt-get install -y php php-cli php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-bcmath php-intl php-imagick +``` + +# 2. Monarc files + +Run the [get_and_unpack_the_latest_release.sh](./get_and_unpack_the_latest_release.sh) script with `sudo` + to download the latest Monarc release and unpack it into `/var/lib/monarc/`. + +> The script is built to be used in the CI/CD pipelines and will fail with a clear error if the release is not reachable or the deploy directory already exits. + +# 3. Webserver + +Enable required Apache modules: + +```bash +sudo a2dismod status +sudo a2enmod ssl +sudo a2enmod rewrite +sudo a2enmod headers +``` + +Modify the default virtual host: + +```bash +sudo nano /etc/apache2/sites-enabled/000-default.conf +``` + +Use this configuration as an example: + +```conf + + ServerAdmin admin@example.com + ServerName monarc.local + DocumentRoot /var/lib/monarc/fo/public + + + DirectoryIndex index.php + AllowOverride All + Require all granted + + # increase the default php limits + # better here then in the global php.ini as the webserver could run other projects + php_value upload_max_filesize 200M + php_value post_max_size 50M + php_value max_execution_time 100 + php_value max_input_time 223 + php_value memory_limit 512M + # Error logs settings for production: + php_value error_reporting E_ALL + php_flag log_errors On + # for development, set to "On" + php_flag display_errors Off + + + + + Header always set X-Content-Type-Options nosniff + Header always set X-XSS-Protection "1; mode=block" + Header always set X-Robots-Tag none + Header always set X-Frame-Options SAMEORIGIN + + + SetEnv APP_ENV "production" + +``` + +Check the configuration and apply changes: + +```bash +apachectl configtest +sudo apachectl restart +``` + + +# 4. Database + +Secure the MariaDB installation and set a strong root password. + +```bash +sudo mysql_secure_installation +``` + +## 4.1 Create a database user + +Start MariaDB as root: + +```bash +sudo mysql +``` + +Create a new user for MONARC (please use more secured password): + +```sql +CREATE USER 'monarc'@'%' IDENTIFIED BY 'password'; +GRANT ALL PRIVILEGES ON monarc_cli.* TO 'monarc'@'%'; +GRANT ALL PRIVILEGES ON monarc_common.* TO 'monarc'@'%'; +FLUSH PRIVILEGES; +``` + +## 4.2 Create 2 databases + +In your MariaDB interpreter: + +```sql +CREATE DATABASE monarc_cli DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; +CREATE DATABASE monarc_common DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; +``` + +* monarc_common contains models and data created by CASES; +* monarc_cli contains all client risk analyses. Each analysis is based on CASES model of monarc_common. + +## 4.3 Initialize the database + +```bash +cd /var/lib/monarc/fo +mysql -u monarc -ppassword monarc_common < db-bootstrap/monarc_structure.sql +mysql -u monarc -ppassword monarc_common < db-bootstrap/monarc_data.sql +``` + +## 4.4 Connect Monarc App to the database + +Create and edit the configuration file: + +```bash +sudo cp ./config/autoload/local.php.dist ./config/autoload/local.php +sudo nano ./config/autoload/local.php +``` + +Configure the database connection (use the secured password set on the DB user creation step): + +```php + return [ + 'doctrine' => [ + 'connection' => [ + 'orm_default' => [ + 'params' => [ + 'host' => 'localhost', + 'user' => 'monarc', + 'password' => 'password', + 'dbname' => 'monarc_common', + ], + ], + 'orm_cli' => [ + 'params' => [ + 'host' => 'localhost', + 'user' => 'monarc', + 'password' => 'password', + 'dbname' => 'monarc_cli', + ], + ], + ], + ], + ]; +``` + +## 4.5 Migrate the MONARC DB + +```bash +php ./vendor/robmorgan/phinx/bin/phinx migrate -c module/Monarc/FrontOffice/migrations/phinx.php +php ./vendor/robmorgan/phinx/bin/phinx migrate -c module/Monarc/Core/migrations/phinx.php +``` + + +## 4.6 Create initial user + +```bash +php ./vendor/robmorgan/phinx/bin/phinx seed:run -c ./module/Monarc/FrontOffice/migrations/phinx.php +``` + +The username is *admin@admin.localhost* and the password is *admin*. + + +# 5. Statistics for Global Dashboard + +If you would like to use the global dashboard stats feature, you need to +configure a Stats Service instance on your server. + +The architecture, installation instructions and GitHub project can be found here: + +- https://www.monarc.lu/documentation/stats-service/master/architecture.html +- https://www.monarc.lu/documentation/stats-service/master/installation.html +- https://github.com/monarc-project/stats-service + +The Virtual Machine installation script could be used to detail more steps in case of additional configuration necessity: +https://github.com/monarc-project/monarc-packer/blob/ubuntu-22.04/scripts/bootstrap.sh + +The communication of access to the StatsService is performed on each instance of +FrontOffice (clients). diff --git a/INSTALL/get_and_unpack_the_latest_release.sh b/INSTALL/get_and_unpack_the_latest_release.sh new file mode 100755 index 0000000..0941799 --- /dev/null +++ b/INSTALL/get_and_unpack_the_latest_release.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +set -euo pipefail + +BASEDIR="/var/lib/monarc" +RELEASES="$BASEDIR/releases" +APP_LINK="$BASEDIR/fo" +DATA_DIR="$BASEDIR/fo-data" + +# Ensure base directories exist +mkdir -p "$RELEASES" "$DATA_DIR"/{cache,DoctrineORMModule/Proxy,LazyServices/Proxy,import/files} + +# Get latest version +VERSION=$(curl -s https://api.github.com/repos/monarc-project/MonarcAppFO/releases/latest | jq -r '.tag_name') +[ -z "$VERSION" ] && { echo "Failed to resolve app release version"; exit 1; } +RELEASE_NAME="MonarcAppFO-${VERSION}" +ARCHIVE_URL="https://github.com/monarc-project/MonarcAppFO/releases/download/${VERSION}/${RELEASE_NAME}.tar.gz" + +# Extraction target +TARGET_DIR="$RELEASES/$RELEASE_NAME" + +if [ ! -d "$TARGET_DIR" ]; then + mkdir -p "$TARGET_DIR" + echo "Downloading the latest Monarc version $VERSION" + # --strip-components=1 prevents the "folder inside a folder" issue + curl -L "$ARCHIVE_URL" | tar -xzf - -C "$TARGET_DIR" --strip-components=1 +else + echo "ERROR! $TARGET_DIR already exists!"; exit 1 +fi + +# Link data (remove existing folder in release if it exists to allow symlink) +rm -rf "$TARGET_DIR/data" +ln -sfn "$DATA_DIR" "$TARGET_DIR/data" + +# Atomic switch of the main app link +ln -sfn "$TARGET_DIR" "$APP_LINK" + +# change owner +chown -R www-data:www-data /var/lib/monarc \ No newline at end of file From ddcc9119967bc084d2717bbe91c878a42a8d8933 Mon Sep 17 00:00:00 2001 From: Dmytro Gierman Date: Mon, 2 Mar 2026 15:17:04 +0100 Subject: [PATCH 2/2] move install script into ./scripts ; update Instructions --- INSTALL/INSTALL.ubuntu2404.md | 8 ++- INSTALL/UPDATE.ubuntu.md | 3 ++ INSTALL/get_and_unpack_the_latest_release.sh | 38 --------------- scripts/install_latest_fo_release.sh | 51 ++++++++++++++++++++ 4 files changed, 57 insertions(+), 43 deletions(-) delete mode 100755 INSTALL/get_and_unpack_the_latest_release.sh create mode 100755 scripts/install_latest_fo_release.sh diff --git a/INSTALL/INSTALL.ubuntu2404.md b/INSTALL/INSTALL.ubuntu2404.md index 7d1d538..3fd094f 100644 --- a/INSTALL/INSTALL.ubuntu2404.md +++ b/INSTALL/INSTALL.ubuntu2404.md @@ -6,7 +6,7 @@ Installation on Ubuntu 24.04 Install some utilities, database, webserver ```bash sudo apt update -sudo apt-get install -y curl jq mariadb-client mariadb-server apache2 +sudo apt-get install -y zip unzip git gettext curl jq mariadb-client mariadb-server apache2 ``` Install PHP and its dependencies (the default php version in Ubuntu 24.04 is php8.3): @@ -16,7 +16,7 @@ sudo apt-get install -y php php-cli php-common php-mysql php-zip php-gd php-mbst # 2. Monarc files -Run the [get_and_unpack_the_latest_release.sh](./get_and_unpack_the_latest_release.sh) script with `sudo` +Run the [install_latest_fo_release.sh](../scripts/install_latest_fo_release.sh) script with `sudo` to download the latest Monarc release and unpack it into `/var/lib/monarc/`. > The script is built to be used in the CI/CD pipelines and will fail with a clear error if the release is not reachable or the deploy directory already exits. @@ -169,11 +169,9 @@ Configure the database connection (use the secured password set on the DB user c ## 4.5 Migrate the MONARC DB ```bash -php ./vendor/robmorgan/phinx/bin/phinx migrate -c module/Monarc/FrontOffice/migrations/phinx.php -php ./vendor/robmorgan/phinx/bin/phinx migrate -c module/Monarc/Core/migrations/phinx.php +bash ./scripts/upgrade-db.sh ``` - ## 4.6 Create initial user ```bash diff --git a/INSTALL/UPDATE.ubuntu.md b/INSTALL/UPDATE.ubuntu.md index ef44117..78e4c2a 100644 --- a/INSTALL/UPDATE.ubuntu.md +++ b/INSTALL/UPDATE.ubuntu.md @@ -19,6 +19,9 @@ curl -sL $MONARCFO_RELEASE_URL -o /var/lib/monarc/releases/`basename $MONARCFO_R mkdir /var/lib/monarc/releases/`basename $MONARCFO_RELEASE_URL | sed 's/.tar.gz//'` # Unarchive the release: tar -xzf /var/lib/monarc/releases/`basename $MONARCFO_RELEASE_URL` -C /var/lib/monarc/releases/`basename $MONARCFO_RELEASE_URL | sed 's/.tar.gz//'` +# Copy existing configuration to the new release. +cp "$PATH_TO_MONARC/config/autoload/local.php" \ + "/var/lib/monarc/releases/`basename $MONARCFO_RELEASE_URL | sed 's/.tar.gz//'`/config/autoload/local.php" # Update the release symlink: ln -sfn /var/lib/monarc/releases/`basename $MONARCFO_RELEASE_URL | sed 's/.tar.gz//'` $PATH_TO_MONARC # Migrate the DB: diff --git a/INSTALL/get_and_unpack_the_latest_release.sh b/INSTALL/get_and_unpack_the_latest_release.sh deleted file mode 100755 index 0941799..0000000 --- a/INSTALL/get_and_unpack_the_latest_release.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -BASEDIR="/var/lib/monarc" -RELEASES="$BASEDIR/releases" -APP_LINK="$BASEDIR/fo" -DATA_DIR="$BASEDIR/fo-data" - -# Ensure base directories exist -mkdir -p "$RELEASES" "$DATA_DIR"/{cache,DoctrineORMModule/Proxy,LazyServices/Proxy,import/files} - -# Get latest version -VERSION=$(curl -s https://api.github.com/repos/monarc-project/MonarcAppFO/releases/latest | jq -r '.tag_name') -[ -z "$VERSION" ] && { echo "Failed to resolve app release version"; exit 1; } -RELEASE_NAME="MonarcAppFO-${VERSION}" -ARCHIVE_URL="https://github.com/monarc-project/MonarcAppFO/releases/download/${VERSION}/${RELEASE_NAME}.tar.gz" - -# Extraction target -TARGET_DIR="$RELEASES/$RELEASE_NAME" - -if [ ! -d "$TARGET_DIR" ]; then - mkdir -p "$TARGET_DIR" - echo "Downloading the latest Monarc version $VERSION" - # --strip-components=1 prevents the "folder inside a folder" issue - curl -L "$ARCHIVE_URL" | tar -xzf - -C "$TARGET_DIR" --strip-components=1 -else - echo "ERROR! $TARGET_DIR already exists!"; exit 1 -fi - -# Link data (remove existing folder in release if it exists to allow symlink) -rm -rf "$TARGET_DIR/data" -ln -sfn "$DATA_DIR" "$TARGET_DIR/data" - -# Atomic switch of the main app link -ln -sfn "$TARGET_DIR" "$APP_LINK" - -# change owner -chown -R www-data:www-data /var/lib/monarc \ No newline at end of file diff --git a/scripts/install_latest_fo_release.sh b/scripts/install_latest_fo_release.sh new file mode 100755 index 0000000..36a67a2 --- /dev/null +++ b/scripts/install_latest_fo_release.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash +set -euo pipefail + +BASEDIR="/var/lib/monarc" +RELEASES="$BASEDIR/releases" +APP_LINK="$BASEDIR/fo" +DATA_DIR="$BASEDIR/fo-data" + +function error() { echo "Error: $1" > /dev/stderr; exit 1; } + +# ensure no existing release is present +if [ -f "$APP_LINK/config/autoload/local.php" ]; then + echo "Existing Monarc installation found! Run the UPDATE script instead:"; + echo " https://github.com/monarc-project/MonarcAppFO/blob/master/INSTALL/UPDATE.ubuntu.md"; + error "Aborting installation."; +fi + +# Ensure base directories exist +mkdir -p "$RELEASES" "$DATA_DIR"/{cache,DoctrineORMModule/Proxy,LazyServices/Proxy,import/files} + +# Get latest version +VERSION=$(curl -s https://api.github.com/repos/monarc-project/MonarcAppFO/releases/latest | jq -r '.tag_name') +if [ -z "$VERSION" ] || [ "$VERSION" = "null" ]; then + error "Failed to resolve app release version" +fi +RELEASE_NAME="MonarcAppFO-${VERSION}" +ARCHIVE_URL="https://github.com/monarc-project/MonarcAppFO/releases/download/${VERSION}/${RELEASE_NAME}.tar.gz" + +# Extraction target +TARGET_DIR="$RELEASES/$RELEASE_NAME" +test -d "$TARGET_DIR" && error "$TARGET_DIR already exists!" +mkdir -p "$TARGET_DIR" + +echo "Downloading the latest Monarc version $VERSION" +# --strip-components=1 prevents the "folder inside a folder" issue +curl -L "$ARCHIVE_URL" | tar -xzf - -C "$TARGET_DIR" --strip-components=1 + +# if data folder exist in release - remove it to allow symlink +rm -rf "$TARGET_DIR/data" +# Link data folder into release folder +ln -sfn "$DATA_DIR" "$TARGET_DIR/data" + +# Link the release into the app folder +ln -sfn "$TARGET_DIR" "$APP_LINK" + +# change owner +chown -R www-data:www-data /var/lib/monarc + +echo "Monarc version $VERSION files was installed successfully!" +echo "No database or web-server configuration changes were made." +echo "Follow the installation instruction for the next steps." \ No newline at end of file