server installation
Wiki ▸ Server Installation
#Biobank server installation
The server can be deployed on computers running Linux or MS Windows. However, up to now the server has only been tested and installed on computers running Linux. The Biobank server is distributed as an Ubuntu package or as a tar archive. It should be installed under a special user account for better security.
The Biobank server runs as an application under JBoss (version 4.0.5 GA). Some precautions, listed below, should be taken when running the server.
##Download
The most recent version can be downloaded from here:
##Requirements
A minimum of 2 GB or RAM memory is required to run the server. Up to now the server has been installed on stand alone servers and also on Virtual Machines.
Prior to deploying a server, the following software packages have to be installed:
-
Oracle Java SE Development Kit 6. Please see the instructions given below on how to configure Java on your Ubuntu. For other distributions please refer to it's documentation. Please do not use OpenJDK as the application will not work correctly.
-
MySQL Server version 5.1 or later.
-
Perl.
-
Zip.
-
Unzip.
-
OpenSSL - This is optional and is only required to create a temporary certificate. If you have your own certificate then this package is not requried.
##Installation
-
Install Java by following the instructions on this page: Installing Java.
-
Install the required packages:
sudo apt-get install perl libterm-readkey-perl zip unzip openssl
-
For security reasons, it is better to run JBoss as a non root user. To do this, create a jboss user account:
sudo useradd --system -d /opt/jboss -s /bin/bash jboss
Please use
/opt/jbossas the home directory since the prebuilt package installs the files to this directory. -
Install the Biobank server package:
sudo dpkg -i biobank-server-<version>.deb
where
<version>matches the version of the file you downloaded.After the command completes your
/opt/jbossdirectory will be populated with new files. Some of these files are scripts that need to be run to configure the server for your installation. More details are given below. -
Move the JBoss startup script so that the server can be started as a service.
sudo mv jboss-init.sh /etc/init.d/jboss sudo chown root:root /etc/init.d/jboss sudo chmod a+rwx /etc/init.d/jboss
-
Add the server to the init system:
sudo update-rc.d jboss defaults
-
Configure the MySQL server by following the instructions on this page: MySQL configuration.
-
Create a database on the MySQL server to be used by the Biobank server and create a user to access to the database. Grant all privileges on the biobank database to this user.
For example, these commands create the database named
biobank. Start the MySQL command line tool with this command:mysql -h <hostname> -uroot -p<password> mysql
and create the database and add a user that can access the database.
CREATE DATABASE biobank; CREATE USER 'XXXXX'@'localhost' IDENTIFIED BY 'ZZZZZ'; GRANT ALL PRIVILEGES ON biobank.* TO 'XXXXX'@'localhost' WITH GRANT OPTION;
XXXXXandZZZZZshould be replaced with the username and password you would like to use in your configuration. -
Configure time zone information on the MySQL server:
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -uroot -p mysql sudo service mysql restart -
To create an SSL certificate see these instructions: SSL Certificate. To create a temporary certificate for testing see here: Temporary SSL Certificate.
-
Run the
/opt/jboss/configureand you will be prompted with values to configure your server. You will be asked for the following: -
The host name for the MySQL server.
-
The name of the database to be used by the Biobank server on the MySQL server. In the example given above the name of the database was
biobank. -
The user name the Biobank server should use to communicate with the MySQL server.
-
The password for the user name.
-
The password for the Jboss Web Console and JMX Console. They will both use the same password.
-
If the database has not been initialized you will prompted to do so.
-
Run the
/opt/jboss/chkconfigscript to test your configuration. The script runs a series of tests and outputs the results. Ensure all the tests pass. Once all the tests pass you can start the server. -
Install and configure the Apache Web Server to front JBoss using these instructions.
-
Use iptables to limit the ports open to the world.
First install the
iptables-persistentUbuntu package:sudo /etc/init.d/jboss start
Then open port 443:
sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT sudo iptables-save > /etc/iptables/rules.v4 sudo service iptables-persistent start
Start the biobank server with the command:
sudo /etc/init.d/jboss startYou can test that the server is running by opening the following URL in your browser:
https://_IP_or_DN_/biobankWhere _IP_or_DN_ is the IP address or domain name for your server.
You should see a web page similar to the one shown below:
You can log into the JMX Console and JBoss Web Console by opening this URL in your browser:
https://_IP_or_DN_/and selecting the appropriate link. The user name is admin and the
password is what was entered into the configure script when it was
run.
The installation of the following packages is optional, but makes the server more secure if it's open to the world.
fail2ban is a great package that actively blocks suspicious activity
as it occurs. From their
wiki Fail2ban
scans log files (e.g. /var/log/apache/error_log) and bans IPs that
show the malicious signs -- too many password failures, seeking for
exploits, etc... It does this by adding rules to iptables.
sudo apt-get install fail2banLog management is an area consisting mostly of search, log rotation / retention and reporting. Logwatch is an application that helps with simple log management by daily analyzing and reporting a short digest from activities taking place on your machine.
sudo apt-get install -y logwatchFollow the instructions here to install.
The following entry can be used as a cron job:
00 02 * * * /usr/sbin/logwatch --output mail --mailto [email protected] --detail high