La guida all'installazione è stata preparata per Ubuntu 20.04 LTS.
Lista di controllo
- MongoDB
- Archiviazione oggetti S3
- Redis
- Nginx
Prerequisiti
Aggiorna tutto e installa curl e gnupg.
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install git curl nginx gnupg redis-server
MongoDB
Segui questa guida
$ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
$ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/
mongodb-org-4.4.list
[*]
$ sudo apt update
$ sudo apt install -y mongodb-org
$ sudo systemctl enable mongod
$ sudo systemctl start mongod
$ sudo systemctl status mongod
PER UBUNTU 22.*
al punto [*]
$ echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list
$sudo apt update $sudo apt-get install libssl1.1 $rm /etc/apt/sources.list.d/focal-security.list
sudo apt remove mongodb-org-tools mongodb-org-shell mongodb-org-server mongodb-org-database-tools-extra mongodb-org-mongos mongodb-database-tools
Autorizzazione
Connettiti all'istanza mongo:
$ mongo
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("88d8ddc2-e7ff-4e03-9d94-daa2a6c3ed4c") }
MongoDB server version: 4.4.2
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documensudo systemctl tation, see
https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
https://community.mongodb.com
---
asvidank3n!
> use admin
switched to db admin
> db.createUser(
... {
... user: "agile",
... pwd: passwordPrompt(), // or cleartext password
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
Enter password:
Successfully added user: {
"user" : "agile",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
"readWriteAnyDatabase"
]
}
Quindi crea un utente per il database agile-factory.
use agile-factory
db.createUser(
... {
... user: "user",
... pwd: passwordPrompt(),
... roles: [ { role: "readWrite", db: "agile-factory" } ]
... }
... )
Modifica /etc/mongod.conf per abilitare l'autorizzazione
security:
authorization: enabled
Quindi riavvia Mongodb
$ sudo systemctl restart mongod
Minio
Esegui i seguenti comandi:
$ mkdir -p $HOME/agile-factory/storage $HOME/agile-factory/bin
$ wget https://dl.minio.io/server/minio/release/linux-amd64/minio -O $HOME/agile-factory/bin/minio
$ chmod u+x $HOME/agile-factory/bin/minio
Crea il file /lib/systemd/system/af-storage.service con il seguente contenuto:
[Unit]
Description=Minio S3 object storage
After=network.target
[Service]
User=agile
Environment=MINIO_ACCESS_KEY=INSERT_ACCESS_KEY
Environment=MINIO_SECRET_KEY=INSERT_SECRET_KEY
LimitNOFILE=65536
ExecStart=/home/agile/agile-factory/bin/minio server --address localhost:9001 /home/agile/agile-factory/storage/
[Install]
WantedBy=multi-user.target
Avvia il servizio
$ sudo systemctl enable af-storage.service
$ sudo systemctl start af-storage.service
$ sudo systemctl status af-storage.service
Minio ascolterà sulla porta 9001
Configurazione dei permessi di download per minio
Tramite console -> crea bucket: "agile-factory" Vai nelle impostazioni e aggiungi regola di accesso "readonly" con prefisso "/"
OPPURE con mc
$ mc config host add agile-factory http://localhost:9001/ minio minio
$ mc manage access add agile-factory readonly /
OPPURE
$ mc alias set <NOME> <ENDPOINT> <ACCESS> <SECRET>
$ mc policy set download <NOME>/<BUCKET>
mc: <ERRORE> Unable to set policy `download` for `<NOME>/<BUCKET>`. 200 OK.
$ mc policy get <NOME>/<BUCKET>
Access permission for `<NOME>/<BUCKET>` is `download`
Server Redis
$ sudo systemctl enable redis-server.service
$ sudo systemctl start redis-server.service
$ sudo systemctl status redis-server.service
Applicazioni
Scarica il file di rilascio, decomprimi in $HOME/agile-factory
agile@agilefactory:~$ sudo vi /lib/systemd/system/af-engine.service
[Unit]
Description=Agile Factory - Engine
After=network.target
[Service]
User=agile
Wants=redis.service af-storage.service mongod.service
Environment=_____________________________________________________________________________________________CORE___________________________________________________________=
Environment=NODE_ENV=production
Environment=DEBUG=af:*
Environment=JWT_SECRET=INSERT_SECRET
Environment=SERIAL_NO=INSERT_SERIAL_NUMBER
Environment=DOMAIN=agilefactory.domain.tld
Environment=SUBSCRIPTIONS_ENDPOINT=ws://api.agilefactory.domain.tld/subscriptions
Environment=_____________________________________________________________________________________________CORE_FILE_STORAGE______________________________________________=
Environment=MINIO_ENDPOINT=localhost
Environment=MINIO_PORT=9001
Environment=MINIO_ACCESSKEY=INSERT_ACCESS_KEY
Environment=MINIO_SECRETKEY=INSERT_SECRET_KEY/K7MDENG/bPxRfiCYSECRET
Environment=FILE_STORAGE=http://s3.domain.tld
Restart=on-failure
RestartSec=30s
ExecStart=/home/agile/agile-factory/bin/af-engine
[Install]
WantedBy=multi-user.target
Nginx
Configura la seguente riga all'interno di /etc/nginx/nginx.conf
server_names_hash_bucket_size 128;
client_max_body_size 16M;
upstream af-engine {
server localhost:9000;
}
upstream af-storage {
server localhost:9001;
}
Host virtuali
Crea il seguente file /etc/nginx/sites-available/agilefactory.conf
client_max_body_size 16M;
server_tokens off;
listen 80;
server_name api.domain.tld;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://af-engine;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
server_tokens off;
listen 80;
server_name s3.domain.tld;
location / {
proxy_pass http://af-storage;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frame-Options SAMEORIGIN;
}
}
server {
listen 80;
server_tokens off;
root /home/agile/agile-factory/www/docs;
access_log /home/agile/agile-factory/logs/hmi-docs.log;
error_log /home/agile/agile-factory/logs/hmi-docs.log;
server_name docs.domain.tld;
location / {
try_files $uri /index.html;
}
location ~ \.html$ {
add_header Cache-Control "private, no-cache, no-store, must-revalidate";
add_header Expires "Sat, 01 Jan 2000 00:00:00 GMT";
add_header Pragma no-cache;
}
}
server {
listen 80;
server_tokens off;
root /home/agile/agile-factory/www/hmi;
access_log /home/agile/agile-factory/logs/hmi-access.log;
error_log /home/agile/agile-factory/logs/hmi-error.log;
server_name *.hmi.domain.tld hmi.domain.tld;
# se hmi_id non è specificato, reindirizza a 1
if ($host ~* ^hmi.domain.tld) {
return 301 $scheme://000000000000000000000001.hmi.domain.tld$request_uri;
}
# se la lunghezza di hmi_id è inferiore a 24 caratteri, reindirizza aggiungendo zeri prima di hmi_id - questo può reindirizzare a id di lunghezza errata... vedi la regola successiva
if ($host ~* "^(.{1,23}).hmi.domain.tld") {
set $hmi_id 00000000000000000000000$1;
return 301 $scheme://00000000000000000000000$1.hmi.domain.tld$request_uri;
}
# se la lunghezza di hmi_id è maggiore di 24 caratteri, prendi solo gli ultimi 24 caratteri dal dominio, qualcosa come una sottostringa :)
if ($host ~* "^\.+(.{24}).hmi.domain.tld") {
return 301 $scheme://$1.hmi.domain.tld$request_uri;
}
location / {
try_files $uri /index.html;
}
location ~ \.html$ {
add_header Cache-Control "private, no-cache, no-store, must-revalidate";
add_header Expires "Sat, 01 Jan 2000 00:00:00 GMT";
add_header Pragma no-cache;
}
}
server {
client_max_body_size 16M;
listen 80;
server_tokens off;
root /home/agile/agile-factory/www/manager;
access_log /home/agile/agile-factory/logs/manager-access.log;
error_log /home/agile/agile-factory/logs/manager-error.log;
server_name manager.domain.tld;
location / {
try_files $uri /index.html;
}
location ~ \.html$ {
add_header Cache-Control "private, no-cache, no-store, must-revalidate";
add_header Expires "Sat, 01 Jan 2000 00:00:00 GMT";
add_header Pragma no-cache;
}
}
server {
listen 80;
server_tokens off;
root /home/agile/agile-factory/www/simulator;
access_log /home/agile/agile-factory/logs/simulator-access.log;
error_log /home/agile/agile-factory/logs/simulator-error.log;
server_name simulator.domain.tld;
location / {
try_files $uri /index.html;
}
location ~ \.html$ {
add_header Cache-Control "private, no-cache, no-store, must-revalidate";
add_header Expires "Sat, 01 Jan 2000 00:00:00 GMT";
add_header Pragma no-cache;
}
}
$ sudo ln -s /etc/nginx/sites-available/agilefactory.conf /etc/nginx/sites-enabled
Crea la cartella logs mkdir /home/agile/agile-factory/logs
Riavvio dei servizi
$ sudo systemctl restart af-engine af-storage nginx
Il sistema ora dovrebbe essere avviato e funzionante.