Ultimate Server Jaunty with OpenVistA EHR:修订间差异
小 以内容'{{Ultimate Server Jaunty Core}} {{OpenVistA_EHR}} == Changing passwords and other customization == * See [[Ubuntu Server Jaunty Customization_OV|Ubuntu Server Jaunty with…'创建新页面 |
(没有差异)
|
2010年6月25日 (五) 10:17的最新版本
Introduction
This walkthrough is for (K)Ubuntu Jaunty 9.04 32-bit because the BigBlueButton teleconferencing server requires Jaunty 9.04 32-bit. (Except for that component, all other installation instructions have been tested on Karmic 9.10 and work under that version, as well.)
The software updater may prompt you to upgrade the distribution (to Karmic 9.10). This is not recommended because BigBlueButton may then stop functioning properly.
All variables that can be (and usually ought to be) changed are noted in italics. Do not attempt to use any italicized variable; all of them are fictitious and will not work (especially for web services)!
Furthermore, this website is viewed by over 20,000 users per month. Don't attempt to use any of the example passwords used here (that would be highly insecure).
Install the base OS (Ubuntu Server 9.04 Jaunty 32-bit)
- Shrink the Windows Partition. For Windows Vista and Windows 7 computers, use Perfect Disk Trial edition. See this tutorial.
- Partition the hard drive. Use this Multiple OS Installation scheme.
- Onto another computer, download and burn Ubuntu Server Jaunty 9.04 32-bit. (See this tutorial for instructions on burning the CD.)
- Install Ubuntu Jaunty Server 32-bit into its own partition. If you followed the Multiple OS Installation scheme, then the Windows OS will be in partition 1 (and possibly 2, if you have a recovery partition), the /boot partition will be in partition 3, and partition 4 will be an extended partition. The extended partition ought to have been divided into a 2 Gb swap logical partition and 2 equally sized logical partitions for Linux (one for a production partition and one as a test/upgrade partition).
- For installation it is best if the computer is connected to the Internet by a wired ethernet connection.
- Hostname: Jaunty32Server00
- Partitioning: Manual
- Choose the partition created for the new Jaunty operating system (e.g. /dev/sda6). Use as: Ext3 journaling file system -> Format the partition: yes, format it -> Mount point: / - the root file system -> Done setting up the partition -> Finish partitioning and write changes to disk -> Write changes to disk?: Yes
- During the Ubuntu Server installation, install the LAMP server and OpenSSH servers and the PostgreSQL database. Record the system administrator ID/password and the MySQL root (superuser) password. Note the partition name and number (e.g. /dev/sda6).
- Full name for the new user: Jauntyadmin00 -> Username for your account: jauntyadmin00 -> Choose a password for the new user: jauntyword00
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Encrypt your home directory: No (this is optional, but on this system the primary user's home directory is not used much so there is little need to encrypt it.)
- HTTP proxy information -- this is used if your organization has a firewall or other gateway to the outside Internet. A network administrator will have the information for this. Most small businesses will not have such a gateway and it can be left blank, in this case.
- How do you want to install updates...? Install security updates automatically
- Choose software to install:
- LAMP server (ticked) -> OpenSSH server (ticked) -> PostgreSQL database
- New password for the MySQL "root" user: jauntysql00
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Install the GRUB boot loader to the master boot record? No -> Device for boot loader installation: /dev/sda6
- Note: this assumes a /boot partition and multiple partitions. Under the general scheme above, the first free partition will usually be /dev/sda6, but if you already have other OSs or other peculiarities, take extra care during this step.
- This is the trickiest step of the installation. It is important to set up the Master Boot Loader to recognize the new partition. Re-read the Multiple OS Installation tutorial very carefully and completely. In short, the bootloader needs to be copied to the /boot partition (usually /dev/sda3) and customized there so that it chainloads the bootloader installed locally in your new OS partition (e.g. /dev/sda6). Once this is set up correctly, reboot and the menu will allow booting into the new OS.
- Login for the first time.
Jaunty32Server00: jauntyadmin00 Password: jauntyword00
- Shorten the boot time:
sudo nano /boot/grub/menu.lst
- Change the timeout value:
timeout 1
- (Note: Save the changes with CTRL-O then CTRL-X.)
- Update the system.
sudo apt-get update sudo apt-get upgrade sudo apt-get install build-essential dkms linux-headers-$(uname -r) sudo reboot
Note: The third line must especially be done after any kernel upgrades (which may be done automatically if you have installed with automatic updates). If graphics aren't working for any reason, try updating again using these commands.
- Install the password generator for use with the remainder of the installation.
sudo apt-get install pwgen
Add an Ubuntu desktop
- Install an Ubuntu desktop.
sudo apt-get install ubuntu-desktop
Note: The end user can install the restricted extras:
sudo apt-get install ubuntu-restricted-extras
- Reboot the system:
sudo reboot
- Once the Ubuntu desktop has been installed, all commands can then be entered into the command-line Terminal:
Menu -> System -> Terminal
- Note: Ubuntu Jaunty includes an (automatic) kernel upgrade that at some point will disable the Nvidia graphics drivers (if you have Nvidia graphics on your computer). When this happens, the desktop will be unable to start at bootup and only the command-line will be presented. To correct this problem, merely install the linux-headers again:
sudo apt-get install linux-headers-$(uname -r) sudo reboot
- then the Nvidia graphics drivers should install correctly and the desktop will start normally.
Set networking parameters
- Set a static IP address for your server.
sudo gedit /etc/network/interfaces
- and edit the lines to resemble:
# iface eth0 inet dhcp # iface eth0 inet static address 192.168.0.99 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
- and restart networking:
sudo /etc/init.d/networking restart
Enable BIOS power-up
Power failures happen. It is possible to change the BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS (as set in the bootloader configuration). This is a critical function for servers. At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:
- [F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot
Install Firefox
- Install Firefox:
sudo apt-get install firefox-3.5-branding mozilla-firefox-adblock mozilla-noscript
- Add a menu item/shortcut to this guide (to enable copying and pasting of the remaining commands directly from the guide) and to the customization guide:
- Ubuntuguide (Ultimate Server Walkthrough) -- firefox http://ubuntuguide.org/wiki/Ultimate_Server_Jaunty
- Ultimate Server Customization (Ubuntuguide) -- firefox http://ubuntuguide.org/wiki/Ubuntu_Server_Jaunty_Customization_OV
Obtain an Internet URL
If a static Internet URL is not available, obtain a dynamic DNS URL. (This must be changed for each OS installation, as it is specific to that installation).
- Create an email account for administrative use with this server, such as at mail.com, mail.google.com, or mail.yahoo.com. ([email protected] / myjauntyword000 / 1/1/01 / securityquestionanswer)
- Create a DynDNS account for use with this server, at DynDNS.org. (myjauntydnsid / myjauntydnsword / [email protected])
In this walkthrough, several URLs are used. It is possible to create all of them at once at this stage:
- myjaunty00.dyndns.org
- myjauntybbb00.dyndns.org
- myjauntymoodle00.dyndns.org
- myjauntywiki00.dyndns.org
- myjauntyweb00.dyndns.org
- DynDNS allows 5 free URLs. After installation has been completed, I generally remove myjauntyweb00.dyndns.org and create myjauntycalendar00.dyndns.org (for use with DAViCal) instead.
Adjust SSH for remote connections
- The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
- change the listening port:
Port 22199
- and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
- to
PasswordAuthentication no
- Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys
so that it resembles:
AuthorizedKeysFile %h/.ssh/authorized_keys
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
- Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
- Install X11VNC:
sudo apt-get install x11vnc
- Add an X11VNC Server menu item with the command:
x11vnc --forever
- -> Place in system tray (ticked)
- Create an SSH keypair for automated login:
- Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
- Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
- Leave the passphrase empty
- Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
- (In this instance, user = serveruser = jauntyadmin00, so the folder /home/jauntyadmin00/.ssh ought to already exist).
Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. jauntyadmin00):
cd ~/.ssh touch authorized_keys
- Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh cat authorized_keys id_rsa.pub >> authorized_keys
- Create a test connection:
- Start the X11VNC Server (as above)
- Connect VNC through the SSH tunnel with the commands:
ssh -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 vinagre vnc://127.0.0.1
or with a single-line command (which can be placed in a Menu item / shortcut):
ssh -f -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1
Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).
Install the BigBlueButton teleconferencing system
- Read this BigBlueButton tutorial. Also see this demo site.
- Create a BigBlueButton URL for use with your server, e.g. myjauntybbb00.dyndns.org
- DYNDns.com account -> Add Host Services -> ...
- Change the Apache listening port during BigBlueButton installation.
sudo nano /etc/apache2/ports.conf
- Change the port value:
Listen 82
- Restart Apache 2:
sudo /etc/init.d/apache2 restart
- Obtain and install the BigBlueButton teleconferencing server:
wget http://archive.bigbluebutton.org/bigbluebutton.asc sudo apt-key add bigbluebutton.asc echo "deb http://archive.bigbluebutton.org/ bigbluebutton main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list sudo apt-get update sudo apt-get install bigbluebutton
- During installation, enter the MySQL "root" user password when prompted: jauntysql00
sudo apt-get install bbb-apps-deskshare
- On the router, forward ports 81, 1935, 9123 to the LAN IP address of the BBB server (e.g. 192.168.0.99).
- Edit the Nginx webserver configuration file used for BigBlueButton:
sudo nano /etc/nginx/sites-available/bigbluebutton
- and change the listening port:
listen 81;
- Repeat for the default Nginx configuration file:
sudo nano /etc/nginx/sites-available/default
- and change the listening port:
listen 81;
- then restart Nginx:
sudo /etc/init.d/nginx restart
- Configure the other BBB server components to run on port 81. Use the URL (myjauntybbb00.dyndns.org) that was setup at DYNDns.org:
sudo bbb-conf --setip myjauntybbb00.dyndns.org:81 sudo bbb-conf --clean
- Change the Apache port back to 80:
sudo nano /etc/apache2/ports.conf
- Change the port value:
Listen 80
- Restart Apache 2:
sudo /etc/init.d/apache2 restart
- Add a menu item/shortcut to the BBB server:
- MyJaunty BigBlueButton (Teleconferencing) -- firefox http://myjauntybbb00.dyndns.org:81
Install the Firewall
- Add the Firestarter firewall:
sudo apt-get install firestarter
- Start Firestarter:
- Menu -> Internet -> Firestarter
- and allow the incoming (inbound) and outgoing (outbound) ports:
80, 443, 81, 9123, 1935, 22199
Each port must be separately added as a rule for inbound and outbound traffic. For example, to enable port 80:
- Firestarter -> Policy -> Editing: Inbound traffic policy -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Anyone -> Add -> Apply Policy
and
- Firestarter -> Policy -> Editing: Outbound traffic policy -> Restrictive by default, whitelist traffic -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Firewall host -> Add -> Apply Policy
Install Moodle
- Read this Moodle tutorial. Also see this demo site.
- Install:
sudo apt-get install moodle
- Choose the mysql-server, since it is already installed.
- Should access to this server be restricted to localhost? No
- Is your FQDN correct? Yes (don't worry whether it is or isn't -- this can be adjusted later)
- Should https be required to access this Moodle server? No
- Should a default database be created for Moodle on localhost? Yes
- root's MySQL password: jauntysql00
- Moodle database password: myjauntymoodleword00
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Create a separate URL for the Moodle server (i.e. Add a Host) at DynDNS.com: myjauntymoodle00.dyndns.org
- Create and edit an Apache2 virtual host configuration file for the Moodle Server:
cd /etc/apache2/sites-available sudo cp default moodlevirtualhost sudo gedit /etc/apache2/sites-available/moodlevirtualhost
- so that the contents resemble:
<VirtualHost *:80> ServerAdmin [email protected] # DocumentRoot /usr/share/moodle/ ServerName myjauntymoodle00.dyndns.org ServerAlias www.myjauntymoodle00.dyndns.org myjauntymoodle00.dyndns.org #RewriteEngine On #RewriteOptions inherit </VirtualHost>
- Activate the virtual host configuration:
sudo ln -s /etc/apache2/sites-available/moodlevirtualhost /etc/apache2/sites-enabled sudo /etc/init.d/apache2 restart
- Edit the Moodle configuration file:
sudo nano /etc/moodle/config.php
- so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://myjauntymoodle00.dyndns.org/moodle';
- Finish installation by logging in to the Moodle server:
- http://myjauntymoodle00.dyndns.org/admin -> Unattended installation? (ticked)
- Admin user: myjaunty00admin
- Admin password: myjaunty00word
- Admin e-mail: [email protected]
- City: MyTown
- Site name: My Jaunty Moodle 00
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Add the BigBlueButton API:
sudo wget http://www.dualcode.com/bigbluebutton/bigbluebutton.zip sudo unzip bigbluebutton.zip sudo mkdir /usr/share/moodle/mod/bigbluebutton sudo cp -r bigbluebutton/mod/bigbluebutton/* /usr/share/moodle/mod/bigbluebutton/ sudo cp -r bigbluebutton/lang/* /usr/share/moodle/lang/ sudo rm bigbluebutton.zip sudo rm -r bigbluebutton/* sudo rmdir bigbluebutton
- Login to the Moodle site (as an administrator) and load the module:
- Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)
- -> Activities -> Manage Activities -> BigBlueButton -> Settings
- -> Input the IP address/URL of your BigBlueButton server (myjauntybbb00.dyndns.org:81). Do not enter the leading http:// .
- -> Input the Security Salt from your BigBlueButton server. This is in a file called “bigbluebutton.properties” on the BigBlueButton server. On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
The security salt string can be found:
beans.dynamicConferenceService.securitySalt=your_number_here
Input that long string of numbers and letters to the field in Moodle.
- -> Put a star in the Meeting IDs field. That will allow an unlimited number of rooms to be created. You can also put any number here to restrict how many rooms on your BigBlueButton server you want running at any one time. (This can eventually become important for performance reasons.)
- In the (Course) Weekly Outline:
-> Add an activity... -> BigBlueButton ->
and set the desired passwords for the meeting, etc.
- Add a menu item / shortcut to the Moodle server:
- My Jaunty Moodle (Teaching site) -- firefox http://myjauntymoodle00.dyndns.org
Install MediaWiki
- Read this MediaWiki tutorial. Also see this demo site.
Two separate wikis are created. One will be for private internal usage and one for a public audience.
- Create an additional URLs (Add Host) at DynDNS.com: myjauntywiki00.dyndns.org.
- Install MediaWiki:
sudo apt-get install mediawiki sudo a2enmod rewrite
- Create a folder for each subsite (in this example named private and public.
sudo mkdir /etc/mediawiki/private sudo mkdir /etc/mediawiki/public
- Create an upload folder for images in each subwiki folder:
sudo mkdir /etc/mediawiki/private/images sudo mkdir /etc/mediawiki/public/images
- Copy a 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/subwiki/images folder for each subwiki, naming it WikiLogo.png there. For example:
sudo cp ~/Pictures/mybestpic135.png /etc/mediawiki/public/images/WikiLogo.png sudo cp ~/Pictures/mysecondbestpic135.png /etc/mediawiki/private/images/WikiLogo.png
- The images folders should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.
sudo chown root:www-data /etc/mediawiki/private/images sudo chown root:www-data /etc/mediawiki/public/images sudo chmod 774 /etc/mediawiki/private/images sudo chmod 774 /etc/mediawiki/public/images
- Edit the config file so it recognizes MediaWiki:
sudo nano /etc/mediawiki/apache.conf
Uncomment (remove the #) the line:
Alias /mediawiki /var/lib/mediawiki
- Restart apache2:
sudo /etc/init.d/apache2 restart
- Run/install MediaWiki from the web browser by logging into:
firefox http://localhost/mediawiki
- Wiki name: My Jaunty Wiki (Private)
- Contact e-mail: [email protected]
- Admin username: myjaunty00admin -> Password: myjaunty00word
- Object caching: No caching
- E-mail features (all): disabled
- Database config: MySQL -> Database host: localhost -> Database name: myjaunty00wikipriv -> DB username: myjaunty00priv -> DB password: myjaunty00privword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: jauntysql00 -> Database table prefix: myjaunty00prv_
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/private sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_myjaunty00private_install.php
- Repeat the MediaWiki installation from the web browser by again logging into:
firefox http://localhost/mediawiki
- Wiki name: My Jaunty Wiki (Public)
- Contact e-mail: [email protected]
- Admin username: myjaunty00admin -> Password: myjaunty00word
- Object caching: No caching
- E-mail features (all): disabled
- Database config: MySQL -> Database host: localhost -> Database name: myjaunty00wikipub -> DB username: myjaunty00pub -> DB password: myjaunty00pubword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: jauntysql00 -> Database table prefix: myjaunty00pub_
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/public sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_myjaunty00public_install.php
- The LocalSettings.php configuration file for each wiki must be edited. See this tutorial. There are many security settings that must be changed before going live, or the site will certainly be hacked.
- Edit your configuration variables:
sudo gedit /etc/mediawiki/private/LocalSettings.php sudo gedit /etc/mediawiki/public/LocalSettings.php
- Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting private or public where appropriate:
# If PHP's memory limit is very low, some operations may fail. ini_set( 'memory_limit', '96M' ); # #$wgScriptPath = "/mediawiki"; $wgScriptPath = "/private"; $wgLogo = "$wgScriptPath/images/WikiLogo.png"; # $wgUploadDirectory = $_SERVER['DOCUMENT_ROOT'].'/private/images'; $wgUploadPath = "$wgScriptPath/images"; # #Database administrative user/password $wgDBadminuser = $wgDBuser; $wgDBadminpassword = $wgDBpassword; # #These are set for initial maximum security. They can be changed later. # #User restrictions #Account creation by anonymous users $wgGroupPermissions['*']['createaccount'] = false; #Account creation by registered users $wgGroupPermissions['user']['createaccount'] = false; #Account creation by sysops $wgGroupPermissions['sysop']['createaccount'] = true; # #Anonymous user permissions $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createtalk'] = false; # #Uploads rules ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: #$wgEnableUploads = false; $wgEnableUploads = true; #Only allow restricted uploads $wgCheckFileExtensions = true; $wgStrictFileExtensions = true; $wgFileExtensions = array('png', 'gif', 'jpg'); #Permissions for uploads #Not for Anonymous $wgGroupPermissions['*']['upload'] = false; $wgGroupPermissions['*']['reupload'] = false; $wgGroupPermissions['*']['reupload-shared'] = false; #Uploads (but not re-uploads) for Users $wgGroupPermissions['user']['upload'] = true; $wgGroupPermissions['user']['reupload'] = false; $wgGroupPermissions['user']['reupload-shared'] = false; #Sysops $wgGroupPermissions['sysop']['upload'] = true; $wgGroupPermissions['sysop']['reupload'] = true; $wgGroupPermissions['sysop']['reupload-shared'] = true; # #For ReCaptcha -- this requires installing the Recaptcha extension # #require_once( "$IP/extensions/recaptcha/ReCaptcha.php" ); # Sign up for these at http://recaptcha.net/api/getkey #$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx '; #$recaptcha_private_key = ' ababababababababa '; # #The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily. # require("includes/GlobalFunctions.php"); $wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
- In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private subwiki:
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only: $wgGroupPermissions['*']['read'] = false; # The following line is not actually necessary, since it's in the defaults. Setting # '*' to false doesn't disable rights for groups that have the right separately set # to true! $wgGroupPermissions['user']['read'] = true;
- Make symbolic links from the Apache2 folder to the subwiki folders:
sudo mkdir /var/www/Wikis sudo ln -s /etc/mediawiki/private /var/www/Wikis/private sudo ln -s /etc/mediawiki/public /var/www/Wikis/public
- Link the files from your installation directory to each subwiki folder:
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/private/. sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/public/.
- Create and edit an Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost):
sudo gedit /etc/apache2/sites-available/wikivirtualhost
- so that the lines are similar to:
<VirtualHost *:80> UseCanonicalName off # DocumentRoot /var/www/Wikis DirectoryIndex index.php index.html # ServerName myjauntywiki00.dyndns.org ServerAlias *.myjauntywiki00.dyndns.org # RewriteEngine On RewriteCond %{REQUEST_URI} !^private* RewriteCond %{REQUEST_URI} !^public* RewriteRule ^/(/.*|)$ /public/$1 [R] # <Directory /var/www/Wikis> Options Indexes FollowSymLinks MultiViews Options FollowSymLinks MultiViews #AllowOverride None Order allow,deny allow from all </Directory> # </VirtualHost>
- Pay attention to the rewrite rule:
RewriteEngine On RewriteCond %{REQUEST_URI} !^private* RewriteCond %{REQUEST_URI} !^public* RewriteRule ^/(/.*|)$ /public/$1 [R]
This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://myjauntywiki00.dyndns.org/REQUEST_URI) does not match private or public (the symbol ! means not), then use public as the default directory.
- Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/wikivirtualhost /etc/apache2/sites-enabled
- Restart Apache:
sudo /etc/init.d/apache2 restart
- The two sites will be available:
- http://myjauntywiki00.dyndns.org or http://myjauntywiki00.dyndns.org/public
- and
- http://myjauntywiki00.dyndns.org/private
- Add menu items / shortcuts to the Wiki(s):
- My Jaunty Wiki (Public) (MediaWiki) -- firefox http://myjauntywiki00.dyndns.org
and
- My Jaunty Wiki (Private) (MediaWiki) -- firefox http://myjauntywiki00.dyndns.org/private
Import Ubuntuguide into your local wiki
- Read this tutorial on importing Ubuntuguide into the local wiki.
- Examine the list of wiki pages available at Ubuntuguide:
- Ubuntuguide.org -> Toolbox: Special Pages -> Lists of pages: All pages
Many of these pages will not be necessary for your private copy. Copy only the names of the wiki pages files you wish to export. The recommended list is below.
- Export the desired pages from Ubuntuguide as an XML export:
- Ubuntuguide.org wiki -> Toolbox: Special Pages -> Page tools: Export pages
(Note: This list of (English-language) wiki pages was accurate for the recent Karmic version. You may want to check all pages to see if something you want is missing from this list.)
Ubuntu:All Template:U All/Introduction Apache2 reverse proxies BigBlueButton Template:Drupal BBB Boot from a Live CD DAViCal tips DAViCal current version DefaultApplications Drupal6 tips Drupal site building tips Dynamic IP servers Fortune Ubuntuguide XML exports Ubuntuguide page lists Template:Ubuntuguide core wikipages Template:Ubuntuguide Jaunty wikipages Template:Ubuntuguide Jauntycore wikipages Template:Ubuntuguide Karmic wikipages Template:Ubuntuguide Karmiccore wikipages Template:Ubuntuguide Lucid wikipages Template:Ubuntuguide Lucidcore wikipages Limit the user accounts that can connect through OpenSSH remotely Main Page MediaWiki tips Moodle tips Multiple OS Installation Multiple OS Installation Jaunty Old Drupal6 tips OpenVPN server Jaunty OpenVPN server Karmic Remastersys Screencasts Using SSH to Port Forward VirtualServers Virtualbox in Windows WebHuddle tips Wink 64bit Ultimate Server Jaunty Ultimate Server Jaunty with OpenVistA EHR Template:Ultimate Server Jaunty Core Template:USJ Customize Core Template:USJ Customize NewUser Template:USJ Customize OV Template:USJ Adjust SSH Template:USJ New SSH Users Template:USJ networking Ubuntu Server Jaunty Customization Ubuntu Server Jaunty Customization_OV Template:OpenVistA EHR Template:OpenVistA Server functions OpenVistA EHR WorldVistA tips Template:WorldVistA Template:Licenses Template:Moodle installation Template:Tor Template:U RegisterHeader Ubuntu:Karmic Template:U Karmic/Introduction Template:U Karmic/General Template:U Karmic/OtherVersions Template:U Karmic/OtherResources Template:U Karmic/Installation Template:U Karmic/Repositories Template:U Karmic/Packages Template:U Karmic/DesktopAddons Template:Karmic/Virtualization Template:U Karmic/EdutainmentIntro Template:Karmic/Edutainment Template:Karmic/Games Template:U Karmic/Internet Template:Karmic/Videoconferencing Template:U Karmic/Privacy Template:U Karmic/ProprietaryExtras Template:Karmic/Graphics Template:Karmic/Screencapture Template:Karmic/Video Template:Karmic/Audio Template:Karmic/AudioVideoConversion Template:U Karmic/CD DVD Template:U Karmic/Music Template:Karmic/MediaCenters Template:Karmic/HomeAutomation Template:Karmic/Office Template:Karmic/Financial Template:Karmic/Groupware Template:Karmic/Wiki Template:Karmic/WebPublishing Template:Karmic/Development Template:Karmic/Science Template:Karmic/MiscApps Template:Karmic/Utilities Template:U Karmic/Administration Template:Karmic/Backup Template:Karmic/Hardware Template:Karmic/Networking Template:Karmic/NetworkAdmin Template:Karmic/Servers Template:U Karmic/Troubleshooting Template:U Karmic/Requests Ubuntu:Lucid Template:U Lucid/Administration Template:U Lucid/Introduction Template:U Lucid/General Template:U Lucid/OtherVersions Template:U Lucid/OtherResources Template:U Lucid/Installation Template:U Lucid/Repositories Template:U Lucid/Packages Template:U Lucid/DesktopAddons Template:U Lucid/Requests Template:Lucid/Virtualization Template:U Lucid/EdutainmentIntro Template:Lucid/Edutainment Template:Lucid/Games Template:U Lucid/Internet Template:Lucid/Videoconferencing Template:U Lucid/Privacy Template:U Lucid/ProprietaryExtras Template:U Lucid/Troubleshooting Template:Lucid/Graphics Template:Lucid/Screencapture Template:Lucid/Video Template:Lucid/Audio Template:Lucid/AudioVideoConversion Template:U Lucid/CD DVD Template:U Lucid/Music Template:Lucid/MediaCenters Template:Lucid/HomeAutomation Template:Lucid/Office Template:Lucid/Financial Template:Lucid/Groupware Template:Lucid/Wiki Template:Lucid/WebPublishing Template:Lucid/Development Template:Lucid/Science Template:Lucid/MiscApps Template:Lucid/Utilities Template:Lucid/Backup Template:Lucid/Hardware Template:Lucid/Networking Template:Lucid/NetworkAdmin Template:Lucid/Servers
- -> Include only the current revision, not the full history (ticked) -> Offer to save as a file: (ticked) -> Export -> Save file
- -> Ubuntuguide-xxxxx.xml
- Import the Ubuntuguide XML export file into the local wiki:
- Local wiki -> log in -> Username: wikiadmin -> Password: wikiadminpassword -> Log in
- -> Special Pages -> Page Tools -> Import pages -> Browse -> Ubuntuguide-xxxxx.xml -> Open -> Upload file
- Edit the Main Page of the wiki and add a link to the online Ubuntuguide as well as the imported copy:
*[[Ubuntu:Karmic|Ubuntuguide Karmic (local copy for editing)]] *[http://ubuntuguide.org/wiki/Ubuntu:Karmic Ubuntuguide Karmic (online)]
The idea is to edit the locally stored Ubuntuguide as you customize your system. It can also serve as a template and an example of how to use the MediaWiki wiki.
- Edit the local copy of Ubuntuguide to hide irrelevant links. In MediaWiki, use the <!---> and <---> tags to comment out instructions or text that should not be displayed. Example:
- Ubuntuguide Karmic (local copy for editing) -> edit ->
<!--->{{KarmicKoalaLanguageBar|languages=Languages:|InProgress=In progress:}}<--->
Install Drupal6
- Read this Drupal6 tutorial. Also see this demo site.
- Create two additional URLs (Add Hosts) at DynDNS.com: myjaunty00.dyndns.org and myjauntyweb00.dyndns.org
- Install Drupal6 and the first website (myjaunty00.dyndns.org).
sudo apt-get install drupal6
- Configure database for drupal6 with dbconfig-common? Yes
- Database type to be used by Drupal6: mysql
- Password of your database's administrative user: jauntysql00
- MySQL application password for drupal6: myjaunty00drupalword
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Copy the /etc/drupal/6/sites/default folder to the first subsite (in this example named myjaunty00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/myjaunty00.dyndns.org
- Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/myjaunty00.dyndns.org/files sudo mkdir /etc/drupal/6/sites/myjaunty00.dyndns.org/files sudo chown root:www-data /etc/drupal/6/sites/myjaunty00.dyndns.org/files sudo chmod 774 /etc/drupal/6/sites/myjaunty00.dyndns.org/files
- Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/myjaunty00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mybestpic110.png /etc/drupal/6/sites/myjaunty00.dyndns.org/files/WebLogo.png
- The permissions of the settings.php and dbconfig.php files must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/myjaunty00.dyndns.org/settings.php sudo chmod 777 /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php
- Create a virtual host file for the new sites:
sudo gedit /etc/apache2/sites-available/drupal6virtualhost
Add the lines:
# # Virtual hosting configuration for Drupal6 # # <VirtualHost *:80> ServerAdmin [email protected] # DocumentRoot /usr/share/drupal6/ ServerName myjaunty00.dyndns.org ServerAlias *.myjaunty00.dyndns.org myjaunty00.dyndns.org RewriteEngine On RewriteOptions inherit </VirtualHost> # <VirtualHost *:80> ServerAdmin [email protected] # DocumentRoot /usr/share/drupal6/ ServerName myjauntyweb00.dyndns.org ServerAlias *.myjauntyweb00.dyndns.org myjauntyweb00.dyndns.org RewriteEngine On RewriteOptions inherit </VirtualHost>
- Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/drupal6virtualhost /etc/apache2/sites-enabled
- Restart Apache:
sudo /etc/init.d/apache2 restart
- Install the first website through the web browser:
firefox http://myjaunty00.dyndns.org/install.php
- Site Name: My Jaunty 00
- Site e-mail address: [email protected]
- Administrator Account Username: myjaunty00admin -> Password: myjaunty00word
- Clean URLs: Enabled
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
- Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
- The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/myjaunty00.dyndns.org/settings.php sudo chown root:www-data /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php sudo chmod 740 /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php
- While still logged in as an administrator, update the database:
http://myjaunty00.dyndns.org/update.php
- Now you will re-install a new database for each planned subsite.:
sudo dpkg-reconfigure drupal6
- Re-install database for drupal6? Yes
- Database type to be used by drupal6: mysql
- Connection method for MySQL database of drupal6: unix socket
- Name of your database's administrative user: root
- Password of your database's administrative user: jauntysql00
- username for drupal6: drupal6b
- database name for drupal6: drupal6b
- Copy the /etc/drupal/6/sites/default folder to the second subsite (in this example named myjauntyweb00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/myjauntyweb00.dyndns.org
- Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files sudo mkdir /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files sudo chown root:www-data /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files sudo chmod 774 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files
- Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mysecondbestpic110.png /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files/WebLogo.png
- The permissions of the settings.php and dbconfig.php must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/settings.php sudo chmod 777 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php
- Install the second website through the web browser:
firefox http://myjauntyweb00.dyndns.org/install.php
- Site Name: My Jaunty 00 Web
- Site e-mail address: [email protected]
- Administrator Account Username: myjaunty00admin -> Password: myjaunty00word
- Clean URLs: Enabled
- (Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
- Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
- Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
- The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/settings.php sudo chown root:www-data /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php sudo chmod 740 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php
- While still logged in as an administrator, update the database:
http://myjauntyweb00.dyndns.org/update.php
- This process can be repeated if desired (if enough URLs are available).
- The two websites will be available from the web:
- http://myjaunty00.dyndns.org
- and
- http://myjauntyweb00.dyndns.org
- Set up the cron task for each site:
sudo crontab -e
And add the lines (with the nano editor, or the one you prefer):
45 * 18 * * /usr/bin/wget -O - -q -t 1 http://myjaunty00.dyndns.org/cron.php 45 * 19 * * /usr/bin/wget -O - -q -t 1 http://myjauntyweb00.dyndns.org/cron.php
- this will run the scripts separately, at 45 minutes after the 1800 hour and the 1900 hour every day (each site at a different hour).
- After all sites are installed, create an /etc/drupal/6/sites/all folder in which to store shared modules and themes. Copy the folders:
sudo mkdir /etc/drupal/6/sites/all sudo cp -a /usr/share/drupal6/modules/ /etc/drupal/6/sites/all sudo cp -a /usr/share/drupal6/themes /etc/drupal/6/sites/all
- and (optionally) make a directory for shared files:
sudo mkdir /etc/drupal/6/sites/all/files sudo chmod 777 /etc/drupal/6/sites/all/files
- then update each website again (while logged in as the administrator for each website).
http://myjaunty00.dyndns.org/update.php http://myjauntyweb00.dyndns.org/update.php
- Now read Drupal6 site building tips.
- Change theme and add WebLogo:
- Drupal -> Administer -> Themes -> Garland -> configure -> color set: Ash -> Logo image settings -> Use the default logo: (unticked)
- -> Path to custom logo: sites/myjaunty00.dyndns.org/files/WebLogo.png
- Add Ubercart online store.
- Install PayPal cURL-php library pre-requisite (see this link for more info):
sudo apt-get install php5-curl sudo /etc/init.d/apache2 restart
- Install Ubercart:
cd /etc/drupal/6/sites/all/modules sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.0.tar.gz sudo tar zxvf ubercart-6.x-2.0.tar.gz sudo rm ubercart-6.x-2.0.tar.gz
- Note: You must Enable permissions for added modules update and adjust permissions after module installation.
- Drupal -> Administer -> Modules -> Ubercart -> select the Ubercart module functions you intend to use
then update:
- http://myjaunty00.dyndns.org/update.php
- Read the Ubercart documentation to set up your online store/services. Run:
- Drupal -> Administer -> Store administration
- Install the BigBlueButton videoconferencing server API (that is able to call the BBB server from within Drupal):
cd /etc/drupal/6/sites/all/modules sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz sudo tar zxvf bbb-6.x-1.x-dev.tar.gz sudo rm bbb-6.x-1.x-dev.tar.gz
- Note: Enable permissions for added modules update and adjust permissions after module installation.
- Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use
then update:
- http://myjaunty00.dyndns.org/update.php
- Test the BigBlueButton settings:
- Drupal -> Site administration -> Site configuration -> BigBlueButton Conferencing
- -> Base URL: http://myjauntybbb00.dyndns.org:81/bigbluebutton/
- -> Change the Security Salt (found in a file called “bigbluebutton.properties” on the BigBlueButton server). On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
- Copy the security salt number found in the setting:
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
- -> Save configuration -> Test connection
- Create a new content type named Teleconference:
- Drupal -> Administer -> Content management -> Content types -> Add content type
-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type
- Create a new node of content type Teleconference:
Drupal -> Create content -> Teleconference -> Conference settings -> ...
- Add a Welcome page and a link to the public wiki
- Drupal -> Create Content -> Page -> Welcome -> ... -> Promoted to front page (ticked) -> Save
- Drupal -> Administer -> Site building -> Menus -> Primary links -> Add item -> Path: http://myjauntywiki00.dyndns.org/public -> Menu link title: My Jaunty Wiki -> Weight: 10 -> Save
- Add menu items / shortcuts to the Drupal Website(s):
- My Jaunty Website (Public) (Drupal) -- firefox http://myjaunty00.dyndns.org
and
- My Jaunty Website (Private) (Drupal) -- firefox http://myjauntyweb00.dyndns.org
Install ddclient
- Install (see this tutorial):
sudo apt-get install ddclient
- Dynamic DNS service provider: www.dyndns.com
- DynDNS fully qualified domain names: myjaunty00.dyndns.org, myjauntyweb00.dyndns.org, myjauntywiki00.dyndns.org, myjauntybbb00.dyndns.org, myjauntymoodle00.dyndns.org
- Username for dynamic DNS service: myjauntydnsid -> Password: myjauntydnsword
- Network interface (eth0, wlan0, etc.) used for dynamic DNS service: eth0
- Edit the ddclient configuration file:
sudo gedit /etc/ddclient.conf
- so that it resembles:
# Configuration file for ddclient generated by debconf # # /etc/ddclient.conf # daemon=3600 ssl=yes use=web, web=checkip.dyndns.com/, web-skip='IP Address' pid=/var/run/ddclient.pid protocol=dyndns2 #use=if, if=eth0 server=members.dyndns.org login=myjauntydnsid password=' myjauntydnsword ' # myjaunty00.dyndns.org,myjauntyweb00.dyndns.org,myjauntywiki00.dyndns.org,myjauntybbb00.dyndns.org,myjauntymoodle00.dyndns.org myjaunty00.dyndns.org,myjauntycalendar00.dyndns.org,myjauntywiki00.dyndns.org,myjauntybbb00.dyndns.org,myjauntymoodle00.dyndns.org
- Note: There are companies on the Internet other than DynDNS.com that provide Dynamic DNS services as well (but several of them are very unreliable, in my experience). DynDNS.com is one of the oldest and most stable. I have found it convenient to forward my URLs (that I already had at other DNS providers) to the DynDNS URLs created in this walkthrough. However, if your original DNS provider supports reliable Dynamic DNS services, you may be able to get it to work with ddclient as well. See the instructions in the tutorial.
Add a menu item for each website:
- My Jaunty 00 (Drupal6 Website) -- firefox http://myjaunty00.dyndns.org
- My Jaunty 00 Web (Drupal6 Website) -- firefox http://myjauntyweb00.dyndns.org
- My Jaunty 00 BBB (BigBlueButton Teleconferencing) -- firefox http://myjauntybbb00.dyndns.org:81
- My Jaunty 00 Wiki (Public) -- firefox http://myjauntywiki00.dyndns.org
- My Jaunty 00 Wiki (Private) -- firefox http://myjauntywiki00.dyndns.org/private
- My Jaunty 00 Moodle (Teaching site) -- firefox http://myjauntymoodle00.dyndns.org
Add Audacious audio player
- This is an optional component. I use this to stream music from Shoutcast Internet Radio to the office stereo system by plugging the computer output jack into the office stereo input jack. Install:
sudo apt-get install audacious audacious-plugins
- Change the Audacious audio to ALSA (unless you are willing to configure PulseAudio) and use the classic skin:
- Audacious -> Preferences -> Audio -> Current audio plugin: ALSA Output Plugin
- -> Appearance -> Classic -> Close
- Using the Menu Editor, create a menu item to Shoutcast Internet Radio with the command:
firefox http://classic.shoutcast.com
- Start Shoutcast Internet Radio and click on a radio station. When prompted for the file association, choose Audacious:
- "You have chose to open shoutcast-playlist.pls which is a: PLS file. What should Firefox want do with this file?" -> Open with ... -> Browse -> File system... -> usr -> bin -> audacious -> Open -> Do this automatically for files like this from now on: (ticked) -> OK
Install DAViCal group calendar server
If a full groupware server (Kolab, eGroupware, or Zimbra) is to be installed, there is no need for DaviCal. As a standalone group calendar server, though, it can't be beat.
- Read these installation instructions.
- Install Sunbird calendaring client.
sudo apt-get install sunbird
Allow Reverse proxies
If you have one LAN router that forwards all port 80 traffic to a single server yet you have multiple physical servers on the LAN (each using their own set of URLs), then the primary server (to which all port 80 traffic is sent) will have to act as a reverse proxy for the other servers. This is accomplished through Apache2 reverse proxies. See this tutorial.
Adding new SSH users
- On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as myjauntyguestpassword):
sudo useradd -m myjaunty00guest sudo passwd myjaunty00guest sudo mkdir /home/myjaunty00guest/.ssh sudo chmod 777 /home/myjaunty00guest/.ssh
- Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
- and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
- to
PasswordAuthentication yes
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
From the new Linux user's client computer:
ssh-keygen scp -P 22199 ~/.ssh/id_rsa.pub myjaunty00guest@myjaunty00.dyndns.org:~/.ssh/id_rsa.pub
- When prompted, of course, the guest password, myjauntyguestpassword, should be entered.
- Back on the server (logged in as the administrator jauntyadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config
Change the line:
PasswordAuthentication yes
- to
PasswordAuthentication no
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
It is then usually best (for security reasons) to now change the guest password to something completely different:
sudo passwd myjaunty00guest
- Copy the new id_rsa.pub key to the myjaunty00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/myjaunty00guest/.ssh/id_rsa.pub /home/jauntyadmin00/.ssh/id_rsaguest.pub sudo chown -R jauntyadmin00 /home/jauntyadmin00 cd ~/.ssh cat authorized_keys id_rsaguest.pub >> authorized_keys
Note: this new /home/jauntyadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.
- If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.
Add security scanners
- Don't believe the hype about Linux being free from viruses, trojans, and rootkits. They happen (although less common than in other operating systems). The biggest risk comes from installing software from repositories other than official Ubuntu repositories. Be careful. Here are some recommended security utilities:
- ClamAV is an anti-virus suite. Install:
sudo apt-get install clamav
- Run:
- Menu -> System -> ClamAV Anti-Virus Manager
- Rkhunter is a rootkit hunter. Install and run:
sudo apt-get install rkhunter sudo rkhunter
- Chkrootkit is another rootkit hunter. Install and run:
sudo apt-get install chkrootkit sudo ./chkrootkit
Install an EHR (Electronic Health Record) system
- Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.
- The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to myjaunty00.dyndns.org using port 22199.
Install OpenVistA server
- Read OpenVistA on Ubuntu
- Install pre-requisites:
sudo apt-get install xinetd update-inetd whois apache2-suexec
- Note: The Astronaut installer checks for an open port 9260 and it will not proceed if it is closed. Re-enable the firewall (i.e. ok to close port 9260 again) after installation is complete.
- Obtain and install Astronaut OpenVistA server:
sudo mkdir /etc/openvistaserver cd /etc/openvistaserver sudo wget -O astronaut-ov-server-current.deb http://sourceforge.net/projects/astronautnostro/files/astronaut-ov-server/astronaut-ov-server-beta-0.9-3.deb/download sudo dpkg -i astronaut-ov-server-current.deb
- Note: You may wish to save (as a text file) the installation notes displayed during the VistA server installation for future reference.
- Change the passwords for the server login IDs.
sudo passwd text9260 [sudo] password for jauntyadmin00: jauntyword00 Enter new UNIX password: vista!456 Retype new UNIX password: vista!456
sudo passwd client9260 [sudo] password for jauntyadmin00: jauntyword00 Enter new UNIX password: vista!456 Retype new UNIX password: vista!456
sudo passwd openvistaEHR [sudo] password for jauntyadmin00: jauntyword00 Enter new UNIX password: vista!456 Retype new UNIX password: vista!456
- Create a Menu Item / Shortcut for text 9260:
su text9260
- Name this Menu Item: VistA Server Admin (text9260). Make sure to set Advanced -> Run in terminal (ticked).
- The password set in the previous step (for text9260) will be required upon logging in.
- Create a Menu Item / shortcut for VistA Commander:
/opt/openvista/EHR/bin/vista_com.sh
- Name this Menu Item: VistA Commander Server Admin. Make sure to set Advanced -> Run in terminal (ticked).
Install OpenVistA-CIS Linux client
- Read OpenVistA-CIS on Linux.
- Install dependencies:
sudo apt-get install mono-runtime libmono-corlib2.0-cil libgtk2.0-cil libglade2.0-cil libmono-cairo2.0-cil libmono-winforms2.0-cil libmono-system-runtime2.0-cil
- Create directories then download and unzip the OpenVistA-CIS binaries into them:
sudo mkdir /etc/openvistacisclient cd /etc/openvistacisclient sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-client.zip/download sudo unzip openvistacis-0.9.96-client.zip
and
sudo mkdir /etc/openvistacisvitals cd /etc/openvistacisvitals sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-vitals.zip/download sudo unzip openvistacis-0.9.96-vitals.zip
- Create Menu shortcuts:
- Menu Editor -> New item
- -> General -> Name: OpenVistA-CIS Client (localhost connection)
- -> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9260
- -> Advanced -> Work path: /etc/openvistacisclient
and
- Menu Editor -> New item
- -> General -> Name: OpenVistA-CIS Vitals (localhost connection)
- -> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9260
- -> Advanced -> Work path: /etc/openvistacisvitals
Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.
Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server=127.0.0.1 with --server=myjaunty00.dyndns.org and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).
- Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.
Connecting through an SSH tunnel
This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).
- In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):
sudo mkdir /home/client9260 sudo mkdir /home/client9260/.ssh sudo cp /home/serveruser/.ssh/authorized_keys /home/client9260/.ssh/ sudo chown -R client9260 /home/client9260
and
sudo mkdir /home/text9260 sudo mkdir /home/text9260/.ssh sudo cp /home/serveruser/.ssh/authorized_keys /home/text9260/.ssh/ sudo chown -R text9260 /home/text9260
- Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
- Now you can connect securely with an SSH tunnel without requiring a password.
ssh -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
- Create Menu shortcuts for use when connecting through the SSH tunnel:
- Menu Editor -> New item
- -> General -> Name: OpenVistA-CIS Client
- -> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
- -> Advanced -> Work path: /etc/openvistacisclient
and
- Menu Editor -> New item
- -> General -> Name: OpenVistA-CIS Vitals
- -> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9201
- -> Advanced -> Work path: /etc/openvistacisvitals
- Create a Menu Item / Shortcut with the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
- but with Advanced -> Work path: /etc/openvistacisclient configured in the Menu Item / Shortcut settings. It is not necessary to have the Advanced -> Run in terminal box ticked.
- It is also possible to use the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono /etc/openvistacisclient/OpenVistaCIS.exe --server=127.0.0.1 --port=9201
- Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:
- Menu Editor -> New item
- -> General -> Name: OpenVistA Server (localhost)
- -> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 127.0.0.1 -p 22199
- -> Advanced -> Run in terminal: (ticked)
and
- Menu Editor -> New item
- -> General -> Name: OpenVistA Server (network)
- -> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
- -> Advanced -> Run in terminal: (ticked)
When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .
For more info about the OpenVistA Server functions, see here.
Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201).
- To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.
Adjust Login Manager IDs
- The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).
- Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> Excluded users -> client9260 (ticked) -> text9260 (ticked) -> openvistaEHR (ticked)
- The accounts will remain active but will not show up on the Login screen.
Changing passwords and other customization
Other resources
- Ubuntu-Med FAQ
- Kubuntuguide
- Ubuntu Doctors Guild
- Vincent Mazzarella, MD is a surgeon in Northern California, USA. He is the creator of Ubuntu-Med and the editor of Ubuntu Doctors Guild, Ubuntuguide, and Kubuntuguide.