Debian/Ubuntu 20.04 LTS

This chapter provides instructions for installing Allegra on a Debian/Ubuntu 20.04 server, including a Postgres database server and an Apache Tomcat 9 servlet container.

This chapter describes

  • How to obtain the Allegra installation script

  • How to run the installation script

Preparation

Hardware requirements

Make sure that the requirements concerning the runtime environment are met.

Permissions

You must have sudo permission on all commands.

Installation script

You can get the installation script for Ubuntu 20.04 from the Allegra download page. The script is called install.sh. Download it somewhere on the server where you want to install Allegra. Then call it as superuser:

sudo ./install.sh <context>

where the context is the last part of the URL of the application, like

https://www.yourServer.com/context

That’s it. After you run the script, you should have a working Allegra server at http://yourserver:8080/context.

Hint

  • login name: admin

  • password: tissi

Send e-mails

You should have access to an SMTP server before setting up Allegra. For testing purposes you can use your own email account or a free service account that you have set up for this purpose.

For a production environment, you should set up a dedicated email account for your Allegra installation.

Attention

If you are running your own SMTP server on Amazon’s EC2 or Lightsail web service you need to contact Amazon to allow you to send more than 100 emails per day via port 25.

Security

For security reasons, you should set up a standard Apache HTTP server as the front-end for the Tomcat servlet container.

You can use an existing installation of an Apache 2.4 web server or you can install Apache 2.4 on the same instance as the Tomcat server:

sudo apt-get install apache2 apache2-utils

Activate modules proxy, proxy_http, and proxy_ajp:

sudo a2enmod proxy
sudo a2enmod proxy_ajp
sudo a2enmod proxy_http

Add the following statements to your Apache server configuration at /etc/apache2/sites-available/default:

##
# Always set some headers
##
<IfModule mod_headers.c>
    Header set X-Frame-Options SAMEORIGIN
    Header append X-Content-Type-Options nosniff
    Header set X-XSS-Protection "1; mode=block"
    Header unset X-Powered-By
    Header set Strict-Transport-Security "max-age=31556926, includeSubDomains"
    Header set Expect-CT "max-age=0; report-uri=https://allegra-cloud.com/reportOnly"
    Header set Content-Security-Policy "default-src 'self' https://fonts.googleapis.com/
                https://fonts.gstatic.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval';
                connect-src 'self'; img-src 'self' data: https://seal.beyondsecurity.com/ ;
                style-src 'self' 'unsafe-inline';"
</IfModule>

ProxyPreserveHost On
RewriteEngine On

RewriteRule ^(/[a-z][a-z0-9\-]*)$ $1/ [R=301,L]

# CONTEXT
RewriteCond %{HTTP:Upgrade} =websocket [NC]
# If the Apache web server is on a different machine
# than the Apache Tomcat with Allegra, you have to enter here the
# IP number of the Tomcat server instead of 127.0.0.1!
RewriteRule /context/(.*)   ws://127.0.0.1:8080/context/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /context/(.*)   http://127.0.0.1:8080/context/$1 [P,L]

ProxyPassReverse /context/ https://yourdomain.com/context/
ProxyPassReverse /context/ ws://yourdomain.com/context/
#

Alternatively, you can use the ajp protocol for connecting the Apache server to Tomcat.

# If the Apache web server is on a different machine
# than the Apache Tomcat with Allegra, you have to enter here the
# IP number of the Tomcat server instead of 127.0.0.1!
ProxyPass /context ajp://127.0.0.1:8009/context
ProxyPassReverse /context/ https://<yourdomain.com>/context/

In the Tomcat configuration file /etc/tomcat9/server.xml, remove the comment to enable the ajp connector:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Thereafter restart Apache and Tomcat:

sudo service tomcat9 restart
sudo service apache2 restart