3 Last updated: $Date: 2002/07/08 16:20:32 $
4 ----------------------------------------------------------------
6 Here is a short installation-howto of Mir.
11 - tomcat 4.0.4 (4.0.3 and below have some bad bugs) or above (3.3 works too as
12 of 04.04.2002, but this could change)
13 tomcat is available from http://jakarta.apache.org/tomcat/
14 - apache 1.3.x. with mod_jk.so. As far as I can tell the connector for 2.x is
15 still rather undocumented. http://httpd.apache.org
16 - postgres 7.1.x or 7.2.x. http://www.postgresql.org
17 - ant (a java-based make)
18 - jaxp-1.1 (a SAX 2.0 compliant XML parser, comes with ant >= 1.4)
19 - the JAI image framework (Java Advanced Imaging) versin 1.1.1 . get it from
20 java.sun.com. ** NOTE: because JAI uses a native acceration library (a .so)
21 it must be placed in tomcat's "lib" (i.e $TOMCAT_HOME/lib) directory and
22 not under the default webapps/Mir/WEB-INF/lib directory **
23 - A good reading of Tomcat, Apache and Postgresql documentation if you are not
24 familiar with any of them. The documentation is available at:
25 http://jakarta.apache.org/tomcat/tomcat-4.0-doc/index.html,
26 http://httpd.apache.org/docs/ and http://www.postgresql.org respectively.
32 cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvs login
37 cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvs co mir
40 2. customize the config:
43 cp config.properties-dist config.properties
45 now customize config.properties for your needs.
48 3. configure the perms.sh file if neccessary -- IMPORTANT! READ THIS!
49 We provide a script that sets all files' and direcories' permissions to
50 a quite reasonable state. This script gets automagically called by
51 ant after compilationl. The most important thing you have to do after
52 compiling Mir is to ensure that the log files -- especially
53 dbentity.log -- are not readable by users that could compromise
54 system security, because all passwords and the like will be logged here.
56 cp perms.sh-dist perms.sh
58 Now, change the install directory and group in perms.sh
63 4. copy the mir/templates-dist-directory to mir/templates
66 5. compile. For this step, you have to make sure that the TOMCAT_HOME
67 environment variable is set to the root of your tomcat installation.
68 The build.xml compile target will give up if this is not set.
70 Do this as root so the permissions script is able to set
71 the permissions and owners correctly.
76 6. Link in the webapps directory of tomcat to the install directory (the
77 directory is called "Mir" and is located in the same directory in which
78 you installed the "mir" directory). (Here and in the rest of this document,
79 we assume you called the link "Mir", but this could be named anything.)
80 cd /path/to/tomcat/webapps (tomcat-4.0.x/webapps)
81 ln -s /path/to/Mir Mir
83 with tomcat 4.0.x, you could dynamically reload and stop the Mir webapp without
84 restarting tomcat by using the "Manager App" with the following url:
86 http://localhost:8080/manager/stop?path=/Mir
88 This is practical if you are running several installations of mir on one
89 tomcat or other webapps and can't afford to shutdown all of them.
90 See the tomcat documentation to learn how to enable and use the manager app.
92 7. Copy any dynamic library files ending with ".so" (so far only the JAI native
93 acceleration library found in the JAI package tarball or zip from sun) to your
94 $JAVA_HOME/jre/lib/i386 directory (where the other ".so" files live). Or, you
95 can skip the whole thing and live without "native" acceleration for image
98 8a. create a new database
99 The database name should be the same as in config.properties. Please look at
100 the section "Database.*" to look up the names or change them to your needs.
102 It is wise in terms of system seurity to use an unprivileged user for this
103 task instead of the superuser. This is because if Mir uses the superuser to
104 connect to the database and anybody manages to find out the password Mir
105 uses to connect, the attacker can take over the complete database. So, in
106 the following examples, we assume that the database name is "Mir", the
107 database user will be "mir" and the password is "joshua". Please note that
108 this particular password is far from being a good one. Watch "Wargames" for
111 To access the database as the database superuser, you either have to log in
112 as postgres on Unix level (which we don't recommend because you will need
113 another user to have a login shell and a password which makes system
114 penetration more likely) or you have to tell PostgreSQL with each
115 application call that you want to connect as a specific user. If you access
116 the database from any other user's account, use the -U flag to connect to
117 PostgreSQL as the database superuser ("postgres"):
119 createdb -U postgres --encoding=unicode Mir
121 Please note that if you create the database from inside the psql application,
122 the database name will likely be converted to lowercase letters.
125 8b. create an unprivileged database user for Mir
126 First, connect to the database as the database's superuser.
130 Now we create the actual user. Please choose a password that is hard to
131 guess instead of "joshua". Good passwords have characters and numerals in
132 it, have no link to its owner (like being her birthday, age, name of her
133 husband, dog, child, car, favourite beer brand). A good password looks like
136 CREATE USER Mir WITH PASSWORD 'joshua' NOCREATEDB NOCREATEUSER;
138 8c. create base table
139 Please note that we use the superuser "postgres" to connect to the "Mir"
140 database, /not/ the user "mir".
142 psql -Upostgres -f dbscripts/create_pg.sql Mir
143 for i in dbscripts/help*.sql ; do psql -Upostgres -f $i Mir ; done
144 for i in dbscripts/populate*.sql ; do psql -Upostgres -f $i Mir ; done
146 8d. Grant the required permissions to the new user
148 -- The following should be executed as the "postgres" DB user.
149 -- Note that ID_FROM_PG_USER and DATABASENAME should be replace with the
150 appropriate field values from the 2 prior selects.
151 -- set owner of datbase
152 select * from pg_database;
153 select * from pg_user;
154 update pg_database set datdba=ID_FROM_PG_USER where datname=DATABASENAME
156 -- find all tables to grant privs / select is just building sql
159 select 'grant all on '||relname||' to "de_indy";'
161 where relname not like 'pg%'
164 8e. Apply neccessary changes to config.properties
166 Please open config.properties and look for the lines that begin with
167 "Database.". The interesting properties are "Username", "Password", "Host"
168 and "Name". Change these properties so that they reflect the settings you
169 used to create the database and the user.
171 You should make sure that no copy of config.properties (neither in mir nor
172 in Mir/src nor in Mir/WEB-INF/classes nor in the directory tree you compiled
173 Mir from) is world-readable. Else you wouldn't have to install a password,
176 8f. Setup PostgreSQL so that all connections have to pass a password
178 In /etc/postgresql/pg_hba.conf you should make sure that nobody can
179 use the database without a password:
182 host all 127.0.0.1 255.0.0.0 password
183 host all 0.0.0.0 0.0.0.0 reject
185 This means: All local connections (i.e. psql without "-h hostname" option)
186 have to authenticate themselves with a password. All connections from
187 localhost (127.0.0.1) have to supply a password, too. All other connections
188 are rejected. This line doen't have to be there if you have a properly
189 configured firewall but even if you do have one, it adds to the security in
190 case an attacker penetrates the firewall by some hack.
192 If you can't access PostgreSQL after this for any reason, try and change
193 "password" in /etc/postgresql/pg_hba.conf to "trust". This should disable
194 any authentication method and make the database accessible again. Please use
195 this setting only temporarily because anybody who can access the PostgreSQL
196 server could take over the database completely this way. After you fixed
197 your password setting, switch the setting back to "password".
198 You may want to change your PostgreSQL password from time to time to make
199 database takeover harder. Rememer: Security is a process.
203 9. Add the dupe prevention trigger to the database:
204 cd dbscripts/dupetrigger
206 There, read INSTALL and follow the instructions.
209 10. Tweak mime-type extensions mappings in etc/web.xml file.
211 *** Note the defaults should be o.k for most installations ***
213 Add or remove any mime types you wish to support. This is used to figure
214 out the mime-type when (broken browsers?) browsers don't send the mime-type
215 in the content-type header field when uploading a media file. Note add the
216 moment you still have to add these to the media_type SQL table as well which
217 maps the mime-types to the correct mediaHandler class. See the comments in
218 the MirMedia class in javadoc for more details.
224 There are 2 ways to do this. auto-generation of mod_jk.conf or manula JKMount
225 lines. (rumour has it that Tomcat 4.0.x doesn't support auto-generation, but
226 this is unconfirmed).
228 In both examples please note that the JkWorkersFile line only needs to appear
229 once per Apache config.
231 Also this assumes that your tomcat installation has it's ajp13 conenctor
232 turned on. See tomcat's server.xml file and documentation for this. Chances
233 are that it is turned on.
235 Method a). The automatic mod_jk.conf method:
237 insert the following patch into /etc/apache/httpd.conf. Edit the directories
241 JkWorkersFile /path/to/tomcat/conf/workers.properties
242 Include /path/to/tomcat/conf/mod_jk.conf-auto
245 Do not put any JkMount lines into your httpd.conf!
247 If mod_jk.conf-auto doesn't get written or is 0 bytes in size, check your
248 system for file ownership/permissions problems.
250 Method b). Manual JKMount lines
252 insert the following patch into /etc/apache/httpd.conf. Edit the directories
256 JkWorkersFile /path/to/tomcat/conf/workers.properties
265 * set the document root to the same directory as in the mir config file
266 * enable shtml includes:
267 - add LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
268 - make sure your directory contains "Options Includes"
269 * Determine if you need to modify any apache mime-mappings
270 - The web-server host must recognize the .m3u, .pls and other file extensions
271 and send the proper "audio/x-mpegurl" and "audio/x-scpls" mime-types
272 respectively. If the web server is apache, it's easy, just
278 to the file pointed to by the "TypesConfig" command in your apache config
279 file. Or add and equivalent AddType command to your httpd.conf. Of course
280 this assumes that the mod_mime is loaded.
284 now the admin-application is accesable via:
286 http://host/Mir/servlet/Mir
288 and the openposting-servlet via
290 http://host/Mir/servlet/OpenMir
292 standard login is admin/indymedia. See the webdb_users SQL table to change/add
298 The Mir code offers no internal search facilities, rather, the design
299 expects the use of an external program to crawl and index the static
300 site. One (recommended) tool for doing this is htdig
301 (http://htdig.org), which generates static databases of the site
302 content and then accesses those databases through a very fast CGI
303 program written in C. In the scripts directory, a perl CGI script
304 which wraps calls to htsearch is provided (scripts/search.pl) which
305 will allow searching based off of media type. (This is possible
306 because the standard templates will include META keywords like
307 hasAudio, hasVideo, etc.)
311 see the UPGRADING.mir file.
315 You can give these a try if anything goes wrong:
317 + Restart Tomcat. Especially after compiling the sources Tomcat has to be
320 + Check file permissions and ownership. Try and run perms.sh.
322 ----------------------------------------------------------------
324 $Date: 2002/07/08 16:20:32 $ - the Mir coders