2 ----------------------------------------------------------------
4 Here is a short installation-howto of Mir.
9 - tomcat 4.0.3 or above (3.3 works too as of 04.04.2002, but this could change)
10 tomcat is available from http://jakarta.apache.org
11 - apache with mod_jk.so
12 - postgres 7.1.x or 7.2.x
13 - ant (a java-based make)
14 - jaxp-1.1 (a SAX 2.0 compliant XML parser, comes with ant >= 1.4)
15 - the JAI image framework (Java Advanced Imaging) versin 1.1.1 . get it from
16 java.sun.com. ** NOTE: because JAI uses a native acceration library (a .so)
17 it must be placed in tomcat's "lib" (i.e $CATALINA_HOME/lib) directory and
18 not under the default webapps/Mir/WEB-INF/lib directory **
24 cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvs login
29 cvs -d :pserver:anonymous@mir.indymedia.org:/var/lib/cvsco mir
32 2. customize the config:
35 cp config.properties-dist config.properties
37 now customize config.properties for your needs.
40 3. configure the perms.sh file if neccessary -- IMPORTANT! READ THIS!
41 We provide a script that sets all files' and direcories' permissions to
42 a quite reasonable state. This script gets automagically called by
43 ant after compilationl. The most important thing you have to do after
44 compiling Mir is to ensure that the log files -- especially
45 dbentity.log -- are not readable by users that could compromise
46 system security, because all passwords and the like will be logged here.
48 cp perms.sh-dist perms.sh
50 Now, change the install directory and group in perms.sh
55 4. copy the mir/templates-dist-directory to mir/templates
58 5. compile. For this step, you have to make sure that the TOMCAT_HOME
59 environment variable is set to the root of your tomcat installation.
60 The build.xml compile target will give up if this is not set.
62 Do this as root so the permissions script is able to set
63 the permissions and owners correctly.
68 6. Link in the webapps directory of tomcat to the install directory (the
69 directory is called "Mir" and is located in the same directory in which
70 you installed the "mir" directory).
71 cd /path/to/tomcat/webapps (tomcat-4.0.x/webapps)
72 ln -s Mir-install-dir Mir
74 with tomcat 4.0.x, you could dynamically reload and stop the Mir webapp without
75 restarting tomcat by using the "Manager App" with the following url:
77 http://localhost:8080/manager/stop?path=/mir
79 This is practical if you are running several installations of mir on one
80 tomcat or other webapps and can't afford to shutdown all of them.
81 See the tomcat documentation to learn how to enable and use the manager app.
83 7. Copy any dynamic library files ending with ".so" in the WEB-INF/lib to your
84 jre/lib directory (where the other ".so" files live). Or, you can skip the
85 whole thing and live without "native" acceleration for image manupulation.
87 A painful alternative, would be to modify the tomcat startup script and add an
88 LD_LIBRARY_PATH variable that points to the WEB-INF/lib directory of your Mir
89 install dir. (called "Mir"). Add something like the following at the top of
90 startup.sh (startup.sh is found in the "bin/" dir. under $TOMCAT_HOME):
91 LD_LIBRARY_PATH=/path/to/Mir-install-dir/WEB-INF/lib
93 8a. create a new database
94 The database name should be the same as in config.properties. Please look at
95 the section "Database.*" to look up the names or change them to your needs.
97 It is wise in terms of system seurity to use an unprivileged user for this
98 task instead of the superuser. This is because if Mir uses the superuser to
99 connect to the database and anybody manages to find out the password Mir
100 uses to connect, the attacker can take over the complete database. So, in
101 the following examples, we assume that the database name is "Mir", the
102 database user will be "mir" and the password is "joshua". Please note that
103 this particular password is far from being a good one. Watch "Wargames" for
106 To access the database as the database superuser, you either have to log in
107 as postgres on Unix level (which we don't recommend because you will need
108 another user to have a login shell and a password which makes system
109 penetration more likely) or you have to tell PostgreSQL with each
110 application call that you want to connect as a specific user. If you access
111 the database from any other user's account, use the -U flag to connect to
112 PostgreSQL as the database superuser ("postgres"):
114 createdb -U postgres --encoding=unicode Mir
116 Please note that if you create the database from inside the psql application,
117 the database name will likely be converted to lowercase letters.
120 8b. create an unprivileged database user for Mir
121 First, connect to the database as the database's superuser.
125 Now we create the actual user. Please choose a password that is hard to
126 guess instead of "joshua". Good passwords have characters and numerals in
127 it, have no link to its owner (like being her birthday, age, name of her
128 husband, dog, child, car, favourite beer brand). A good password looks like
131 CREATE USER Mir WITH PASSWORD 'joshua' NOCREATEDB NOCREATEUSER;
134 8c. create base table
135 Please note that we use the superuser "postgres" to connect to the "Mir"
136 database, /not/ the user "mir".
138 psql -Upostgres -f dbscripts/create_pg.sql Mir
139 for i in dbscripts/help*.sql ; do psql -Upostgres -f $i Mir ; done
140 for i in dbscripts/populate*.sql ; do psql -Upostgres -f $i Mir ; done
143 8d. Apply neccessary changes to config.properties
145 Please open config.properties and look for the lines that begin with
146 "Database.". The interesting properties are "Username", "Password", "Host"
147 and "Name". Change these properties so that they reflect the settings you
148 used to create the database and the user.
150 You should make sure that no copy of config.properties (neither in mir nor
151 in Mir/src nor in Mir/WEB-INF/classes nor in the directory tree you compiled
152 Mir from) is world-readable. Else you wouldn't have to install a password,
155 8e. Tweak mime-type extensions mappings in etc/web.xml file.
157 *** Note the defaults should be o.k for most installations ***
159 Add or remove any mime types you wish to support. This is used to figure
160 out the mime-type when (broken browsers?) browsers don't send the mime-type
161 in the content-type header field when uploading a media file. Note add the
162 moment you still have to add these to the media_type SQL table as well which
163 maps the mime-types to the correct mediaHandler class. See the comments in
164 the MirMedia class in javadoc for more details.
166 8f. Setup PostgreSQL so that all connections have to pass a password
168 In /etc/postgresql/pg_hba.conf you should make sure that nobody can
169 use the database without a password:
172 host all 127.0.0.1 255.0.0.0 password
173 host all 0.0.0.0 0.0.0.0 reject
175 This means: All local connections (i.e. psql without "-h hostname" option)
176 have to authenticate themselves with a password. All connections from
177 localhost (127.0.0.1) have to supply a password, too. All other connections
178 are rejected. This line doen't have to be there if you have a properly
179 configured firewall but even if you do have one, it adds to the security in
180 case an attacker penetrates the firewall by some hack.
182 If you can't access PostgreSQL after this for any reason, try and change
183 "password" in /etc/postgresql/pg_hba.conf to "trust". This should disable
184 any authentication method and make the database accessible again. Please use
185 this setting only temporarily because anybody who can access the PostgreSQL
186 server could take over the database completely this way. After you fixed
187 your password setting, switch the setting back to "password".
188 You may want to change your PostgreSQL password from time to time to make
189 database takeover harder. Rememer: Security is a process.
193 9. Add the dupe prevention trigger to the database:
194 cd dbscripts/dupetrigger
196 There, read INSTALL and follow the instructions.
203 insert the following patch into /etc/apache/httpd.conf. Edit the directories
207 JkWorkersFile /path/to/tomcat/conf/workers.properties
208 Include /path/to/tomcat/conf/mod_jk.conf-auto
211 Do not put any JkMount lines into your httpd.conf!
213 If mod_jk.conf-auto doesn't get written or is 0 bytes in size, check your
214 system for file ownership/permissions problems.
220 * set the document root to the same directory as in the mir config file
221 * enable shtml includes:
222 - add LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
223 - make sure your directory contains "Options Includes"
228 now the admin-application is accesable via:
232 and the openposting-servlet via
236 standard login is redaktion/indymedia
241 The Mir code offers no internal search facilities, rather, the design
242 expects the use of an external program to crawl and index the static
243 site. One (recommended) tool for doing this is htdig
244 (http://htdig.org), which generates static databases of the site
245 content and then accesses those databases through a very fast CGI
246 program written in C. In the scripts directory, a perl CGI script
247 which wraps calls to htsearch is provided (scripts/search.pl) which
248 will allow searching based off of media type. (This is possible
249 because the standard templates will include META keywords like
250 hasAudio, hasVideo, etc.)
255 You can give these a try if anything goes wrong:
257 + Restart Tomcat. Especially after compiling the sources Tomcat has to be
260 + Check file permissions and ownership. Try and run perms.sh.
262 ----------------------------------------------------------------
264 2001, 2002 - the Mir coders