1 Here is a short installation-howto of Mir.
7 - apache with mod_jk.so
9 - ant (a java-based make)
10 - jaxp-1.1 (a SAX 2.0 compliant XML parser, comes with ant >= 1.4)
11 - the JAI image framework (Java Advanced Imaging) versin 1.1.1 . get it from
12 java.sun.com. ** NOTE: it must be placed in tomcat's common/lib directory **
18 cvs -d :pserver: cvsanon@brazil.indymedia.de:/var/cvs login
23 cvs -d :pserver: cvsanon@brazil.indymedia.de:/var/cvs co mir
26 2. customize the config:
29 cp config.properties-dist config.properties
31 now customize config.properties for your needs.
34 3. configure the build.xml file if neccessary
36 cp build.xml-new build.xml
39 4. configure the perms.sh file if neccessary -- IMPORTANT! READ THIS!
40 We provide a script that sets all files' and direcories' permissions to
41 a quite reasonable state. This script gets automagically called by
42 ant after compilationl. The most important thing you have to do after
43 compiling Mir is to ensure that the log files -- especially
44 dbentity.log -- are not readable by users that could compromise
45 system security, because all passwords and the like will be logged here.
47 cp perms.sh-dist perms.sh
49 Now, change the install directory and group in perms.sh
54 5. copy the mir/templates-dist-directory to mir/templates
58 Do this as root so the permissions script is able to set
59 the permissions and owners correctly.
64 7. Link in the webapps directory of tomcat to the install directory (the
65 directory is called "Mir" and is located in the same directory in which
66 you installed the "mir" directory).
67 cd /usr/share/tomcat/webapps
68 ln -s Mir-install-dir Mir
70 8. Modify your tomcat startup script and add an LD_LIBRARY_PATH variable
71 that points to the WEB-INF/lib directory of your Mir install dir. (called
72 "Mir"). Add something like the following at the top of tomcat.sh (tomcat.sh
73 is found in the "bin/" dir. under $TOMCAT_HOME):
74 LD_LIBRARY_PATH=/path/to/Mir-install-dir/WEB-INF/lib
76 An alternaive way to avoid this is to copy any dynamic library files
77 ending with ".so" in WEB-INF/lib to your jre/jdk lib directory (where the
78 other ".so" files live). Or, you can skip the whole thing and live without
79 "native" acceleration for image manipulation
82 9a. create a new database
83 The database name should be the same as in config.properties. Please look at
84 the section "Database.*" to look up the names or change them to your needs.
86 It is wise in terms of system seurity to use an unprivileged user for this
87 task instead of the superuser. This is because if Mir uses the superuser to
88 connect to the database and anybody manages to find out the password Mir
89 uses to connect, the attacker can take over the complete database. So, in
90 the following examples, we assume that the database name is "Mir", the
91 database user will be "mir" and the password is "joshua". Please note that
92 this particular password is far from being a good one. Watch "Wargames" for
95 To access the database as the database superuser, you either have to log in
96 as postgres on Unix level (which we don't recommend because you will need
97 another user to have a login shell and a password which makes system
98 penetration more likely) or you have to tell PostgreSQL with each
99 application call that you want to connect as a specific user. If you access
100 the database from any other user's account, use the -U flag to connect to
101 PostgreSQL as the database superuser ("postgres"):
103 createdb -U postgres --encoding=unicode Mir
105 Please note that if you create the database from inside the psql application,
106 the database name will likely be converted to lowercase letters.
109 9b. create an unprivileged database user for Mir
110 First, connect to the database as the database's superuser.
114 Now we create the actual user. Please choose a password that is hard to
115 guess instead of "joshua". Good passwords have characters and numerals in
116 it, have no link to its owner (like being her birthday, age, name of her
117 husband, dog, child, car, favourite beer brand). A good password looks like
120 CREATE USER Mir WITH PASSWORD 'joshua' NOCREATEDB NOCREATEUSER;
123 9c. create base table
124 Please note that we use the superuser "postgres" to connect to the "Mir"
125 database, /not/ the user "mir".
127 psql -Upostgres -f dbscripts/create_pg.sql Mir
128 for i in dbscripts/help*.sql ; do psql -Upostgres -f $i Mir ; done
129 for i in dbscripts/populate*.sql ; do psql -Upostgres -f $i Mir ; done
132 9d. Apply neccessary changes to config.properties
134 Please open config.properties and look for the lines that begin with
135 "Database.". The interesting properties are "Username", "Password", "Host"
136 and "Name". Change these properties so that they reflect the settings you
137 used to create the database and the user.
139 You should make sure that no copy of config.properties (neither in mir nor
140 in Mir/src nor in Mir/WEB-INF/classes nor in the directory tree you compiled
141 Mir from) is world-readable. Else you wouldn't have to install a password,
145 9e. Setup PostgreSQL so that all connections have to pass a password
147 In /etc/postgresql/pg_hba.conf you should make sure that nobody can
148 use the database without a password:
151 host all 127.0.0.1 255.0.0.0 password
152 host all 0.0.0.0 0.0.0.0 reject
154 This means: All local connections (i.e. psql without "-h hostname" option)
155 have to authenticate themselves with a password. All connections from
156 localhost (127.0.0.1) have to supply a password, too. All other connections
157 are rejected. This line doen't have to be there if you have a properly
158 configured firewall but even if you do have one, it adds to the security in
159 case an attacker penetrates the firewall by some hack.
161 If you can't access PostgreSQL after this for any reason, try and change
162 "password" in /etc/postgresql/pg_hba.conf to "trust". This should disable
163 any authentication method and make the database accessible again. Please use
164 this setting only temporarily because anybody who can access the PostgreSQL
165 server could take over the database completely this way. After you fixed
166 your password setting, switch the setting back to "password".
167 You may want to change your PostgreSQL password from time to time to make
168 database takeover harder. Rememer: Security is a process.
172 10. Add the dupe prevention trigger to the database:
173 cd dbscripts/dupetrigger
175 There, read INSTALL and follow the instructions.
182 insert the following patch into /etc/apache/httpd.conf. Edit the directories
186 JkWorkersFile /usr/share/tomcat/conf/workers.properties
187 Include /usr/share/tomcat/conf/mod_jk.conf-auto
190 Do not put any JkMount lines into your httpd.conf!
192 If mod_jk.conf-auto doesn't get written or is 0 bytes in size, check your
193 system for file ownership/permissions problems.
199 * set the document root to the same directory as in the mir config file
200 * enable shtml includes:
201 - add LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
202 - make sure your directory contains "Options Includes"
207 now the admin-application is accesable via:
211 and the openposting-servlet via
215 standard login is redaktion/indymedia
221 You can give these a try if anything goes wrong:
223 + Restart Tomcat. Especially after compiling the sources Tomcat has to be
226 + Check file permissions and ownership. Try and run perms.sh.