This document describes the steps involved to install EMG and EMG Portal CentOS 6.5, released in December 2013.
CentOS 6.5 provides Apache 2.2.15, PHP 5.3.3 and MySQL 5.1.73 through the default yum repositories which meet the EMG Portal requirements well.
We will install on Centos 6.5 (64-bit), create a separate user for emg and place the EMG installation in /home/emg.
This will give us a privilege-separated installation in its own location.
Basic OS installation and configuration
- Download and install CentOS 6.5 (64-bit). We choose the "minimal" distribution,
http://ftp.lysator.liu.se/pub/CentOS/6.5/isos/x86_64/CentOS-6.5-x86_64-minimal.iso
- After installation, login as "root"
- Consider disabling SELinux, at least during the installation,
http://www.revsys.com/writings/quicktips/turn-off-selinux.html
- Run a "yum update" to ensure all packages are up to date and if any kernel packages were updated reboot the server
yum update
- Install some additional required packages
yum install wget httpd httpd-devel mod_ssl mysql-server mysql-devel php php-pdo \ php-mysql php-pear php-xml php-devel pcre-devel gcc postfix mlocate mailx chkconfig mysqld on chkconfig httpd on chkconfig postfix on
- Create user "emg" and assign a good password to the new account. Consider having a strong password generated, for example using https://strongpasswordgenerator.com/
useradd -m emg
passwd emg
- Consider limiting ssh access to specific users by adding "AllowUsers emg" to /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
service sshd restart
- Consider synchronizing server time with NTP servers
yum install ntpdate ntp ntpdate
0.pool.ntp.org chkconfig ntpd on service ntpd start
EMG installation
We are now ready to install and configure EMG
- Request an eval license key via http://www.nordicmessaging.se/icablic-confirm
- Login as "root"
- Download latest EMG 6 (Linux 64-bit) "Full distribution" via http://www.nordicmessaging.se/download/overview/download-index.html using download username / password from the eval license key email
cd /tmp
wget --http-user=xxx --http-password=yyy \ http://www.nordicmessaging.se/files/emg/emg60/emg606-38504-linux-64bit-full.tar.gz
tar xvzf emg606-38504-linux-64bit-full.tar.gz
cd emg-dist sh ./INSTALL
Specify newly created user "emg" for user and group, "/home/emg/etc" for configuration files, "/home/emg/bin" for executables plus your eval license information.
- Add "export EMGDIR=$HOME/etc" to the end of bash profile script
echo 'export EMGDIR=$HOME/etc' >>/home/emg/.bash_profile
- Login as "emg"
- Replace default EMG configuration file by EMG Portal configuration file
cp /home/emg/etc/server.cfg.emgportal /home/emg/etc/server.cfg
- Create EMG database and schema, but first edit the script to set a secure password, preferably generated
cd /home/emg/etc/sql vi ./createemgdb-mysql.sh
sh ./createemgdb-mysql.sh createdb
sh ./createemgdb-mysql.sh createtables
- Edit server.cfg file and change the database credentials to match the above in the DATABASE section
vi /home/emg/etc/server.cfg
EMG perl installation
In order for the EMG Portal billing plugin (and EMG perl plugins in general) to work properly the EMG perl distribution needs to be installed. More information http://www.nordicmessaging.se/tech-notes/emg/emg-526-and-perl-plugins.html.
Please note that this will be a perl installation completely separated from the default perl installation used by /usr/bin/perl. To install modules and run the EMG perl distribution you must run the perl binary with the full path (/opt/perl-5.12.2-emg/bin/perl) and preferably always as user "emg" to avoid mixing up file permissions. However, below we add the new perl bin directory first in the PATH for the "emg" user in order to ensure the EMG perl binary is always used when using "emg" account.
EMG Portal installation
Time to download and install EMG Portal. The evaluation version of EMG Portal is encoded with ionCube and first an ionCube loader must be configured in PHP.
- As user "root", open firewall to allow https (port 443) and optionally http (port 80) connections in firewall and start httpd service. We recommend using https only since communication will then be protected by SSL encryption. However, if you use the default self-signed SSL certificate the visting browser will throw a warning when accessing the page. Installation of a proper certificate signed by a trusted CA is therefore strongly recommended.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT [ Optional - not recommended ] iptables -I INPUT -p tcp --dport 443 -j ACCEPT service iptables save service httpd start
- Download the ionCube loader wizard from http://www.ioncube.com/loaders.php and install it by placing the installer wizard in /var/www/html and point your browser to https://servername/ioncube/loader-wizard.php. Follow the instructions and remember to delete the loader files in web directory after completing the loader installation.
cd /var/www/html wget http://www.ioncube.com/loader-wizard/loader-wizard.tgz tar xvzf loader-wizard.tgz [ Open browser and follow instructions, which should correspond to commands below ] cd /usr/lib64/php/modules/ wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.bz2 tar xvjf ioncube_loaders_lin_x86-64.tar.bz2 cp ioncube/ioncube_loader_lin_5.3.so . echo "zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.3.so" >/etc/php.d/20-ioncube.ini service httpd restart [ The ionCube loader should now load properly if you point your browser to https://servername/ioncube/loader-wizard.php?timeout=0&ini=0&page=loader_check ] rm -rf /usr/lib64/php/modules/ioncube/ /var/www/html/loader-wizard.tgz /var/www/html/ioncube/
- Download the current 30-day eval as user "root". You will end up with a file named something similar to emgportal-1.6-38876-ioncube-20140725.tar.gz
cd /tmp wget --trust-server-names http://www.nordicmessaging.se/files/emg/emgportal-eval.php cd /var/www/html mkdir emgportal cd emgportal tar xvzf /tmp/emgportal-1.6-38922-ioncube-20140727.tar.gz chown apache assets protected/runtime chmod 777 protected/config cp htaccess.sample .htaccess
-
Modify .htaccess to use the right sub-uri by uncommenting "#RewriteBase /emgportal" vi .htaccess
-
Configure apache by copying emgportal.conf to apache config directory and restart httpd servce
cp /var/www/html/emgportal/emgportal.conf /etc/httpd/conf.d service httpd restart
-
If you access the EMG Portal installer from a remote computer you will need to add your IP address to AUTHORIZED_IPS variable on line 3 in the installer file.
vi /var/www/html/emgportal/install/index.php
-
Now you should be able to point your browser to your server https://yourserver/emgportal and see the EMG Portal installer.
- After finishing the installer you need to remove installation directory and secure config files
cd /var/www/html/emgportal rm -rf install/ chmod 755 protected/config chown -R root.root protected/config
- As a final step you should check the main config file for any settings you want to customize especially the "adminEmail" and "emailReportCopy" settings. You can also define your own layout file and point to it through the "layout" setting.
vi /var/www/html/emgportal/protected/config/main.php
Finish EMG installation
You need to copy the billing plugin from EMG Portal distribution into the EMG etc directory.
- Copy the file as "emg" user and update database credentials in the file
su - emg cp /var/www/html/emgportal/misc/billing.pl /home/emg/etc/ vi /home/emg/etc/billing.pl
- As user "root", open firewall for incoming SMPP connections. In server.cfg there is an incoming SMPP connector listening on port 2775 but we have yet to allow inbound connections on that port
iptables -I INPUT -p tcp --dport 2775 -j ACCEPT
service iptables save
Finally you should be able to start the EMG server by running command "emgd" as user "emg". The command "emgstat" should give you a list of connectors in the EMG server and their status.
You should also be able to login to the EMG Portal and see the same information under "Dashboard -> Connectors".
Recurring tasks (cron)
A few cron jobs need to be added to enable recurring tasks.
Extract from "crontab -l -u emg" on a running server:
# Verify emgd is running */2 * * * * /home/emg/bin/checkemg.sh
# Purge old records from EMG database */5 * * * * /home/emg/bin/cleandb.sh >>/tmp/cleandb.log 2>&1 # Aggregate statistics for EMG Portal message reports * * * * * /home/emg/bin/hourly_summary.pl >>/tmp/hourly_summary.log 2>&1
# Trigger daily report for current month 5 0 * * * wget --no-check-certificate -O - https://127.0.0.1/emgportal/cron/reportMonth >/tmp/cron_report.log 2>&1
# Trigger scheduled jobs */5 * * * * wget --no-check-certificate -O - https://127.0.0.1/emgportal/cron/sendScheduled >/tmp/cron_send.log 2>&1
There are sample scripts "checkemg.sh" and "cleandb.sh" in the /home/emg/bin directory. The "hourly_summary.pl" script is part of the EMG Portal distribution.
As user "emg", copy them and review paths and database settings in the scripts to ensure they run correctly.
cp /home/emg/bin/checkemg.sh.sample /home/emg/bin/checkemg.sh cp /home/emg/bin/cleandb.sh.sample /home/emg/bin/cleandb.sh cp /var/www/html/emgportal/misc/hourly_summary.pl.sample /home/emg/bin/hourly_summary.pl vi /home/emg/bin/checkemg.sh vi /home/emg/bin/cleandb.sh vi /home/emg/bin/hourly_summary.pl
Then add crontab entries from above
crontab -u emg -e (if running as user "root") crontab -e (if running as user "emg")
What's next?
You should now have a running messaging solution with server and web interface for provisioning tasks.
Next steps include:
- Set up routing
- Set up pricing
- Provision customer accounts
- Remember to open firewall if you add new inbound connectors
- Consider adding a proper SSL certificate to protect your site and for increased customer trust
Please consult the EMG Portal manual for some more information about EMG Portal functionality.
http://www.nordicmessaging.se/files/docs/emgportal/html/
|