README 6.15 KB
Newer Older
Karsten Loesing's avatar
Karsten Loesing committed
1
2
3
4
ExoneraTor
==========

This README describes the steps for installing ExoneraTor on Debian
5
GNU/Linux Jessie.  Instructions for other operating systems may vary.
Karsten Loesing's avatar
Karsten Loesing committed
6

7
8
In the following it is assumed that root privileges are available via
sudo.
Karsten Loesing's avatar
Karsten Loesing committed
9

10
11
Start by installing Git, Java, Ant, PostgreSQL, and a couple packages
containing .jar files:
Karsten Loesing's avatar
Karsten Loesing committed
12

13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
$ sudo apt-get install openjdk-7-jdk ant postgresql \
  libcommons-codec-java libcommons-lang-java libpostgresql-jdbc-java \
  libservlet3.0-java

Check the versions of the newly installed tools:

$ java -version
java version "1.7.0_101"
OpenJDK Runtime Environment (IcedTea 2.6.6) (7u101-2.6.6-2~deb8u1)
OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode)

$ ant -version
Apache Ant(TM) version 1.9.4 compiled on October 7 2014

$ psql --version
psql (PostgreSQL) 9.4.8

Add an exonerator user that will be used to import descriptors into the
database once per hour:

$ sudo adduser exonerator
Karsten Loesing's avatar
Karsten Loesing committed
34
35
36
37

The database importer and website sources will be installed in
/srv/exonerator.torproject.org/ that is created as follows:

38
39
40
$ sudo mkdir /srv/exonerator.torproject.org/
$ sudo chmod g+ws /srv/exonerator.torproject.org/
$ sudo chown exonerator:exonerator /srv/exonerator.torproject.org/
Karsten Loesing's avatar
Karsten Loesing committed
41
42
43
44
45
46

Clone the exonerator Git repository:

$ cd /srv/exonerator.torproject.org/
$ git clone https://git.torproject.org/exonerator.git

47
48
Create a libraries directory /srv/exonerator.torproject.org/lib/ and copy
all required .jar files from /usr/share/java/ there, including:
Karsten Loesing's avatar
Karsten Loesing committed
49

50
51
52
53
 - /srv/exonerator.torproject.org/exonerator/lib/commons-codec-1.9.jar
 - /srv/exonerator.torproject.org/exonerator/lib/commons-lang-2.6.jar
 - /srv/exonerator.torproject.org/exonerator/lib/postgresql-jdbc3-9.2.jar
 - /srv/exonerator.torproject.org/exonerator/lib/servlet-api-3.0.jar
Karsten Loesing's avatar
Karsten Loesing committed
54

55
56
Obtain the DescripTor library from https://dist.torproject.org/descriptor/
and also place it in the lib/ directory:
Karsten Loesing's avatar
Karsten Loesing committed
57

58
 - /srv/exonerator.torproject.org/exonerator/lib/descriptor-1.2.0.jar
Karsten Loesing's avatar
Karsten Loesing committed
59

60
Attempt to compile the sources to see if all requirements are provided:
Karsten Loesing's avatar
Karsten Loesing committed
61

62
$ ant compile
Karsten Loesing's avatar
Karsten Loesing committed
63

64
65
66
Create a new exonerator database user.  There is no need to give the
exonerator user superuser privileges or allow it to create databases or
new roles.
Karsten Loesing's avatar
Karsten Loesing committed
67

68
$ sudo -u postgres createuser -P exonerator
Karsten Loesing's avatar
Karsten Loesing committed
69

70
Create a new database exonerator owned by user exonerator.
Karsten Loesing's avatar
Karsten Loesing committed
71

72
$ sudo -u postgres createdb -O exonerator exonerator
Karsten Loesing's avatar
Karsten Loesing committed
73
74
75

Import the exonerator database schema.

76
$ psql -f /srv/exonerator.torproject.org/exonerator/src/main/resources/db/exonerator.sql \
Karsten Loesing's avatar
Karsten Loesing committed
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
  exonerator

Confirm that the database now contains tables to hold ExoneraTor data.  In
the following, => will be used as the database prompt.

$ psql exonerator
=> \dt+
=> \q

Run the Java database importer.

$ ./run-exonerator.sh

The database import will take a while.  Once it's complete, check that the
database tables now contain data:

$ psql exonerator
=> \dt+
=> \q

Add a crontab entry for the database importer to run once per hour:

20 * * * * cd /srv/exonerator.torproject.org/exonerator/ && \
  ./run-exonerator.sh

The Apache HTTP Server is used as the front-end web server that serves
static resources itself and forwards requests for dynamic resources to
Apache Tomcat.

Start by installing Apache:

108
$ sudo apt-get install apache2
Karsten Loesing's avatar
Karsten Loesing committed
109
110
111

Disable Apache's default site.

112
$ sudo a2dissite default
Karsten Loesing's avatar
Karsten Loesing committed
113
114
115

Enable mod_proxy to forward requests to Tomcat.

116
$ sudo a2enmod proxy_http
Karsten Loesing's avatar
Karsten Loesing committed
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

Create a new virtual host configuration and store it in a new file
/etc/apache2/sites-available/exonerator.torproject.org with the following
content:

<VirtualHost *:80>
  ServerName exonerator.torproject.org
  ServerAdmin torproject-admin@torproject.org
  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/access.log combined
  ServerSignature On
  <IfModule mod_proxy.c>
    <Proxy *>
      Order deny,allow
      Allow from all
    </Proxy>
    ProxyPass / http://127.0.0.1:8080/exonerator/ retry=15
    ProxyPassReverse / http://127.0.0.1:8080/exonerator/
    ProxyPreserveHost on
  </IfModule>
</VirtualHost>

Enable the new virtual host.

141
$ sudo a2ensite exonerator.torproject.org
Karsten Loesing's avatar
Karsten Loesing committed
142
143
144

Restart Apache just to be sure that all changes are effective.

145
$ sudo service apache2 restart
Karsten Loesing's avatar
Karsten Loesing committed
146
147
148
149
150

Apache Tomcat will process requests for dynamic resources.

Install Tomcat:

151
$ sudo apt-get install tomcat8
Karsten Loesing's avatar
Karsten Loesing committed
152

153
Replace Tomcat's default configuration in /etc/tomcat8/server.xml with the
Karsten Loesing's avatar
Karsten Loesing committed
154
155
156
157
158
159
160
161
162
163
164
following configuration:

<Server port="8005" shutdown="SHUTDOWN">
  <Service name="Catalina">
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               compression="off" compressionMinSize="2048"
               noCompressionUserAgents="gozilla, traviata"
               compressableMimeType="text/html,text/xml,text/plain" />
165
166
    <Engine name="Catalina" defaultHost="exonerator.torproject.org">
      <Host name="exonerator.torproject.org" appBase="webapps"
Karsten Loesing's avatar
Karsten Loesing committed
167
            unpackWARs="true" autoDeploy="true"
168
169
170
            xmlValidation="false" xmlNamespaceAware="false"
            copyXML="true">
        <Alias>exonerator.torproject.org</Alias>
Karsten Loesing's avatar
Karsten Loesing committed
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
        <Valve className="org.apache.catalina.valves.AccessLogValve"
               directory="logs" prefix="exonerator_access_log."
               suffix=".txt" pattern="%l %u %t %r %s %b"
               resolveHosts="false"/>
      </Host>
    </Engine>
  </Service>
</Server>

Update the database password in
/srv/exonerator.torproject.org/exonerator/etc/context.xml.

Now generate the web application.

$ ant war

187
188
189
190
191
Add a symbolic link to the PostgreSQL JDBC library to Tomcat's lib/
folder:

$ sudo ln -s /usr/share/java/postgresql-jdbc4.jar /var/lib/tomcat8/lib/

Karsten Loesing's avatar
Karsten Loesing committed
192
193
Create a symbolic link to the exonerator.war file:

194
195
$ sudo ln -s /srv/exonerator.torproject.org/exonerator/exonerator.war \
  /var/lib/tomcat8/webapps/
Karsten Loesing's avatar
Karsten Loesing committed
196
197
198
199
200
201
202
203

Tomcat will now attempt to deploy the web application automatically.

Whenever the ExoneraTor website needs to be redeployed, generate a new
.war file and Tomcat will reload the web application automatically.

Restart Tomcat to make all configuration changes effective:

204
$ sudo service tomcat8 restart
Karsten Loesing's avatar
Karsten Loesing committed
205
206
207

The ExoneraTor website should now work.