These are advanced installation notes for a Debian server to deploy OpenAtlas.
We use this instruction for our workflow, it is very specific and detailed (e.g. changing the prompt to color and show git information) so feel free to use/adapt as needed.
apt install aptitude ntpsec vim
OpenAtlas user interfaces are currently supported for English and German, you might want to install needed languages with this command:
dpkg-reconfigure locales
PermitRootLogin no PasswordAuthentication no
# apt-get install unattended-upgrades apt-listchanges
Unattended-Upgrade::Mail "root";
rkunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. To install rkhunter and prevent false positives when deploying OpenAtlas follow the instructions below.
Installation
apt install rkhunter
Configurationvim /etc/rkhunter.conf
vim /etc/rkhunter.conf.local
rkhunter -c --sk
rkhunter --propupd
vim /etc/default/rkhunter
apt install apache2 (needed for permissions and file structure)
groupadd web-admin usermod -a -G web-admin alex chgrp -R web-admin /var/www chmod -R 775 /var/www chmod g+s /var/www
vim ~/.profile
umask 002
mkdir /var/www/openatlas mkdir /var/www/frontend
vim ~/.bashrc
function parse_git_dirty { [[ $(git status 2> /dev/null | tail -n1) != "nothing to commit, working tree clean" ]] && echo "*" } function parse_git_branch { git branch --no-color 2> /dev/null | sed -e '/^[^*]/d' -e "s/* \(.*\)/[\1$(parse_git_dirty)]/" } PS1='\[\e[1;34m\]\u@\h:\w\[\e[0;32m\]$(parse_git_branch)\[\e[1;34m\]\$ \[\e[m\]'
Change default editor to vim:
update-alternatives --config editor
Next follow the instructions how to install OpenAtlas: https://github.com/craws/OpenAtlas/blob/main/install.md
For git e.g. ACDH-CH:
$ git config --global http.proxy http://fifi.arz.oeaw.ac.at:8080
$ pip3 install --proxy=http://fifi.arz.oeaw.ac.at:8080 calmjs $ npm config set proxy http://fifi.arz.oeaw.ac.at:8080
# a2dismod autoindex # service apache2 restart
sudo apt install brotli
sudo a2enmod brotli
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml
BrotliCompressionQuality 4
</IfModule>
sudo service apache2 restart
(For sites on ACDH-CH servers ignore this, the certificate has to be managed by the proxy server.)
# apt install certbot python3-certbot-apache # certbot --apache # certbot
After configuration of certbot, uncomment the line with WSGIDaemonProcess in /etc/apache2/sites-available/XXX.conf before creating certificates for OpenAtlas instances.
System mails (e.g. from cron jobs) are implemented with msmtp
# apt install msmtp msmtp-mta ca-certificates # vim /etc/msmtprc # vim /etc/aliases # msmtp root (to test, write some lines to not get flagged as spam and than CTRL + D)