Contents
1.1Server Server Requirements:
1.1.1Cloud Cloud server Example1.1.2Physical
1.2PrerequisitesPrerequisites:
1.3Step Step 1: Install JAVA
1.4Step Step 2: Postgres Database
1.5Step Step 3: Install Temporal tables
1.7Step Step 5: SORMAS Installation
1.8Step Step 6: Web Server Setup (Apache)
1.8.1Apache Apache Installation
1.8.1.1Create Create configuration file
1.8.1.3SSL
1.8.1.4Add Add a proxy pass1.8.1.5Configure
1.8.1.6Activate Activate output compression1.8.1.7Provide
1.8.1.8Apache Apache 2 security
1.8.3Postfix Firewall
1.8.3.1Install Install postfix and mailutils1.8.3.2Configure
1.10SORMAS SORMAS to SORMAS Certificate Setup
SORMAS SERVER (LINUX)
This guide explains how to set up a SORMAS server on Linux and Windows systems, the latter only intended for usage on development systems. Just so you know, certain parts of the setup script will not be executed on Windows.
Server Requirements:
Cloud server Example
AWS EC2 (for 150 Concurrent users)
Instance Type: t2.large(type: gp2; size:8 GiB)
Storage: 50 GiB/ 50 GB or more
EXTRA: we need to configure our domain name if needed and import to have an application load balancer
Linux Server (Recommended: Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-1030-aws x86_64))
To access the database we can use any tools, for Example - pgAdmin4/DBeaver
Physical server Example
Operating System: Linux/UNIX (Recommended: Ubuntu 22.04.1)
RAM: 8 GB or more
Storage: 50 GB or more
Prerequisites
| Code Block |
|---|
1. Zulu OpenJDK (JAVA 11 JDK) 2. Check for “GCC” gcc --version # and install if missing apt install gcc 3. Check for “make” make --version # and install if missing apt install make 4. Check for “unzip” unzip --version # and install if missing apt install unzip 5. Check for “zip” zip --version and install if missing apt install zip 6. Check for “acl” acl --version and install if missing apt install acl 7. Docker version 23.0.1 (Optional) 8. Docker Compose version v2.16.0 (Optional) |
Step 1: Install JAVA
Download and install the Java 11 JDK (not JRE) for your operating system. We suggest using the Zulu OpenJDK.
...
| Code Block |
|---|
# Receive key from Ubuntu and add that to trusted set of keys. sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xB1998361219BD9C9 # Add Azul repository. sudo apt-add-repository 'deb https://repos.azul.com/zulu/deb/ stable main' # Update the information about available package. sudo apt-get update # Install the required Azul Zulu package. sudo apt-get install zulu1 |
Step 2: Postgres Database
Install PostgreSQL (currently 14 to 15) on your system (manuals for all OS can be found here: https://www.postgresql.org/download )
...
Action | Command |
|---|---|
Start | service postgresql start |
Stop | service postgresql stop |
Restart | service postgresql restart |
Status | service postgresql status |
Step 3: Install Temporal tables
Install the "temporal tables" extension for Postgres (https://github.com/arkhipov/temporal_tables )
| Code Block |
|---|
sudo apt-get install libpq-dev # Preferred to mention the version ex:(sudo apt-get install postgresql-server-dev-15) sudo apt-get install postgresql-server-dev-all sudo apt install pgxnclient # Check for GCC: gcc --version # and install if missing sudo pgxn install temporal_tables # The packages can be removed afterward |
Step 4: Download the deployment package
Get the latest SORMAS build by downloading the ZIP archive from the latest release on GitHub: https://github.com/sormas-foundation/SORMAS-Project/releases/latest
...
| Code Block |
|---|
# Change to root user
sudo su
# Make directory
mkdir -p /root/deploy/sormas
# Go into the directory
cd /root/deploy/sormas
# Set the version
SORMAS_VERSION=1.y.z
# Download the package
wget https://github.com/sormas-foundation/SORMAS-Project/releases/download/v${SORMAS_VERSION}</span>/sormas_${SORMAS_VERSION}.zip
# Unzip the package
unzip sormas_${SORMAS_VERSION}.zip
# Create a folder with the date and time and move the unzipped package to it.
mv deploy/$(date +%F)
# Remove the zip file
rm sormas_${SORMAS_VERSION}.zip
# Setup script executable (give permission)
chmod +x $(date +%F)/server-setup.sh
|
Step 5: SORMAS Installation
Note: make sure to check for “acl” acl --version and install it if missing sudo apt install acl
...
Action | Command |
|---|---|
Start | service payara-sormas start |
Stop | service payara-sormas stop |
Restart | service payara-sormas restart |
Status | service payara-sormas status (or) ps -ef | grep payara |
Step 6: Web Server Setup (Apache)
Apache Installation
Reference: Apache2 for Ubuntu
...
| Code Block |
|---|
# Enabling the Module a2enmod ssl # Enabling module rewrite a2enmod rewrite # Enabling module proxy a2enmod proxy # Enabling module proxy_http a2enmod proxy_http # Enabling module headers a2enmod headers # To activate the new configuration, Restart the apache2 |
Create configuration file
Create a new site /etc/apache2/sites-available/your.sormas.server.url.conf (e.g. sormas.org.conf).
...
| Code Block |
|---|
<VirtualHost *:80>
ServerName your.sormas.server.url
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://your.sormas.server.url/$1 [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName your.sormas.server.url
...
</VirtualHost>
</IfModule>
|
Configure logging
Add the below line inside the <VirtualHost *:433></VirtualHost> tag
| Code Block |
|---|
ErrorLog /var/log/apache2/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b _%D_ \"%{User}i\" \"%{Connection}i\" \"%{Referer}i\" \"%{User-agent}i\"" combined_ext
CustomLog /var/log/apache2/access.log combined_ext
|
SSL key config
| Code Block |
|---|
SSLEngine on SSLCertificateFile /etc/ssl/certs/your.sormas.server.url.crt SSLCertificateKeyFile /etc/ssl/private/your.sormas.server.url.key SSLCertificateChainFile /etc/ssl/certs/your.sormas.server.url.ca-bundle # disable weak ciphers and old TLS/SSL SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE$ SSLHonorCipherOrder off |
Add a proxy pass
| Code Block |
|---|
ProxyRequests Off ProxyPass /sormas-ui http://localhost:6080/sormas-ui ProxyPassReverse /sormas-ui http://localhost:6080/sormas-ui ProxyPass /sormas-rest http://localhost:6080/sormas-rest ProxyPassReverse /sormas-rest http://localhost:6080/sormas-rest |
Configure security settings
| Code Block |
|---|
Header always set X-Content-Type-Options "nosniff"
Header always set X-Xss-Protection "1; mode=block"
# Disable Caching
Header always set Cache-Control "no-cache, no-store, must-revalidate, private"
Header always set Pragma "no-cache"
Header always set Content-Security-Policy \
"default-src 'none'; \
object-src 'self'; \
script-src 'self' 'unsafe-inline' 'unsafe-eval'; \
connect-src https://fonts.googleapis.com https://fonts.gstatic.com 'self'; \
img-src *; \
style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; \
font-src https://fonts.gstatic.com 'self'; \
frame-src 'self'; \
worker-src 'self'; \
manifest-src 'self'; \
frame-ancestors 'self'
# The Content-Type header was either missing or empty.
# Ensure each page is setting the specific and appropriate content-type value for the content being delivered.
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-opentype .otf
AddType image/svg+xml .svg
AddType application/x-font-ttf .ttf
AddType application/font-woff .woff
|
Activate output compression
(!very important)
| Code Block |
|---|
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml
AddOutputFilterByType DEFLATE text/css text/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
AddOutputFilterByType DEFLATE application/javascript application/x-javascript
DeflateCompressionLevel 1
</IfModule>
|
Provide the Android apk
| Code Block |
|---|
Options -Indexes AliasMatch "/downloads/sormas-(.*)" "/var/www/sormas/downloads/sormas-$1" |
Apache 2 security
For the Apache 2 security configuration we suggest the following settings (/etc/apache2/conf-available/security.conf):
...
| Code Block |
|---|
apache2ctl graceful |
Firewall
The server should only publish the ports that are needed. For SORMAS this is port 80 (HTTP) and 443 (HTTPS). In addition, you will need the SSH port to access the server for admin purposes.
We suggest using UFW (Uncomplicated Firewall) which provides a simple interface to iptables:
| Code Block |
|---|
# Install ufw sudo apt-get install ufw # Set the defaults used by UFW sudo ufw default deny incoming sudo ufw default allow outgoing # Configure your server to allow incoming SSH connections sudo ufw allow ssh # Configure your server to allow incoming http connections sudo ufw allow http # Configure your server to allow incoming https connections sudo ufw allow https # Enable UFW sudo ufw enable |
Postfix Mail Server
Install postfix and mailutils
| Code Block |
|---|
apt install aptitude aptitude install postfix -> choose "satellite system" apt install mailutils |
Configure your system
| Code Block |
|---|
nano /etc/aliases -> add "root: enter-your@support-email-here.com" nano /opt/domains/sormas/config/logback.xml -> make sure "EMAIL_ERROR" appender is active and sends out to your email address |
...
Use SSL Labs to test your server security config: https://www.ssllabs.com/ssltest
R Software Environment
To enable disease network diagrams in the contact dashboard, R and several extension packages are required. Then the Rscript executable has to be configured in the sormas.properties file. This can be conveniently accomplished by executing the R setup script from the SORMAS ZIP archive (see SORMAS Server):
...
| Code Block |
|---|
chmod +x r-setup.sh ./r-setup.sh |
SORMAS to SORMAS Certificate Setup
To be able to communicate with other SORMAS instances, there are some additional steps which need to be taken, in order to set up the certificate and the truststore. Please see the related guide for detailed instructions regarding SORMAS to SORMAS setup.