Last active
October 18, 2022 21:14
-
-
Save duven87/ee2ab9b0a7aa175690481eebfdf94f56 to your computer and use it in GitHub Desktop.
Install Opencast 12 with nginx & mariadb on Debian 11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##UPDATE OS & ADD REPOS | |
apt update && apt upgrade -y | |
apt-get install apt-transport-https ca-certificates sudo wget gnupg2 locate | |
echo "deb https://pkg.opencast.org/debian 12.x stable" | sudo tee /etc/apt/sources.list.d/opencast.list | |
wget -qO - https://pkg.opencast.org/gpgkeys/opencast-deb.key | sudo apt-key add - | |
apt update | |
##SET DATE/TIME: | |
sudo timedatectl set-timezone Europe/Berlin | |
##INSTALL OPENCAST 12 & ELASTICSEARCH: | |
apt install opencast-12-allinone elasticsearch-oss sox hunspell | |
vim /etc/elasticsearch/jvm.options.d/log4shell.options | |
-Dlog4j2.formatMsgNoLookups=true | |
service elasticsearch restart | |
## INSTALL MARIADB & CREATE DB/USER/PASS | |
apt install -y mariadb-server | |
systemctl enable mariadb.service | |
systemctl start mariadb.service | |
mysql_secure_installation | |
mysql -u root -p | |
MariaDB [(none)]> CREATE DATABASE opencast CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; | |
MariaDB [(none)]> GRANT ALL PRIVILEGES ON opencast.* TO 'opencast'@'localhost' IDENTIFIED BY 'Pass'; | |
MariaDB [(none)]> flush_privileges; | |
exit; | |
# INSTALL & CONFIGURE NGINX: | |
apt install nginx | |
vim /etc/nginx/nginx.conf | |
user www-data; | |
error_log /var/log/nginx/error.log; | |
pid /run/nginx.pid; | |
events { | |
# Sets the maximum number of simultaneous connections that can be opened by | |
# a worker process. | |
worker_connections 1024; | |
} | |
http { | |
# HTTP set-up | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name andres-opencast.kunde-ssystems.de; | |
# Enforce HTTPS by redirecting requests | |
location / { | |
return 301 https://andres-opencast.kunde-ssystems.de$request_uri; | |
} | |
} | |
# HTTPS set-up | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name andres-opencast.kunde-ssystems.de; | |
# Path to the TLS certificate and private key. In almost all cases, you | |
# need to provide intermediate certificates as well to ensure browsers | |
# get the whole certificate chain. | |
ssl_certificate_key /etc/letsencrypt/live/andres-opencast.kunde-ssystems.de/privkey.pem; | |
ssl_certificate /etc/letsencrypt/live/andres-opencast.kunde-ssystems.de/fullchain.pem; | |
# Accept large ingests. There should be no limit since Opencast may get | |
# really large ingests. | |
client_max_body_size 0; | |
# Proxy configuration for Opencast | |
location / { | |
# Make sure to pass the real addresses as well as the fact that | |
# outwards we are using HTTPS to Opencast. | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
# Pass requests to this location. This expects Opencast to be | |
# running locally on port 8080 which should be the default set-up. | |
proxy_pass http://127.0.0.1:8080; | |
# Make sure to redirect location headers to HTTPS. This is just a | |
# precaution and shouldn't strictly be necessary but it did prevent | |
# some issues in the past and it does not cost much performance. | |
proxy_redirect http://$host https://$host; | |
# Make sure to serve cookies only via secure connections. | |
#proxy_cookie_flags ~ secure httponly; | |
# When using Nginx <1.19.3 replace the above 'proxy_cookie_flags' line | |
# with the (uncommented) 'proxy_cookie_path' line below. | |
proxy_cookie_path / "/; HTTPOnly; Secure"; | |
# Depending on your integration, you may also want to allow cookies | |
# to be used on other sites. In that case, use this instead: | |
#proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=None"; | |
# Do not buffer responses | |
proxy_buffering off; | |
# Do not buffer requests | |
proxy_request_buffering off; | |
} | |
} | |
} | |
## INSTALL CERTBOT AND SSL CERTIFICATE | |
apt install certbot python3-certbot-nginx | |
certbot (auto) | |
service nginx restart | |
## CONFIGURE OPENCAST 12: | |
vim /etc/opencast/custom.properties | |
org.opencastproject.server.url=https://andres-opencast.kunde-ssystems.de | |
org.opencastproject.server.nodename=AllInOne | |
org.opencastproject.security.admin.user=xxxxx | |
org.opencastproject.security.admin.pass=xxxxxxxx | |
org.opencastproject.security.admin.roles=ROLE_ADMIN,ROLE_OAUTH_USER | |
org.opencastproject.admin.email=admin@localhost | |
org.opencastproject.security.digest.user=opencast_system_account | |
org.opencastproject.security.digest.pass=CHANGE_ME | |
org.opencastproject.storage.dir=/srv/opencast | |
org.opencastproject.workspace.rootdir=${org.opencastproject.storage.dir}/workspace | |
org.opencastproject.staticfiles.rootdir=${org.opencastproject.storage.dir}/staticfiles | |
org.opencastproject.download.url=${org.opencastproject.server.url}/static | |
org.opencastproject.download.directory=${org.opencastproject.storage.dir}/downloads | |
org.opencastproject.db.jdbc.driver=org.mariadb.jdbc.Driver | |
org.opencastproject.db.jdbc.url=jdbc:mariadb://localhost/opencast?useMysqlMetadata=true | |
org.opencastproject.db.jdbc.user=opencast | |
org.opencastproject.db.jdbc.pass=Pass | |
org.opencastproject.workspace.cleanup.period=86400 | |
org.opencastproject.workspace.cleanup.max.age=2592000 | |
org.opencastproject.working.file.repository.cleanup.period=86400 | |
org.opencastproject.working.file.repository.cleanup.max.age=100 | |
org.opencastproject.working.file.repository.cleanup.collections=failed.zips | |
org.opencastproject.solr.dir=${karaf.data}/solr-indexes | |
org.opencastproject.search.solr.dir=${org.opencastproject.solr.dir}/search | |
karaf.lock.dir=${karaf.data} | |
karaf.shutdown.port.file=${karaf.data}/port | |
karaf.shutdown.command=3500d4e3-ce93-4ae3-abb4-5e90cef4deb | |
karaf.pid.file=${karaf.data}/pid | |
service opencast restart | |
### FROM BROWSER | |
Login | |
Users > + add user > ssystems > Roles: ROLE_API, ROLE_API_CAPTURE_AGENTS_VIEW, ROLE_API_EVENTS_ACL_DELETE, ROLE_API_EVENTS_ACL_EDIT, ROLE_API_EVENTS_ACL_VIEW, ROLE_API_EVENTS_CREATE, ROLE_API_EVENTS_DELETE, ROLE_API_EVENTS_EDIT, ROLE_API_EVENTS_MEDIA_VIEW, ROLE_API_EVENTS_METADATA_DELETE, ROLE_API_EVENTS_METADATA_EDIT, ROLE_API_EVENTS_METADATA_VIEW, ROLE_API_EVENTS_PUBLICATIONS_VIEW, ROLE_API_EVENTS_SCHEDULING_EDIT, ROLE_API_EVENTS_SCHEDULING_VIEW, ROLE_API_EVENTS_VIEW, ROLE_API_GROUPS_CREATE, ROLE_API_GROUPS_DELETE, ROLE_API_GROUPS_EDIT, ROLE_API_GROUPS_VIEW, ROLE_API_SECURITY_EDIT, ROLE_API_SERIES_ACL_EDIT, ROLE_API_SERIES_ACL_VIEW, ROLE_API_SERIES_CREATE, ROLE_API_SERIES_DELETE, ROLE_API_SERIES_EDIT, ROLE_API_SERIES_METADATA_DELETE, ROLE_API_SERIES_METADATA_EDIT, ROLE_API_SERIES_METADATA_VIEW, ROLE_API_SERIES_PROPERTIES_EDIT, ROLE_API_SERIES_PROPERTIES_VIEW, ROLE_API_SERIES_VIEW, ROLE_API_STATISTICS_VIEW, ROLE_API_WORKFLOW_DEFINITION_VIEW, ROLE_API_WORKFLOW_INSTANCE_CREATE, ROLE_API_WORKFLOW_INSTANCE_DELETE, ROLE_API_WORKFLOW_INSTANCE_EDIT, ROLE_API_WORKFLOW_INSTANCE_VIEW, ROLE_SUDO | |
Groups > + add group > Name: Opencast Project External Applications > Roles: ROLE_API, ROLE_API_CAPTURE_AGENTS_VIEW, ROLE_API_EVENTS_ACL_DELETE, ROLE_API_EVENTS_ACL_EDIT, ROLE_API_EVENTS_ACL_VIEW, ROLE_API_EVENTS_CREATE, ROLE_API_EVENTS_DELETE, ROLE_API_EVENTS_EDIT, ROLE_API_EVENTS_MEDIA_VIEW, ROLE_API_EVENTS_METADATA_DELETE, ROLE_API_EVENTS_METADATA_EDIT, ROLE_API_EVENTS_METADATA_VIEW, ROLE_API_EVENTS_PUBLICATIONS_VIEW, ROLE_API_EVENTS_SCHEDULING_EDIT, ROLE_API_EVENTS_SCHEDULING_VIEW, ROLE_API_EVENTS_VIEW, ROLE_API_GROUPS_CREATE, ROLE_API_GROUPS_DELETE, ROLE_API_GROUPS_EDIT, ROLE_API_GROUPS_VIEW, ROLE_API_SECURITY_EDIT, ROLE_API_SERIES_ACL_EDIT, ROLE_API_SERIES_ACL_VIEW, ROLE_API_SERIES_CREATE, ROLE_API_SERIES_DELETE, ROLE_API_SERIES_EDIT, ROLE_API_SERIES_METADATA_DELETE, ROLE_API_SERIES_METADATA_EDIT, ROLE_API_SERIES_METADATA_VIEW, ROLE_API_SERIES_PROPERTIES_EDIT, ROLE_API_SERIES_PROPERTIES_VIEW, ROLE_API_SERIES_VIEW, ROLE_API_STATISTICS_VIEW, ROLE_API_WORKFLOW_DEFINITION_VIEW, ROLE_API_WORKFLOW_INSTANCE_CREATE, ROLE_API_WORKFLOW_INSTANCE_DELETE, ROLE_API_WORKFLOW_INSTANCE_EDIT, ROLE_API_WORKFLOW_INSTANCE_VIEW, ROLE_SUDO | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment