Skip to content

Instantly share code, notes, and snippets.

@duven87

duven87/Howto_Opencast12

Last active October 18, 2022 21:14
Show Gist options
  • Save duven87/ee2ab9b0a7aa175690481eebfdf94f56 to your computer and use it in GitHub Desktop.
Save duven87/ee2ab9b0a7aa175690481eebfdf94f56 to your computer and use it in GitHub Desktop.
Download ZIP
Install Opencast 12 with nginx & mariadb on Debian 11
Raw
Howto_Opencast12
##UPDATE OS & ADD REPOS
apt update && apt upgrade -y
apt-get install apt-transport-https ca-certificates sudo wget gnupg2 locate
echo "deb https://pkg.opencast.org/debian 12.x stable" | sudo tee /etc/apt/sources.list.d/opencast.list
wget -qO - https://pkg.opencast.org/gpgkeys/opencast-deb.key | sudo apt-key add -
apt update
##SET DATE/TIME:
sudo timedatectl set-timezone Europe/Berlin
##INSTALL OPENCAST 12 & ELASTICSEARCH:
apt install opencast-12-allinone elasticsearch-oss sox hunspell
vim /etc/elasticsearch/jvm.options.d/log4shell.options
-Dlog4j2.formatMsgNoLookups=true
service elasticsearch restart
## INSTALL MARIADB & CREATE DB/USER/PASS
apt install -y mariadb-server
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE opencast CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON opencast.* TO 'opencast'@'localhost' IDENTIFIED BY 'Pass';
MariaDB [(none)]> flush_privileges;
exit;
# INSTALL & CONFIGURE NGINX:
apt install nginx
vim /etc/nginx/nginx.conf
user www-data;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
# Sets the maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
# HTTP set-up
server {
listen 80;
listen [::]:80;
server_name andres-opencast.kunde-ssystems.de;
# Enforce HTTPS by redirecting requests
location / {
return 301 https://andres-opencast.kunde-ssystems.de$request_uri;
}
}
# HTTPS set-up
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name andres-opencast.kunde-ssystems.de;
# Path to the TLS certificate and private key. In almost all cases, you
# need to provide intermediate certificates as well to ensure browsers
# get the whole certificate chain.
ssl_certificate_key /etc/letsencrypt/live/andres-opencast.kunde-ssystems.de/privkey.pem;
ssl_certificate /etc/letsencrypt/live/andres-opencast.kunde-ssystems.de/fullchain.pem;
# Accept large ingests. There should be no limit since Opencast may get
# really large ingests.
client_max_body_size 0;
# Proxy configuration for Opencast
location / {
# Make sure to pass the real addresses as well as the fact that
# outwards we are using HTTPS to Opencast.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Pass requests to this location. This expects Opencast to be
# running locally on port 8080 which should be the default set-up.
proxy_pass http://127.0.0.1:8080;
# Make sure to redirect location headers to HTTPS. This is just a
# precaution and shouldn't strictly be necessary but it did prevent
# some issues in the past and it does not cost much performance.
proxy_redirect http://$host https://$host;
# Make sure to serve cookies only via secure connections.
#proxy_cookie_flags ~ secure httponly;
# When using Nginx <1.19.3 replace the above 'proxy_cookie_flags' line
# with the (uncommented) 'proxy_cookie_path' line below.
proxy_cookie_path / "/; HTTPOnly; Secure";
# Depending on your integration, you may also want to allow cookies
# to be used on other sites. In that case, use this instead:
#proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=None";
# Do not buffer responses
proxy_buffering off;
# Do not buffer requests
proxy_request_buffering off;
}
}
}
## INSTALL CERTBOT AND SSL CERTIFICATE
apt install certbot python3-certbot-nginx
certbot (auto)
service nginx restart
## CONFIGURE OPENCAST 12:
vim /etc/opencast/custom.properties
org.opencastproject.server.url=https://andres-opencast.kunde-ssystems.de
org.opencastproject.server.nodename=AllInOne
org.opencastproject.security.admin.user=xxxxx
org.opencastproject.security.admin.pass=xxxxxxxx
org.opencastproject.security.admin.roles=ROLE_ADMIN,ROLE_OAUTH_USER
org.opencastproject.admin.email=admin@localhost
org.opencastproject.security.digest.user=opencast_system_account
org.opencastproject.security.digest.pass=CHANGE_ME
org.opencastproject.storage.dir=/srv/opencast
org.opencastproject.workspace.rootdir=${org.opencastproject.storage.dir}/workspace
org.opencastproject.staticfiles.rootdir=${org.opencastproject.storage.dir}/staticfiles
org.opencastproject.download.url=${org.opencastproject.server.url}/static
org.opencastproject.download.directory=${org.opencastproject.storage.dir}/downloads
org.opencastproject.db.jdbc.driver=org.mariadb.jdbc.Driver
org.opencastproject.db.jdbc.url=jdbc:mariadb://localhost/opencast?useMysqlMetadata=true
org.opencastproject.db.jdbc.user=opencast
org.opencastproject.db.jdbc.pass=Pass
org.opencastproject.workspace.cleanup.period=86400
org.opencastproject.workspace.cleanup.max.age=2592000
org.opencastproject.working.file.repository.cleanup.period=86400
org.opencastproject.working.file.repository.cleanup.max.age=100
org.opencastproject.working.file.repository.cleanup.collections=failed.zips
org.opencastproject.solr.dir=${karaf.data}/solr-indexes
org.opencastproject.search.solr.dir=${org.opencastproject.solr.dir}/search
karaf.lock.dir=${karaf.data}
karaf.shutdown.port.file=${karaf.data}/port
karaf.shutdown.command=3500d4e3-ce93-4ae3-abb4-5e90cef4deb
karaf.pid.file=${karaf.data}/pid
service opencast restart
### FROM BROWSER
Login
Users > + add user > ssystems > Roles: ROLE_API, ROLE_API_CAPTURE_AGENTS_VIEW, ROLE_API_EVENTS_ACL_DELETE, ROLE_API_EVENTS_ACL_EDIT, ROLE_API_EVENTS_ACL_VIEW, ROLE_API_EVENTS_CREATE, ROLE_API_EVENTS_DELETE, ROLE_API_EVENTS_EDIT, ROLE_API_EVENTS_MEDIA_VIEW, ROLE_API_EVENTS_METADATA_DELETE, ROLE_API_EVENTS_METADATA_EDIT, ROLE_API_EVENTS_METADATA_VIEW, ROLE_API_EVENTS_PUBLICATIONS_VIEW, ROLE_API_EVENTS_SCHEDULING_EDIT, ROLE_API_EVENTS_SCHEDULING_VIEW, ROLE_API_EVENTS_VIEW, ROLE_API_GROUPS_CREATE, ROLE_API_GROUPS_DELETE, ROLE_API_GROUPS_EDIT, ROLE_API_GROUPS_VIEW, ROLE_API_SECURITY_EDIT, ROLE_API_SERIES_ACL_EDIT, ROLE_API_SERIES_ACL_VIEW, ROLE_API_SERIES_CREATE, ROLE_API_SERIES_DELETE, ROLE_API_SERIES_EDIT, ROLE_API_SERIES_METADATA_DELETE, ROLE_API_SERIES_METADATA_EDIT, ROLE_API_SERIES_METADATA_VIEW, ROLE_API_SERIES_PROPERTIES_EDIT, ROLE_API_SERIES_PROPERTIES_VIEW, ROLE_API_SERIES_VIEW, ROLE_API_STATISTICS_VIEW, ROLE_API_WORKFLOW_DEFINITION_VIEW, ROLE_API_WORKFLOW_INSTANCE_CREATE, ROLE_API_WORKFLOW_INSTANCE_DELETE, ROLE_API_WORKFLOW_INSTANCE_EDIT, ROLE_API_WORKFLOW_INSTANCE_VIEW, ROLE_SUDO
Groups > + add group > Name: Opencast Project External Applications > Roles: ROLE_API, ROLE_API_CAPTURE_AGENTS_VIEW, ROLE_API_EVENTS_ACL_DELETE, ROLE_API_EVENTS_ACL_EDIT, ROLE_API_EVENTS_ACL_VIEW, ROLE_API_EVENTS_CREATE, ROLE_API_EVENTS_DELETE, ROLE_API_EVENTS_EDIT, ROLE_API_EVENTS_MEDIA_VIEW, ROLE_API_EVENTS_METADATA_DELETE, ROLE_API_EVENTS_METADATA_EDIT, ROLE_API_EVENTS_METADATA_VIEW, ROLE_API_EVENTS_PUBLICATIONS_VIEW, ROLE_API_EVENTS_SCHEDULING_EDIT, ROLE_API_EVENTS_SCHEDULING_VIEW, ROLE_API_EVENTS_VIEW, ROLE_API_GROUPS_CREATE, ROLE_API_GROUPS_DELETE, ROLE_API_GROUPS_EDIT, ROLE_API_GROUPS_VIEW, ROLE_API_SECURITY_EDIT, ROLE_API_SERIES_ACL_EDIT, ROLE_API_SERIES_ACL_VIEW, ROLE_API_SERIES_CREATE, ROLE_API_SERIES_DELETE, ROLE_API_SERIES_EDIT, ROLE_API_SERIES_METADATA_DELETE, ROLE_API_SERIES_METADATA_EDIT, ROLE_API_SERIES_METADATA_VIEW, ROLE_API_SERIES_PROPERTIES_EDIT, ROLE_API_SERIES_PROPERTIES_VIEW, ROLE_API_SERIES_VIEW, ROLE_API_STATISTICS_VIEW, ROLE_API_WORKFLOW_DEFINITION_VIEW, ROLE_API_WORKFLOW_INSTANCE_CREATE, ROLE_API_WORKFLOW_INSTANCE_DELETE, ROLE_API_WORKFLOW_INSTANCE_EDIT, ROLE_API_WORKFLOW_INSTANCE_VIEW, ROLE_SUDO
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment