Skip to content

Instantly share code, notes, and snippets.

@flexwie

flexwie/alfio_manual_install.md

Last active August 23, 2023 12:22
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save flexwie/a8572e8e7ef06ae844925ec857fa3b5b to your computer and use it in GitHub Desktop.
Save flexwie/a8572e8e7ef06ae844925ec857fa3b5b to your computer and use it in GitHub Desktop.
Download ZIP
How to install Alf.io manually
Raw
alfio_manual_install.md

Alf.io Manual Installation

This is a quick guide on how to install Alf.io manually on a fresh machine.

Prerequisites

The following are neccessay to follow this quick start guide:

  • Server running Ubuntu 16.04
  • Domain pointed to the Server

JDK8

To run Alf.io we need to install the Java Developement Kit 8 (jdk8). First, add Oracles PPA and update the package repository.

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

Then install jdk8 and confirm the TOS.

sudo apt-get install openjdk-8-jre -y

PostgreSQL

Next we are going to set the database for Alf.io up. Enter this to install PostgreSQL.

sudo apt-get install postgresql postgresql-contrib -y

When finished, we will access the CLI.

sudo -u postgres psql

Once accessed, we will create a new user, and grant him all privileges on the alfio databse.

CREATE USER alfio WITH ENCRYPTED PASSWORD '<YOUR_POSTGRESQL_PASSWORD_HERE>';
CREATE DATABASE alfio;
GRANT ALL PRIVILEGES ON DATABASE "alfio" to alfio;

Mailserver

To have Alf.io send mail you need to eather install a SMTP server like Postfix or use an existing provider like Mailjet.

nginx

To make the application accessible from the internet, we will need to reverse proxy it with nginx. Install nginx with this command and edit the configuration.

sudo apt-get install nginx -y
sudo nano /etc/nginx/sites-available/default

Remove the default settings and replace them with the following.

server {
  listen 80;
  server_name <YOUR_DOMAIN_NAME>;
  
  location / {
    proxy_pass http://localhost:8080;
  }
}

Now we add SSL certificates provided by LetsEncrypt. Add the repository and install their certbot.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

To accquire the certificates run sudo certbot --nginx -d <YOUR_DOMAIN_NAME>. If you manage multiple domains just add a -d <YOUR_DOMAIN_NAME> for each. If this was successful the bot will ask you to accept the TOS and for your mailaddress. Afterwards it will ask you if it should redirect all traffic to SSL, just confirm by choosing the second option. Restart nginx with service nginx restart.

Security

TO secure the server we will add a very basic firewall with ufw.

sudo apt-get install ufw

Optional: If your server is using IPv6, make sure to edit /etc/default/ufw and set IPV6=yes.

Add default policies to deny any incoming requests and allow all outgoing.

sudo ufw default deny incoming
sudo ufw default allow outgoing

Then add a rule for all ports we are using.

sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443

Remember that you will need to enable every other port you want to use in the future, like FTP (Port 21) for example. You can run sudo ufw status verbose to see your configuration. If everything is to your liking, enable ufw with sudo ufw enable

Alf.io jar and configuration

Get the link to the latest version of Alf.io on the release page. Create a directory and download the .war-file inside.

sudo mkdir /var/alfio
cd /var/alfio
wget <ALFIO_LINK>

Create a config file named application.properties with this content.

datasource.dialect=PGSQL
datasource.driver=org.postgresql.Driver
datasource.url=jdbc:postgresql://localhost:5432/alfio
datasource.username=alfio
datasource.password=<YOUR_POSTGRESQL_PASSWORD_HERE>
datasource.validationQuery=SELECT 1
spring.profiles.active=dev

Run and autostart

Now you can run java -jar <FILE_NAME> > alfio.log 2>&1 & and should have a running Alf.io instance! You can see the admin password in the log.

@cbellone
Copy link

Thank you for this! 👍

Some comments:

  1. alf.io runs fine also with openJDK 8+, there's no need to install oracle's package. The following should be enough:
    sudo apt-get install openjdk-8-jre

  2. you can use the following systemd script for starting at boot and running in background. It runs the process as an unprivileged "alfio" user.

/usr/lib/systemd/system/alfio.service

[Unit]
Description=alfio
After=postgresql-9.6.service
Requires=postgresql-9.6.service

[Service]
User=alfio
WorkingDirectory=/home/alfio
ExecStart=/home/alfio/start.sh
ExecStop=/bin/kill -TERM $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target

/home/alfio/start.sh

#!/bin/sh
/usr/bin/java -jar alfio-boot.war -Xms100M -Xmx256M > startup.log 2>&1

  1. I think that postfix is out of scope here. It could be confusing for most people, and also it is very difficult to maintain an smtp server on the internet: you have to take care of IP reputation, blacklisting and so on.
    I would suggest you to link an existing tutorial (like https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04) along with a link to existing reliable providers, like mailjet. So that the reader can decide if it's worth for her/him to build and maintain her/his own mail server on the internet.

  2. for let's encrypt, I think it would be enough to link an existing how-to: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

  3. security: I think that this guide should mention that the VM should be protected by a firewall and only the 80 and 443 (and optionally the 22) ports should be exposed. This could be configured using provider's security features, like:

  1. There's a typo: PostREGSQL -> PostgreSQL

Thanks again!
Celestino

@flexwie
Copy link
Author

flexwie commented Dec 16, 2017
edited

  1. done
  2. Do I need to create the user myself?
  3. Ok. I will try to get Postfix to work by myself and maybe create extra gist explaining it.
  4. Added SSL certification according to the guide.
  5. I added a very basic ufw implementation.
  6. Thanks for the heads up!

@cbellone
Copy link

cbellone commented Dec 18, 2017
edited

  1. Do I need to create the user myself?

yes, you need to create the user "alfio". Please make sure that the home directory is "/home/alfio/"

Thank you!

@headarrow
Copy link

spring.profiles.active=dev its says development mode but if i remove this from application.properties it ERR_TOO_MANY_REDIRECTS
how i can fix that? i dont want development mode

@jfbethlehem
Copy link

jfbethlehem commented Jan 7, 2023
edited

This is my working apache sites-file for my site:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    DocumentRoot "/var/www/myhost.com/"
    ServerName myhost.com
    <Directory "/var/www/myhost.com">
        Options SymLinksIfOwnerMatch
        Require all granted
        Allowoverride all
    </Directory>
    RewriteEngine on

    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8081/
    ProxyPassReverse / http://127.0.0.1:8081/
    RemoteIPHeader X-Forwarded-For
    RemoteIPHeader X-Real-IP
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/myhost.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myhost.com/privkey.pem
</VirtualHost>
</IfModule>

@tobsowo
Copy link

tobsowo commented Aug 2, 2023

Please how do I update Alfio

@jfbethlehem
Copy link

Please how do I update Alfio

download the latest .jar file from alfio, replace the existing .jar with the new .jar, run the new .jar. done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment