This is a quick guide on how to install Alf.io manually on a fresh machine.
The following are neccessay to follow this quick start guide:
- Server running Ubuntu 16.04
- Domain pointed to the Server
To run Alf.io we need to install the Java Developement Kit 8 (jdk8). First, add Oracles PPA and update the package repository.
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
Then install jdk8 and confirm the TOS.
sudo apt-get install openjdk-8-jre -y
Next we are going to set the database for Alf.io up. Enter this to install PostgreSQL.
sudo apt-get install postgresql postgresql-contrib -y
When finished, we will access the CLI.
sudo -u postgres psql
Once accessed, we will create a new user, and grant him all privileges on the alfio databse.
CREATE USER alfio WITH ENCRYPTED PASSWORD '<YOUR_POSTGRESQL_PASSWORD_HERE>';
CREATE DATABASE alfio;
GRANT ALL PRIVILEGES ON DATABASE "alfio" to alfio;
To have Alf.io send mail you need to eather install a SMTP server like Postfix or use an existing provider like Mailjet.
To make the application accessible from the internet, we will need to reverse proxy it with nginx. Install nginx with this command and edit the configuration.
sudo apt-get install nginx -y
sudo nano /etc/nginx/sites-available/default
Remove the default settings and replace them with the following.
server {
listen 80;
server_name <YOUR_DOMAIN_NAME>;
location / {
proxy_pass http://localhost:8080;
}
}
Now we add SSL certificates provided by LetsEncrypt. Add the repository and install their certbot.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
To accquire the certificates run sudo certbot --nginx -d <YOUR_DOMAIN_NAME>
. If you manage multiple domains just add a -d <YOUR_DOMAIN_NAME>
for each. If this was successful the bot will ask you to accept the TOS and for your mailaddress. Afterwards it will ask you if it should redirect all traffic to SSL, just confirm by choosing the second option.
Restart nginx with service nginx restart
.
TO secure the server we will add a very basic firewall with ufw.
sudo apt-get install ufw
Optional:
If your server is using IPv6, make sure to edit /etc/default/ufw
and set IPV6=yes
.
Add default policies to deny any incoming requests and allow all outgoing.
sudo ufw default deny incoming
sudo ufw default allow outgoing
Then add a rule for all ports we are using.
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
Remember that you will need to enable every other port you want to use in the future, like FTP (Port 21) for example. You can run sudo ufw status verbose
to see your configuration. If everything is to your liking, enable ufw with sudo ufw enable
Get the link to the latest version of Alf.io on the release page. Create a directory and download the .war-file inside.
sudo mkdir /var/alfio
cd /var/alfio
wget <ALFIO_LINK>
Create a config file named application.properties with this content.
datasource.dialect=PGSQL
datasource.driver=org.postgresql.Driver
datasource.url=jdbc:postgresql://localhost:5432/alfio
datasource.username=alfio
datasource.password=<YOUR_POSTGRESQL_PASSWORD_HERE>
datasource.validationQuery=SELECT 1
spring.profiles.active=dev
Now you can run java -jar <FILE_NAME> > alfio.log 2>&1 &
and should have a running Alf.io instance! You can see the admin password in the log.
Thank you for this! 👍
Some comments:
alf.io runs fine also with openJDK 8+, there's no need to install oracle's package. The following should be enough:
sudo apt-get install openjdk-8-jre
you can use the following systemd script for starting at boot and running in background. It runs the process as an unprivileged "alfio" user.
/usr/lib/systemd/system/alfio.service
/home/alfio/start.sh
I think that postfix is out of scope here. It could be confusing for most people, and also it is very difficult to maintain an smtp server on the internet: you have to take care of IP reputation, blacklisting and so on.
I would suggest you to link an existing tutorial (like https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04) along with a link to existing reliable providers, like mailjet. So that the reader can decide if it's worth for her/him to build and maintain her/his own mail server on the internet.
for let's encrypt, I think it would be enough to link an existing how-to: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
security: I think that this guide should mention that the VM should be protected by a firewall and only the 80 and 443 (and optionally the 22) ports should be exposed. This could be configured using provider's security features, like:
Thanks again!
Celestino