Skip to content

Instantly share code, notes, and snippets.

@llamafilm

llamafilm/colorfront-centos-db.md

Last active April 18, 2024 16:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save llamafilm/a1882803399a76c63e9f62c263384c90 to your computer and use it in GitHub Desktop.
Save llamafilm/a1882803399a76c63e9f62c263384c90 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
colorfront-centos-db.md

Installing a Colorfront central linux database

Instructions are current for Transkoder 2020.
This has been tested on CentOS 7.9, but you can adapt to other distributions. Throughout this guide, the # symbol signifies running a shell command as root.

Install LAMPP web server

Supported versions:

  • PHP 7.1 - 7.2
  • MariaDB 10.1 - 10.4
  • Apache 2.4

The versions included in CentOS repo are too old, so here we install PHP from Remi Repo and MariaDB from the official repo. If you use a different OS, substitute the appropriate packages.

Install Apache
# yum install -y httpd
# systemctl enable --now httpd
Install PHP 7.2 and extensions
# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum-config-manager --enable remi-php72
# yum install -y php72 php72-php php72-php-pdo php72-php-mysqlnd php72-php-xml php72-php-mbstring
Install MariaDB 10.4

First add repo definition to /etc/yum.repos.d/MariaDB.repo

# MariaDB 10.4 CentOS repository list
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Then install it

# yum -y install MariaDB-server MariaDB-client
# systemctl enable --now mariadb

Verify correct versions are installed, close to this:

# mysql --version
mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using readline 5.1

# httpd -v
Server version: Apache/2.4.6 (CentOS)

# php72 --version
PHP 7.2.34 (cli) (built: Feb  3 2021 09:23:21) ( NTS )

Install phpMyAdmin

This is recommended for troubleshooting, but not required.

# wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-english.tar.gz
# tar xzf phpMyAdmin-5.2.1-english.tar.gz -C /var/www/htdocs/phpMyAdmin --strip-components=1
# chown -R www-data:www-data /var/www/htdocs/phpMyAdmin

Create the config file with at /var/www/htdocs/phpMyAdmin/config.inc.php file with contents like this:

<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['auth_type'] = 'cookie';

// if you insist on "root" having no password:
// $cfg['Servers'][$i]['AllowNoPassword'] = true;

// use here a value of your choice at least 32 chars long
$cfg['blowfish_secret'] = 'htp6tDww3GY68643q7ucvnRDj7BBFvdZ`';
?>

Make sure this file is not world-writable, e.g. chmod 644 /var/www/htdocs/phpMyAdmin/config.inc.php.

Alternatively, you can use the wizard at http://localhost/phpMyAdmin/setup to configure advanced options. Copy/paste this config to /var/www/html/phpMyAdmin/config.inc.php. Make sure Blowfish secret is valid (I noticed bad quoting once).

To enable all feature, you have to create some tables for configuration storage. Login to the web UI and click the warning at the bottom to configure storage and it will do this automatically.

Install wkhtmltopdf

This program is used to generate dailies PDF reports. Not required for Transkoder. Latest version with patched qt can be found at https://wkhtmltopdf.org/downloads.html

# yum install -y https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos7.x86_64.rpm

Install Colorfront scripts

Login to Colorfront support website using Zendesk credentials to download these two packages and transfer to the server:
https://dl.colorfront.cloud/official/Others/V7_2020_update1.zip
https://dl.colorfront.cloud/official/Others/cf-web-ui_onprem_v1.4.2.zip

Extract ZIP files to web root (e.g. /var/www/html):

# unzip V7_2020_update1.zip -d /var/www/html/v7
# unzip cf-web-ui_onprem_v1.4.2.zip -d /var/www/html/
# rm /var/www/html/index.html

Alternatively, you can copy these files from a working Transkoder in C:\XAMPP\htdocs.

  • v7/
  • render/
  • cf-web-ui/
  • index.php

Adjust Permissions

The scripts should be owned by the apache user.

# chown -R apache:apache /var/www/html
# find /var/www/html/{v7,render,cf-web-ui} -type d -exec chmod 755 {} \;
# find /var/www/html/{v7,render,cf-web-ui} -type f -exec chmod 644 {} \;

If you have SELinux enabled, you may need to adjust security context:

# chcon -R -t httpd_sys_rw_content_t /var/www/html/
# chcon -t httpd_sys_script_exec_t /usr/local/bin/wkhtmltopdf
# chcon -R -t httpd_sys_rw_content_t /var/www/html/phpMyAdmin/tmp

For SELinux this is required for the Tonkatsu file browser

# setsebool -P httpd_use_cifs 1
# setsebool -P httpd_can_network_connect_db 1

Allow web traffic through the firewall

This step is only needed if you are running a firewall. Transkoder communicates on HTTP port 80. Render queue API may run on port 443. Port 3306 is required for background render tray.

# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --zone=public --add-port=3306/tcp --permanent
# firewall-cmd --reload

Configuration

Allow Apache to use .htaccess files by creating /etc/httpd/conf.d/colorfront.conf with contents:

<Directory "/var/www/html/v7">
    AllowOverride all
    Require all granted
</Directory>

<Directory "/var/www/html/cf-web-ui">
    AllowOverride all
    Require all granted
</Directory>

<Directory "/var/www/html/render">
    AllowOverride all
    Require all granted
</Directory>

Increase limits in /etc/opt/remi/php72/php.ini

post_max_size=256M
upload_max_filesize=256M

Increase limits in /etc/my.cnf

[mysqld]
max_allowed_packet=16M

# STRICT_TRANS_TABLES must be disabled for compatibility with 2019 and earlier versions
sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Validation

Test REST API from remote machine, and you should see results like this:

$ curl -s http://server_ip/v7/rest/readiness | jq
{
  "status": "UP",
  "components": {
    "db": {
      "status": "UP",
      "details": {
        "driver": "mysql",
        "version": "5.5.68"
      }
    },
    "web_server": {
      "status": "UP",
      "details": {
        "php_version": "7.2.34",
        "php_version_id": 70234,
        "php_version_detailed": "7.2.34"
      }
    }
  },
  "branch": "2020",
  "version": "47487"
}

Security Hardening

For extra security, you may choose to harden the SQL database. This is not required, and may make future troubleshooting more difficult so it's not recommended if your network is trusted.
Run mysql_secure_installation and follow the prompts to create root password, remove anonymous users, disallow remote root login, remove test database, and reload privilege tables. After this, you will need to enter the root passsword in /var/www/html/v7/common/auth.inc

Note: Colorfront software runs only on HTTP port 80 so you cannot force SSL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment