Albrechts Blog

from time to time I’ll report some stories about software I’m currently using/configuring etc.

«
»

Installing Magnolia CMS on JBoss on Ubuntu

I have to migrate the web site at work soon and so I’m want to try some CMS.

I will start with a Java CMS, and Magnolia seems to be a good candidate. It can run standalone with a packaged Tomcat or on an application server like JBoss, I’ll try to go the JBoss way.

For the JBoss installation part I follow the instructions at http://ubuntuforums.org/showthread.php?t=652472, the Magnolia on JBoss stuff is based on http://wiki.magnolia-cms.com/display/WIKI/How+to+install+Magnolia+on+Jboss

  • FirstĀ  get jboss-5.1.0.GA-jdk6.zip from sourceforge.net.
  • Decide where to extract it, under which user id. I choose /opt/jboss and will create a jboss user account.
    • groupadd -g 997 jboss; useradd -s /bin/bash -d /home/jboss -g 997 -u 997 -c "JBoss User" jboss
    • mkdir -p /opt; cd /opt; unzip ..../ jboss-5.1.0.GA-jdk6.zip; chown -R jboss.jboss jboss-5.1.0.GA; ln -sf jboss-5.1.0.GA/ jboss
    • copy a init script in place:
      cp /opt/jboss/bin/jboss_init_redhat.sh /etc/init.d/jboss
    • make some modifications to the init script
      • adjust JBOSS_HOME to /opt/jboss
      • adjust JAVAPTH to /usr/lib/jvm/java-6-sun/bin (I use the sun-java6-bin package on Ubuntu Jaunty)
      • decide if JBoss should only listen to port 8080 on localhost (default) or set a variable JBOSS_HOST to the public address of the server. Finally I want to route access through apache/mod_proxy so I leave the default setting.
      • and, really important: enlarge the numer of allowed open files per process!!. Put
        ulimit -n 2048
        somewhere before the real start command.

        Otherwise you will fail somewhere during the install process, I succeded with the magnolia author instance, but failed adding the public instance for this reason.

      • finally dont forget to add the init script links (I still have to learn the upstart stuff …)
        update-rc.d jboss defaults
      • edit bin/run.conf and increase memory settings for later use with magnolia:

        Change JAVA_OPTS from

        JAVA_OPTS="-Xms128m -Xmx512m ...

        to (at least)

        JAVA_OPTS="-Xms256m -Xmx1024m

      • Add some authentication configuration to /opt/jboss/server/default/conf/login-config.xml, later needed by magnolia:

        <!--
        magnolia JAAS login modules
        -->
        <application-policy name="magnolia">
        <authentication>
        <login-module code="info.magnolia.jaas.sp.jcr.JCRAuthenticationModule"
        flag = "requisite" />
        <login-module code="info.magnolia.jaas.sp.jcr.JCRAuthorizationModule"
        flag = "required" />
        </authentication>
        </application-policy>
        <!--
        jackrabbit JAAS login modules
        -->
        <application-policy name="Jackrabbit">
        <authentication>
        <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule"
        flag = "required" />
        </authentication>
        </application-policy>
      • start jboss for the first time
        /etc/init.d/jboss start

        watch /opt/jboss/server/default/log/boot.log for messages.
      • Ensure you have all ports available needed by JBoss. Just watch the log files for “Address already in use” error messages. In case of conflict search for the port specifications e.g. (if port 4444 is not free) with grep -r 4444 /opt/jboss/server/default/conf/ and find other free ports to use (4444 e.g. conflicts with a kerberos server)
  • Make the necessary Apache2 configuration steps:

    • Enable some modules:

      a2enmod proxy
      a2enmod proxy_http
      a2enmod proxy_balancer
      a2enmod proxy_ajp
    • Add e.g. the following lines to /etc/apache2/sites-enabled/000-default:

      ProxyRequests Off
      ProxyPreserveHost On
      <!-- balancer not working correctly, use ajp proxy below
      <Proxy balancer://mycluster>
      Order deny,allow
      Allow from all
      BalancerMember http://localhost:8080/
      </Proxy>
      ProxyPass /jboss balancer://mycluster
      ProxyPass /images balancer://mycluster/images
      ProxyPass /admin-console balancer://mycluster/admin-console
      ProxyPass /web-console balancer://mycluster/web-console
      ProxyPass /jmx-console balancer://mycluster/jmx-console
      ProxyPass /magnoliaAuthor balancer://mycluster/magnoliaAuthor
      ProxyPass /magnoliaPublic balancer://mycluster/magnoliaPublic
      ProxyPassReverse /jboss http://localhost:8080/
      -->
      <!-- use ajp proxy: -->
      ProxyPass /jboss ajp://localhost:8009
      ProxyPass /images ajp://localhost:8009/images
      ProxyPass /css ajp://localhost:8009/css
      ProxyPass /admin-console ajp://localhost:8009/admin-console
      ProxyPass /web-console ajp://localhost:8009/web-console
      ProxyPass /jmx-console ajp://localhost:8009/jmx-console
      ProxyPass /status ajp://localhost:8009/status
      ProxyPass /magnoliaAuthor ajp://localhost:8009/magnoliaAuthor
      ProxyPass /magnoliaPublic ajp://localhost:8009/magnoliaPublic
      ProxyPassReverse /jboss [***]ajp://localhost:8009/
      ProxyPassReverse /admin-console [***]ajp://localhost:8009/admin-console
      ProxyPassReverse /web-console [***]ajp://localhost:8009/web-console
      ProxyPassReverse /jmx-console [***]ajp://localhost:8009/jmx-console
      ProxyPassReverse /status [***]ajp://localhost:8009/status
      ProxyPassReverse /magnoliaAuthor [***]ajp://localhost:8009/magnoliaAuthor
      ProxyPassReverse /magnoliaPublic [***]ajp://localhost:8009/magnoliaPublic
      <Location /jboss>
      Order allow,deny
      Allow from all
      </Location>

      (see http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_proxyWithJBoss or http://ubuntuforums.org/showthread.php?t=536078)

      Dont Forget later to add more ProxyPass entries for the applications you want to deploy! Here I already included the URLs for Magnolia. And do not forget to change default passwords … or restrict access to the several admin interfaces like this:

      <Location /admin-console>
      Order deny,allow
      Allow from 192.168.1.0/24
      </Location>

      Repeat this for web-console and jmx-console, restart Apache

      apache2ctl graceful

  • Now get Magnolia, download magnolia-bundled-webapp-4.1.1.war from sourceforge and for later use magnolia-standard-templating-kit-bundle-1.1.2-bundle.zip from Magnolia.
  • From this stage on, extract all files under the user id of the jboss user:

    su - jboss

  • cd /opt/jboss/server/default/deploy
    mkdir magnoliaAuthor.war
    cd magnoliaAuthor.war/
    unzip ..../magnolia-bundled-webapp-4.1.1.war
  • Important !!:

    Remove the xerces jar file delivered in magnolia-bundled-webapp-4.1.1.war it conflicts with the version in JBoss:

    rm -f WEB-INF/lib/xercesImpl-2.8.1.jar

  • add a new file /opt/jboss/server/default/deploy/magnoliaAuthor.war/WEB-INF/jboss-web.xml with contents

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-web>
    <context-root>/magnoliaAuthor</context-root>
    </jboss-web>
  • Now restart JBoss to deploy the extracted files.
  • Watch /opt/jboss/server/default/log/server.log for possible errors.
  • Ensure you have something like this (maybe more restrictive) in your apache config (/etc/apache2/sites-enabled/000-default on Ubuntu / Debian)

    <Location /magnoliaAuthor>
    Order allow,deny
    Allow from all
    </Location>
  • Go to http://YOURHOST/magnoliaAuthor and complete the initial update.
  • Watch /opt/jboss/server/default/log/server.log for possible errors.
  • Login to the Magnolia admin site, change default passwords.
  • Extract magnolia-standard-templating-kit-bundle-1.1.2-bundle.zip to a temporary place, move the extracted *.jar files to /opt/jboss/server/default/deploy/magnoliaAuthor.war/WEB-INF/lib
  • Restart JBoss once more to deploy the changes, watch /opt/jboss/server/default/log/server.log for possible errors.
  • Again, perform an initial update at http://YOURHOST/magnoliaAuthor.
  • Possible errors (happened several times to me):

    Extract/create files with wrong permissions (root instead of jboss).

    Evereything below /opt/jboss/server/default/deploy/magnoliaAuthor has to belong to jboss!!!

  • Repeat all steps done for magnoliaAuthor for magnoliaPublic
  • Setup relationship between magnoliaAuthor and magnoliaPublic (see http://documentation.magnolia-cms.com/cookbook/changing-an-author-instance-into-a-public-instance.html):

    Changes in magnoliaAuthor:

    • Access rights should per default be ok
    • If you use magnoliaPublic as name of the public site the subscription will also work immediately, other wise change names.

    Changes in magnoliaPublic:

    • set Admin mode to false
    • change the anonymous role to have Read access to the website and GET and POST access to the base URL, but leave /.magnolia/* protected.
  • Finally add some RewriteRule to your apache config to direct traffic to your magnoliaPublic URL:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteLog /var/log/apache2/rewrite.log
    RewriteLogLevel 1
    RewriteRule ^/magnolia$ /magnolia/ [R]
    RewriteRule ^/magnolia/(.*)$ http://YOUR.ADD.RESS/magnoliaPublic/$1 [L]
    </IfModule>
    <Location /magnolia>
    Order allow,deny
    Allow from all
    </Location&gt
  • Last step: Enable access over HTTPS
    • Add to /etc/apache2/sites-enabled/default-ssl:

      RewriteEngine on
      RewriteLog /var/log/apache2/sslproxy.log
      RewriteLogLevel 1
      RewriteMap domaindb txt:/etc/apache2/ssldomains
      RewriteRule ^/www\.([^/]+)/(.*) /${domaindb:$1|%{HTTP_HOST}/$1}/$2 [S=2]
      RewriteRule ^/([^/]+)/(.*) /${domaindb:$1|%{HTTP_HOST}/$1}/$2 [S=1]
      RewriteRule ^/(.+) /$1/ [R,L]
      RewriteRule ^/(.*) http://$1 [P,L]
    • create /etc/apache2/ssldomains with:

      jboss YOUR.ADD.RESS/jboss
      magnolia YOUR.ADD.RESS/magnolia
      magnoliaAuthor YOUR.ADD.RESS/magnoliaAuthor
      magnoliaPublic YOUR.ADD.RESS/magnoliaPublic
      web-console YOUR.ADD.RESS/web-console
      admin-console YOUR.ADD.RESS/admin-console
      jmx-console YOUR.ADD.RESS/jmx-console
    • Restrict / allow access in /etc/apache2/sites-enabled/default-ssl, e.g.:

      <Location /jboss>
      Order allow,deny
      Allow from All
      </Location>
      <Location /images>
      Order allow,deny
      Allow from All
      </Location>
      <Location /css>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnolia>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnoliaPublic>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnoliaAuthor>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /admin-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /web-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /jmx-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>

      Again, decide what should be accessible from which addresses and what not.

This entry was posted on Wednesday, November 25th, 2009 at 6:23 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.