Skip to Main Content

Micro Services

Laboratory for Computer Science Research

LCSR Identity Services Development & Deployment

Requirements

This micro service requires a modern webserver environment to run.

Dependencies:

  • Modern version of Apache2 (2.4.6 verified)
  • Modern version of PHP 8.1 (8.1.8 verified)
  • Modern version of MySQL (8.0.29 verified)
  • Modern version of PHP Composer (2.3.10 verified)

This micro service requires a TLS certificate to be installed on the web server.

 

Installation on CentOS 7

Installation instructions will vary based on the Linux distribution used. The following guide describes installation on CentOS 7 (in 2022), and will vary. Use the below as a guide and adapt to the specific installation scenario. This guide assumes that the service will be accessible at example.com.

  1. Start with bare CentOS 7 installation (with httpd installed)
  2. Create web root for service “mkdir /var/www/example.com”
  3. Create a virtual host for the service “vim /etc/httpd/conf.d/example.com” with the following text… 
    <VirtualHost *:80> 
  ServerName example.com 

  Redirect / https://example.com/ 
</VirtualHost> 

<VirtualHost *:443> 
  ServerName example.com 
  DocumentRoot /var/www/example.com/public 

  SSLEngine on 
  SSLCertificateFile /etc/httpd/ssl/example.com.crt 
  SSLCertificateKeyFile /etc/httpd/ssl/example.com.key

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>

  <Directory /var/www/example.com/public>
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
  </Directory> 
</VirtualHost>
  4. Install TLS certificate as indicated in configuration above
  5. Disable mod_nss (unused, mostly deprecated) “yum remove mod_nss”
  6. Enable Apache2 “systemctl enable apache2”
  7. Start Apache2 “service httpd start”
  8. Confirm Apache2 is accessible via web browser
  9. Remove legacy PHP 5.4 (yum remove php*)
  10. Install modern PHP 8.1 via following commands… 
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
yum update 
yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm 
yum-config-manager --disable 'remi-php*' 
yum-config-manager --enable remi-php81 
yum -y install php php-{cli,fpm,mysqlnd,zip,devel,gd,mbstring,curl,xml,pear,bcmath,json,opcache,redis,memcache}
  11. Verify PHP 8.1 is installed “php -v”
  12. Install PHP Composer via following commands… 
    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" 
php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" 
php composer-setup.php 
php -r "unlink('composer-setup.php');" 
mv composer.phar /usr/bin/composer
  13. Verify Composer installation “composer –version”
  14. Restart Apache2 to apply changes “service httpd restart”
  15. Remove included MariaDB (conflicts with MySQL) “yum remove mariadb*”
  16. Download MySQL 8 repository “wget https://repo.mysql.com/mysql80-community-release-el7-6.noarch.rpm”
  17. Install MySQL GPG key “rpm –import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022″
  18. Install repository “yum install mysql80-community-release-el7-6.noarch.rpm”
  19. Install MySQL “yum install mysql-community-server”
  20. Enable MySQL “service enable mysqld”
  21. Start MySQL “service mysqld start”
  22. Configure MySQL as desired. Create a user with a secure password and an empty database for the service
  23. Clone application into previously created web root
  24. Upload or create .env file from .env.sample file. Update with applicable configuration settings for database and any providers (CAS)
  25. Clone the “Identity Laravel Plugin” and “Authorization Laravel Plugin” as the “local_deps/identity-laravel-plugin” and “local_deps/authorization-laravel-plugin” folders
  26. Generate a new crypto key “php artisan key:generate”
  27. Ensure webserver user owns service directory “chown -R www-data:www-data /var/www/example.com”
  28. Run database migrations “php artisan migrate”
  29. Confirm service is available via web browser

Setup Assistance

Note: by default, Tickets have a 2 hour lifetime. After a Ticket has existed for 2 hours, it will no longer be considered valid and a new Ticket will need to be acquired via the authentication process. This is configurable via an environment variable in the .env file.

Some commands are available to minimize manual database changes during app registration while the service is in development…

php artisan auth:newtoken

Description:
Generate a new API authentication (AppToken) token for the given app registration

Usage:
auth:newtoken

Arguments:
appId – The application (by ID) to generate a new token for.

php artisan auth:newapp

Description:
Generate a new app registration with the given name and initial callback URL

Usage:
auth:newapp [options] [–]

Arguments:
appName The app name
appCallback The initial callback URL

Options:
-t, –token Whether a token (AppToken) should be generated