=== modified file 'src/docbkx/en/dhis2_implementation_guide_installation.xml'
--- src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-03-13 19:10:37 +0000
+++ src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-03-13 20:41:41 +0000
@@ -52,16 +52,16 @@
A common mistake is to have a white-space after the last property value - make sure there is no white-space at the end of any line.
Install Tomcat
Download the Tomcat binary distribution from http://tomcat.apache.org/download-70.cgi A useful tool for downloading files from the web is wget. Extract to a convenient location. This guide assumes that you have navigated to the root directory of the extracted archive.
- Clear the pre-installed web applications by invoking rm -rf webapps/* Download the latest DHIS 2 WAR file from http://dhis2.org/download and move it to the webapps directory.
+ Clear the pre-installed web applications by invoking rm -rf webapps/* Download the latest DHIS 2 WAR file from http://dhis2.org/download, move it to the webapps directory and rename it to ROOT.war
Open file bin/setclasspath.sh and add the lines below. The first will set the location of your Java Runtime Environment, the second will dedicate memory to Tomcat and the third will set the location for where DHIS 2 will search for the hibernate.properties configuration file, note that you should adjust this to your environment:
- JAVA_HOME='/usr/lib/jvm/java-7-openjdk'
-JAVA_OPTS='-Xmx6000m -Xms3000m -XX:MaxPermSize=800m -XX:PermSize=400m'
-DHIS2_HOME='/home/dhis/config'
+ export JAVA_HOME='/usr/lib/jvm/java-7-openjdk'
+export JAVA_OPTS='-Xmx6000m -Xms3000m -XX:MaxPermSize=800m -XX:PermSize=400m'
+export DHIS2_HOME='/home/dhis/config'
To do basic performance tuning (optional) you can install the native APR library by invoking sudo apt-get install libtcnative-1 Then open file bin/setclasspath.sh and add this line at the end of the file: LD_LIBRARY_PATH=/usr/lib:$LD_LIBRARY_PATH
If you need to change the port of which Tomcat listens for requests you can open the Tomcat configuration file /conf/server.xml, locate the <Connector> element which is not commented out and change the port attribute value to the desired port number.
To monitor the behavior of Tomcat the log is the primary source of information. The log can be easily viewed with the command tail -f logs/catalina.out
Run DHIS 2
- Make the startup script executable by invoking chmod 755 bin/* DHIS 2 can now be started by invoking bin/startup.sh The log can be monitored by invoking tail -f logs/catalina.out DHIS 2 can be stopped by invoking bin/shutdown.sh Assuming that the WAR file is called dhis.war, you can now access your DHIS instance at http://localhost:8080/dhis
+ Make the startup script executable by invoking chmod 755 bin/* DHIS 2 can now be started by invoking bin/startup.sh The log can be monitored by invoking tail -f logs/catalina.out DHIS 2 can be stopped by invoking bin/shutdown.sh Assuming that the WAR file is called ROOT.war, you can now access your DHIS instance at http://localhost:8080
Reverse proxy with nginx (optional)
@@ -89,7 +89,7 @@
nginx can now be started and stopped with the following commands:
sudo /usr/local/nginx/sbin/nginx
sudo /usr/local/nginx/sbin/nginx -s stop
- Now that we have installed nginx we will now continue to configure regular proxying of requests to our Tomcat instance, which we assume runs at http://localhost:8080/dhis. To configure nginx you can open the configuration file by invoking
+ Now that we have installed nginx we will now continue to configure regular proxying of requests to our Tomcat instance, which we assume runs at http://localhost:8080. To configure nginx you can open the configuration file by invoking
sudo nano /usr/local/nginx/conf/nginx.conf
nginx configuration is built around a hierarchy of blocks representing http, server and location, where each block inherit settings from parent blocks. To configure nginx to proxy pass (redirect) requests from port 80 (which is the port nginx will listen on by default) to our Tomcat instance include the following configuration in nginx.conf:
In order to improve security it is recommended to configure the server running DHIS to communicate with clients over an encrypted connection and to identify itself to clients using a trusted certificate. This can be achieved through SSL which is an cryptographic communication protocol running on top of TCP/IP.
To configure nginx to use SSL you will need a proper SSL certificate from an SSL provider. The cost of a certificate varies a lot depending on encryption strength. An affordable certificate from https://www.rapidsslonline.com should serve most purposes.
When you have your certificate files (.pem and .key) you will need to place them in a location which is reachable by nginx. A good location for this can be the same directory as where your nginx.conf file is located.
- Below is an nginx server block where the certificate files are named server.pem and server.key. Since SSL connections usually occur on port 443 (HTTPS) we pass requests on that port (443) on to the DHIS instance running on http://localhost:8080/dhis. The first server block will rewrite all requests connecting to port 80 and force the use of HTTPS/SSL. This is also necessary because DHIS is using a lot of redirects internally which must be passed on to use HTTPS. Remember to replace <server-ip> with the IP of your server. These blocks should replace the one from the previous section.
+ Below is an nginx server block where the certificate files are named server.crt and server.key. Since SSL connections usually occur on port 443 (HTTPS) we pass requests on that port (443) on to the DHIS instance running on http://localhost:8080 The first server block will rewrite all requests connecting to port 80 and force the use of HTTPS/SSL. This is also necessary because DHIS is using a lot of redirects internally which must be passed on to use HTTPS. Remember to replace <server-ip> with the IP of your server. These blocks should replace the one from the previous section.