. . .

System preparations

When running ApiOmat in a non-testing environment, some settings should be done in the underlying operation system to ensure that all features are working as expected.

Firewall

ApiOmat uses the following ports. Please be aware that, depending on which machines you install the Dashboard and/or YAMBAS parts on, you do not need to open ALL of these ports.

Port

Transport

Service

Host

Client

80/443

TCP

 

Dasboard

Application Server

Outside World

8080

TCP

YAMBAS

Application Server

Outside World

5701

TCP

Hazelcast

Application Server

Application Server

2022

TCP

FTP/Webhosting Module

Application Server

Outside World

2300

TCP

FTP/Webhosting Module

Application Server

Outside World

123

UDP

NTP (Windows only)

All

Outside World

Example:

sudo ufw allow 22
sudo ufw allow 8080
sudo ufw allow 5701
sudo ufw allow 2022
sudo ufw allow 2300
sudo ufw enable
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 5701 -j ACCEPT
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 2022 -j ACCEPT
sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 2300 -j ACCEPT

The Apache Webserver delivered with the Dashboard can also be configured to proxy all calls to Apache Tomcat. Thus, port 8080 has only to be opened to the machines running the Dashboard.

License Server reachability

To contact the license server and activate the license, YAMBAS must be able to contact the license server at https://apiomat.org/algas; it may be necesary to set up both IPs for this domain (185.3.40.250/185.3.40.251) in proxy and firewall settings.

Package dependencies

The following packages are required when installing ApiOmat with one of our Linux packages:

Ubuntu

  • debconf

  • curl

  • apache2

  • libapache2-mod-php5

  • php5-mcrypt

  • php5-curl

  • php-pear

CentOS

  • curl

  • httpd (or apache2 for suse)

  • php5

  • php5-curl

  • php5-mcrypt

  • php5-pear

  • wget

  • policycoreutils-python

Red Hat

The following packages, installed on a Red Hat 7 installation solves the dependency issues:

SMTP

ApiOmat sends eMails for forgotten password or other purposes. Therefore, standard SMTP server on localhost, listening on port 25, is needed. Currently, no authentication is used. You can use for example hMailServer for windows or Postfix for linux.

Postfix settings:

  • Kind: "Satellitensystem"

  • SMTP-Relay-Server: IP of load balancer

DNS

The following settings are assumed:

  • All hosts know each other by name. The name resolution is preferably done via local settings and not via a public DNS server

  • The application server can reach the URL which is later used to access ApiOmat from outside

  • Neither the IP nor the hostname of any of the hosts is changing

Loadbalancer

When using more than one application server, a load balancer on top of the ApiOmat system is required. The load balancer can use the URL <BASEURL>/yambas/rest to check if the YAMBAS services are running. The following settings have to be done:

  • Install SSL certificate in Load Balancer

  • Algorithm: Persistence/Sticky (after the first request, all further ones for a specific user are routed to the same application server)

  • Use the URL of the load balancer as yambasHost setting in ApiOmat

Character encoding

In order to avoid possible problems with special characters in module-code or model-data be sure that the character encoding in the environment you are about to run your application server in is set to UTF-8. Check your system documentation and the documentation of your application server to find out more.