Installation

Author: Damien Guillaume

Requirements

The following technologies are required :

The platform was tested on :

... but in theory in can work on other systems.

Some packages have to be installed on Linux on top of PHP : php5-mysql for the link with the database, php5-xsl (or php-xml for CentOS) for XML documents transformations, php5-gd for image processing, and php5-curl which is used for the forum authentication.


Download

The following file contains all PAELLOS (WebJaxe + server), with the source code :

paellos_1.0.tar.gz


WebJaxe installation

PHP extensions

With PHP5, the PHP extensions php_xsl and php_gd2 must be enabled but php_domxml must be disabled (it's a PHP4 extension).

Folder location

WebJaxe folder can be placed anywhere in the website. The website root is usually a folder named htdocs, in which the webjaxe folder can be placed.

File permissions

The PHP user (which might be different from the web user) needs write access to the following folders in the webjaxe folder : site_config, contribXML, sites, historique, poubelle and tmp. Permissions should be checked before launching WebJaxe for the first time.

Initialization

Open the following page in a web browser :

http://[your website]/[WebJaxe's folder]/index.php

remarqueRemark

If your web server runs on another port than the default one (80), make sure to replace http://[your website] by http://[your website]:[port number].

To create WebJaxe's database, the database administrator login and password must be entered (often 'root' / '' or 'root' / 'root' by default). The database is named webjaxe by default.

Information on the account for WebJaxe's administrator must then be entered.

Mail management is used to alert the administrators when a new user registers. There are 3 options :

Once this is done, click on the "Create the database" button to finish WebJaxe's installation.

TeX equations images server

To use equations with the TeX syntax in the XPAGES language, a little additional server has to be configured. The Jaxe applet and its XPAGES plugin do not contain a TeX processor (it would be too heavy !). So, the plugin calls a server, sending the equation text, to which the server replies with the image of the equation. This server is already present in WebJaxe's serveurtex folder, but it requires the installation of the following programs : latex, dvipng and ImageMagick. It is also necessary to edit the file config/XPAGES/XPAGES_config.xml by hand to specify the server to use (look for "tex.php" to find it). The default value is set to a server that is not necessarily available. The paths to the commands convert and tex2png can be changed if necessary in tex.php. Permissions should be checked to make sure the PHP user can write inside serveurtex/CACHE.

Securing WebJaxe

The information to access the database is stored in the site_config.xml file, located in the site_config folder. This folder is protected for the Apache web server with a .htaccess file if .htaccess files are enabled with the instruction AllowOverride in httpd.conf. This prevents reading site_config.xml directly from the web, while still letting WebJaxe use it.

This protection only works with the Apache web server. If you use another web server, such as IIS, you will need to protect the site_config folder in another way, for instance by editing its properties and forbidding reading. The way to do that is unfortunately different from one web server to another.

A .htaccess can also be added to the other folders in ordre to manage reading authorizations.

To avoid having to manage both Apache and WebJaxe users to control access, the lecture_fichier.php PHP script can be used with the Mod_rewrite Apache module. For instance, the following code can be placed in a .htaccess file in the contribXML and sites folders, to make sure that only authorized WebJaxe users can access the XML files and the websites created with WebJaxe :

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ ../php/partie_utilisateur/lecture_fichier.php?fichier=%{REQUEST_URI}
</IfModule>

This code redirects read requests for all files in the folder to the lecture_fichier.php script, which only returns the contents of the files for connected authorized WebJaxe users.


Server installation


Configuration

If a security manager is enabled (this is for instance the case by default with Ubuntu 9), the web application has to be authorized to do local connections to mySQL, as well as reading the website files, use the indexation files for search queries on the website, and use certain classes : create a file named tomcat6/conf/policy.d/paellos.policy, with (by changing "SITENAME", "serveur.smtp", "/var/www" and ".../index_lucene" if necessary) :

grant codeBase "file:${catalina.base}/webapps/SITENAME/-" {
  permission java.net.SocketPermission "localhost:3306", "connect,resolve"; // access to the SQL database
  permission java.net.SocketPermission "smtp.exemple.fr:25", "connect,resolve"; // sending emails
  permission java.io.FilePermission "/var/www/webjaxe/-", "read"; // reading WebJaxe files
  permission java.io.FilePermission "/var/www/public", "read"; // generating the public website
  permission java.io.FilePermission "/var/www/public/-", "read,write,delete"; // generating the public website
  permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/sites", "read"; // training websites
  permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/sites/-", "read,write,delete"; // training websites
  permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/index_lucene/-", "read,write,delete"; // indexation files
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler"; // jsp compilation
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler.*"; // jsp compilation
};

Creation of the database

Administrator registration

To start using the site, the administrator must register as described in the administration documentation.


Forum and chat

The forum and chat features are optionnal. The discussion forum suggested with PAELLOS is phpBB (a plugin provides automatic authentication on a phpBB forum with PAELLOS' database).

Forum installation

Chatroom installation

The mChat module for phpBB was tested, but other solutions are possible.