Howto install Mir on Debian (lenny)

long version: http://docs.indymedia.org/view/Devel/MiRInstall

old version: http://docs.indymedia.org/view/Devel/MiRInstallDebianOld

original version was sarge 2005-12-05, adjusted for etch 2007-12-06, adjusted for lenny and rearranged some stuff 2010-01-10

0. add a non-superuser for compiling etc. and create directory

# adduser mir

# mkdir /srv/indy

# chown mir:mir /srv/indy

1. install packages

add non-free to your /etc/apt/sources.list

# aptitude install sun-java6-jdk ant apache2 libapache2-mod-jk tomcat5.5 postgresql cvs imagemagick

and maybe these additional packages, if you like to have a tomcat interface:

# aptitude install tomcat5.5-admin tomcat5.5-webapps

2. configure java

# update-alternatives --config java

choose /usr/lib/jvm/java-6-sun/jre/bin/java

# update-alternatives --config javac

choose /usr/lib/jvm/java-6-sun/bin/javac

3. get mir (do as user, not root)

get mir-java-sourcecode

/srv/indy$ cvs -d :pserver:anonymous@cvs.codecoop.org:/cvsroot/mir login
(pw <enter>)(don't enter any password, just hit <enter>)
/srv/indy$ cvs -d :pserver:anonymous@cvs.codecoop.org:/cvsroot/mir checkout -r MIR_1_1 mir

Check out de.indy-specific template-set:
/srv/indy$ cvs -d :pserver:anonymous@cvs.codecoop.org:/cvsroot/imc-germany login
/srv/indy$ cvs -d :pserver:anonymous@cvs.codecoop.org:/cvsroot/imc-germany checkout neotemplates

4. update templates (also de.indy-specific)

symlink site-specific templates into mir/etc-directory:

/srv/indy/mir/etc$ rm -rf bundles/ extrasource/ open/ producer/
/srv/indy/mir/etc$ ln -s ../../neotemplates/etc/bundles/
/srv/indy/mir/etc$ ln -s ../../neotemplates/etc/extrasource/
/srv/indy/mir/etc$ ln -s ../../neotemplates/etc/open/
/srv/indy/mir/etc$ ln -s ../../neotemplates/etc/producer/

symlink site-specific static files into site-directory:

$ mkdir /srv/indy/site
/srv/indy/site$ ln -s ../neotemplates/site/img/
/srv/indy/site$ ln -s ../neotemplates/site/includes/
/srv/indy/site$ ln -s ../neotemplates/site/script/
/srv/indy/site$ ln -s ../neotemplates/site/static/
/srv/indy/site$ ln -s ../neotemplates/site/style/
/srv/indy/site$ ln -s ../neotemplates/site/mobile/

5. configure mir

/srv/indy/mir/etc$ cp config.properties-dist config.properties

adjust config.properties to your likings!

edit line Mir.Localizer (and remove # before)

"Mir.Localizer=DeLocalizer"

6. compile

$ export TOMCAT_HOME=/usr/share/tomcat5.5/

/srv/indy/mir$ ant

(the warnings because of proprietary jpeg-classes are ok)

symlink your new application in tomcats webapps-directory

# ln -s /srv/indy/mir/bin/mir /var/lib/tomcat5.5/webapps/mir

$ touch /srv/indy/mir/bin/mir/WEB-INF/abuse.properties

7. set some file-permissions

so tomcat can write the produced pages and your logfiles to the disk

/srv/indy/mir# cp perms.sh-dist perms.sh

/srv/indy/mir# ./perms.sh

add tomcat55 user to www-data and mir group

# usermod -G www-data -a tomcat55

# usermod -G mir -a tomcat55

make site directory writable (for mir group)

# chmod g+w /srv/indy/site

8. configure and restart tomcat

edit /etc/default/tomcat5.5

TOMCAT5_SECURITY=no

# /etc/init.d/tomcat5.5 restart

check http://localhost:8180/mir - you should see db errors because there is no db yet

9. create db

start script for creating the database; [dbname], [dbuser] and [dbpw] as in config.properties

/srv/indy/mir/dbscripts# sudo -u postgres ./createmirdb.sh [dbname] postgres [dbuser] [dbpw]

check http://localhost:8180/mir - you should be able to login with user admin and password indymedia

10. configure apache2

enable server side includes and ssl module

# a2enmod ssl include

# mkdir /etc/apache2/ssl

create self-signed ssl certificate (use your domain name as Common Name)

# openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

edit /etc/apache2/sites-available/[yourvhost]

<VirtualHost *:443>
        ServerName dev.de.indymedia.org
        DocumentRoot /srv/indy/site
        JkMount /mir ajp13
        JkMount /mir/* ajp13
        ServerAdmin webmaster@localhost
        ServerSignature Off
        <Directory /srv/indy/site>
                AddType text/html .shtml
                AddOutputFilter INCLUDES .shtml
                DirectoryIndex index.html index.htm index.shtml
                Options FollowSymLinks +Includes IncludesNoExec
                AllowOverride None
                ErrorDocument 404 /static/404.shtml
        </Directory>
        <IfModule mod_ssl.c>
                SSLEngine On
                SSLCertificateFile /etc/apache2/ssl/server.crt
                SSLCertificateKeyFile /etc/apache2/ssl/server.key
        </IfModule>
</VirtualHost>

# a2ensite [yourvhost]

/etc/init.d/apache2 restart

check https://localhost/mir - login with username and password and trigger the startpage and navigation producer

check https://localhost/ - the startpage should be shown

11. misc

• /srv/indy/site should be writable by tomcat55 user
• evt. adapt the articletypes and languages in the database (via postgres or admin interface) to these referenced in your templates and producers.xml
• you should 'harden' the installation as follows:
  • apache
    • disable non-encrypted (non-ssl) access to the site (at least for the servlet access since otherwise passwords can get sniffed)
    • use a ssl-certificate that is not self-signed
    • disable logging of ip-adresses (use libapache2-mod-removeip or a custom log format for access- and error-logs)
  • tomcat
    • in /etc/tomcat5.5/server.xml: disable the http-connector: comment out the -tag
    • in /etc/tomcat5.5/server.xml: add attribute address="127.0.0.1" to the -tag so the ajp-connector will listen only locally
  • postgres
    • you could edit /etc/postgresql/8.3/main/pg_hba.conf to be more restrictive, like that only the user for the mir database would be able to connect via tcp

12. profit!

done