InformaCam Server Installation Instructions 11.10 with GeoCouch

Overview

  • Current beta is run:
  • these installation instructions assume a build on Ubuntu 11.10
    • given the purpose of InformaCam, it is highly recommended that this server run on a box that is under your complete control
  • Required Dependencies
    • Oracle Java 1.7
    • Maven
    • CometD /Jetty
    • FFMPEG (Git branch)
      • libx264
    • lighttpd
    • php5-cgi
    • Tor
    • CouchDB
      • GeoCouch

Installation Preparation

This installation document assumes you are on Ubuntu, and that the base directory will be home/ubuntu. Make a directory that will house the packages you need to install, as well as a number of directories that will be used by the InformaCam system:


mkdir packages clients engine interface log scripts synergy

  • packages will house dependency applications that will need to be installed
  • clients will be used to hold the certificates of clients using InformaCam; any user/device interacting with the InformaCam system will be required to have a key
  • interface will be the home for the web application that communicates with the client as well as the interface to the back-end administrative UI
  • scripts will house various daemon scripts that will perform tasks useful to InformaCam system (e.g., setting up a new device certificate, etc.)
  • synergy will house InformaCam's certificates

If this is a fresh install, remember to update your repositories.


sudo apt-get update

There are a few packages that you will need to assist you in the installation.

  • Install Git
    If you don't already have Git installed, do so now:


sudo-apt get install git

Once Git is installed, you will have to give this instance a key (or use an existing one). See these instructions on setting up an SSH key for Git:
https://help.github.com/articles/generating-ssh-keys

  • Install Curl


sudo apt-get install curl

Install Java

You will need to install Oracle Java to run InformaCam Server, as CometD relies on this version of Java. It is recommended you install this version of Java before installing the other dependencies.
Note: InformaCam will be moving towards a standard Java version in future versions.

Follow the instructions provided here:
http://www.webupd8.org/2012/01/install-oracle-java-jdk-7-in-ubuntu-via.html

Make sure that Java version shows 1.7.0_10, and then update the variable to point to this version:


sudo gedit /etc/environment

Add/Update JAVA_HOME (double-check this path structure to make sure you have the correct path):


JAVA_HOME="/usr/lib/jvm/java-7-oracle"

Install Maven

You need the latest version of Maven installed. The working stack of InformaCam is using Maven 3.0.4 at the moment. apache.org provides a list of distros: https://www.apache.org/dyn/closer.cgi/maven/maven-3/3.0.4/binaries/apache-maven-3.0.4-bin.tar.gz . Find a working one, and copy the link to the mirror you have selected.

Go to the packages directory you created and begin the install:


cd /home/ubuntu/packages
wget {link to selected distro here}

Make sure the tar is downloaded and copy the file name.


tar -xvzf {the tar file's name}
rm {the tar file's name}
sudo mkdir /usr/local/apache-maven
sudo cp -R apache-maven-3.0.4/* /usr/local/apache-maven

Then update/add the following to your environment variables:


M2_HOME="/usr/local/apache-maven/apache-maven-3.0.4"
MAVEN_HOME="/usr/local/apache-maven/apache-maven-3.0.4"
M2="/usr/local/apache-maven/apache-maven-3.0.4/bin"

Save and close. Then update the PATH to include maven and the path to your Java install


export PATH=$PATH:$M2
export PATH=$PATH:$JAVA_HOME

Test that system now points to the correct version, and remove old versions if necessary:


mvn -version

Install CometD/ Jetty

Install the latest version of CometD. The version used in the current working stack of InformaCam is 2.4.3. You can link to the tar's available at: hhttp://download.cometd.org/cometd-2.4.3-distribution.tar.gz

Go to the packages directory you created and begin the install:


cd /home/ubuntu/packages
wget {link to selected distro here}

Make sure the tar downloaded and copy the file name.


unpack tar -xvzf {the tar file's name}
rm {the tar file's name}
cd cometd-2.4.3
export PATH=$PATH:$JAVA_HOME
export PATH=$PATH:$M2

Then install CometD into Maven; the following will skip the test scripts (process takes a while):


sudo mvn clean install -DskipTests=true

Install FFmpeg

FFmpeg has branched. The official FFmpeg repo is incompatible with the requirements of InformaCam. So, you will need to use the FFmpeg branch available on git, here: https://github.com/FFmpeg/FFmpeg


cd /home/ubuntu/packages
git clone git@github.com:FFmpeg/FFmpeg.git

You need to build FFmpeg. You will need to install GCC (compiler for these packages) and some other packages that will help with build process. You also need the libx264 library:


sudo apt-get install gcc
sudo apt-get install build-essential
sudo apt-get install yasm
sudo apt-get install pkg-config
sudo apt-get install libx264-dev

Once these are installed (note: FFmpeg install takes a while):


cd FFmpeg
./configure
make
sudo make install
apt-get install ffmpeg2theora

install lighttpd

Install lighttpd, and a dependency, php5-cgi


cd /home/ubuntu/packages
sudo apt-get install lighttpd
sudo apt-get install php-5cgi

To make sure lighttpd is installed, open a browser, and go to 127.0.0.1. You should see the lighttpd placeholder page. You will need to make some changes to lighttpd configuration later, but you need to complete the Tor installation first.

Install Tor

Install a stable version of Tor. You will need to add the correct repository, and add the correct gpg key before install.

sudo gedit /etc/sources.list

At the end of your sources.list add the following (the distribution for 11.10 is oneiric), and add the following:


deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

Then run the following:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
sudo apt-get update
sudo apt-get upgrade

The key ring project installed above will make sure you have the most current signing key. Now install Tor.


sudo apt-get update
sudo apt-get install tor tor-geoipdb

Install CouchDB

CouchDB is the database used by the InformaCam system. It should be noted that the database itself does not contain sensitive information; it instead contains pointers to other files that do. InformaCam also uses Geocouch to perform geolocation searches of media submissions. To use CouchDB with GeoCouch, install CouchDB from source.


cd ~/
mkdir couchDB

This directory will be used later by the InformaCam system.

Install the couchdb dependencies

sudo apt-get install g++
sudo apt-get install erlang-base erlang-dev erlang-eunit erlang-nox
sudo apt-get libmozjs185-dev
sudo apt-get build-dep couchdb
sudo apt-get install libmozjs-dev libicu-dev libcurl4-gnutls-dev libtool

Copy a link to a CouchDB distro from https://www.apache.org/dyn/closer.cgi?path=/couchdb/1.2.1/apache-couchdb-1.2.1.tar.gz


cd /home/ubuntu/packages
wget {link to selected distro here}
tar -zxvf apache-couchdb-1.2.1.tar.gz
cd apache-couchdb-1.2.1

Configure and build:

./configure
make
sudo make install

At this point, change into the bin directory of couchdb and run sudo couchd. Go to http://localhost:5984/_utils to verify it is installed and running correctly.

Install GeoCouch

Get geocouch

cd ~/packages
git clone -b couchdb1.2.x https://github.com/couchbase/geocouch.git
cd geocouch

Make geocouch

export COUCH_SRC=/home/ubuntu/packages/apache-couchdb-1.2.1/src/couchdb
make

Make sure it has built correctly. Change into the ebin and make sure there are a bunch of .beam files now there. Copy these files into the ebin for couchdb.

sudo cp /your/path/to/geocouch/ebin/* /usr/local/lib/couchdb/erlang/lib/couch-1.2.1/ebin

Place the geocouch config file into the correct location in the couchdb install


cp /your/path/to/geocouch/etc/couchdb/default.d/geocouch.ini/ usr/local/etc/couchdb/default.d

Add the geocouch test scripts to couchdb install

cp /your/path/to/geocouch/share/www/script/test/* /usr/local/share/couchdb/www/script/test

And then add the following to lines of code to the end of the list of LoadTest at the bottom of this file: /usr/local/share/couchdb/www/script/couch_test.js


loadTest("spatial.js");
loadTest("list_spatial.js");
loadTest("etags_spatial.js");
loadTest("multiple_spatial_rows.js");
loadTest("spatial_compaction.js");
loadTest("spatial_design_docs.js");
loadTest("spatial_bugfixes.js");
loadTest("spatial_merging.js");
loadTest("spatial_offsets.js");

Next test that GeoCouch is working with CouchDB, by creating a test document, and running a spatial query:


curl -X PUT http://127.0.0.1:5984/places
curl -X PUT -d '{"loc": [-122.270833, 37.804444]}' http://127.0.0.1:5984/places/oakland
curl -X PUT -d '{"loc": [10.898333, 48.371667]}' http://127.0.0.1:5984/places/augsburg
curl -X GET 'http://localhost:5984/places/_design/main/_spatial/points?bbox=0,0,180,90'

The bounding box request that you ran last should return the following:

@

{"update_seq":3,"rows":[ {"id":"augsburg","bbox":[10.898333,48.371667,10.898333,48.371667],"geometry":{"type":"Point","coordinates":[10.898333,48.371667]},"value":["augsburg",[10.898333,48.371667]]}
]}

@

Setup CouchDB for InformaCam

Documents created by CouchDB are automatically dumped in /usr/local/var/lib/couchdb. The best way to deal with this situation it to create symbolic link to where want to store couchDB documents.


cd /usr/local/var/lib/couchdb
sudo su
ls

Make a copy of the couchDB documents directory into the couchdb directory you made earlier, and create a symbolic link.


mv * ~/couchdb
ln -s /usr/local/var/lib/couchdb/ /home/ubuntu/couchdb/

You then need to change the permissions on the CouchDB directory you created. First create a couchdb user and user group on the server.

useradd -d /usr/local/var/lib/couchdb couchdb
sudo usermod -G couchdb -a 'couchdb'
cd /home/ubunutu
sudo chown -R couchdb:couchdb couchdb/

You will need to create an admin account in couchdb; then create an export of an alias of this account+ server (so you don't have to keep typing it).


curl -X PUT http://127.0.0.1:5984/_config/admins/{your username here} -d '"{your password here}"' ""
CDB="http://{yourusernamehere}:{yourpasswordhere}@127.0.0.1:5984"
export CDB

You will also need to create 4 databases:


curl -X PUT $CDB/submissions
curl -X PUT $CDB/sources
curl -X PUT $CDB/derivatives
curl -X PUT $CDB/admin

You will later populate these databases with some InformaCam specific scripts.

Install InformaCam Server

Now install the back-end to the InformaCam System. This is housed on git. Install this in the interface directory you created.


cd ~/interface
git clone git@github.com:guardianproject/InformaCam-Server.git

Install custom scripts

You can always pull the latest version of the scripts from git.


cd ~/
git clone git@github.com:harlo/InformaCam-Server-Package.git

Move the contents of the git repo to their appropriate directories on your installation.


cp -R ClientUploads/ ~/interface/
cd scripts
cp -R * ~/scripts
cd ../
cp add_new_clients.sh

You also need to create some views for each of the databases you created in CouchDB.


cd ~/scripts/couch
curl -X PUT -d @admin.json #CDB/admin/_design/admin
curl -X PUT -d @derivatives.json #CDB/derivatives/_design/derivatives
curl -X PUT -d @sources.json #CDB/sources/_design/sources
curl -X PUT -d @submissions.json #CDB/submissions/_design/submissions

And verify that your databases have been created


sudo ls ~/couchdb/couchdb

Setup local constants.

You will need to create a local constants file, in the following directory, and call it LocalConstants.java:
/home/ubuntu/interface/InformaCam-Server/src/main/java/org/witness/informa/utils/

Inside of the file, put the following:

@
package org.witness.informa.utils;

public class LocalConstants {
public final static String WEB_ROOT = "/home/ubuntu";
public final static String USERNAME = "couchDB user name here";
public final static String PASSWORD = "couchDB password here";
public final static String ENGINE_ROOT = "/home/ubuntu/engine/";
public static final Object SERVER_URL = "onion address here";
public static final String SUDOER = null; //if server needs login password enter it here otherwise leave null
public static final String SCRIPTS_ROOT = "/home/ubuntu/scripts";
public static final String CLIENT_TEMP = "/home/ubuntu/clients/temp/";
public static final String ORGANIZATION_NAME = "your_org_name_here";
public static final class ScriptsRoot {
public static final String PY = SCRIPTS_ROOT + "py/";
}
public static final String LOG_ROOT = "/home/ubuntu/log/application_server/";
public static final String ASSETS_ROOT = "where you want to store assets";
}
@

Tor has not yet assigned an onion address (you will add this to your constants later). But at this point the InformaCam Server should run:


cd ~/interface/InformaCam-Server
export PATH=$PATH:$M2
export PATH=$PATH:JAVA_HOME
mvn jetty:run

Got to {your instance's uRL}:8080/InformaCam-Server. You should see the InformaCam Server running at this point.

Setup Hidden Services

While the server is running, you still need to setup the hidden services, using Tor, for the full system to work.


cd ~/
cd synergy
mkdir ca
mkdir ClientUpload

The ClientUpload directory is the corresponding directory that exists at interface/ClientUpload. But you need to make sure only the Tor client can see this one, with permissions and adjusting the Tor settings:


sudo chown -R debian-tor:debian-tor ClientUpload/
sudo gedit /etc/tor/torrc

Scroll down to hidden services of the document and insert:


HiddenServiceDir /home/ubunutu/synergy/ClientUpload/
HiddenServicePort 443 127.0.0.1:443

You also need to setup the server to recognize something on port 443. First, open the php.ini file,


sudo gedit /etc/php5/cgi/php.ini

and add/uncomment the following:

cgi.fix_pathinfo =1

Next, you will need to open and update the lighttpd.conf file:


sudo gedit /etc/lighttpd/lighttpd.conf

and modify the server.modules array so it looks like (adding "mod_fastcgi"):
@
server.modules = (
"mod_access",
"mod_alias",
"mod_accesslog",
"mod_fastcgi",
  1. "mod_rewrite",
  2. "mod_redirect",
  3. "mod_status",
  4. "mod_evhost",
  5. "mod_compress",
  6. "mod_usertrack",
  7. "mod_rrdtool",
  8. "mod_webdav",
  9. "mod_expire",
  10. "mod_flv_streaming",
  11. "mod_evasive"
    )
    @

Then skip to the end of the file, and add the following:


fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php5-cgi",
"socket" => "/tmp/php.socket"
)))

Add the following to the end of the conf file and save and close:

$SERVER["socket"]=="localhost:443" {
ssl.engine="enable"
}

You will need to come back to this a little later and update the server information, once you have the certificates established.

Setup Certification Authority

You will now setup the default keys for the InformaCam system, and modify settings to have InformaCam act as a certification authority.

First, open the openssl.cnf file (located at /etc/ssl/). Modify the default to point to your server. Then create a manifest for your default right below. The configuration should look something like this:

@

####################################################################
[ ca ]
default_ca = InformaCamServer
#default_ca = CA_default ####################################################################

[InformaCamServer]

dir = /home/ubuntu/synergy/ca
database = $dir/index.txt
serial = $dir/serial
private_key = $dir/informacam.key
certificate = $dir/informacam.crt
default_days = 365
default_md = sha1
new_certs_dir = $dir/new_certs
policy = policy_match
@

Scroll down and change the following:


organizationalUnitName = match

Save and close. Then in InformaCam's certificate directory, create a directory for new certificates:


mkdir ~/synergy/ca/new_certs/
cd ~/synergy/ca

Make two files needed for the certificate authority to work:

sudo gedit ~/synergy/ca/serial
sudo gedit ~/synergy/ca/index.txt

Inside of the serial file put

01

on the first line. Add a line break and save and close. Leave index.txt blank and have and close.

Next, create a certificate for the InformaCam system:


cd ~/synergy/ca/
sudo openssl genrsa -out informacam.key
openssl req -new -key informacam.key -out informacam.csr

At the prompts, enter the appropriate information. Then sign:


sudo openSSL x509 -req -days 365 -in informacam.csr -signkey informacam.key -out informacam.crt
sudo openssl ca -gencrl -out /etc/ssl/private/informacam.crl -crldays 7

You also need a key and certificate for your web server.


cd ~/synergy/ca
sudo openssl genrsa -out synergy.key
sudo openssl req -new -key synergy.key -out synergy.csr

At the prompts enter the appropriate information. Then you need to sign the new key with the InformaCam certificate, and cat them into a pem file.

sudo openssl ca -in synergy.csr -cert informacam.crt -keyfile informacam.key -out synergy.crt
cat synergy.key synergy.crt > synergy.pem

Now that you have CA authority setup, update your lighttpd settings to include the following (the server name needs to be the name you set in the server certificate):


$SERVER["socket"]=="localhost:443" {
ssl.engine="enable"
server.document-root="/home/ubuntu/interface/ClientUpload"
server.name="InformaCam Server"
ssl.pemfile="/home/ubuntu/synergy/ca/synergy.pem"
ssl.ca-file="/home/ubuntu/synergy/ca/informacam.crt"
ssl.verifyclient.activate="enable"
ssl.verifyclient.enforce="enable"
}

Set Onion Address

You now need to set your onion address. You will need to restart Tor and the web server for Tor to assign.


sudo /etc/init.d/tor restart
sudo /etc/init.d/lighttpd restart
sudo gedit ~/synergy/ClientUpload/hostname

Copy and paste the address in the hostname file once you have opened it. You need to add this address to the InformaCam java constants file (that you had setup earlier).


gedit /home/ubuntu/interface/InformaCam-Server/src/main/java/org/witness/informa/utils/LocalConstants.java

Copy and paste the onion address (including 'https://' in front of the address in the hostname file), into the following:

public static final Object SERVER_URL = "https://onion address here";

Then open the Tor browser, and try going to the onion address. You should see a series of errors that you are doing the right thing. First, in a javascript console, you should see that the connection was aborted. You should also be told that "This Connection is Untrusted," since this is a self-signed certificate. Accept and Confirm the security exception. After you have accepted and confirmed, you should see SSL handshake errors.

Create Client Certificate

If you are seeing these errors above, you are on the right path. The computer connecting (i.e., the client) to InformaCam system, needs a certificate as well for the system to work. So, now you need to create a client certificate.


cd ~/clients
mkdir {name of client certificate is for}
cd {name of client certificate is for}
sudo openssl genrsa -des3 -out {name of client certificate is for}.key 1024
sudo openssl req -new -key {name of client certificate is for}.key -out {name of client certificate is for}.csr

At the prompts enter the appropriate information. Then you need to sign the new key with the synergy certificate, and cat them into a pem file.

sudo openssl ca -in {name of client certificate is for}.csr -cert synergy.crt -keyfile synergy.key -out {name of client certificate is for}.crt
cat {name of client certificate is for}.key {name of client certificate is for}.crt > {name of client certificate is for}.pem

The pem file you will give to the client, to store in the appropriate location on their system.

Create Admin user

There are some useful scripts that you installed in a previous step, that you need to update some the path and certificate information to run successfully.
  • new_client.py script is for when you want to add new user to informacam to use the system on their mobile device (i.e., record vid and submit to repo)
  • new_admin.py is script to create new admin for informacam.

To make these scripts work you will need to update the constants.pi script to contain the accurate paths to the directories you have set on your system.

cd ~/scripts
gedit constants.pi

Save and close

At this point there are no administrators within the InformaCam server, so once you have updated the paths, you should run the following shortly after you have completed installation so a user can access the server:


./new_admin.py "display name here", "user name here", "password here"

Also available in: PDF HTML TXT