Installation for version 3.18: различия между версиями

Материал из WiKi - UserSide
Нет описания правки
Нет описания правки
 
(не показано 20 промежуточных версий 2 участников)
Строка 1: Строка 1:
<languages/>
<languages/>
[[Installation|en]] | [[Установка|ru]]
[[Installation_for_version_3.18|en]] | [[Установка_для_версии_3.18|ru]]


'''ATTENTION: These instructions are valid for ERP USERSIDE versions 3.18'''
'''ATTENTION: These instructions are valid for ERP USERSIDE versions 3.18'''
Строка 7: Строка 7:


== Description ==
== Description ==
For the sake of simplicity, the commands for the '''Linux Debian 12 (bookworm)''' operating system will be considered. For experienced system administrators, it should not be difficult to use similar commands for another operating system. If you do not feel confident in administering operating systems, we recommend you to use '''Debian''' or '''Ubuntu Server LTS'''. Because of their simplicity and because our technical support is much more familiar with Debian-like distributions. The likelihood of being able to tell you something not related to ERP USERSIDE, but related to operating system administration, will be much higher if you have Debian or a similar distribution based on it.


For the sake of simplicity, commands for the '''Linux Debian 11 (Bullseye)''' operating system will be considered. For experienced system administrators, it should not be difficult to use similar commands for another operating system. If you do not feel confident in the administration of operating systems, we recommend that you use either '''Debian''' or '''Ubuntu Server'''. Because of their simplicity and also because our technical support team has a much better understanding of Debian-like distributions. You are much more likely to be able to get an advise on anything not related to ERP USERSIDE, but related to the administration of the operating system, if you have Debian or a similar distribution based on it.
On the other hand, if you are an experienced system administrator and have skills and experience with Docker, you may find it more convenient to use a ready-made environment based on Docker images, which we have prepared specially, including everything you need to run ERP USERSIDE. In this case, you will not have to configure anything, except to perform simple Docker-bundle settings https://github.com/userside/userside-docker.


On the other hand, if you are an experienced system administrator and have skills and experience with Docker, it may be more convenient for you to use a ready-made environment based on the Docker images that we have specially prepared, including everything you need for ERP USERSIDE. In this case, you won't have to configure anything other than to make simple Docker bundle settings https://github.com/userside/userside-docker.
== Requirements ==
ERP USERSIDE requires various system applications and services, such as PHP interpreter with a set of extensions, WEB server, database management system and others. This section will list such requirements depending on the version of ERP USERSIDE.


== Requirements ==
Also note that your operating system must be configured with the correct time zone and locale. The correct display of information and correct sorting depends on this.
ERP USERSIDE requires various system applications and services, such as a PHP language interpreter with a set of extensions, a WEB-server, a database management system and others. This section will list such requirements depending on the ERP USERSIDE version.
Also note that your operating system must be configured with the correct time zone and locale. This determines the correctness of the information displayed and the correctness of sorting.


The list of required PHP extensions contains all extensions that are not part of the PHP core.  
The list of required PHP extensions contains all extensions that are not part of the PHP core. Some of these extensions may come with the core PHP package or as part of the php-common package, while others must be installed additionally.  
Some of these extensions may be bundled with the main PHP package or as part of the php-common package, while others must be installed separately.  


=== 3.18 (current stable) ===
=== 3.18 ===
* PHP: 8.1
* PHP: 8.1
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib, pcntl
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib, pcntl
* PHP Extensions: ldap, soap
* Additional PHP extensions: ldap, soap
* Python: 3.8+
* Python: ''Requires Python3 of any currently supported version. The status of versions can be viewed here:"[https://devguide.python.org/versions/ Status of Python versions]". It is recommended to use a version with "security" or "bugfix" status. Versions marked as "end-of-life" are not supported. Versions marked as "feature" are not recommended.''
* Python Modules: pip, venv
* Python modules: pip, venv
* PostgreSQL: 10+
* PostgreSQL: 10+ (preferably 16)
* Redis: 5+
* Redis: 5+ (preferably 7)
* RabbitMQ: 3.8+
* RabbitMQ: 3.8+ (preferably 3.13)
* Supervisor
 
=== 3.16, 3.17 ===
* PHP: 7.2 - 7.4
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib, pcntl
* PHP optional extensions: ldap, soap
* Python: 3.7+
* Python Modules: pip, virtualenv
* PostgreSQL: 10+
* Redis: 5+
* RabbitMQ: 3.8+
* Supervisor
* Supervisor
=== 3.15 ===
* PHP: 7.1 - 7.4
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib
* PHP optional extensions: ldap, soap
* PostgreSQL: 10+
* Redis: 5+
=== 3.14 ===
* PHP: 7.1 - 7.3
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib
* PHP optional extensions: ldap, soap
* PostgreSQL: 10+
* Redis: 5+
=== 3.13 ===
* PHP: 7.1 - 7.3
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib
* PHP optional extensions: ldap, soap
* PostgreSQL: 9.6+
* Redis: 5+
=== 3.12 ===
* PHP: 7.0 - 7.1
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib
* PHP optional extensions: ldap, soap
* PostgreSQL: 9.5+
=== 3.11 ===
* PHP: 5.6 - 7.1
* PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib
* PHP optional extensions: ldap, soap
* PostgreSQL: 9.5+
* MySQL: 5.6 - 5.7


== Main Agreements ==
== Main Agreements ==
The directory where ERP USERSIDE is installed is <code>/var/www/userside</code>. Inside this directory must be a subdirectory userside3, which is the root directory for the WEB-server. If you want to use a different directory for ERP USERSIDE, don't forget to correct all the examples in this manual accordingly.
The directory where ERP USERSIDE is installed is <code>/var/www/userside</code>. Inside this directory there should be a subdirectory userside3, which is the root directory for the WEB server. If you want to use a different directory for ERP USERSIDE, remember to make the appropriate corrections to all the examples in these instructions.


Create a directory:
Create the directory:
  sudo mkdir -p /var/www/userside/userside3
  sudo mkdir -p /var/www/userside/userside3
  sudo chown -R www-data:www-data /var/www/userside
  sudo chown -R www-data:www-data /var/www/userside


You need to allocate a domain name for ERP USERSIDE. The examples below use userside.mycompany.com, but you will need to replace it with your own.
You will need to allocate a domain name for ERP USERSIDE. The examples below use userside.mycompany.com, but you will need to change it to your own. Write this domain name in /etc/hosts if it is different from the hostname of the installation.


== Installing the required components ==
== Installing the required components ==
The installation will be shown for the latest current ERP USERSIDE version '''3.16'''. For other versions, you can modify these commands yourself to get the right set of applications installed for certain versions. Also note that some components are not needed for other versions of ERP USERSIDE.
First, install the utilities that will be needed later in the installation process. These are required for any ERP USERSIDE. You can copy the lines one by one and paste them into the command line of your operating system.


First install the utilities that will be needed later in the installation process. They are required for any ERP USERSIDE version. You can copy lines one by one and paste them into the command line of your operating system.
Copy and paste the following lines in their entirety:
 
Copy and paste the following lines entirely:
<pre>
<pre>
sudo tee /etc/apt/sources.list.d/contrib-non-free.list << EOL
sudo tee /etc/apt/sources.list.d/contrib-non-free.list << EOL
deb http://deb.debian.org/debian/ $(lsb_release -sc) contrib non-free
deb http://deb.debian.org/debian/ $(lsb_release -sc) contrib non-free non-free-firmware
deb http://deb.debian.org/debian/ $(lsb_release -sc)-updates contrib non-free
EOL
EOL


sudo apt update
sudo apt update
sudo apt full-upgrade -y
sudo apt full-upgrade -y
sudo apt install -y gnupg debian-keyring libsnmp-dev snmp-mibs-downloader
sudo apt install -y gnupg ca-certificates lsb-release debian-archive-keyring debian-keyring libsnmp-dev snmp-mibs-downloader
</pre>
</pre>


=== PostgreSQL ===
=== PostgreSQL ===
==== Alternative official repository ====
==== Alternative official repository ====
To be able to always install and update to the latest version of PostgreSQL, add an alternative official repository to your operating system by running the commands:
We strongly recommend using the latest version of PostgreSQL, as this always has a positive impact on speed. Add the official Postgres repository to the system:
<pre>
<pre>
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
sudo apt update
</pre>
</pre>
If you have a different operating system, you can find the necessary commands for it at [https://www.postgresql.org/download/ official PostgreSQL website].
If you have a different operating system, you can find the necessary commands for it at [https://www.postgresql.org/download/ official PostgreSQL website].
''The step of adding an alternate repository here and hereafter is optional, but only if your operating system's main repository contains packages of those versions that fall within the range required for the ERP USERSIDE version being installed.''


==== Installation ====
==== Installation ====
Before you install PostgreSQL in your operating system, your local locale and the correct time zone must be set. This can also be done later, but it is easier if it is done before installation. Run the following command to make sure that the desired locale is present:
'''Caution!''' Before installing PostgreSQL, your operating system must have your local locale and correct time zone set! This can be done later, but it will be much easier if it is done before installing PostgreSQL. Run the following command to make sure the correct locale is present:
  locale -a
  locale -a


If your local locale is not among those listed, install it. To do this, just edit the file /etc/locale.gen by removing the comments before the line(s) with the desired locale, and then run the command:
If your local locale is not among those listed, then install it. To do this, simply edit the /etc/locale.gen file by removing the comments before the line(s) with the desired locale, and then run the command:
  sudo locale-gen
  sudo locale-gen


If you need to change the default locale, do:
If you need to change the default locale, then execute:
  sudo dpkg-reconfigure locales
  sudo dpkg-reconfigure locales


To change the time zone, follow the steps below:
To change the time zone, execute:
  sudo timedatectl set-timezone Europe/Kiev
  sudo timedatectl set-timezone Europe/Kyiv


You can now proceed to install PostgreSQL:
Now you can move on to the PostgreSQL installation:
  sudo apt install -y postgresql-15 postgresql-15-postgis-3
  sudo apt install -y postgresql-16 postgresql-16-postgis-3


==== Setting ====
==== Setting ====
Create a user (role) and database for ERP USERSIDE. The example below creates a user named userside and a database with the same name. The PostGis extension is then connected to the database, required to manipulate geometric data. After the first line has been executed, you will need to enter the password for the new user twice - make a note of this password, you will need it later to install ERP USERSIDE
Create a user and database for ERP USERSIDE. The example below creates a user named userside and a database with the same name. If your locale is not uk_UA, remember to change the command. The PostGis extension needed to work with geographic data is then connected to the database. After doing the first line, you will need to enter the password for the new user twice - make a note of this password, you will need it later to set up the ERP USERSIDE
<pre>
<pre>
sudo -u postgres createuser userside -P
sudo -u postgres createuser userside -P
Строка 138: Строка 86:
</pre>
</pre>


If your PostgreSQL is installed on another server, you will need to make adjustments to the postgresql.conf and pg_hba.conf files located in /etc/postgresql/15/main/. In postgresql.conf you need to uncomment and change the value of <code>listen_addresses</code> parameter, specifying there all IP addresses of server interfaces where it can accept connections to PostgreSQL. In the pg_hba.conf file, add a line at the very end, similar to the previous ones, indicating from which address the user of ERP USERSIDE can connect. But if your PostgreSQL is on the same server as PHP and everything else, there is no need to make any adjustments to this file.
If your PostgreSQL is installed '''on another server''', you will need to make corrections to the files postgresql.conf and pg_hba.conf located in the /etc/postgresql/16/main/ directory. In the postgresql.conf file, you must uncomment and change the value of the <code>listen_addresses</code> parameter, specifying there all IP addresses of the server interfaces on which it can accept connections to PostgreSQL. In the file pg_hba.conf you need to add a line at the very end, similar to the previous ones, specifying from which address the ERP USERSIDE user can connect. But if your PostgreSQL is located on the same server as USERSIDE - there is no need to make any adjustments to these files.
 
==== PostgreSQL server fine-tuning ====
Refer to [[Tuning| Fine-tuning]].


=== Redis ===
=== Redis ===
==== Alternative installation method ====
The Debian 12 standard repository includes Redis version 7.0.15. This version is suitable for running ERP USERSIDE.
The standard Debian 11 repository includes a version of Redis 6.0.16. This version is suitable for ERP USERSIDE. If you want to install the latest version you will have to build Redis manually. If you have no experience with this, just install Redis as shown below - that's fine. If you are using an Ubuntu server, you can use the official PPA repository.
 
For information on manually building Redis and on the PPA repository, see [https://redis.io/download official Redis website].


==== Installation ====
==== Installation ====
Строка 153: Строка 95:


==== Setting ====
==== Setting ====
By default Redis accepts connections without a password, but we strongly recommend setting a password. Since the password is transmitted openly (Redis does not provide encryption as it focuses on query speed and extra steps like encryption do not apply), you need to create a really long and complex password. This can be done, for example, using the '''sha256sum''' utility as follows:
By default Redis accepts connections without a password, but we strongly recommend setting a password. Since the password is transmitted in the clear (Redis does not provide encryption because it focuses on speed of request processing and extra steps like encryption are not applied), you need to create a really long and complex password, for example, using the '''openssl''' utility as follows:


  echo "some unique long phrase" | sha256sum
  openssl rand --hex 32


The output will be a sha256 hash, which you will use as your real password. Then, instead of ''MYPASSWORDHERE'', you will need to substitute this particular hash. Make a note of it. Then in the settings you will specify this hash as the Redis password.
The output will be a random set of 32 bytes in 16-character form, which you will use as a password. Next, you will need to substitute this generated string in place of the word '''MYPASSWORDHERE'''. Write it down. Then in the settings you will specify this string as the Redis password.


Specify the resulting passphrase hash in the Redis configuration file:
Specify the generated passphrase hash in the Redis configuration file:


  sudo sed -i 's@^.*requirepass .*@requirepass MYPASSWORDHERE@g' /etc/redis/redis.conf
  sudo sed -i 's@^.*requirepass .*@requirepass MYPASSWORDHERE@g' /etc/redis/redis.conf


where ''MYPASSWORDHERE'' should be replaced with the passphrase hash received earlier.
where instead of '''MYPASSWORDHERE''' specify the hash of the passphrase received earlier.


Timeout must also be disabled (on some versions of Redis it is enabled):
It is also necessary to disable timeout (on some versions of Redis it is enabled):


  sudo sed -i 's@^timeout .*@timeout 0@' /etc/redis/redis.conf
  sudo sed -i 's@^timeout .*@timeout 0@' /etc/redis/redis.conf


Restart Redis and make sure, that it works (should get PONG in response):
Restart Redis and make sure it works (should get PONG in response):
 
<pre>
sudo systemctl restart redis
sudo systemctl restart redis
redis-cli -h 127.0.0.1 -p 6379 -a MYPASSWORDHERE ping
redis-cli -h 127.0.0.1 -p 6379 -a MYPASSWORDHERE ping
</pre>


=== RabbitMQ ===
=== RabbitMQ ===
''Only required for version 3.16 and newer.''
The Debian 12 standard repository includes an older version of RabbitMQ 3.10. You can use it - it is supported. However, this version is relatively old and your best bet is to install a newer version from alternative repositories. The [https://www.rabbitmq.com/install-debian.html official RabbitMQ website] has quite detailed information on installing RabbitMQ for each operating system.
 
The standard Debian 11 repository includes an older version of RabbitMQ 3.8. You can use it - it is supported. However, this version is relatively old and your best option is to install a new version from alternative repositories. The [https://www.rabbitmq.com/install-debian.html official RabbitMQ website] has fairly detailed information on installing RabbitMQ for each operating system.
 
If you use Debian 12, notice that you still need to specify <code>bullseye</code> in the sources.list (below), as bookworm (or as stated on the rabbitmq website - bookwork) doesn't work! This is probably a temporary problem related to the Debian 12 Bookworm repository.


==== Adding alternative repositories ====
==== Adding alternative repositories ====
Copy and paste the following block into the command line in its entirety
Copy and paste the following block in its entirety into the command line
<pre>
<pre>
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg > /dev/null
curl -1sLf https://ppa1.novemberain.com/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-server-archive-keyring.gpg > /dev/null
curl -1sLf https://ppa1.novemberain.com/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null


sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
deb [signed-by=/usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian $(lsb_release -cs) main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian $(lsb_release -cs) main
deb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
deb [signed-by=/usr/share/keyrings/rabbitmq-server-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian $(lsb_release -cs) main
deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/debian bullseye main
deb-src [signed-by=/usr/share/keyrings/rabbitmq-server-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian $(lsb_release -cs) main
EOF
EOF


sudo apt update
sudo apt update
sudo apt-get install -y erlang-base \
                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                        erlang-runtime-tools erlang-snmp erlang-ssl \
                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
</pre>
</pre>


==== Installation ====
==== Installation ====
   
  <pre>
sudo apt install rabbitmq-server -y --fix-missing
sudo apt install -y erlang-base \
                    erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                    erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                    erlang-runtime-tools erlang-snmp erlang-ssl \
                    erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
 
sudo apt install rabbitmq-server -y --fix-missing
</pre>


==== Installing the necessary add-ons ====
==== Installing the necessary add-ons ====
Do the next two rows one at a time!
<pre>
<pre>
sudo rabbitmq-plugins enable rabbitmq_management --offline
sudo rabbitmq-plugins enable rabbitmq_management --offline
Строка 225: Строка 165:
</pre>
</pre>


Now you need to create users. We recommend using three different accounts: for server administration (full rights), for userside and modules (full rights but no administrative rights) and web-stomp user for websocket (minimum rights to read certain broker objects).
Now we need to create users. We recommend to use '''three different users''': for server administration (full rights), for userside and modules (full rights but no administrative rights) and web-stomp user for websocket (minimal rights to read certain broker objects). But you can only create two: an admin, which will also be used for userside, and a user for websocket. These must necessarily be at least two different users, since the password for the websocket user is passed to the browser and can be easily read by the user. The following will show an example for the recommended three users.  


Create '''a user to administer''' RabbitMQ. This example uses the user name ''admin'' and the password ''password''. The user is tagged immediately after creation <code>administrator</code>, giving the user maximum administrator rights and then setting permissions for vhost <code>/</code> allowing full configuration, write and read access to everything within this vhost*.
Create a '''user for administration''' RabbitMQ. This example uses the username '''admin''' and password '''password'''. The user is assigned the <code>administrator</code> tag immediately after creation, giving the user maximum administrator rights, and then set permissions on the vhost <code>/</code> allowing full access to configure, write and read everything within that vhost*.
sudo rabbitmqctl add_user "admin" "password"
<pre>
sudo rabbitmqctl set_user_tags "admin" "administrator"
sudo rabbitmqctl add_user "admin" "password"
sudo rabbitmqctl set_permissions -p "/" "admin" ".*" ".*" ".*"
sudo rabbitmqctl set_user_tags "admin" "administrator"
sudo rabbitmqctl set_permissions -p "/" "admin" ".*" ".*" ".*"
</pre>


Create '''a user on whose behalf ERP USERSIDE and modules will operate'''. Example for user name '''userside''' (you do not need to give admin rights to this user):
Create a '''user on behalf of which ERP USERSIDE''' and modules will run. Example for the user name '''userside''' (there is no need to give admin rights to this user):
sudo rabbitmqctl add_user "userside" "password2"
<pre>
sudo rabbitmqctl set_user_tags "userside" "monitoring"
sudo rabbitmqctl add_user "userside" "password2"
sudo rabbitmqctl set_permissions -p "/" "userside" ".*" ".*" ".*"
sudo rabbitmqctl set_user_tags "userside" "monitoring"
sudo rabbitmqctl set_permissions -p "/" "userside" ".*" ".*" ".*"
</pre>


<span id="websocket"></span>Create '''a user for the WebSTOMP''' module. You will need it to use WebSocket notifications (from version 3.17 onwards). Instead of '''websock-user''' you can specify another user name, but we recommend leaving this. The ''websock-password'' can be replaced by a password, but this password will be passed to the browser in clear text, so there is no point in making it too complex:
<span id="websocket"></span>Create a '''WebSTOMP''' user. You will need it to use notifications via WebSocket. Instead of '''websock-user''' you can specify a different user name. Instead of '''websock-password''', specify your password, but this password will be passed in the clear to the browser, so don't make it look like other passwords:
sudo rabbitmqctl add_user "websock-user" "websock-password"
<pre>
sudo rabbitmqctl set_permissions -p "/" "websock-user" "^userside-stomp:id-.*" "" "^userside-stomp:id-.*"
sudo rabbitmqctl add_user "websock-user" "websock-password"
sudo rabbitmqctl set_permissions -p "/" "websock-user" "^userside-stomp:id-.*" "" "^userside-stomp:id-.*"
</pre>


''* vhost - is a virtual host within RabbitMQ, allowing different uses of the same server by different applications. Such as different databases on the same RDBMS server. vhost has a default name of / and this is almost always enough for you. But if you plan to run multiple copies of ERP USERSIDE on the same server, for example, you will need to create a different vhost for each copy and therefore users for it. Refer to [https://www.rabbitmq.com/vhosts.html official manual] for details.''
Caution!: You will need to specify the WebSTOMP username and password in the settings in the USERSIDE interface (Menu: Settings - Main - Websocket).
 
''* vhost is a virtual host inside RabbitMQ that allows you to differentiate between different applications using the same server. Like, for example, different databases on the same RDBMS server. The default vhost is named / and almost always this is enough for you. But if you plan, for example, to run multiple copies of ERP USERSIDE on the same server, then for each copy you will need to create a different vhost and, accordingly, users for it. See [https://www.rabbitmq.com/vhosts.html official guide] for details.''


Restart the rabbitmq service:
Restart the rabbitmq service:
 
<pre>
sudo systemctl restart rabbitmq-server
sudo systemctl restart rabbitmq-server
</pre>


==== Management ====
==== Management ====
One of the commands above installs a management module in RabbitMQ, providing a convenient WEB interface for monitoring, diagnosing and managing the RabbitMQ server. This module can be used to monitor the server, the number of queued messages and other statuses. All this can also be done using a console utility<code>rabbitmqctl</code>, but the use of a WEB interface can be much more intuitive and user-friendly. If you don't need a WEB interface to manage the server, you can skip installing the '''rabbitmq_management''' module during the installation phase.  
One of the commands above installs a management module in RabbitMQ that provides a convenient WEB interface to monitor, diagnose, and manage the RabbitMQ server. With the help of this module you can monitor the server, monitor the number of messages in the queues and other states. All this can be done using the console utility <code>rabbitmqctl</code>, but using the WEB-interface can be much more clear and convenient.


By default, the WEB management interface is available at http://userside.mycompany.com:15672
By default, the WEB-interface of the control is available at http://userside.mycompany.com:15672


You can read more about the control module [https://www.rabbitmq.com/management.html on the official RabbitMQ website].
You can read more about the management module [https://www.rabbitmq.com/management.html on the official RabbitMQ website].


=== PHP ===
=== PHP ===
==== Alternative repository ====
==== Alternative repository ====
If your operating system has the required version of PHP in its standard package repository, you can install PHP and extensions directly from the main operating system repository. For example, the Debian-11 (Bullseye) version contains PHP version 7.4 in its standard repository, which is suitable for ERP USERSIDE 3.16 and 3.17.
However, if the version of your operating system is older, the correct versions of the packages may simply not be there. If this is the case, you can add an alternative repository to your operating system. Execute the commands below to add an alternative repository to the system:
<pre>
<pre>
sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
Строка 267: Строка 213:
==== Installation ====
==== Installation ====
Execute the following commands:
Execute the following commands:
sudo apt install -y php8.1-{fpm,cli,common,curl,intl,mbstring,opcache,pgsql,readline,xml,zip,snmp,gd}
<pre>
sudo apt install -y php8.1-{fpm,cli,common,curl,intl,mbstring,opcache,pgsql,readline,xml,zip,snmp,gd}
</pre>


If you plan to use LDAP, the php-ldap extension must be installed:
If you plan to use LDAP, you need to install the php-ldap extension:
sudo apt install -y php8.1-ldap
<pre>
sudo apt install -y php8.1-ldap
</pre>


If you plan to use TurboSMS to send SMS, you will also need the php-soap extension:
If you plan to use TurboSMS to send SMS, you will also need the php-soap extension:
sudo apt install -y php8.1-soap
<pre>
sudo apt install -y php8.1-soap
</pre>


==== Setting ====
==== Setting ====
The following are commands that make changes to the configuration files.
Please note that if your time zone <code>Europe/Kiev</code>, then instead of <code>$(cat /etc/timezone)</code> You should write <code>Europe/Kyiv</code>. Debian 11 has not yet made changes to rename the time zone, whereas PHP 8.1 already does.
<pre>
<pre>
sudo sed -i "s@^;date.timezone.*@date.timezone = $(cat /etc/timezone)@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@^;date.timezone.*@date.timezone = $(cat /etc/timezone)@" /etc/php/8.1/fpm/php.ini
Строка 286: Строка 235:
sudo sed -i "s@upload_max_filesize = 2M@upload_max_filesize = 100M@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@upload_max_filesize = 2M@upload_max_filesize = 100M@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@max_execution_time.*@max_execution_time = 300@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@max_execution_time.*@max_execution_time = 300@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@max_input_time.*@max_input_time = 300@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@^;request_terminate_timeout =.*@request_terminate_timeout = 300@" /etc/php/8.1/fpm/pool.d/www.conf
 
sudo systemctl restart php8.1-fpm
sudo systemctl restart php8.1-fpm
</pre>
</pre>
==== Fine-tuning ====
By default there are 4 processes running in the PHP-FPM pool, to ensure that it can run on any, even the weakest, server. This means that only 4 requests can be processed at a time, the rest will wait in the queue. The PHP-FPM pool needs to be optimised so that the number of running processes covers system usage, and there are enough redundant processes that can be started automatically by the process manager.
The entire tuning process is described in [[Tuning| Fine-tuning]].


=== NGINX ===
=== NGINX ===
==== Alternative official repository ====
==== Alternative official repository ====
The version of NGINX provided in the Debian repository is fully usable and there is no need to add an alternative repository. However, if you want to always have the latest version, run the following lines to add the official nginx repository to your operating system:
The version of NGINX supplied in the Debian repository is fully usable and there is no need to add an alternative repository. However, if you want to always have the latest version, then run the following lines to add the official nginx repository to your operating system:
<pre>
<pre>
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
sudo apt update
sudo apt update
</pre>
</pre>


If you have a different operating system, you can find the necessary commands for it on the official NGINX website: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/
If you have a different operating system, you can find the necessary commands for it on the official NGINX website: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/.


==== Installation ====
==== Installation ====
sudo apt remove -y nginx-common apache2
<pre>
sudo apt install -y nginx
sudo apt install -y nginx
</pre>


==== Setting ====
==== Setting ====
NGINX should run as the www-data user - the www-pool of php-fpm runs as the same user:
<pre>
sudo sed -i "s@^user.*;@user www-data www-data;@" "/etc/nginx/nginx.conf"
sudo sed -i "s@^user.*;@user www-data www-data;@" "/etc/nginx/nginx.conf"
sudo systemctl restart nginx
sudo systemctl restart nginx
</pre>


The following configuration example assumes that ERP USERSIDE will be installed in the standard system directory <code>/var/www/userside</code>. If you wish to install ERP USERSIDE in a different directory, please remember to correct it in all subsequent examples. To make sure you get it right, we recommend using the catalogue <code>/var/www/userside</code>.
The following configuration example assumes that ERP USERSIDE will be installed in the default system directory <code>/var/www/userside</code>. If you wish to install ERP USERSIDE in a different directory, please remember to fix it in all subsequent examples. In order not to make a mistake, we recommend to use exactly the <code>/var/www/userside</code> directory.


This directory will contain the web-root, i.e. the files accessible via the http protocol.
This directory will contain the web-root, i.e. files accessible via the http protocol.


Now edit the file /etc/nginx/conf.d/default.conf. Or delete it and create a new file with an arbitrary name, e.g. /etc/nginx/conf.d/userside.conf. In either case, regardless of your choice, the contents of the file should be as follows (specify your domain name instead of userside.mycompany.com):
Now edit the /etc/nginx/conf.d/default.conf file. Or delete it and create a new file with an arbitrary name, for example /etc/nginx/conf.d/userside.conf. In either case, regardless of your choice, the contents of the file should be as follows (instead of userside.mycompany.com, specify your domain name):
<pre>
<pre>
server {
server {
Строка 369: Строка 319:


     location ~ /\.ht { deny  all; }
     location ~ /\.ht { deny  all; }
    error_page 404 /404.php?type=404;
    error_page 403 /404.php?type=403;
    error_page 500 /404.php?type=500;
    location = /404.php {
        root /var/www/userside/userside3/main/error/;
        internal;
    }
}
}
</pre>
</pre>


You may also want to configure SSL and anything else. This topic is beyond the scope of this manual.
You may also want to configure SSL and other things. This topic is beyond the scope of this manual.


If you installed RabbitMQ '''on a different server''', or changed the WebSTOMP port value from 15674 to some other server, specify the IP address of the server with RabbitMQ and the port number on the line <code>proxy_pass http://127.0.0.1:15674/ws;</code>. The protocol must remain http. The path must remain /ws.
If you installed RabbitMQ '''on another server''', or changed the value of the WebSTOMP port from 15674 to some other, then specify the IP address of the server with RabbitMQ and the port number in the <code>proxy_pass http://127.0.0.1:15674/ws;</code> line. The protocol must remain http. The path should remain /ws.


Check the configuration and if it is OK, reboot nginx:
Check the configuration and if it is ok reload nginx:
  sudo nginx -t && sudo systemctl restart nginx
  sudo nginx -t && sudo systemctl restart nginx


=== Python ===
=== Python ===
Debian 11 contains Python 3.9 in the standard repository - this is sufficient so no alternate repositories are needed, but if you are running a version lower than 3.8 on your host you should definitely install at least 3.8.
''Requires Python3 of any currently supported version. The status of versions can be viewed here:"[https://devguide.python.org/versions/ Status of Python versions]". It is recommended to use a version with "security" or "bugfix" status. Versions marked as "end-of-life" are not supported. Versions marked as "feature" are not recommended.''
 
If you have an unsupported version ("end-of-life") installed on your host, you should be sure to [[Python-update_EN|install additionally]] a more recent version of Python.


==== Installing the necessary packages ====
==== Installing the necessary packages ====
  sudo apt install -y python3-dev python3-pip python3-venv
  sudo apt install -y python3-dev python3-pip python3-venv libffi-dev pkg-config
sudo pip install --upgrade pip wheel setuptools


=== Supervisor ===
=== Supervisor ===
''Only required for version 3.16 and newer.''
==== Installation ====
  sudo apt install -y supervisor
  sudo apt install -y supervisor


Строка 414: Строка 353:
  sudo -u www-data php userside_install.phar install
  sudo -u www-data php userside_install.phar install


In the process of work, the installer checks that the technical requirements are met, requests access parameters and checks connections to server services.
During the process, the installer verifies compliance with technical requirements, requests access parameters, and checks connections to server services.


You can enter any ERP USERSIDE version number available to you for installation. You can do this by entering a version number from the list (it only contains the latest version of each branch) or by entering the full version number if it is not in the list.
You can enter any ERP USERSIDE version number available to you for installation. To do this, you can enter the version number from the list (it contains only the latest version of each branch) or enter the entire version number if it is not on the list.


When the installer has finished, a message will be displayed stating that the installation was successful.
When the installer finishes, a message will be displayed indicating that the installation was successful.


If you did not install as a web server user, be sure to make them the owner of all userside files recursively after completing the installation!
If you did not install as a web server user, be sure to make that user the owner of all userside files recursively after the installation is complete!


  sudo chown -R www-data:www-data /var/www/userside
  sudo chown -R www-data:www-data /var/www/userside
Строка 427: Строка 366:
== Set up after installation ==
== Set up after installation ==


=== Scheduler ===
=== Configuration of system services ===
Copy and paste the following lines into the command line to add the scheduler to the system CRON:
After installation, copy the sample configuration files of the system services and adjust them if necessary (for example, specify the path to the userside directory if it is different from /var/www/userside). Run the commands:
<pre>
<pre>
sudo tee /etc/cron.d/userside << EOL
sudo cp etc/us-core-worker.conf-example /etc/supervisor/conf.d/us-core-worker.conf
* * * * *  www-data  /usr/bin/php /var/www/userside/run cron > /dev/null
sudo cp microservice/poller/etc/usm_poller.conf-example /etc/supervisor/conf.d/usm_poller.conf
EOL
sudo cp etc/logrotate-example /etc/logrotate.d/userside
sudo cp microservice/poller/etc/logrotate-example /etc/logrotate.d/usm_poller
sudo cp etc/crontab-example /etc/cron.d/userside
</pre>
</pre>


=== Background core processes ===
=== Install the necessary dependencies for usm_poller ===
''Only required for version 3.16 and newer.''
<pre>
 
cd microservice/poller
The kernel background process is in constant waiting for messages from the RabbitMQ broker. These messages are used to transmit tasks or the results of the work of other workers.
sudo -H python3 -m venv venv
sudo -H ./venv/bin/pip install -U pip
sudo -H ./venv/bin/pip install -U -r requirements.txt
</pre>


The automatic start-up and monitoring of kernel workers must be set up. Supervisor is used for this purpose. Create a configuration to start the supervisor service by copying the following block in its entirety and pasting it into the command line:
=== Launching the supervisor ===
The supervisor monitors the health of the services specified in its configuration. To start the supervisor, execute:
<pre>
<pre>
sudo tee /etc/supervisor/conf.d/us-core-worker.conf << EOL
sudo systemctl restart supervisor
[program:us-core-worker]
process_name=%(program_name)s_%(process_num)02d
command=/usr/bin/php /var/www/userside/run queue/listen
directory=/var/www/userside
autostart=true
autorestart=true
user=www-data
numprocs=10
redirect_stderr=true
stdout_logfile=/var/www/userside/var/log/core-worker.log
EOL
</pre>
</pre>
 
After starting the supervisor, after a few seconds you can observe the state of all the services it monitors. All services must be in the RUNNING state:
The supervisor now needs to be enabled and restarted:
sudo systemctl enable supervisor
sudo systemctl restart supervisor
 
The supervisor is controlled by the supervisorctl utility. For example, to output a list of all processes running and controlled by the supervisor, you can run the command:
sudo supervisorctl status
 
To restart the kernel workers (us-core-worker), you can run the command:
sudo supervisorctl restart us-core-worker:*
 
You can [http://supervisord.org/running.html#running-supervisorctl read more about the commands and how to use the supervisor in the official documentation].
 
=== Background usm_poller service processes ===
''Only required for version 3.16 and newer.''
 
The usm_poller service is a background process that executes the hardware communication commands. The files for this service are supplied with ERP USERSIDE and are located in /var/www/userside/microservice/poller.
 
==== Installation ====
Poller is implemented in the Python programming language and requires additional modules for its operation. The best way to do this is to use a Python virtual environment. In this case, all extensions will be installed in a local subdirectory, avoiding any conflicts in the system and allowing for more convenient and easier handling of these extensions in the future (version upgrades, etc.).
 
Execute the following commands to set up the virtual environment:
<pre>
<pre>
cd /var/www/userside/microservice/poller
sudo supervisorctl status
sudo python3 -m venv venv
sudo ./venv/bin/pip install --upgrade pip wheel
sudo ./venv/bin/pip install --upgrade -r requirements.txt
</pre>
</pre>
==== Setting ====
An example supervisor settings file is supplied with the poller. Copy it as a working file.
sudo cp etc/us-poller-microservice.conf-example /etc/supervisor/conf.d/usm-poller.conf
Restart the supervisor
sudo systemctl restart supervisor
Check that everything has started correctly
sudo supervisorctl status
If there are problems with the start-up, try running the poller microservice manually and analyse the output
sudo /var/www/userside/microservice/poller/venv/bin/python3 /var/www/userside/microservice/poller/worker.py


== Immediately after installation ==
== Immediately after installation ==
This completes the ERP USERSIDE installation. Now perform the following steps:
This completes the installation of ERP USERSIDE. Now perform the following steps:
* Open the system page '''<nowiki>http://userside.mydomain.com/oper/</nowiki>''' and log in ''(default username: Admin, password: 1234)''.
* Open the system page '''<nowiki>http://userside.mydomain.com/</nowiki>''' and log in ''(default username: Admin, password: 1234)''.
* Configure Websocket setting at: Settings - Main - WebSocket. Enable and enter the user name and password of the WebStomp user you created earlier under RabbitMQ.
* Perform Websocket configuration under: Settings - Main - WebSocket. Enable and enter the username and password of the WebStomp user you created earlier in the RabbitMQ section.
* Make the basic settings in: [[Settings - Main|Settings - Main]].
* Perform the basic settings under: [[Settings_-_Main|Settings - Main]].
* Set up an interaction with [[Supported Billings|billing]] according to [[Setting up interaction with Billings|instructions]].
* Configure the interaction with [[Supported_billings|billing]] according to the [[Setting_up_interactions_with_a_billing|instructions]].
* Read the instructions on the page [[Where to start?]].
* Read the instructions on the page: [[Start EN|Where to start?]].
* It is advisable to restrict access to the [[API]] file ''''/var/www/userside/userside3/api.php'''' from certain IP addresses.
* It is advisable to restrict access to the [[API_EN|API]] file. '''"/var/www/userside/userside3/api.php'''" from certain IP addresses.


== System upgrade ==
== System upgrade ==
Technically any end-to-end upgrade is possible, from ERP USERSIDE 3.11 to the latest version. However, there are situations where data migration problems arise with this upgrade. This is most likely to occur on older systems where data has been accumulated over many years (starting with the upgrade to ERP USERSIDE version 3). This is why we recommend that you upgrade your system in stages. If you have 3.11, first upgrade to the latest 3.12, then 3.13 etc. Note that each version has different system requirements (see above), but most are not restricted to the version above. That is, if you have 3.11 and want to upgrade to 3.16, you can install the latest version of PostgreSQL, Redis, RabbitMQ, etc. immediately, even though you will be doing a staged upgrade. The only thing to consider is the PHP versions. Different versions of ERP USERSIDE support a different range of PHP versions. Unfortunately, this cannot be avoided. For example, we have not tested ERP USERSIDE 3.14 with PHP 7.4 because it simply did not exist at that time. Therefore we simply cannot guarantee that it will work on this version. But the range of supported versions of PHP is quite wide, so you don't have to install a new version of PHP for every version of ERP USERSIDE. For example, to upgrade from 3.11 to 3.16 you only need a few steps:
Technically, any end-to-end upgrade from ERP USERSIDE 3.11 to the latest version is possible. However, there are situations when such an upgrade causes problems with data migrations. This is most likely to occur on older systems where data has been accumulated for many years (starting with the upgrade to ERP USERSIDE version 3). This is why we recommend a phased system upgrade. If you have 3.11, first upgrade to the latest 3.12, then 3.13, etc. Note that each version has different system requirements (see above), but most are not limited to the version above. That is, if you have 3.11 and want to upgrade to 3.16, you can install the latest version of PostgreSQL, Redis, RabbitMQ, etc. right away, despite the fact that you will be doing a phased upgrade. The only thing you will have to consider is PHP versions. Different versions of ERP USERSIDE support a different range of PHP versions. Unfortunately, it is impossible to avoid this, because, for example, we did not test ERP USERSIDE 3.14 on version PHP 7.4 because at that time it simply did not exist, so we simply can not guarantee the work on this version. But the range of supported PHP versions is quite wide, so that you do not have to install a new version of PHP for each version of ERP USERSIDE. For example, to upgrade from 3.11 to 3.16 you only need a few steps:
* upgrade PHP to version 7.1 and on this version you can upgrade to as much as 3.15. Also install all necessary dependencies at once for version 3.16.
* upgrade PHP to version 7.1 and with this version you can upgrade to 3.15. Also install all necessary dependencies for 3.16 at once
* After upgrading to 3.15, upgrade to PHP 7.4 and upgrade to 3.16.
* after upgrading to 3.15, upgrade PHP to 7.4 and upgrade to 3.16.


We recommend that you make a copy of your system in order to carry out the upgrade safely. Refer to [[HOWTO: Cloning USERSIDE]]. You can always delete a copy and start over. It's easy and safe. But if you want to upgrade a running system, do it at the lowest load times, with time to spare for disaster recovery in case something goes wrong. Always make sure to back up the database and files before upgrading. If an upgrade is interrupted, especially during the data migration phase, there is a risk that it will be very difficult or even impossible to restore the data correctly. In general, the responsibility for having an up-to-date backup is entirely yours.
We recommend making a copy of the system to safely perform the upgrade. Refer to [[HOWTO: USERSIDE cloning]]. You can always delete the copy and start over. This is easy and safe. But if you wish to upgrade a running system, perform it at times of least stress, with time to spare for disaster recovery if something goes wrong. Always be sure to back up your database and files before upgrading. If an update is interrupted, especially during the data migration phase, there is a risk that it will be very difficult or even impossible to restore the data correctly. In general, the responsibility for having an up-to-date backup lies entirely with you.


You may need to upgrade PostgreSQL before upgrading. Refer to our PostgreSQL upgrade instructions for this procedure before you start the ERP USERSIDE upgrade process.
You may need to upgrade PostgreSQL before upgrading. Please refer to our PostgreSQL upgrade instructions for this procedure before you start the ERP USERSIDE upgrade process.


==== Upgrade process ====
==== Upgrade process ====
After making a copy of the system, or at least a full backup of the working system if you do not want to make a clone, you only need to run the installation command:
We strongly recommend performing test updates on a [[HOWTO: USERSIDE cloning|copy of the system]].
cd /var/www/userside-new
sudo -u www-data php userside_install.phar install


Next, interactively select the version to upgrade, specify the missing configuration parameters for the new version, if any, and wait for the upgrade to complete. After upgrading, be sure to check at least the basic functionality of the system. This is especially true for a staged upgrade: do not upgrade to the next stage if the current stage has ended with an error or the system has stopped working correctly.
To perform an upgrade, run the installer in install mode and follow the instructions:
<pre>
cd /var/www/userside
sudo -u www-data php userside_install.phar install
</pre>


'''For version 3.16 and newer.'''
After updating the USERSIDE, you should be sure to update the usm_poller dependencies:
<pre>
sudo -H microservice/poller/venv/bin/pip install -U -r microservice/poller/requirements.txt
</pre>


Poller's microservice dependencies may change after the upgrade. Run this command every time after an upgrade, even if more often than not it does nothing:
Now you need to restart all the services that are supervised by the supervisor and make sure that all of them start and are in the RUNNING state:
cd /var/www/userside/microservice/poller
<pre>
sudo -H ./venv/bin/pip install --upgrade -r requirements.txt
sudo supervisorctl restart all
 
sudo supervisorctl status
After upgrading, it is imperative that the background processes managed by the supervisor are restarted so that the upgraded files start working:
</pre>
sudo systemctl restart supervisor


== System maintenance ==
== System maintenance ==
A few simple steps are recommended to maintain the system and ensure reliable operation in the future:
To keep the system up and running and to ensure reliable operation in the future, it is recommended that you follow a few simple steps:
* make a periodic backup of the database
* periodically back up the database
* back up downloaded files periodically (this can be done simply by archiving the /var/www/userside/var/attachments directory and .env file)
* periodically create a backup copy of uploaded files (this can be done simply by archiving the /var/www/userside/var/attachments directory and the .env file)
* periodically monitor server performance (using htop, atop) and the RabbitMQ broker and make decisions about scaling fpm pools, kernel background processes and microservices
* periodically monitor server performance (using htop, atop) and the RabbitMQ broker and make decisions about scaling fpm pools, kernel background processes and microservices


=== Backup ===
=== Backup ===
Set up periodic backups of the database and user files. Preferably at least once a day at times of least server load. In PostgreSQL there are two ways to back up the database: dump and sql-script. Each has its own advantages and disadvantages. The first creates a secure dump of the entire database, while the second creates an SQL script that can be run to recover both the structure and the data. We recommend referring to [https://postgrespro.ru/docs/postgresql/13/app-pgdump documentation on using the pg_dump command] to select a method or parameter set that is more suitable for you.
Set up periodic backups of the database and user files. Preferably at least once a day when the server is least loaded. In PostgreSQL, there are two ways to back up the database: dump and sql-script. Each of them has its own advantages and disadvantages. The first one creates a secure dump of the entire database, and the second one creates a SQL-script, which can be executed to restore both the structure and data. It is recommended that you refer to [https://postgrespro.ru/docs/postgresql/13/app-pgdump documentation on how to use the pg_dump command] to choose the method or set of parameters that is best for you.


Below are two commands to back up the database - choose one and add it to your crontab:
Below are two commands for creating a database backup - choose one of them and add it to your crontab:
<pre>
<pre>
# DUMP
# DUMP
Строка 549: Строка 450:
</pre>
</pre>


You can use the following command (for version 3.15 and later) to create a minimal backup of the ''files'':
To create a minimal backup of '''files''' you can use the following command (for version 3.15 and later):
  sudo tar -czf /backup/userside.tgz .env common/config/settings.json var/attachments
  sudo tar -czf /backup/userside.tgz .env common/config/settings.json var/attachments
 
These files together with the database will be enough to restore USERSIDE. But you can back up the entire /var/www/userside directory for more reliability.
These files, together with the database, will be sufficient to restore USERSIDE operation. But you can back up the entire /var/www/userside directory for the sake of safety.


=== Restore from backup ===
=== Restore from backup ===
The pg_restore command is used to restore from dump. [https://postgrespro.ru/docs/postgresql/13/app-pgrestore Documentation on using pg_restore]. The psql utility is used to recover from an SQL script. [https://postgrespro.ru/docs/postgresql/13/app-psql Documentation on using psql].
The pg_restore command is used to restore from a dump. [https://postgrespro.ru/docs/postgresql/13/app-pgrestore Documentation on using pg_restore]. The psql utility is used to restore from a SQL script. [https://postgrespro.ru/docs/postgresql/13/app-psql Documentation on using psql].


==== DUMP ====
==== DUMP ====
The dump contains the entire database with all its elements. Therefore, the database must not exist on the server before restoring it from the dump - delete the database before restoring from the dump. It is also important that a database user (the owner of all items) already exists - create one before you restore, if you are restoring the database on a new server where the required user does not yet exist.  
The dump contains the entire database with all its elements. Therefore, before restoring a database from a dump, it must not exist on the server - delete the database before restoring from a dump. It is also important that the database user (the owner of all items) already exists - create it before restoring if you are restoring the database on a new server where the required user does not exist yet.


Also note that the dump structure may not be compatible between different versions of PostgreSQL. It's not necessarily true, but it's quite likely.
Also note that the dump structure may not be compatible between different versions of PostgreSQL. This is not necessarily the case, but it is likely.


Use the command to recover from the dump:
To restore from the dump, use the command:
  sudo -u postgres pg_restore --clean --if-exists --create --exit-on-error --dbname=postgres /backup/userside.dump
  sudo -u postgres pg_restore --clean --if-exists --create --exit-on-error --dbname=postgres /backup/userside.dump
Note that the name of the database in the command must be '''postgres''', as the name of the database to be restored is taken from the dump.
Note that the database name in the command must be '''postgres''' because the name of the database to be restored is taken from the dump.


==== SQL-script ====
==== SQL-script ====
You can restore the database from an SQL-script by using the command:
You can restore a database from a SQL script using the command:
  gunzip < /backup/userside.sql.gz | sudo -u postgres psql -d userside
  gunzip < /backup/userside.sql.gz | sudo -u postgres psql -d userside
The database must already exist before this command is executed, but it must be empty. There must also be a user (owner) of the database objects.  
The database must already exist before executing this command, but it must be empty. The user (owner) of the database objects must also exist.


==== After database restoring ====
==== After database restoring ====
After restoring the database by any means, the ERP USERSIDE cache must be cleared, as the cache now contains data other than the data in the database. Go to /var/www/userside and run the clear cache command:
After restoring the database by any method, you must clear the ERP USERSIDE cache, as the cache now contains different data from the database. Go to the /var/www/userside directory and run the clear cache command:
  cd /var/www/userside
  cd /var/www/userside
  php run cache/flush-all
  php run cache/flush-all
Строка 578: Строка 478:
  php userside cache/flush-all
  php userside cache/flush-all


If the versions of the USERSIDE files and the database dump are different, the USERSIDE version must be adjusted to match the data after restoring the database from the backup. To do this, in the /var/www/userside directory, run the command:
If the versions of the USERSIDE files and the database dump are different, then after restoring the database from the backup, it is necessary to bring the USERSIDE version to the corresponding data. To do this, run the command in the /var/www/userside directory:
  sudo -u www-data php userside_install.phar repair
  sudo -u www-data php userside_install.phar repair


=== PostgreSQL maintenance ===
=== PostgreSQL maintenance ===
The PostgreSQL architecture is such that operations that change data in tables always create a new copy of that data and mark the old data as "dead" - this greatly speeds up these operations, but database files can grow in size over time, which can also have a significant impact on performance.
PostgreSQL's architecture is such that operations that change data in tables always create a new copy of that data, and mark the old ones as "dead" - this speeds up these operations considerably, but database files can grow in size over time, which can also significantly affect performance.


By default, Postgres has an '''automatic vacuuming''' system enabled that runs continuously in parallel with the RDBMS itself. Automatic vacuumisation removes "dead" tuples from the files so that the freed space can be reused by new data. But this vacuum mode does not "defragment" the files, leaving them at least the same size.
By default, Postgres has '''automatic vacuuming''' enabled, which runs continuously in parallel with the DBMS itself. Automatic vacuuming deletes "dead" tuples from files so that the free space can be reused by new data. But this vacuumisation mode does not perform "file defragmentation", leaving their size at least the same.


In most cases automatic vacuuming is sufficient and we recommend that you do not disable autovacuuming so that your files do not grow to enormous sizes and your database does not slow down by tens or hundreds of times.
In most cases, auto-vacuuming is sufficient and we do not recommend disabling auto-vacuuming to prevent your files from growing to huge sizes and slowing down your database tens or hundreds of times.


The '''full vacuuming''' procedure, which can be run manually, defragments the database by reducing the size of the database files. But it is executed with full table locking! The full vacuuming procedure (as well as rebuilding the indexes) should preferably be performed during the lowest load on the server when clearly needed (if the database file volume is too large, tens or hundreds of times the normal volume). The database tables will be locked during this procedure, as this procedure creates new data files and only transfers 'live' data to them. After this procedure, it is also advisable to perform an index rebuilding procedure. For more information on [https://postgrespro.ru/docs/postgresql/13/sql-vacuum vacuuming] and [https://postgrespro.ru/docs/postgresql/13/sql-reindex re-indexing], see the PostgreSQL documentation.
The ''full vacuum'' procedure, which can be run manually, performs defragmentation, reducing the size of the database files. But it is performed with full table locking! The full vacuuming procedure (as well as index rebuilding) should preferably be performed at the time of lowest server load when clearly necessary (if the database file size is too large, tens or hundreds of times the normal size). During this procedure, the database tables will be locked, as this procedure creates new data files and transfers only "live" data into them. It is also desirable to perform an index rebuild procedure after this procedure. You can find detailed information on [https://postgrespro.ru/docs/postgresql/13/sql-vacuum vacuuming] and [https://postgrespro.ru/docs/postgresql/13/sql-reindex reindexing] in the PostgreSQL documentation.


The following commands are aliases of the SQL queries of the same name. If you find it easier to run SQL queries instead of commands, refer to the documentation in the links above.  
The commands below are aliases to SQL queries of the same name. If you find it easier to execute SQL queries instead of commands, please refer to the documentation at the links above.


  sudo -u postgres vacuumdb --full --analyze userside
  sudo -u postgres vacuumdb --full --analyze userside
  sudo -u postgres reindexdb userside
  sudo -u postgres reindexdb userside


If you have started the vacuuming procedure manually before, you must have used the parameter <code>-j</code> or <code>--jobs</code> to specify the number of threads. When using full vacuuming, it is undesirable to use multi-threading to avoid interlocking of tables.
If you have run a manual vacuumisation procedure before, you have probably used the <code>-j</code> or <code>--jobs</code> parameter to specify the number of threads. When using full vacuumisation, it is undesirable to use multithreading to avoid interlocking of tables.


=== RabbitMQ monitoring ===
=== RabbitMQ monitoring ===
''Only required for version 3.16 and newer.''
''Only required for version 3.16 and newer.''


The RabbitMQ management system graphs the message queue load in a clear way. A consistently high or potentially increasing number of queued messages indicates the need for more background processes. For example, if the userside queue has a consistently high number of messages (more than 10...20), it is worth adding another instance of the us-core-worker handler. To do this, edit the supervisor file /etc/supervisor/conf.d/us-core-worker.conf to increase the value of numprocs and then restart the supervisor.
The RabbitMQ management system displays graphs with the workload of message queues in a visual form. A consistently high or potentially increasing number of messages in the queues indicates the need for more background processes. For example, if the number of messages in the queue named userside is constantly high (more than 10...20), it is worth adding one more instance of the us-core-worker handler. To do this, edit the supervisor file /etc/supervisor/conf.d/us-core-worker.conf by increasing the numprocs value and then restart the supervisor.

Текущая версия от 11:46, 18 октября 2024

en | ru

ATTENTION: These instructions are valid for ERP USERSIDE versions 3.18

Description

For the sake of simplicity, the commands for the Linux Debian 12 (bookworm) operating system will be considered. For experienced system administrators, it should not be difficult to use similar commands for another operating system. If you do not feel confident in administering operating systems, we recommend you to use Debian or Ubuntu Server LTS. Because of their simplicity and because our technical support is much more familiar with Debian-like distributions. The likelihood of being able to tell you something not related to ERP USERSIDE, but related to operating system administration, will be much higher if you have Debian or a similar distribution based on it.

On the other hand, if you are an experienced system administrator and have skills and experience with Docker, you may find it more convenient to use a ready-made environment based on Docker images, which we have prepared specially, including everything you need to run ERP USERSIDE. In this case, you will not have to configure anything, except to perform simple Docker-bundle settings https://github.com/userside/userside-docker.

Requirements

ERP USERSIDE requires various system applications and services, such as PHP interpreter with a set of extensions, WEB server, database management system and others. This section will list such requirements depending on the version of ERP USERSIDE.

Also note that your operating system must be configured with the correct time zone and locale. The correct display of information and correct sorting depends on this.

The list of required PHP extensions contains all extensions that are not part of the PHP core. Some of these extensions may come with the core PHP package or as part of the php-common package, while others must be installed additionally.

3.18

  • PHP: 8.1
  • PHP extensions: ctype, gd, json, libxml, mbstring, openssl, pdo, pdo_pgsql, posix, simplexml, snmp, sockets, zlib, pcntl
  • Additional PHP extensions: ldap, soap
  • Python: Requires Python3 of any currently supported version. The status of versions can be viewed here:"Status of Python versions". It is recommended to use a version with "security" or "bugfix" status. Versions marked as "end-of-life" are not supported. Versions marked as "feature" are not recommended.
  • Python modules: pip, venv
  • PostgreSQL: 10+ (preferably 16)
  • Redis: 5+ (preferably 7)
  • RabbitMQ: 3.8+ (preferably 3.13)
  • Supervisor

Main Agreements

The directory where ERP USERSIDE is installed is /var/www/userside. Inside this directory there should be a subdirectory userside3, which is the root directory for the WEB server. If you want to use a different directory for ERP USERSIDE, remember to make the appropriate corrections to all the examples in these instructions.

Create the directory:

sudo mkdir -p /var/www/userside/userside3
sudo chown -R www-data:www-data /var/www/userside

You will need to allocate a domain name for ERP USERSIDE. The examples below use userside.mycompany.com, but you will need to change it to your own. Write this domain name in /etc/hosts if it is different from the hostname of the installation.

Installing the required components

First, install the utilities that will be needed later in the installation process. These are required for any ERP USERSIDE. You can copy the lines one by one and paste them into the command line of your operating system.

Copy and paste the following lines in their entirety:

sudo tee /etc/apt/sources.list.d/contrib-non-free.list << EOL
deb http://deb.debian.org/debian/ $(lsb_release -sc) contrib non-free non-free-firmware
EOL

sudo apt update
sudo apt full-upgrade -y
sudo apt install -y gnupg ca-certificates lsb-release debian-archive-keyring debian-keyring libsnmp-dev snmp-mibs-downloader

PostgreSQL

Alternative official repository

We strongly recommend using the latest version of PostgreSQL, as this always has a positive impact on speed. Add the official Postgres repository to the system:

sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update

If you have a different operating system, you can find the necessary commands for it at official PostgreSQL website.

Installation

Caution! Before installing PostgreSQL, your operating system must have your local locale and correct time zone set! This can be done later, but it will be much easier if it is done before installing PostgreSQL. Run the following command to make sure the correct locale is present:

locale -a

If your local locale is not among those listed, then install it. To do this, simply edit the /etc/locale.gen file by removing the comments before the line(s) with the desired locale, and then run the command:

sudo locale-gen

If you need to change the default locale, then execute:

sudo dpkg-reconfigure locales

To change the time zone, execute:

sudo timedatectl set-timezone Europe/Kyiv

Now you can move on to the PostgreSQL installation:

sudo apt install -y postgresql-16 postgresql-16-postgis-3

Setting

Create a user and database for ERP USERSIDE. The example below creates a user named userside and a database with the same name. If your locale is not uk_UA, remember to change the command. The PostGis extension needed to work with geographic data is then connected to the database. After doing the first line, you will need to enter the password for the new user twice - make a note of this password, you will need it later to set up the ERP USERSIDE

sudo -u postgres createuser userside -P
sudo -u postgres createdb -e -E "UTF-8" -l "uk_UA.UTF-8" -O userside -T template0 userside
sudo -u postgres psql -d userside -c "CREATE EXTENSION postgis"

If your PostgreSQL is installed on another server, you will need to make corrections to the files postgresql.conf and pg_hba.conf located in the /etc/postgresql/16/main/ directory. In the postgresql.conf file, you must uncomment and change the value of the listen_addresses parameter, specifying there all IP addresses of the server interfaces on which it can accept connections to PostgreSQL. In the file pg_hba.conf you need to add a line at the very end, similar to the previous ones, specifying from which address the ERP USERSIDE user can connect. But if your PostgreSQL is located on the same server as USERSIDE - there is no need to make any adjustments to these files.

Redis

The Debian 12 standard repository includes Redis version 7.0.15. This version is suitable for running ERP USERSIDE.

Installation

sudo apt install -y redis-server

Setting

By default Redis accepts connections without a password, but we strongly recommend setting a password. Since the password is transmitted in the clear (Redis does not provide encryption because it focuses on speed of request processing and extra steps like encryption are not applied), you need to create a really long and complex password, for example, using the openssl utility as follows:

openssl rand --hex 32

The output will be a random set of 32 bytes in 16-character form, which you will use as a password. Next, you will need to substitute this generated string in place of the word MYPASSWORDHERE. Write it down. Then in the settings you will specify this string as the Redis password.

Specify the generated passphrase hash in the Redis configuration file:

sudo sed -i 's@^.*requirepass .*@requirepass MYPASSWORDHERE@g' /etc/redis/redis.conf

where instead of MYPASSWORDHERE specify the hash of the passphrase received earlier.

It is also necessary to disable timeout (on some versions of Redis it is enabled):

sudo sed -i 's@^timeout .*@timeout 0@' /etc/redis/redis.conf

Restart Redis and make sure it works (should get PONG in response):

sudo systemctl restart redis
redis-cli -h 127.0.0.1 -p 6379 -a MYPASSWORDHERE ping

RabbitMQ

The Debian 12 standard repository includes an older version of RabbitMQ 3.10. You can use it - it is supported. However, this version is relatively old and your best bet is to install a newer version from alternative repositories. The official RabbitMQ website has quite detailed information on installing RabbitMQ for each operating system.

Adding alternative repositories

Copy and paste the following block in its entirety into the command line

curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg > /dev/null
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-server-archive-keyring.gpg > /dev/null

sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
deb [signed-by=/usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian $(lsb_release -cs) main
deb-src [signed-by=/usr/share/keyrings/rabbitmq-erlang-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/debian $(lsb_release -cs) main
deb [signed-by=/usr/share/keyrings/rabbitmq-server-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian $(lsb_release -cs) main
deb-src [signed-by=/usr/share/keyrings/rabbitmq-server-archive-keyring.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/debian $(lsb_release -cs) main
EOF

sudo apt update

Installation

sudo apt install -y erlang-base \
                    erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                    erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                    erlang-runtime-tools erlang-snmp erlang-ssl \
                    erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

sudo apt install rabbitmq-server -y --fix-missing

Installing the necessary add-ons

Do the next two rows one at a time!

sudo rabbitmq-plugins enable rabbitmq_management --offline
sudo rabbitmq-plugins enable rabbitmq_web_stomp --offline

Setting

Copy and paste the following block in its entirety:

sudo tee /etc/rabbitmq/rabbitmq.conf << EOF
listeners.tcp.default = 5672

web_stomp.port = 15674
web_stomp.cowboy_opts.max_keepalive = 60
EOF

Now we need to create users. We recommend to use three different users: for server administration (full rights), for userside and modules (full rights but no administrative rights) and web-stomp user for websocket (minimal rights to read certain broker objects). But you can only create two: an admin, which will also be used for userside, and a user for websocket. These must necessarily be at least two different users, since the password for the websocket user is passed to the browser and can be easily read by the user. The following will show an example for the recommended three users.

Create a user for administration RabbitMQ. This example uses the username admin and password password. The user is assigned the administrator tag immediately after creation, giving the user maximum administrator rights, and then set permissions on the vhost / allowing full access to configure, write and read everything within that vhost*.

sudo rabbitmqctl add_user "admin" "password"
sudo rabbitmqctl set_user_tags "admin" "administrator"
sudo rabbitmqctl set_permissions -p "/" "admin" ".*" ".*" ".*"

Create a user on behalf of which ERP USERSIDE and modules will run. Example for the user name userside (there is no need to give admin rights to this user):

sudo rabbitmqctl add_user "userside" "password2"
sudo rabbitmqctl set_user_tags "userside" "monitoring"
sudo rabbitmqctl set_permissions -p "/" "userside" ".*" ".*" ".*"

Create a WebSTOMP user. You will need it to use notifications via WebSocket. Instead of websock-user you can specify a different user name. Instead of websock-password, specify your password, but this password will be passed in the clear to the browser, so don't make it look like other passwords:

sudo rabbitmqctl add_user "websock-user" "websock-password"
sudo rabbitmqctl set_permissions -p "/" "websock-user" "^userside-stomp:id-.*" "" "^userside-stomp:id-.*"

Caution!: You will need to specify the WebSTOMP username and password in the settings in the USERSIDE interface (Menu: Settings - Main - Websocket).

* vhost is a virtual host inside RabbitMQ that allows you to differentiate between different applications using the same server. Like, for example, different databases on the same RDBMS server. The default vhost is named / and almost always this is enough for you. But if you plan, for example, to run multiple copies of ERP USERSIDE on the same server, then for each copy you will need to create a different vhost and, accordingly, users for it. See official guide for details.

Restart the rabbitmq service:

sudo systemctl restart rabbitmq-server

Management

One of the commands above installs a management module in RabbitMQ that provides a convenient WEB interface to monitor, diagnose, and manage the RabbitMQ server. With the help of this module you can monitor the server, monitor the number of messages in the queues and other states. All this can be done using the console utility rabbitmqctl, but using the WEB-interface can be much more clear and convenient.

By default, the WEB-interface of the control is available at http://userside.mycompany.com:15672

You can read more about the management module on the official RabbitMQ website.

PHP

Alternative repository

sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt update

Installation

Execute the following commands:

sudo apt install -y php8.1-{fpm,cli,common,curl,intl,mbstring,opcache,pgsql,readline,xml,zip,snmp,gd}

If you plan to use LDAP, you need to install the php-ldap extension:

sudo apt install -y php8.1-ldap

If you plan to use TurboSMS to send SMS, you will also need the php-soap extension:

sudo apt install -y php8.1-soap

Setting

sudo sed -i "s@^;date.timezone.*@date.timezone = $(cat /etc/timezone)@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@^;date.timezone.*@date.timezone = $(cat /etc/timezone)@" /etc/php/8.1/cli/php.ini
sudo sed -i "s@;cgi.fix_pathinfo=1@cgi.fix_pathinfo=0@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@post_max_size = 8M@post_max_size = 100M@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@upload_max_filesize = 2M@upload_max_filesize = 100M@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@max_execution_time.*@max_execution_time = 300@" /etc/php/8.1/fpm/php.ini
sudo sed -i "s@^;request_terminate_timeout =.*@request_terminate_timeout = 300@" /etc/php/8.1/fpm/pool.d/www.conf

sudo systemctl restart php8.1-fpm

NGINX

Alternative official repository

The version of NGINX supplied in the Debian repository is fully usable and there is no need to add an alternative repository. However, if you want to always have the latest version, then run the following lines to add the official nginx repository to your operating system:

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
sudo apt update

If you have a different operating system, you can find the necessary commands for it on the official NGINX website: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/.

Installation

sudo apt install -y nginx

Setting

sudo sed -i "s@^user.*;@user www-data www-data;@" "/etc/nginx/nginx.conf"
sudo systemctl restart nginx

The following configuration example assumes that ERP USERSIDE will be installed in the default system directory /var/www/userside. If you wish to install ERP USERSIDE in a different directory, please remember to fix it in all subsequent examples. In order not to make a mistake, we recommend to use exactly the /var/www/userside directory.

This directory will contain the web-root, i.e. files accessible via the http protocol.

Now edit the /etc/nginx/conf.d/default.conf file. Or delete it and create a new file with an arbitrary name, for example /etc/nginx/conf.d/userside.conf. In either case, regardless of your choice, the contents of the file should be as follows (instead of userside.mycompany.com, specify your domain name):

server {
    listen       80 default_server;
    server_name  userside.mycompany.com;
    charset      utf-8;
    client_max_body_size 100M;

    access_log  /var/log/nginx/userside-access.log;
    error_log   /var/log/nginx/userside-error.log;

    root   /var/www/userside/userside3;
    index  index.php;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    location / {
        try_files $uri $uri/ =404;
    }

    location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log    off;
        log_not_found off;
        expires       max;
        add_header    Pragma public;
        add_header    Cache-Control "public";
    }

    location ~ \.php$ {
        try_files     $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass  unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 300;
        include       fastcgi_params;
    }

    location /ws {
        proxy_pass http://127.0.0.1:15674/ws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    location ~ /\.ht { deny  all; }
}

You may also want to configure SSL and other things. This topic is beyond the scope of this manual.

If you installed RabbitMQ on another server, or changed the value of the WebSTOMP port from 15674 to some other, then specify the IP address of the server with RabbitMQ and the port number in the proxy_pass http://127.0.0.1:15674/ws; line. The protocol must remain http. The path should remain /ws.

Check the configuration and if it is ok reload nginx:

sudo nginx -t && sudo systemctl restart nginx

Python

Requires Python3 of any currently supported version. The status of versions can be viewed here:"Status of Python versions". It is recommended to use a version with "security" or "bugfix" status. Versions marked as "end-of-life" are not supported. Versions marked as "feature" are not recommended.

If you have an unsupported version ("end-of-life") installed on your host, you should be sure to install additionally a more recent version of Python.

Installing the necessary packages

sudo apt install -y python3-dev python3-pip python3-venv libffi-dev pkg-config

Supervisor

sudo apt install -y supervisor

Downloading and running the installer

See also: Installer Help

1. navigate to the system directory

cd /var/www/userside

2. download the installer script

sudo -u www-data php -r "copy('https://my.userside.eu/install', 'userside_install.phar');" 

3. run the installer

sudo -u www-data php userside_install.phar install

During the process, the installer verifies compliance with technical requirements, requests access parameters, and checks connections to server services.

You can enter any ERP USERSIDE version number available to you for installation. To do this, you can enter the version number from the list (it contains only the latest version of each branch) or enter the entire version number if it is not on the list.

When the installer finishes, a message will be displayed indicating that the installation was successful.

If you did not install as a web server user, be sure to make that user the owner of all userside files recursively after the installation is complete!

sudo chown -R www-data:www-data /var/www/userside
sudo chmod -R u=rwX,g=rwX,o=r /var/www/userside

Set up after installation

Configuration of system services

After installation, copy the sample configuration files of the system services and adjust them if necessary (for example, specify the path to the userside directory if it is different from /var/www/userside). Run the commands:

sudo cp etc/us-core-worker.conf-example /etc/supervisor/conf.d/us-core-worker.conf
sudo cp microservice/poller/etc/usm_poller.conf-example /etc/supervisor/conf.d/usm_poller.conf
sudo cp etc/logrotate-example /etc/logrotate.d/userside
sudo cp microservice/poller/etc/logrotate-example /etc/logrotate.d/usm_poller
sudo cp etc/crontab-example /etc/cron.d/userside

Install the necessary dependencies for usm_poller

cd microservice/poller
sudo -H python3 -m venv venv
sudo -H ./venv/bin/pip install -U pip
sudo -H ./venv/bin/pip install -U -r requirements.txt

Launching the supervisor

The supervisor monitors the health of the services specified in its configuration. To start the supervisor, execute:

sudo systemctl restart supervisor

After starting the supervisor, after a few seconds you can observe the state of all the services it monitors. All services must be in the RUNNING state:

sudo supervisorctl status

Immediately after installation

This completes the installation of ERP USERSIDE. Now perform the following steps:

  • Open the system page http://userside.mydomain.com/ and log in (default username: Admin, password: 1234).
  • Perform Websocket configuration under: Settings - Main - WebSocket. Enable and enter the username and password of the WebStomp user you created earlier in the RabbitMQ section.
  • Perform the basic settings under: Settings - Main.
  • Configure the interaction with billing according to the instructions.
  • Read the instructions on the page: Where to start?.
  • It is advisable to restrict access to the API file. "/var/www/userside/userside3/api.php" from certain IP addresses.

System upgrade

Technically, any end-to-end upgrade from ERP USERSIDE 3.11 to the latest version is possible. However, there are situations when such an upgrade causes problems with data migrations. This is most likely to occur on older systems where data has been accumulated for many years (starting with the upgrade to ERP USERSIDE version 3). This is why we recommend a phased system upgrade. If you have 3.11, first upgrade to the latest 3.12, then 3.13, etc. Note that each version has different system requirements (see above), but most are not limited to the version above. That is, if you have 3.11 and want to upgrade to 3.16, you can install the latest version of PostgreSQL, Redis, RabbitMQ, etc. right away, despite the fact that you will be doing a phased upgrade. The only thing you will have to consider is PHP versions. Different versions of ERP USERSIDE support a different range of PHP versions. Unfortunately, it is impossible to avoid this, because, for example, we did not test ERP USERSIDE 3.14 on version PHP 7.4 because at that time it simply did not exist, so we simply can not guarantee the work on this version. But the range of supported PHP versions is quite wide, so that you do not have to install a new version of PHP for each version of ERP USERSIDE. For example, to upgrade from 3.11 to 3.16 you only need a few steps:

  • upgrade PHP to version 7.1 and with this version you can upgrade to 3.15. Also install all necessary dependencies for 3.16 at once
  • after upgrading to 3.15, upgrade PHP to 7.4 and upgrade to 3.16.

We recommend making a copy of the system to safely perform the upgrade. Refer to HOWTO: USERSIDE cloning. You can always delete the copy and start over. This is easy and safe. But if you wish to upgrade a running system, perform it at times of least stress, with time to spare for disaster recovery if something goes wrong. Always be sure to back up your database and files before upgrading. If an update is interrupted, especially during the data migration phase, there is a risk that it will be very difficult or even impossible to restore the data correctly. In general, the responsibility for having an up-to-date backup lies entirely with you.

You may need to upgrade PostgreSQL before upgrading. Please refer to our PostgreSQL upgrade instructions for this procedure before you start the ERP USERSIDE upgrade process.

Upgrade process

We strongly recommend performing test updates on a copy of the system.

To perform an upgrade, run the installer in install mode and follow the instructions:

cd /var/www/userside
sudo -u www-data php userside_install.phar install

After updating the USERSIDE, you should be sure to update the usm_poller dependencies:

sudo -H microservice/poller/venv/bin/pip install -U -r microservice/poller/requirements.txt

Now you need to restart all the services that are supervised by the supervisor and make sure that all of them start and are in the RUNNING state:

sudo supervisorctl restart all
sudo supervisorctl status

System maintenance

To keep the system up and running and to ensure reliable operation in the future, it is recommended that you follow a few simple steps:

  • periodically back up the database
  • periodically create a backup copy of uploaded files (this can be done simply by archiving the /var/www/userside/var/attachments directory and the .env file)
  • periodically monitor server performance (using htop, atop) and the RabbitMQ broker and make decisions about scaling fpm pools, kernel background processes and microservices

Backup

Set up periodic backups of the database and user files. Preferably at least once a day when the server is least loaded. In PostgreSQL, there are two ways to back up the database: dump and sql-script. Each of them has its own advantages and disadvantages. The first one creates a secure dump of the entire database, and the second one creates a SQL-script, which can be executed to restore both the structure and data. It is recommended that you refer to documentation on how to use the pg_dump command to choose the method or set of parameters that is best for you.

Below are two commands for creating a database backup - choose one of them and add it to your crontab:

# DUMP
sudo -u postgres pg_dump --no-acl -Fc userside > /backup/userside.dump

# SQL-script
sudo -u postgres pg_dump --no-acl -Fp -Z 5 userside > /backup/userside.sql.gz

To create a minimal backup of files you can use the following command (for version 3.15 and later):

sudo tar -czf /backup/userside.tgz .env common/config/settings.json var/attachments

These files together with the database will be enough to restore USERSIDE. But you can back up the entire /var/www/userside directory for more reliability.

Restore from backup

The pg_restore command is used to restore from a dump. Documentation on using pg_restore. The psql utility is used to restore from a SQL script. Documentation on using psql.

DUMP

The dump contains the entire database with all its elements. Therefore, before restoring a database from a dump, it must not exist on the server - delete the database before restoring from a dump. It is also important that the database user (the owner of all items) already exists - create it before restoring if you are restoring the database on a new server where the required user does not exist yet.

Also note that the dump structure may not be compatible between different versions of PostgreSQL. This is not necessarily the case, but it is likely.

To restore from the dump, use the command:

sudo -u postgres pg_restore --clean --if-exists --create --exit-on-error --dbname=postgres /backup/userside.dump

Note that the database name in the command must be postgres because the name of the database to be restored is taken from the dump.

SQL-script

You can restore a database from a SQL script using the command:

gunzip < /backup/userside.sql.gz | sudo -u postgres psql -d userside

The database must already exist before executing this command, but it must be empty. The user (owner) of the database objects must also exist.

After database restoring

After restoring the database by any method, you must clear the ERP USERSIDE cache, as the cache now contains different data from the database. Go to the /var/www/userside directory and run the clear cache command:

cd /var/www/userside
php run cache/flush-all

For version 3.17 and below, instead of the last command:

php userside cache/flush-all

If the versions of the USERSIDE files and the database dump are different, then after restoring the database from the backup, it is necessary to bring the USERSIDE version to the corresponding data. To do this, run the command in the /var/www/userside directory:

sudo -u www-data php userside_install.phar repair

PostgreSQL maintenance

PostgreSQL's architecture is such that operations that change data in tables always create a new copy of that data, and mark the old ones as "dead" - this speeds up these operations considerably, but database files can grow in size over time, which can also significantly affect performance.

By default, Postgres has automatic vacuuming enabled, which runs continuously in parallel with the DBMS itself. Automatic vacuuming deletes "dead" tuples from files so that the free space can be reused by new data. But this vacuumisation mode does not perform "file defragmentation", leaving their size at least the same.

In most cases, auto-vacuuming is sufficient and we do not recommend disabling auto-vacuuming to prevent your files from growing to huge sizes and slowing down your database tens or hundreds of times.

The full vacuum procedure, which can be run manually, performs defragmentation, reducing the size of the database files. But it is performed with full table locking! The full vacuuming procedure (as well as index rebuilding) should preferably be performed at the time of lowest server load when clearly necessary (if the database file size is too large, tens or hundreds of times the normal size). During this procedure, the database tables will be locked, as this procedure creates new data files and transfers only "live" data into them. It is also desirable to perform an index rebuild procedure after this procedure. You can find detailed information on vacuuming and reindexing in the PostgreSQL documentation.

The commands below are aliases to SQL queries of the same name. If you find it easier to execute SQL queries instead of commands, please refer to the documentation at the links above.

sudo -u postgres vacuumdb --full --analyze userside
sudo -u postgres reindexdb userside

If you have run a manual vacuumisation procedure before, you have probably used the -j or --jobs parameter to specify the number of threads. When using full vacuumisation, it is undesirable to use multithreading to avoid interlocking of tables.

RabbitMQ monitoring

Only required for version 3.16 and newer.

The RabbitMQ management system displays graphs with the workload of message queues in a visual form. A consistently high or potentially increasing number of messages in the queues indicates the need for more background processes. For example, if the number of messages in the queue named userside is constantly high (more than 10...20), it is worth adding one more instance of the us-core-worker handler. To do this, edit the supervisor file /etc/supervisor/conf.d/us-core-worker.conf by increasing the numprocs value and then restart the supervisor.