Ultimate Server Jaunty with OpenVistA EHR

来自Ubuntu中文
跳到导航跳到搜索

Introduction

This walkthrough is for (K)Ubuntu Jaunty 9.04 32-bit because the BigBlueButton teleconferencing server requires Jaunty 9.04 32-bit. (Except for that component, all other installation instructions have been tested on Karmic 9.10 and work under that version, as well.)

The software updater may prompt you to upgrade the distribution (to Karmic 9.10). This is not recommended because BigBlueButton may then stop functioning properly.

All variables that can be (and usually ought to be) changed are noted in italics. Do not attempt to use any italicized variable; all of them are fictitious and will not work (especially for web services)!

Furthermore, this website is viewed by over 20,000 users per month. Don't attempt to use any of the example passwords used here (that would be highly insecure).

Install the base OS (Ubuntu Server 9.04 Jaunty 32-bit)

  • Install Ubuntu Jaunty Server 32-bit into its own partition. If you followed the Multiple OS Installation scheme, then the Windows OS will be in partition 1 (and possibly 2, if you have a recovery partition), the /boot partition will be in partition 3, and partition 4 will be an extended partition. The extended partition ought to have been divided into a 2 Gb swap logical partition and 2 equally sized logical partitions for Linux (one for a production partition and one as a test/upgrade partition).
  • For installation it is best if the computer is connected to the Internet by a wired ethernet connection.
  • Hostname: Jaunty32Server00
  • Partitioning: Manual
  • Choose the partition created for the new Jaunty operating system (e.g. /dev/sda6). Use as: Ext3 journaling file system -> Format the partition: yes, format it -> Mount point: / - the root file system -> Done setting up the partition -> Finish partitioning and write changes to disk -> Write changes to disk?: Yes
  • During the Ubuntu Server installation, install the LAMP server and OpenSSH servers and the PostgreSQL database. Record the system administrator ID/password and the MySQL root (superuser) password. Note the partition name and number (e.g. /dev/sda6).
  • Full name for the new user: Jauntyadmin00 -> Username for your account: jauntyadmin00 -> Choose a password for the new user: jauntyword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Encrypt your home directory: No (this is optional, but on this system the primary user's home directory is not used much so there is little need to encrypt it.)
  • HTTP proxy information -- this is used if your organization has a firewall or other gateway to the outside Internet. A network administrator will have the information for this. Most small businesses will not have such a gateway and it can be left blank, in this case.
  • How do you want to install updates...? Install security updates automatically
  • Choose software to install:
  • LAMP server (ticked) -> OpenSSH server (ticked) -> PostgreSQL database
  • New password for the MySQL "root" user: jauntysql00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Install the GRUB boot loader to the master boot record? No -> Device for boot loader installation: /dev/sda6
Note: this assumes a /boot partition and multiple partitions. Under the general scheme above, the first free partition will usually be /dev/sda6, but if you already have other OSs or other peculiarities, take extra care during this step.
  • This is the trickiest step of the installation. It is important to set up the Master Boot Loader to recognize the new partition. Re-read the Multiple OS Installation tutorial very carefully and completely. In short, the bootloader needs to be copied to the /boot partition (usually /dev/sda3) and customized there so that it chainloads the bootloader installed locally in your new OS partition (e.g. /dev/sda6). Once this is set up correctly, reboot and the menu will allow booting into the new OS.
  • Login for the first time.
Jaunty32Server00: jauntyadmin00
Password: jauntyword00
  • Shorten the boot time:
sudo nano /boot/grub/menu.lst
Change the timeout value:
timeout 1
(Note: Save the changes with CTRL-O then CTRL-X.)
  • Update the system.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential dkms linux-headers-$(uname -r)
sudo reboot

Note: The third line must especially be done after any kernel upgrades (which may be done automatically if you have installed with automatic updates). If graphics aren't working for any reason, try updating again using these commands.

  • Install the password generator for use with the remainder of the installation.
sudo apt-get install pwgen

Add an Ubuntu desktop

  • Install an Ubuntu desktop.
sudo apt-get install ubuntu-desktop

Note: The end user can install the restricted extras:

sudo apt-get install ubuntu-restricted-extras
  • Reboot the system:
sudo reboot
  • Once the Ubuntu desktop has been installed, all commands can then be entered into the command-line Terminal:
Menu -> System -> Terminal
  • Note: Ubuntu Jaunty includes an (automatic) kernel upgrade that at some point will disable the Nvidia graphics drivers (if you have Nvidia graphics on your computer). When this happens, the desktop will be unable to start at bootup and only the command-line will be presented. To correct this problem, merely install the linux-headers again:
sudo apt-get install linux-headers-$(uname -r)
sudo reboot
then the Nvidia graphics drivers should install correctly and the desktop will start normally.

Set networking parameters

sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Enable BIOS power-up

Power failures happen. It is possible to change the BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS (as set in the bootloader configuration). This is a critical function for servers. At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:

[F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot

Install Firefox

  • Install Firefox:
sudo apt-get install firefox-3.5-branding mozilla-firefox-adblock mozilla-noscript
  • Add a menu item/shortcut to this guide (to enable copying and pasting of the remaining commands directly from the guide) and to the customization guide:
  • Ubuntuguide (Ultimate Server Walkthrough) -- firefox http://ubuntuguide.org/wiki/Ultimate_Server_Jaunty
  • Ultimate Server Customization (Ubuntuguide) -- firefox http://ubuntuguide.org/wiki/Ubuntu_Server_Jaunty_Customization_OV

Obtain an Internet URL

If a static Internet URL is not available, obtain a dynamic DNS URL. (This must be changed for each OS installation, as it is specific to that installation).

  • Create an email account for administrative use with this server, such as at mail.com, mail.google.com, or mail.yahoo.com. ([email protected] / myjauntyword000 / 1/1/01 / securityquestionanswer)
  • Create a DynDNS account for use with this server, at DynDNS.org. (myjauntydnsid / myjauntydnsword / [email protected])

In this walkthrough, several URLs are used. It is possible to create all of them at once at this stage:

  • myjaunty00.dyndns.org
  • myjauntybbb00.dyndns.org
  • myjauntymoodle00.dyndns.org
  • myjauntywiki00.dyndns.org
  • myjauntyweb00.dyndns.org
  • DynDNS allows 5 free URLs. After installation has been completed, I generally remove myjauntyweb00.dyndns.org and create myjauntycalendar00.dyndns.org (for use with DAViCal) instead.

Adjust SSH for remote connections

  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = jauntyadmin00, so the folder /home/jauntyadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. jauntyadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199
vinagre vnc://127.0.0.1

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install the BigBlueButton teleconferencing system

DYNDns.com account -> Add Host Services -> ...
  • Change the Apache listening port during BigBlueButton installation.
sudo nano /etc/apache2/ports.conf
Change the port value:
Listen 82
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Obtain and install the BigBlueButton teleconferencing server:
wget http://archive.bigbluebutton.org/bigbluebutton.asc 
sudo apt-key add bigbluebutton.asc 
echo "deb http://archive.bigbluebutton.org/ bigbluebutton main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
sudo apt-get update 
sudo apt-get install bigbluebutton
During installation, enter the MySQL "root" user password when prompted: jauntysql00
sudo apt-get install bbb-apps-deskshare
  • On the router, forward ports 81, 1935, 9123 to the LAN IP address of the BBB server (e.g. 192.168.0.99).
  • Edit the Nginx webserver configuration file used for BigBlueButton:
sudo nano /etc/nginx/sites-available/bigbluebutton
and change the listening port:
listen 81; 
Repeat for the default Nginx configuration file:
 sudo nano /etc/nginx/sites-available/default
and change the listening port:
listen 81; 
then restart Nginx:
sudo /etc/init.d/nginx restart
  • Configure the other BBB server components to run on port 81. Use the URL (myjauntybbb00.dyndns.org) that was setup at DYNDns.org:
sudo bbb-conf --setip myjauntybbb00.dyndns.org:81
sudo bbb-conf --clean
  • Change the Apache port back to 80:
sudo nano /etc/apache2/ports.conf
Change the port value:
Listen 80
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Add a menu item/shortcut to the BBB server:
  • MyJaunty BigBlueButton (Teleconferencing) -- firefox http://myjauntybbb00.dyndns.org:81

Install the Firewall

sudo apt-get install firestarter
  • Start Firestarter:
Menu -> Internet -> Firestarter
and allow the incoming (inbound) and outgoing (outbound) ports:
80, 443, 81, 9123, 1935, 22199

Each port must be separately added as a rule for inbound and outbound traffic. For example, to enable port 80:

Firestarter -> Policy -> Editing: Inbound traffic policy -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Anyone -> Add -> Apply Policy

and

Firestarter -> Policy -> Editing: Outbound traffic policy -> Restrictive by default, whitelist traffic -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Firewall host -> Add -> Apply Policy

Install Moodle

sudo apt-get install moodle
  • Choose the mysql-server, since it is already installed.
  • Should access to this server be restricted to localhost? No
  • Is your FQDN correct? Yes (don't worry whether it is or isn't -- this can be adjusted later)
  • Should https be required to access this Moodle server? No
  • Should a default database be created for Moodle on localhost? Yes
  • root's MySQL password: jauntysql00
  • Moodle database password: myjauntymoodleword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Create a separate URL for the Moodle server (i.e. Add a Host) at DynDNS.com: myjauntymoodle00.dyndns.org
  • Create and edit an Apache2 virtual host configuration file for the Moodle Server:
cd /etc/apache2/sites-available
sudo cp default moodlevirtualhost
sudo gedit /etc/apache2/sites-available/moodlevirtualhost
so that the contents resemble:
<VirtualHost *:80>
ServerAdmin [email protected]
#
DocumentRoot /usr/share/moodle/
ServerName myjauntymoodle00.dyndns.org
ServerAlias www.myjauntymoodle00.dyndns.org myjauntymoodle00.dyndns.org
#RewriteEngine On
#RewriteOptions inherit
</VirtualHost>
  • Activate the virtual host configuration:
sudo ln -s /etc/apache2/sites-available/moodlevirtualhost /etc/apache2/sites-enabled
sudo /etc/init.d/apache2 restart
  • Edit the Moodle configuration file:
sudo nano /etc/moodle/config.php
so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://myjauntymoodle00.dyndns.org/moodle';
  • Finish installation by logging in to the Moodle server:
http://myjauntymoodle00.dyndns.org/admin -> Unattended installation? (ticked)
  • Admin user: myjaunty00admin
  • Admin password: myjaunty00word
  • Admin e-mail: [email protected]
  • City: MyTown
  • Site name: My Jaunty Moodle 00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Add the BigBlueButton API:
sudo wget http://www.dualcode.com/bigbluebutton/bigbluebutton.zip
sudo unzip bigbluebutton.zip
sudo mkdir /usr/share/moodle/mod/bigbluebutton
sudo cp -r bigbluebutton/mod/bigbluebutton/* /usr/share/moodle/mod/bigbluebutton/
sudo cp -r bigbluebutton/lang/* /usr/share/moodle/lang/
sudo rm bigbluebutton.zip
sudo rm -r bigbluebutton/*
sudo rmdir bigbluebutton
  • Login to the Moodle site (as an administrator) and load the module:
Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)
-> Activities -> Manage Activities -> BigBlueButton -> Settings
-> Input the IP address/URL of your BigBlueButton server (myjauntybbb00.dyndns.org:81). Do not enter the leading http:// .
-> Input the Security Salt from your BigBlueButton server. This is in a file called “bigbluebutton.properties” on the BigBlueButton server. On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties

The security salt string can be found:

beans.dynamicConferenceService.securitySalt=your_number_here

Input that long string of numbers and letters to the field in Moodle.

-> Put a star in the Meeting IDs field. That will allow an unlimited number of rooms to be created. You can also put any number here to restrict how many rooms on your BigBlueButton server you want running at any one time. (This can eventually become important for performance reasons.)
  • In the (Course) Weekly Outline:

-> Add an activity... -> BigBlueButton ->

and set the desired passwords for the meeting, etc.

  • Add a menu item / shortcut to the Moodle server:
  • My Jaunty Moodle (Teaching site) -- firefox http://myjauntymoodle00.dyndns.org

Install MediaWiki

Two separate wikis are created. One will be for private internal usage and one for a public audience.

  • Create an additional URLs (Add Host) at DynDNS.com: myjauntywiki00.dyndns.org.
  • Install MediaWiki:
sudo apt-get install mediawiki
sudo a2enmod rewrite
  • Create a folder for each subsite (in this example named private and public.
sudo mkdir /etc/mediawiki/private
sudo mkdir /etc/mediawiki/public
  • Create an upload folder for images in each subwiki folder:
sudo mkdir /etc/mediawiki/private/images
sudo mkdir /etc/mediawiki/public/images
  • Copy a 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/subwiki/images folder for each subwiki, naming it WikiLogo.png there. For example:
sudo cp ~/Pictures/mybestpic135.png /etc/mediawiki/public/images/WikiLogo.png
sudo cp ~/Pictures/mysecondbestpic135.png /etc/mediawiki/private/images/WikiLogo.png
  • The images folders should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.
sudo chown root:www-data /etc/mediawiki/private/images
sudo chown root:www-data /etc/mediawiki/public/images
sudo chmod 774 /etc/mediawiki/private/images
sudo chmod 774 /etc/mediawiki/public/images
  • Edit the config file so it recognizes MediaWiki:
sudo nano /etc/mediawiki/apache.conf

Uncomment (remove the #) the line:

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2:
sudo /etc/init.d/apache2 restart
  • Run/install MediaWiki from the web browser by logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Jaunty Wiki (Private)
  • Contact e-mail: [email protected]
  • Admin username: myjaunty00admin -> Password: myjaunty00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: myjaunty00wikipriv -> DB username: myjaunty00priv -> DB password: myjaunty00privword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: jauntysql00 -> Database table prefix: myjaunty00prv_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/private
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_myjaunty00private_install.php
  • Repeat the MediaWiki installation from the web browser by again logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Jaunty Wiki (Public)
  • Contact e-mail: [email protected]
  • Admin username: myjaunty00admin -> Password: myjaunty00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: myjaunty00wikipub -> DB username: myjaunty00pub -> DB password: myjaunty00pubword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: jauntysql00 -> Database table prefix: myjaunty00pub_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/public
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_myjaunty00public_install.php
  • The LocalSettings.php configuration file for each wiki must be edited. See this tutorial. There are many security settings that must be changed before going live, or the site will certainly be hacked.
Edit your configuration variables:
sudo gedit /etc/mediawiki/private/LocalSettings.php
sudo gedit /etc/mediawiki/public/LocalSettings.php
Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting private or public where appropriate:
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );
#
#$wgScriptPath             = "/mediawiki";
$wgScriptPath              = "/private";
$wgLogo                    = "$wgScriptPath/images/WikiLogo.png";
#
$wgUploadDirectory         = $_SERVER['DOCUMENT_ROOT'].'/private/images';
$wgUploadPath              = "$wgScriptPath/images";
#
#Database administrative user/password
$wgDBadminuser             = $wgDBuser;
$wgDBadminpassword         = $wgDBpassword;
#
#These are set for initial maximum security. They can be changed later.
#
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount']       = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount']    = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount']   = true;
#
#Anonymous user permissions
$wgGroupPermissions['*']['edit']                = false;
$wgGroupPermissions['*']['createpage']          = false;
$wgGroupPermissions['*']['createtalk']          = false;
#
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads                               = false;
$wgEnableUploads                                = true;
#Only allow restricted uploads
$wgCheckFileExtensions                          = true;
$wgStrictFileExtensions                         = true;
$wgFileExtensions          = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload']              = false;
$wgGroupPermissions['*']['reupload']            = false;
$wgGroupPermissions['*']['reupload-shared']     = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = false;
$wgGroupPermissions['user']['reupload-shared']  = false;
#Sysops
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
#
#For ReCaptcha -- this requires installing the Recaptcha extension
#
#require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
#$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
#$recaptcha_private_key = ' ababababababababa ';
#
#The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private subwiki:
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only:
$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting
# '*' to false doesn't disable rights for groups that have the right separately set
# to true!
$wgGroupPermissions['user']['read'] = true;
  • Make symbolic links from the Apache2 folder to the subwiki folders:
sudo mkdir /var/www/Wikis
sudo ln -s /etc/mediawiki/private /var/www/Wikis/private
sudo ln -s /etc/mediawiki/public /var/www/Wikis/public
  • Link the files from your installation directory to each subwiki folder:
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/private/.
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/public/.
  • Create and edit an Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost):
sudo gedit /etc/apache2/sites-available/wikivirtualhost
so that the lines are similar to:
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/Wikis
DirectoryIndex index.php index.html
#
ServerName myjauntywiki00.dyndns.org
ServerAlias *.myjauntywiki00.dyndns.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]
#
<Directory /var/www/Wikis>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Pay attention to the rewrite rule:
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]

This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://myjauntywiki00.dyndns.org/REQUEST_URI) does not match private or public (the symbol ! means not), then use public as the default directory.

  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/wikivirtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • The two sites will be available:
http://myjauntywiki00.dyndns.org or http://myjauntywiki00.dyndns.org/public
and
http://myjauntywiki00.dyndns.org/private
  • Add menu items / shortcuts to the Wiki(s):
  • My Jaunty Wiki (Public) (MediaWiki) -- firefox http://myjauntywiki00.dyndns.org

and

  • My Jaunty Wiki (Private) (MediaWiki) -- firefox http://myjauntywiki00.dyndns.org/private

Import Ubuntuguide into your local wiki

  • Read this tutorial on importing Ubuntuguide into the local wiki.
  • Examine the list of wiki pages available at Ubuntuguide:
Ubuntuguide.org -> Toolbox: Special Pages -> Lists of pages: All pages

Many of these pages will not be necessary for your private copy. Copy only the names of the wiki pages files you wish to export. The recommended list is below.

  • Export the desired pages from Ubuntuguide as an XML export:
Ubuntuguide.org wiki -> Toolbox: Special Pages -> Page tools: Export pages

(Note: This list of (English-language) wiki pages was accurate for the recent Karmic version. You may want to check all pages to see if something you want is missing from this list.)

Ubuntu:All
Template:U All/Introduction
Apache2 reverse proxies
BigBlueButton
Template:Drupal BBB
Boot from a Live CD
DAViCal tips
DAViCal current version
DefaultApplications
Drupal6 tips
Drupal site building tips
Dynamic IP servers
Fortune
Ubuntuguide XML exports
Ubuntuguide page lists
Template:Ubuntuguide core wikipages
Template:Ubuntuguide Jaunty wikipages
Template:Ubuntuguide Jauntycore wikipages
Template:Ubuntuguide Karmic wikipages
Template:Ubuntuguide Karmiccore wikipages
Template:Ubuntuguide Lucid wikipages
Template:Ubuntuguide Lucidcore wikipages
Limit the user accounts that can connect through OpenSSH remotely
Main Page
MediaWiki tips
Moodle tips
Multiple OS Installation
Multiple OS Installation Jaunty
Old Drupal6 tips
OpenVPN server Jaunty
OpenVPN server Karmic
Remastersys
Screencasts
Using SSH to Port Forward
VirtualServers
Virtualbox in Windows
WebHuddle tips
Wink 64bit
Ultimate Server Jaunty
Ultimate Server Jaunty with OpenVistA EHR
Template:Ultimate Server Jaunty Core
Template:USJ Customize Core
Template:USJ Customize NewUser
Template:USJ Customize OV
Template:USJ Adjust SSH‎
Template:USJ New SSH Users‎
Template:USJ networking‎
Ubuntu Server Jaunty Customization
Ubuntu Server Jaunty Customization_OV
Template:OpenVistA EHR‎
Template:OpenVistA Server functions‎
OpenVistA EHR‎
WorldVistA tips
Template:WorldVistA
Template:Licenses 
Template:Moodle installation
Template:Tor
Template:U RegisterHeader
Ubuntu:Karmic
Template:U Karmic/Introduction
Template:U Karmic/General
Template:U Karmic/OtherVersions
Template:U Karmic/OtherResources
Template:U Karmic/Installation
Template:U Karmic/Repositories
Template:U Karmic/Packages
Template:U Karmic/DesktopAddons
Template:Karmic/Virtualization
Template:U Karmic/EdutainmentIntro
Template:Karmic/Edutainment
Template:Karmic/Games
Template:U Karmic/Internet
Template:Karmic/Videoconferencing
Template:U Karmic/Privacy
Template:U Karmic/ProprietaryExtras
Template:Karmic/Graphics
Template:Karmic/Screencapture
Template:Karmic/Video
Template:Karmic/Audio
Template:Karmic/AudioVideoConversion
Template:U Karmic/CD DVD
Template:U Karmic/Music
Template:Karmic/MediaCenters
Template:Karmic/HomeAutomation
Template:Karmic/Office
Template:Karmic/Financial
Template:Karmic/Groupware
Template:Karmic/Wiki
Template:Karmic/WebPublishing
Template:Karmic/Development
Template:Karmic/Science
Template:Karmic/MiscApps
Template:Karmic/Utilities
Template:U Karmic/Administration
Template:Karmic/Backup
Template:Karmic/Hardware
Template:Karmic/Networking
Template:Karmic/NetworkAdmin
Template:Karmic/Servers
Template:U Karmic/Troubleshooting
Template:U Karmic/Requests
Ubuntu:Lucid
Template:U Lucid/Administration
Template:U Lucid/Introduction
Template:U Lucid/General
Template:U Lucid/OtherVersions
Template:U Lucid/OtherResources
Template:U Lucid/Installation
Template:U Lucid/Repositories
Template:U Lucid/Packages
Template:U Lucid/DesktopAddons
Template:U Lucid/Requests
Template:Lucid/Virtualization
Template:U Lucid/EdutainmentIntro
Template:Lucid/Edutainment
Template:Lucid/Games
Template:U Lucid/Internet
Template:Lucid/Videoconferencing
Template:U Lucid/Privacy
Template:U Lucid/ProprietaryExtras
Template:U Lucid/Troubleshooting
Template:Lucid/Graphics
Template:Lucid/Screencapture
Template:Lucid/Video
Template:Lucid/Audio
Template:Lucid/AudioVideoConversion
Template:U Lucid/CD DVD
Template:U Lucid/Music
Template:Lucid/MediaCenters
Template:Lucid/HomeAutomation
Template:Lucid/Office
Template:Lucid/Financial
Template:Lucid/Groupware
Template:Lucid/Wiki
Template:Lucid/WebPublishing
Template:Lucid/Development
Template:Lucid/Science
Template:Lucid/MiscApps
Template:Lucid/Utilities 
Template:Lucid/Backup
Template:Lucid/Hardware
Template:Lucid/Networking
Template:Lucid/NetworkAdmin
Template:Lucid/Servers
-> Include only the current revision, not the full history (ticked) -> Offer to save as a file: (ticked) -> Export -> Save file
-> Ubuntuguide-xxxxx.xml
  • Import the Ubuntuguide XML export file into the local wiki:
Local wiki -> log in -> Username: wikiadmin -> Password: wikiadminpassword -> Log in
-> Special Pages -> Page Tools -> Import pages -> Browse -> Ubuntuguide-xxxxx.xml -> Open -> Upload file
  • Edit the Main Page of the wiki and add a link to the online Ubuntuguide as well as the imported copy:
*[[Ubuntu:Karmic|Ubuntuguide Karmic (local copy for editing)]]
*[http://ubuntuguide.org/wiki/Ubuntu:Karmic Ubuntuguide Karmic (online)]

The idea is to edit the locally stored Ubuntuguide as you customize your system. It can also serve as a template and an example of how to use the MediaWiki wiki.

  • Edit the local copy of Ubuntuguide to hide irrelevant links. In MediaWiki, use the <!---> and <---> tags to comment out instructions or text that should not be displayed. Example:
Ubuntuguide Karmic (local copy for editing) -> edit ->
 <!--->{{KarmicKoalaLanguageBar|languages=Languages:|InProgress=In progress:}}<--->

Install Drupal6

  • Install Drupal6 and the first website (myjaunty00.dyndns.org).
sudo apt-get install drupal6
Configure database for drupal6 with dbconfig-common? Yes
Database type to be used by Drupal6: mysql
Password of your database's administrative user: jauntysql00
MySQL application password for drupal6: myjaunty00drupalword
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy the /etc/drupal/6/sites/default folder to the first subsite (in this example named myjaunty00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/myjaunty00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/myjaunty00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/myjaunty00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/myjaunty00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/myjaunty00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/myjaunty00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mybestpic110.png /etc/drupal/6/sites/myjaunty00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php files must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/myjaunty00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php
  • Create a virtual host file for the new sites:
sudo gedit /etc/apache2/sites-available/drupal6virtualhost

Add the lines:

#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin [email protected]
#
DocumentRoot /usr/share/drupal6/
ServerName myjaunty00.dyndns.org
ServerAlias *.myjaunty00.dyndns.org myjaunty00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin [email protected]
#
DocumentRoot /usr/share/drupal6/
ServerName myjauntyweb00.dyndns.org
ServerAlias *.myjauntyweb00.dyndns.org myjauntyweb00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/drupal6virtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • Install the first website through the web browser:
firefox http://myjaunty00.dyndns.org/install.php
Site Name: My Jaunty 00
Site e-mail address: [email protected]
Administrator Account Username: myjaunty00admin -> Password: myjaunty00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/myjaunty00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/myjaunty00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://myjaunty00.dyndns.org/update.php
  • Now you will re-install a new database for each planned subsite.:
sudo dpkg-reconfigure drupal6
  • Re-install database for drupal6? Yes
  • Database type to be used by drupal6: mysql
  • Connection method for MySQL database of drupal6: unix socket
  • Name of your database's administrative user: root
  • Password of your database's administrative user: jauntysql00
  • username for drupal6: drupal6b
  • database name for drupal6: drupal6b
  • Copy the /etc/drupal/6/sites/default folder to the second subsite (in this example named myjauntyweb00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/myjauntyweb00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mysecondbestpic110.png /etc/drupal/6/sites/myjauntyweb00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php
  • Install the second website through the web browser:
firefox http://myjauntyweb00.dyndns.org/install.php
Site Name: My Jaunty 00 Web
Site e-mail address: [email protected]
Administrator Account Username: myjaunty00admin -> Password: myjaunty00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/myjauntyweb00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://myjauntyweb00.dyndns.org/update.php
  • This process can be repeated if desired (if enough URLs are available).
  • The two websites will be available from the web:
http://myjaunty00.dyndns.org
and
http://myjauntyweb00.dyndns.org
  • Set up the cron task for each site:
sudo crontab -e

And add the lines (with the nano editor, or the one you prefer):

45 * 18 * * /usr/bin/wget -O - -q -t 1 http://myjaunty00.dyndns.org/cron.php
45 * 19 * * /usr/bin/wget -O - -q -t 1 http://myjauntyweb00.dyndns.org/cron.php
this will run the scripts separately, at 45 minutes after the 1800 hour and the 1900 hour every day (each site at a different hour).
  • After all sites are installed, create an /etc/drupal/6/sites/all folder in which to store shared modules and themes. Copy the folders:
sudo mkdir /etc/drupal/6/sites/all
sudo cp -a /usr/share/drupal6/modules/ /etc/drupal/6/sites/all
sudo cp -a /usr/share/drupal6/themes /etc/drupal/6/sites/all
and (optionally) make a directory for shared files:
sudo mkdir /etc/drupal/6/sites/all/files
sudo chmod 777 /etc/drupal/6/sites/all/files
then update each website again (while logged in as the administrator for each website).
http://myjaunty00.dyndns.org/update.php
http://myjauntyweb00.dyndns.org/update.php
  • Change theme and add WebLogo:
Drupal -> Administer -> Themes -> Garland -> configure -> color set: Ash -> Logo image settings -> Use the default logo: (unticked)
-> Path to custom logo: sites/myjaunty00.dyndns.org/files/WebLogo.png
  • Add Ubercart online store.
  • Install PayPal cURL-php library pre-requisite (see this link for more info):
sudo apt-get install php5-curl
sudo /etc/init.d/apache2 restart
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.0.tar.gz
sudo tar zxvf ubercart-6.x-2.0.tar.gz
sudo rm ubercart-6.x-2.0.tar.gz
Note: You must Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Ubercart -> select the Ubercart module functions you intend to use

then update:

http://myjaunty00.dyndns.org/update.php
Drupal -> Administer -> Store administration
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz
sudo tar zxvf bbb-6.x-1.x-dev.tar.gz
sudo rm bbb-6.x-1.x-dev.tar.gz
Note: Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use

then update:

http://myjaunty00.dyndns.org/update.php
  • Test the BigBlueButton settings:
Drupal -> Site administration -> Site configuration -> BigBlueButton Conferencing
-> Base URL: http://myjauntybbb00.dyndns.org:81/bigbluebutton/
-> Change the Security Salt (found in a file called “bigbluebutton.properties” on the BigBlueButton server). On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo gedit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
Copy the security salt number found in the setting:
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
-> Save configuration -> Test connection
  • Create a new content type named Teleconference:
Drupal -> Administer -> Content management -> Content types -> Add content type

-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type

  • Create a new node of content type Teleconference:

Drupal -> Create content -> Teleconference -> Conference settings -> ...

  • Add a Welcome page and a link to the public wiki
Drupal -> Create Content -> Page -> Welcome -> ... -> Promoted to front page (ticked) -> Save
Drupal -> Administer -> Site building -> Menus -> Primary links -> Add item -> Path: http://myjauntywiki00.dyndns.org/public -> Menu link title: My Jaunty Wiki -> Weight: 10 -> Save
  • Add menu items / shortcuts to the Drupal Website(s):
  • My Jaunty Website (Public) (Drupal) -- firefox http://myjaunty00.dyndns.org

and

  • My Jaunty Website (Private) (Drupal) -- firefox http://myjauntyweb00.dyndns.org

Install ddclient

sudo apt-get install ddclient
Dynamic DNS service provider: www.dyndns.com
DynDNS fully qualified domain names: myjaunty00.dyndns.org, myjauntyweb00.dyndns.org, myjauntywiki00.dyndns.org, myjauntybbb00.dyndns.org, myjauntymoodle00.dyndns.org
Username for dynamic DNS service: myjauntydnsid -> Password: myjauntydnsword
Network interface (eth0, wlan0, etc.) used for dynamic DNS service: eth0
  • Edit the ddclient configuration file:
sudo gedit /etc/ddclient.conf
so that it resembles:
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
daemon=3600
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
pid=/var/run/ddclient.pid
protocol=dyndns2
#use=if, if=eth0
server=members.dyndns.org
login=myjauntydnsid
password=' myjauntydnsword '
# myjaunty00.dyndns.org,myjauntyweb00.dyndns.org,myjauntywiki00.dyndns.org,myjauntybbb00.dyndns.org,myjauntymoodle00.dyndns.org
myjaunty00.dyndns.org,myjauntycalendar00.dyndns.org,myjauntywiki00.dyndns.org,myjauntybbb00.dyndns.org,myjauntymoodle00.dyndns.org
Note: There are companies on the Internet other than DynDNS.com that provide Dynamic DNS services as well (but several of them are very unreliable, in my experience). DynDNS.com is one of the oldest and most stable. I have found it convenient to forward my URLs (that I already had at other DNS providers) to the DynDNS URLs created in this walkthrough. However, if your original DNS provider supports reliable Dynamic DNS services, you may be able to get it to work with ddclient as well. See the instructions in the tutorial.

Add menu items for websites

Add a menu item for each website:

  • My Jaunty 00 (Drupal6 Website) -- firefox http://myjaunty00.dyndns.org
  • My Jaunty 00 Web (Drupal6 Website) -- firefox http://myjauntyweb00.dyndns.org
  • My Jaunty 00 BBB (BigBlueButton Teleconferencing) -- firefox http://myjauntybbb00.dyndns.org:81
  • My Jaunty 00 Wiki (Public) -- firefox http://myjauntywiki00.dyndns.org
  • My Jaunty 00 Wiki (Private) -- firefox http://myjauntywiki00.dyndns.org/private
  • My Jaunty 00 Moodle (Teaching site) -- firefox http://myjauntymoodle00.dyndns.org

Add Audacious audio player

  • This is an optional component. I use this to stream music from Shoutcast Internet Radio to the office stereo system by plugging the computer output jack into the office stereo input jack. Install:
sudo apt-get install audacious audacious-plugins
  • Change the Audacious audio to ALSA (unless you are willing to configure PulseAudio) and use the classic skin:
Audacious -> Preferences -> Audio -> Current audio plugin: ALSA Output Plugin
-> Appearance -> Classic -> Close
  • Using the Menu Editor, create a menu item to Shoutcast Internet Radio with the command:
firefox http://classic.shoutcast.com
  • Start Shoutcast Internet Radio and click on a radio station. When prompted for the file association, choose Audacious:
"You have chose to open shoutcast-playlist.pls which is a: PLS file. What should Firefox want do with this file?" -> Open with ... -> Browse -> File system... -> usr -> bin -> audacious -> Open -> Do this automatically for files like this from now on: (ticked) -> OK

Install DAViCal group calendar server

If a full groupware server (Kolab, eGroupware, or Zimbra) is to be installed, there is no need for DaviCal. As a standalone group calendar server, though, it can't be beat.

sudo apt-get install sunbird

Allow Reverse proxies

If you have one LAN router that forwards all port 80 traffic to a single server yet you have multiple physical servers on the LAN (each using their own set of URLs), then the primary server (to which all port 80 traffic is sent) will have to act as a reverse proxy for the other servers. This is accomplished through Apache2 reverse proxies. See this tutorial.

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as myjauntyguestpassword):
sudo useradd -m myjaunty00guest
sudo passwd myjaunty00guest
sudo mkdir /home/myjaunty00guest/.ssh
sudo chmod 777 /home/myjaunty00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
to
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

ssh-keygen
scp -P 22199 ~/.ssh/id_rsa.pub myjaunty00guest@myjaunty00.dyndns.org:~/.ssh/id_rsa.pub
When prompted, of course, the guest password, myjauntyguestpassword, should be entered.
  • Back on the server (logged in as the administrator jauntyadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
to
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd myjaunty00guest
  • Copy the new id_rsa.pub key to the myjaunty00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/myjaunty00guest/.ssh/id_rsa.pub /home/jauntyadmin00/.ssh/id_rsaguest.pub
sudo chown -R jauntyadmin00 /home/jauntyadmin00
cd ~/.ssh
cat authorized_keys id_rsaguest.pub >> authorized_keys

Note: this new /home/jauntyadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Add security scanners

  • Don't believe the hype about Linux being free from viruses, trojans, and rootkits. They happen (although less common than in other operating systems). The biggest risk comes from installing software from repositories other than official Ubuntu repositories. Be careful. Here are some recommended security utilities:
  • ClamAV is an anti-virus suite. Install:
sudo apt-get install clamav
Run:
Menu -> System -> ClamAV Anti-Virus Manager
  • Rkhunter is a rootkit hunter. Install and run:
sudo apt-get install rkhunter
sudo rkhunter
  • Chkrootkit is another rootkit hunter. Install and run:
sudo apt-get install chkrootkit
sudo ./chkrootkit

Install an EHR (Electronic Health Record) system

  • Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.
  • The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to myjaunty00.dyndns.org using port 22199.

Install OpenVistA server

sudo apt-get install xinetd update-inetd whois apache2-suexec
  • Note: The Astronaut installer checks for an open port 9260 and it will not proceed if it is closed. Re-enable the firewall (i.e. ok to close port 9260 again) after installation is complete.
  • Obtain and install Astronaut OpenVistA server:
sudo mkdir /etc/openvistaserver
cd /etc/openvistaserver
sudo wget -O astronaut-ov-server-current.deb http://sourceforge.net/projects/astronautnostro/files/astronaut-ov-server/astronaut-ov-server-beta-0.9-3.deb/download
sudo dpkg -i astronaut-ov-server-current.deb
Note: You may wish to save (as a text file) the installation notes displayed during the VistA server installation for future reference.
  • Change the passwords for the server login IDs.
sudo passwd text9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd client9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd openvistaEHR
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
  • Create a Menu Item / Shortcut for text 9260:
su text9260
Name this Menu Item: VistA Server Admin (text9260). Make sure to set Advanced -> Run in terminal (ticked).
The password set in the previous step (for text9260) will be required upon logging in.
  • Create a Menu Item / shortcut for VistA Commander:
/opt/openvista/EHR/bin/vista_com.sh
Name this Menu Item: VistA Commander Server Admin. Make sure to set Advanced -> Run in terminal (ticked).

Install OpenVistA-CIS Linux client

sudo apt-get install mono-runtime libmono-corlib2.0-cil libgtk2.0-cil libglade2.0-cil libmono-cairo2.0-cil libmono-winforms2.0-cil libmono-system-runtime2.0-cil
  • Create directories then download and unzip the OpenVistA-CIS binaries into them:
sudo mkdir /etc/openvistacisclient
cd /etc/openvistacisclient
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-client.zip/download
sudo unzip openvistacis-0.9.96-client.zip

and

sudo mkdir /etc/openvistacisvitals
cd /etc/openvistacisvitals
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-vitals.zip/download
sudo unzip openvistacis-0.9.96-vitals.zip
  • Create Menu shortcuts:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client (localhost connection)
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals (localhost connection)
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisvitals

Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.

Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server=127.0.0.1 with --server=myjaunty00.dyndns.org and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).

  • Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.

Connecting through an SSH tunnel

This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).

  • In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):
sudo mkdir /home/client9260
sudo mkdir /home/client9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/client9260/.ssh/
sudo chown -R client9260 /home/client9260

and

sudo mkdir /home/text9260
sudo mkdir /home/text9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/text9260/.ssh/
sudo chown -R text9260 /home/text9260
  • Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
ssh -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
  • Create Menu shortcuts for use when connecting through the SSH tunnel:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisvitals
  • Create a Menu Item / Shortcut with the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
but with Advanced -> Work path: /etc/openvistacisclient configured in the Menu Item / Shortcut settings. It is not necessary to have the Advanced -> Run in terminal box ticked.
  • It is also possible to use the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono /etc/openvistacisclient/OpenVistaCIS.exe --server=127.0.0.1 --port=9201
  • Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:
Menu Editor -> New item
-> General -> Name: OpenVistA Server (localhost)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 127.0.0.1 -p 22199
-> Advanced -> Run in terminal: (ticked)

and

Menu Editor -> New item
-> General -> Name: OpenVistA Server (network)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
-> Advanced -> Run in terminal: (ticked)

When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .

For more info about the OpenVistA Server functions, see here.

Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201).

  • To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.

Adjust Login Manager IDs

  • The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> Excluded users -> client9260 (ticked) -> text9260 (ticked) -> openvistaEHR (ticked)
The accounts will remain active but will not show up on the Login screen.

Changing passwords and other customization

Other resources