Overview

Stack N220 provides detailed information about the database and application server configurations needed to correctly install the following versions of ProcessMaker on the platform CentOS/RHEL 7.x under NGINX web server.

ProcessMaker 3.2.2

Stack N220 is supported by ProcessMaker, meaning that it has been tested by the Quality Control team.

Summary

Platform Database PHP
CentOS/RHEL 7.x (Latest version) MySQL 5.6.x 5.6.x
Web Server Filesystem Architecture
NGINX 1.x.x (Latest version) ext4 64-bit

Disclaimer

This procedure and references are used by ProcessMaker in its cloud environment and it works appropriately in cloud configurations. If ever implemented on-premise by the client’s IT staff or similar, ProcessMaker Inc. does not guarantee the correct functioning of the implementation.

Environment

Assuming you already have a CentOS 7.x.x Core or Desktop installed and has the proper permissions by typing the comand sudo su and entered the administrator password you can execute the following commands in order to have the stack ready to install ProcessMaker.

Step 1: Update your Server

Make sure that your server is in the latest version.

yum -y update

Warning: Depending on your CentOS version, the server update should take a long time to complete the update.

Step 2: Install MySQL Community Server

Go to the MySQL Community Server website to download the program: https://dev.mysql.com/downloads/mysql/.

IMAGE 1

In the Looking for the latest GA version? section, select “MySQL Community Server 5.6 »” and the following graphic displays:

IMAGE 2

Select the last version 5.6.XX and Red Hat Enterprise Linux / Oracle Linux. Then, download the "Red Hat Enterprise Linux 7 / Oracle Linux 7 (x86, 64-bit) RPM Bundle" or the client and server rpm's only.

Step 3: Remove MariaDB

By default CentOS 7.x comes with some modules of maria DB installed. so we need to uninstall them. Execute the following command to uninstall MariaDB modules.

yum -y remove mariadb*

Step 4: Install the MySQL Dependencies

Execute the following command to install the MySQL dependencies. This might vary depending on the MySQL version.

yum install -y net-tools perl gcc
yum install -y perl-Data-Dumper.x86_64

Step 5:Install MySQL

Warning: ProcessMaker is not compatible with MySQL STRICT mode, which is enabled by default as of MySQL 5.6.6. Read the Turning Off MySQL STRICT Mode section to learn how to disable it.

After downloading the latest (5.6.xx) available version, install MySQL. Please note that depending on the version the installation process can change slightly (i.e. the root password might be not automatically set up.). Go to the local folder where MySQL was downloaded, and then execute the following commands.

tar -xvf MySQL-5.6.XX-1.el7.x86_64.rpm-bundle.tar

Install the MySQL server and MySQL client:

rpm -ivh MySQL-server-5.6.XX-1.el7.x86_64.rpm
rpm -ivh MySQL-client-5.6.XX-1.el7.x86_64.rpm

Start the MySQL service and set it to start automatically at server boot.

service mysql start
chkconfig mysql on

A random password has been set for the MySQL root user. To view this password execute:

cat /root/.mysql_secret

Change the password of the .mysql_secret:

mysql_secure_installation

Follow the steps and set up the password that will be used in the ProcessMaker installation.

Make sure the mysql service is running by checking its status with the following command:

systemctl status mysql

The status of the mysql service should be "active (running)":

Step 6: Install NGINX + PHP-FPM

Add the NGINX repository file.

nano /etc/yum.repos.d/nginx.repo

Add the next lines in the repository file.

[nginx]
name=nginx repo
#####rhel/6 should be changed to rhel/7 for RHEL/CentOS 7
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1

Install NGINX and start the service.

yum clean all && yum -y install nginx
service nginx start
chkconfig nginx on

Add the EPEL (CentOS 7.x) repositories or RedHat ones to install php. In this guide we will use EPEL.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y install php56w php56w-opcache php56w-fpm php56w-gd php56w-mysqlnd php56w-soap php56w-mbstring php56w-ldap php56w-mcrypt php56w-xml

Step 7: Configure php-fpm

Execute the following commands to configure php-fpm.

service php-fpm start
chkconfig php-fpm on

######Standard PM configurations

sed -i '/short_open_tag = Off/c\short_open_tag = On' /etc/php.ini
sed -i '/post_max_size = 8M/c\post_max_size = 24M' /etc/php.ini
sed -i '/upload_max_filesize = 2M/c\upload_max_filesize = 24M' /etc/php.ini
sed -i '/;date.timezone =/c\date.timezone = America/New_York' /etc/php.ini

Step 8: Install and Configure OpCache

Execute the following commands.

######Hide PHP version

sed -i '/expose_php = On/c\expose_php = Off' /etc/php.ini
yum -y install php56w-opcache

sed -i '/;opcache.enable_cli=0/c\opcache.enable_cli=1' /etc/php.d/opcache.ini

sed -i '/opcache.max_accelerated_files=4000/c\opcache.max_accelerated_files=10000' /etc/php.d/opcache.ini

sed -i '/;opcache.max_wasted_percentage=5/c\opcache.max_wasted_percentage=5' /etc/php.d/opcache.ini

sed -i '/;opcache.use_cwd=1/c\opcache.use_cwd=1' /etc/php.d/opcache.ini

sed -i '/;opcache.validate_timestamps=1/c\opcache.validate_timestamps=1' /etc/php.d/opcache.ini

sed -i '/;opcache.fast_shutdown=0/c\opcache.fast_shutdown=1' /etc/php.d/opcache.ini

Step 9: Configure PHP-FPM File

Open the PHP-FPM configuration file.

##### PHP-FPM configurations

nano /etc/php-fpm.d/processmaker.conf

The configuration file should include the following:

[processmaker]
user = nginx
group = nginx
listen = /var/run/php-fpm/processmaker.sock
listen.mode = 0664
listen.owner = nginx
listen.group = nginx
pm = dynamic
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 50
pm.max_requests = 500
php_admin_value[error_log] = /var/log/php-fpm/processmaker-error.log
php_admin_flag[log_errors] = on

Nginx Configuration to work with ProcessMaker:

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bk
nano /etc/nginx/nginx.conf

The Nginx server configuration file needs to have:

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
log_format combined_ssl '$remote_addr - $remote_user [$time_local] '
'$ssl_protocol/$ssl_cipher '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
keepalive_requests 100;
types_hash_max_size 2048;

#Enable Compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/xml application/xhtml+xml application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype;

include /etc/nginx/conf.d/*.conf;

#Comment out ServerTokens OS
server_tokens off;

#Prevent ClickJacking Attacks
add_header X-Frame-Options SAMEORIGIN;

#Load Balancer/Reverse Proxy Header
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
}

Step 10: Disable SELINUX

Execute the following command to disable SELINUX:

echo "SELINUX=disabled" > /etc/selinux/config
echo "SELINUXTYPE=targeted" >> /etc/selinux/config

Step 11: Install Firewall and Open the Needed Ports

CentOS 7 can't work without the firewall so we will install a interface to configure it in a friendly way.

yum -y install firewalld

Set it to auto Start.

service firewalld start
chkconfig firewalld on

Open the port in which we want PM to run by default should be por 80. in general if a port needs to be user this process needs to be done with the required port.

firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

Step 12: Reboot the Server

After all these installations the server needs to be rebooted.

Configuration and ProcessMaker Installation

To learn how to configure the NGINX file, MySQL and install ProcessMaker, read Configuration and ProcessMaker Installation.