Please rate how useful you found this document: 
No votes yet

Overview

Stack N255 provides detailed information about the database and application server configurations needed to correctly install the following versions of ProcessMaker on the platform CentOS/RHEL 7.x (Latest Version) under NGINX web server.

ProcessMaker 3.4.x

Stack N225 is supported by ProcessMaker, meaning that it has been tested by the Quality Control team.

Summary

Platform Database PHP
CentOS/RHEL 7.x (Latest version) MySQL 5.7.x 7.1.x
Web Server Filesystem Architecture
NGINX 1.x.x (Latest version) xfs 64-bit

Disclaimer

The stack procedure and references described below are used by ProcessMaker in its cloud environment and it works appropriately in cloud configurations. If this stack is implemented on-premises, ProcessMaker Inc. does not guarantee the stack functions correctly.

Environment

Assuming you already have the last CentOS 7.x Core or Desktop installed and have the proper permissions by typing the comand sudo su and entered the administrator password you can run the following commands to have the stack ready to install ProcessMaker.

Step 1: Update your Server

Make sure that your server is in the latest version.

yum -y update

Warning: Depending on your CentOS version, the server update should take a long time to complete the update.

Step 2: Remove MariaDB

By default CentOS 7.x comes with some modules of MariaDB installed. So we need to uninstall them.

yum -y remove mariadb*

Step 3: Install MySQL 5.7.x

To install MySQL 5.7.x, use the following steps:

1. Run the command lines to download the repositories:

yum localinstall -y https://repo.mysql.com//mysql57-community-release-el7-11.noarch.rpm yum install -y mysql-community-server

2. Start the MySQL service and set it to start automatically at boot.

systemctl start mysqld systemctl enable mysqld

3. Make sure the mysql service is running by checking its status.

systemctl status mysqld

The status of the mysql service should be "active (running)":

MySQL Configuration

Before using MySQL, follow the next steps:

1. The temporary password is already defined so you need to check it before you run the mysql_secure_installation. To do this use the following command:

grep "temporary password" /var/log/mysqld.log

Use this temporary password when running mysql_secure_installation.

2. Use the mysql_secure_installation command to set up a secure database environment and establish a root password to use in the ProcessMaker installation.

mysql_secure_installation

The wizard installation begins.

3. Then follow the wizard's instructions to secure MySQL.

Warning: The default password policy implemented by validate_password of MySQL 5.7 requires that passwords contain at least one upper case letter, one lower case letter, one digit, and one special character, and that the total password length is at least 8 characters. To know more about validate_password, see The Password Validation Plugin.

Enter the temporary root password. If the temporary password has expired, you need to enter a new password.

4. Change the root password. If it was defined in the step three, skip this step.

5. Confirm to remove anonymous users.

6. Confirm to disable the remote root login.

In the case MySQL is in another server, you must create a new user and give this user the permissions to access.

7. Confirm to remove the test database.

8. Reload privilege tables.

The MySQL installation is now secure.

9. Turn off Derived Table Merging Flags.

echo "optimizer_switch = derived_merge=off" >> /etc/my.cnf

10. Disable MySQL Strict Mode on the Server.

echo 'sql_mode= ""' >> /etc/my.cnf

11. Restart the MySQL service.

systemctl restart mysqld

Step 4: Install NGINX

To install NGINX, follow the next steps:

1. Add the NGINX repository file.

nano /etc/yum.repos.d/nginx.repo

2. Add the next lines in the repository file.

[nginx] name=nginx repo #####rhel/6 should be changed to rhel/7 for RHEL/CentOS 7 baseurl=http://nginx.org/packages/rhel/7/$basearch/ gpgcheck=0 enabled=1

3. Install NGINX and start the service.

yum clean all && yum -y install nginx systemctl start nginx systemctl enable nginx

Step 5: Install and Configure PHP 7.1.x + PHP-FPM + OpCache

Follow these steps:

1. Add the EPEL (CentOS 7.x) repositories or RedHat ones to install PHP.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

2. Install PHP and its modules.

yum -y install php71w php71w-cli php71w-opcache php71w-fpm php71w-gd php71w-mysqlnd php71w-soap php71w-mbstring php71w-ldap php71w-mcrypt php71w-xml php71w-imap

Check if all the PHP modules were installed.

php -m

The outcome will be similar to the following:

[PHP Modules] bz2 calendar Core ctype curl date exif fileinfo filter ftp gd gettext gmp hash iconv imap json ldap libxml mbstring mcrypt mysqli mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_sqlite Phar readline Reflection session shmop SimpleXML soap sockets SPL sqlite3 standard tokenizer xml Zend OPcache zip zlib

3. Start and enable the PHP-FPM service.

systemctl start php-fpm systemctl enable php-fpm

4. In the php.ini file, set the standard ProcessMaker configurations.

sed -i '/short_open_tag = Off/c\short_open_tag = On' /etc/php.ini sed -i '/post_max_size = 8M/c\post_max_size = 24M' /etc/php.ini sed -i '/upload_max_filesize = 2M/c\upload_max_filesize = 24M' /etc/php.ini sed -i '/;date.timezone =/c\date.timezone = America/New_York' /etc/php.ini sed -i '/expose_php = On/c\expose_php = Off' /etc/php.ini

5. Set OpCache configurations.

sed -i '/;opcache.enable_cli=0/c\opcache.enable_cli=1' /etc/php.d/opcache.ini sed -i '/opcache.max_accelerated_files=4000/c\opcache.max_accelerated_files=10000' /etc/php.d/opcache.ini sed -i '/;opcache.max_wasted_percentage=5/c\opcache.max_wasted_percentage=5' /etc/php.d/opcache.ini sed -i '/;opcache.use_cwd=1/c\opcache.use_cwd=1' /etc/php.d/opcache.ini sed -i '/;opcache.validate_timestamps=1/c\opcache.validate_timestamps=1' /etc/php.d/opcache.ini sed -i '/;opcache.fast_shutdown=0/c\opcache.fast_shutdown=1' /etc/php.d/opcache.ini

6. Create the processmaker.conf file to include PHP-FPM configuration.

nano /etc/php-fpm.d/processmaker.conf

7. Include the following to the configuration file, and save the file.

[processmaker] user = nginx group = nginx listen = /var/run/php-fpm/processmaker.sock listen.mode = 0664 listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 100 pm.start_servers = 20 pm.min_spare_servers = 20 pm.max_spare_servers = 50 pm.max_requests = 500 php_admin_value[error_log] = /var/log/php-fpm/processmaker-error.log php_admin_flag[log_errors] = on

Step 6: NGINX Server Configuration

To configure NGINX to work with ProcessMaker, follow the next steps:

1. Move the Nginx Configuration to work with ProcessMaker.

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bk

2. Create the nginx.conf file.

nano /etc/nginx/nginx.conf

3. The Nginx server configuration file needs to have:

user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; log_format combined_ssl '$remote_addr - $remote_user [$time_local] ' '$ssl_protocol/$ssl_cipher ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 120; keepalive_requests 100; types_hash_max_size 2048; #Enable Compression gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/xml application/xhtml+xml application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype; include /etc/nginx/conf.d/*.conf; #Comment out ServerTokens OS server_tokens off; #Prevent ClickJacking Attacks add_header X-Frame-Options SAMEORIGIN; #Load Balancer/Reverse Proxy Header real_ip_header X-Forwarded-For; set_real_ip_from 0.0.0.0/0; }

In *.conf, replace with your configuration file, and save the file.

4. Restart NGINX.

systemctl restart nginx

Step 7:Install and Configure Supervisor

Follow the next steps to install and configure a Supervisor:

  1. Open a terminal and run as a supervisor user by writing the following.

    su or sudo -i
  2. Install and enable the Supervisor.

    yum -y install supervisor systemctl start supervisord systemctl enable supervisord
  3. Create the laravel-worker-workflow.ini file in the /etc/supervisord.d/ folder.

    nano /etc/supervisord.d/laravel-worker-workflow.ini
  4. Add the following lines, and save the file.

    [program:laravel-worker-workflow] user=nginx directory=/opt/processmaker/ command=/opt/processmaker/processmaker artisan queue:work --workspace=workflow stdout_logfile=/opt/processmaker/worker-workflow.log autostart=true autorestart=true

    If you have two workspaces or more, add the following lines. For example, the workflow and sample workspaces.

    [program:laravel-worker-workflow] user=nginx directory=/opt/processmaker/ command=/opt/processmaker/processmaker artisan queue:work --workspace=workflow stdout_logfile=/opt/processmaker/worker-workflow.log autostart=true autorestart=true [program:laravel-worker-sample] user=nginx directory=/opt/processmaker/ command=/opt/processmaker/processmaker artisan queue:work --workspace=sample stdout_logfile=/opt/processmaker/worker-sample.log autostart=true autorestart=true
  5. Enable the laravel-worker-workflow configuration.

    supervisorctl reread supervisorctl update sudo supervisorctl stop all sudo supervisorctl start all sudo systemctl stop supervisord.service sudo systemctl start supervisord.service

The queue work is ready to run.

Take into account:

  • Depending on the distribution, the directory route must maintain order. This will specify the processmaker workspace.
  • Verify that the configured log file has permissions in the stdout_logfile route. It is recommended that the log file (stdout_logfile) be located within the shared folder of processmaker: /shared/worker.log. This may not be advisable if your environment has many workspaces that have a large workload, your log would be lost in time.
  • The parameters of the command route must be valid according to the workload. For more information consult the Laravel documentation.

Step 8: Install Firewall and Open ProcessMaker's Port

By default, CentOS 7.x can not work without firewall, therefore it is recommended to install Firewalld so it can be easily configured. Firewalld is a dynamic daemon that manages a firewall with support for networks zones. To install it run the following steps:

1. Install Firewalld.

yum -y install firewalld

2. Set the service to start automatically.

systemctl start firewalld systemctl enable firewalld

3. Open the port where ProcessMaker will run, which is port 80 by default. To use a port other than port 80, it is necessary to change the port number using the following command.

firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --reload

Step 9: Disable SELinux

SELinux causes many problems, which it is often easier to disable. Run the next commands to disable SELinux:

yum -y install policycoreutils-python semanage permissive -a httpd_t systemctl restart nginx systemctl restart php-fpm

Configuration and ProcessMaker Installation

To learn how to install and configure ProcessMaker, read Configuration and ProcessMaker Installation.