Please rate how useful you found this document: 
Average: 3.5 (2 votes)

Overview

Stack N285 provides detailed information about the database and application server configurations needed to correctly install the following versions of ProcessMaker on the platform CentOS/RHEL 7.x (Latest Available Version) under the NGINX web server.

ProcessMaker 3.8.x

Stack N285 is supported by ProcessMaker, meaning that it has been tested by the Quality Control team.

Summary

Platform Database PHP
CentOS/RHEL 7.x (Latest Available Version) MySQL 8.0 8.1.x
Web Server Filesystem Architecture
NGINX 1.x.x (Latest version) xfs 64-bit

Disclaimer

The stack procedure and references described below are used by ProcessMaker in its cloud environment and it works appropriately in cloud configurations. If this stack is ever implemented on-premise by the client’s IT staff or similar, ProcessMaker Inc. does not guarantee the correct implementation functioning.

Environment

Assuming you already have the last CentOS 7.x Core or Desktop installed and have the proper permissions by typing the command sudo su and entered the administrator password you can run the following commands to have the stack ready to install ProcessMaker.

Step 1: Update your Server

Make sure that your server is running the latest version.

yum -y update

Warning: Depending on your CentOS version, the server update should take a long time to complete the update.

Step 2: Remove MariaDB

By default CentOS 7.x comes with some modules of MariaDB installed. So we need to uninstall them.

yum -y remove mariadb*

Step 3: Install MySQL 8

To install MySQL 8.0, follow the next steps:

1. Run the command lines to download the repositories:

yum localinstall -y https://repo.mysql.com/mysql80-community-release-el7-3.noarch.rpm rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 yum install -y mysql-community-server

2. Start the MySQL service and set it to start automatically at boot.

systemctl start mysqld systemctl enable mysqld

3. Make sure the mysql service is running by checking its status.

systemctl status mysqld

The status of the mysql service should be "active (running)":

MySQL Configuration

Before using MySQL, follow the next steps:

1. A temporary password is already defined so you need to check it before you run the mysql_secure_installation. To do this, use the following command:

grep "temporary password" /var/log/mysqld.log

Use this temporary password when running mysql_secure_installation.

2. Use the mysql_secure_installation command to set up a secure database environment and establish a root password to use in the ProcessMaker installation.

mysql_secure_installation

The wizard installation begins.

3. Follow the wizard's instructions to secure MySQL.

Warning: The default password policy implemented by validate_password of MySQL 8.0 requires that passwords contain at least one uppercase character, one lowercase character, one numeric character, and one special (nonalphanumeric) character, and that the total password length is at least 8 characters. To know more about validate_password, see The Password Validation Plugin.

Enter the temporary root password. If the temporary password has expired, you need to enter a new password.

4. Change the root password. If it was defined in the step three, skip this step.

5. Confirm to remove anonymous users.

6. Confirm to disable the remote root login.

If MySQL is running in another server, you must create a new user and give this user the permissions to access.

7. Confirm to remove the test database.

8. Reload privilege tables.

The MySQL installation is now secure.

9. Turn off Derived Table Merging Flags.

echo "optimizer_switch = derived_merge=off" >> /etc/my.cnf

10. Disable MySQL Strict Mode on the Server.

echo 'sql_mode= ""' >> /etc/my.cnf

11. Restart the MySQL service.

systemctl restart mysqld

12. Apply "mysql_native_password“ which is used by ProcessMaker.

echo "default_authentication_plugin = mysql_native_password" >> /etc/my.cnf

13. Enable MySQL root using the following command.

mysql -u root -p

14. Execute the next SQL commands in MySQL server.

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '{current-password}'; ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '{current-password}';

Step 4: Install NGINX

To install NGINX, follow the next steps:

1. Add the NGINX repository file.

vi /etc/yum.repos.d/nginx.repo .

2. Add the next lines in the repository file: /etc/yum.repos.d/nginx.repo.

[nginx] name=nginx repo #####rhel/6 should be changed to rhel/7 for RHEL/CentOS 7 baseurl=http://nginx.org/packages/rhel/7/$basearch/ gpgcheck=0 enabled=1

3. Install NGINX and start the service.

yum clean all && yum -y install nginx systemctl start nginx systemctl enable nginx

Step 5: Install and Configure PHP 8.1.x + PHP-FPM + OpCache

To install and configure PHP 8.1.x + PHP-FPM + OpCache, follow the next steps:

1. Add the EPEL (CentOS 7.x) repositories or RedHat ones to install PHP.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

2. Install PHP and its modules.

yum install yum-utils yum-config-manager --enable remi-php81 yum -y install php php-cli php-opcache php-fpm php-gd php-mysqlnd php-soap php-mbstring php-ldap php-xml php-imap php-zip

Check if all the PHP modules were properly installed by running the command.

php -m

The outcome will be similar to the following:

[PHP Modules] bz2 calendar Core ctype curl date exif fileinfo filter ftp gd gettext gmp hash iconv imap json ldap libxml mbstring mysqli mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_sqlite Phar readline Reflection session shmop SimpleXML soap sockets SPL sqlite3 standard tokenizer xml Zend OPcache zip zlib

3. Start and enable the PHP-FPM service.

systemctl start php-fpm systemctl enable php-fpm

4. In the php.ini file, set the standard ProcessMaker configurations.

sed -i '/short_open_tag = Off/c\short_open_tag = On' /etc/php.ini sed -i '/post_max_size = 8M/c\post_max_size = 24M' /etc/php.ini sed -i '/upload_max_filesize = 2M/c\upload_max_filesize = 24M' /etc/php.ini sed -i '/;date.timezone =/c\date.timezone = America/New_York' /etc/php.ini sed -i '/expose_php = On/c\expose_php = Off' /etc/php.ini sed -i '/memory_limit = 128M/c\memory_limit = 256M' /etc/php.ini

5. Set OpCache configurations.

sed -i '/;opcache.enable_cli=0/c\opcache.enable_cli=1' /etc/php.d/10-opcache.ini sed -i '/opcache.max_accelerated_files=4000/c\opcache.max_accelerated_files=10000' /etc/php.d/10-opcache.ini sed -i '/;opcache.max_wasted_percentage=5/c\opcache.max_wasted_percentage=5' /etc/php.d/10-opcache.ini sed -i '/;opcache.use_cwd=1/c\opcache.use_cwd=1' /etc/php.d/10-opcache.ini sed -i '/;opcache.validate_timestamps=1/c\opcache.validate_timestamps=1' /etc/php.d/10-opcache.ini sed -i '/;opcache.fast_shutdown=0/c\opcache.fast_shutdown=1' /etc/php.d/10-opcache.ini

Note: In case of using the Enhanced Login plugin, set the following variable in the /etc/php.ini file.

session.save_path = /var/lib/php/session

6. Create the processmaker.conf file to include PHP-FPM configuration.

vi /etc/php-fpm.d/processmaker.conf

7. Include the following settings to the configuration file and save the file.

[processmaker] user = nginx group = nginx listen = /var/run/php-fpm/processmaker.sock listen.mode = 0664 listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 100 pm.start_servers = 20 pm.min_spare_servers = 20 pm.max_spare_servers = 50 pm.max_requests = 500 php_admin_value[error_log] = /var/log/php-fpm/processmaker-error.log php_admin_flag[log_errors] = on clear_env = no

Step 6: NGINX Server Configuration

To configure NGINX to work with ProcessMaker, follow the next steps:

1. Move the Nginx Configuration to work with ProcessMaker.

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bk

2. Create the nginx.conf file.

vi /etc/nginx/nginx.conf

3. The Nginx server configuration file needs to have:

user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; log_format combined_ssl '$remote_addr - $remote_user [$time_local] ' '$ssl_protocol/$ssl_cipher ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 120; keepalive_requests 100; types_hash_max_size 2048; #Enable Compression gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/xml application/xhtml+xml application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype; include /etc/nginx/conf.d/*.conf; #Comment out ServerTokens OS server_tokens off; #Prevent ClickJacking Attacks add_header X-Frame-Options SAMEORIGIN; #Load Balancer/Reverse Proxy Header real_ip_header X-Forwarded-For; set_real_ip_from 0.0.0.0/0; client_header_timeout 3000; client_body_timeout 3000; }

4. Restart NGINX.

systemctl restart nginx

Step 7: Install Firewall and Open ProcessMaker's Ports

By default, CentOS 7.x cannot work without a firewall, therefore it is recommended to install Firewalld so it can be easily configured. Firewalld is a dynamic daemon that manages a firewall with support for networks zones. To install it run the following steps:

1. Install Firewalld.

yum -y install firewalld

2. Set the service to start automatically.

systemctl start firewalld systemctl enable firewalld

3. Open the port where ProcessMaker will run, which is port 80 by default. To use a port other than port 80, it is necessary to change the port number using the following command.

firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload

Step 8: SCRIPT_FILENAME Configuration

To add custom files it is required to include styles.php and font.php in the file processmaker.conf with the SCRIPT_FILENAME parameter as follows:

location = /fonts/styles.php { fastcgi_pass unix:/var/run/php-fpm/processmaker.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location = /fonts/font.php { fastcgi_pass unix:/var/run/php-fpm/processmaker.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }

Step 9: Task Scheduler Configuration

The Task Scheduler requires to run the Crontab. For this purpose, in the console, run the following line after the Crontab running:

* * * * * cd /opt/processmaker && ./processmaker artisan schedule:run --workspace={workspace} --user={web-server}

Step 10: Disable SELinux

SELinux causes many problems, which it is often easier to disable. Run the next commands to disable SELinux:

yum -y install policycoreutils-python semanage permissive -a httpd_t systemctl restart nginx systemctl restart php-fpm

Install and Configure Supervisor

To install and configure a Supervisor, follow the next steps:

Note: After every command execution, verify if there are error or warning messages. This may be due to wrong file permissions.

  1. Open a terminal and run as a supervisor user by writing the following.

    su or sudo -i
  2. Install and enable the Supervisor.

    yum -y install supervisor systemctl start supervisord systemctl enable supervisord
  3. Create the laravel-worker-workflow.ini file in the /etc/supervisord.d/ folder.

    vi /etc/supervisord.d/laravel-worker-workflow.ini
  4. Add the following lines and save the file.

    [program:laravel-worker-workflow] user=nginx directory= /opt/processmaker/ command= /opt/processmaker/processmaker artisan queue:work --workspace=workflow stdout_logfile= /opt/processmaker/worker-workflow.log autostart=true autorestart=true

    If you have two workspaces or more, add the following lines. For example, the workflow and sample workspaces.

    [program:laravel-worker-workflow] user=nginx directory= /opt/processmaker/ command= /opt/processmaker/processmaker artisan queue:work --workspace=workflow stdout_logfile= /opt/processmaker/worker-workflow.log autostart=true autorestart=true [program:laravel-worker-sample] user=nginx directory= /opt/processmaker/ command= /opt/processmaker/processmaker artisan queue:work --workspace=sample stdout_logfile= /opt/processmaker/worker-sample.log autostart=true autorestart=true
  5. Enable the laravel-worker-workflow configuration.

    supervisorctl reread supervisorctl update sudo supervisorctl stop all sudo supervisorctl start all

    Restart the Supervisor service:

    sudo systemctl stop supervisord.service sudo systemctl start supervisord.service

The queue work is ready to run.

Take into account:

  • Depending on the distribution, the directory route must maintain order. This will specify the processmaker workspace.
  • Verify that the configured log file has permissions in the stdout_logfile route. It is recommended that the log file (stdout_logfile) be located within the shared folder of processmaker: /shared/worker.log. This may not be advisable if your environment has many workspaces that have a large workload, your log would be lost in time.
  • The parameters of the command route must be valid according to the workload. For more information consult the Laravel documentation.

Database Integrations

This stack supports the following database integrations:

Oracle

To install an Oracle database integration, follow the next steps:

  1. Download the Oracle client for Linux and install it:

    rpm -i oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm rpm -i oracle-instantclient12.2-devel-12.2.0.1.0-1.x86_64.rpm
  2. Set the global variables in the system:

    export LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib export ORACLE_HOME=/usr/lib/oracle/12.2/client64/
  3. Install the dependencies:

    yum -y install cc gcc php-pear php-devel
  4. Install the libraries using pecl:

    pecl install oci8 # When the installer requests the Oracle Home, provide the path to the ORACLE_HOME directory. Use instantclient,/path/to/instant/client/lib if you are compiling with Oracle Instant Client [autodetect] : instantclient,/usr/lib/oracle/12.2/client64/lib
  5. In the /etc/php.ini file, add the extension line:

    extension=oci8.so
  6. Restart the NGINX and PHP services:

    service nginx restart & service php-fpm restart

Microsoft SQL Server

To install a Microsoft SQL Server database integration, follow the next steps:

  1. Import the repository:

    curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo
  2. Remove the unixODBC and update the system:

    yum remove unixODBC yum update ACCEPT_EULA=Y yum install msodbcsql-13.0.1.0-1 mssql-tools-14.0.2.0-1 yum install unixODBC-utf16-devel ln -sfn /opt/mssql-tools/bin/sqlcmd-13.0.1.0 /usr/bin/sqlcmd ln -sfn /opt/mssql-tools/bin/bcp-13.0.1.0 /usr/bin/bcp
  3. Install the dependencies:

    yum install gcc-c++ libstdc++ -y
  4. Install the libraries using pecl:

    pecl install sqlsrv pecl install pdo_sqlsrv
  5. In the /etc/php.ini file, add the extension lines:

    extension=sqlsrv.so extension=pdo_sqlsrv.so
  6. Restart the NGINX and PHP services:

    service nginx restart & service php-fpm restart

PostgreSQL

To install a PostgreSQL database integration, follow the next steps:

  1. Install the dependencies:

    yum install php-pgsql php-pdo_pgsql
  2. Restart the services:

    service nginx restart & service php-fpm restart

Configuration and ProcessMaker Installation

To learn how to install and configure ProcessMaker, read Configuration and ProcessMaker Installation.