Record'in Blockchain software installation procedure

Step by step installtion of Record'in

 

This shows the recommended steps for installation of Record'in software.


The same documentation in PDF format.


Do not be afraid about the length of this procedure. You can run Record'in in less than 5mn as well !



Just download the release from github, extract the archive, and run "recordin.sh" on Linux, or "recordin.bat" on Windows.

Then open your Internet browser, and go to the following URL: http://localhost:8080

Beware that the first time, the platform takes about 10mn to initiate.


Record'in requires at least IE 11 for the web interface to run correctly.
 



I.Introduction

This document describes the recommended installation procedure of Record’in software.



II.Installer

Name Company/Role Signature Initials Date
Philippe Schweitzer Recordins/CEO
PHS 13/02/19



III.System Information

Attribute Value
Hostname demo.recordins.com
Target Server Virtual machine
Server Function VM for development
Application Name Record’in 19-01
Version 19-01
Manufacturer Recordins
Distribution Media Electronic / Internet
Language English
Data source provided by Recordins
Comment N/A


Conventions :

N/A



IV.Prerequisites

No. Prerequisite Prerequisite met Y/N
1 A server with following minimal specifications:

- 2 CPU cores
- 4 GB of RAM
- 20 GB of disk space


2 A server installed with following OS:
Debian 9.6


3 Download Record’in software form Github repository:
https://github.com/recordins/recordin/releases




V.Installation steps

No. Activity Succesfully Completed Y/N
1 Connect with ssh as root

The first password is provided by your administrator

$> ssh root@<hostname in section 3>

2 Update root password, and store it inside the password manager

#> passwd

3 Update the hostname inside the server

#> apt-get install vim sudo
#> vim /etc/hostname

Replace the actual value with the <hostname in section 3>

4 Update vim properties

#> vim .vimrc

Put following lines:

set mouse-=a
syntax on

5 #> vim .bashrc

Uncomment following lines:

export LS_OPTIONS='--color=auto'
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'

6 Create “recordin” user, and store password inside the password manager :

#> adduser recordin

---
Adding user `recordin' ...
Adding new group `recordin' (1001) ...
Adding new user `recordin' (1001) with group `recordin' ...
Creating home directory `/home/recordin' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for recordin
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
---

7 Move to recordin user

#> su - recordin

8 #> vim .vimrc

Put following lines:

set mouse-=a
syntax on

9 #> vim .bashrc

Uncomment following line:

alias ll='ls -l'

10 Move back to root

$> exit

11 Create folders

mkdir -p /soft/recordin/install
mkdir -p /soft/java
mkdir -p /users/recordin/log/
mkdir -p /backup/recordin/

chown -R recordin:root /soft/recordin/ /users/recordin/ /backup/recordin/

chmod -R 700 /soft/ /users/ /backup/
chmod 711 /soft/ /users/ /backup/

12 Copy Recordin installation resources
Make sure having downloaded the release from the GitHub URL described in section 4

scp -r recordin-19-01-linux_amd64.tar.gz recordin@<hostname in section 3>:/soft/recordin/install

13 Extract and install java version

#> cd /soft/recordin/install/
#> tar -xvzf recordin-19-01-linux_amd64.tar.gz 2>/dev/null
#> mv linux_amd64/jre1.8.0_202/ /soft/java/jre1.8.0_202/
#> cd /soft/java/
#> ln -s jre1.8.0_202/ current

14 Copy files and folders to the destination location:

#> cd /soft/recordin/install/linux_amd64/
#> cp -r * ../..

15 Update etc/webserver.properties

#> cd /soft/recordin/
#> vim etc/webserver.properties

# Comment or adapt line, eventually puth either the hostname or the IP address directly.
# Comment will setup the software to use the address linked with the FQDN of the server,
NetworkInterface=localhost

16 # Delete 'etc/keys.properties' if existing
# Delete 'etc/users.properties' if existing

rm etc/keys.properties etc/users.properties 2>/dev/null

17 Adapt Java JVM settings

#> vim recordin.sh
# Update 'launch.sh' with the memory settings and java location:

/soft/java/current/bin/java -Xms3G -Xmx3G -XX:+UseG1GC -jar Recordin-all-in-one-jar-19.01-RELEASE.jar $@

18 Add recordin to users group

#> vim /etc/group

And put following content for users group:

users:x:100:recordin

19 Update permissions

chown -R recordin:root /soft/recordin/ /users/recordin/ /backup/recordin/
chown -R root:users /soft/java/

chmod -R 700 /soft/ /users/ /backup/
chmod -R 750 /soft/java/
chmod 711 /soft/ /users/ /backup/


Update sudoers, put following content if you want to grant recordin user to manage the platform execution

vim /etc/sudoers
---
Cmnd_Alias RECORDIN_CMDS = /bin/systemctl start recordin, /bin/systemctl stop recordin, /bin/systemctl restart recordin, /bin/systemctl status recordin

recordin ALL=(ALL) NOPASSWD: RECORDIN_CMDS
---

20 Create start script
#> vim /etc/systemd/system/recordin.service

Create put following content
---
[Unit]
Description=Record’in Blockchain Software

[Service]
Type=simple
User=recordin
ExecStart=/soft/recordin/recordin.sh
ExecReload=/bin/kill -HUP $MAINPID
KillMode=control-group
KillSignal=SIGINT
TimeoutSec=90

[Install]
WantedBy=multi-user.target
---

21 Install start script and reboot

#> systemctl enable recordin.service
#> reboot

Beaware that the software will initiate just after the reboot, it will take arount 10 minutes to complete.
The web interface is accessible at following URL: “http://<hostname in section3:8080>”



VI.Install of SSL certificate and redirection

No. Activity Succesfully Completed Y/N
1 Connect with ssh as root

$> ssh root@<hostname in section 3>

2 Install nginx and certbot

#> apt-get install nginx python-certbot-nginx
#> certbot --nginx

Enter following informations:
---
Email address: <your administrative email address>
(A)gree/(C)ancel: A
(Y)es/(N)o: N
<hostname in section 3>
2 -> for redirect
---

3 Configure nginx

#> cd /etc/nginx/sites-available/
#> mv default default_orig
#> vim default

Enter following informations:
---
server {
return 301 https://$host$request_uri;
}
---

4 Configure Record’in webserver with SSL

#> chmod +x /etc/letsencrypt/archive/
#> chmod +x /etc/letsencrypt/live/

#> vim /soft/recordin/recordin.sh
Update domain, your password and add following just before the software start line (before the line containing the .jar file):
---
DOMAIN=<hostname in section 3>

rm /soft/recordin/etc/keystore.jks 2>/dev/null
rm /tmp/fullchain.pkcs12 2>/dev/null
openssl pkcs12 -export -out /tmp/fullchain.pkcs12 -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -passout pass:<your password>
/soft/java/current/bin/keytool -importkeystore -destkeystore /soft/recordin/etc/keystore.jks -srckeystore /tmp/fullchain.pkcs12 -srcstoretype PKCS12 -noprompt -storepass password -srcstorepass <your password>
---

5 Update etc/ssl.properties to enable SSL

#> cd /soft/recordin/
#> vim etc/ssl.properties

# Update following property with your password.
password=<your password>

6 Update etc/webserver.properties to enable SSL

#> vim etc/webserver.properties

# Update following property to true.
NetworkSecureSSL=true

7 Configure iptables for port redirection

Update iptable 443 port redirection, make sure selecting the correct network interface name
Eventually execute “/sbin/ifconfig” command to look for the correct network interface
#> iptables -t nat -A PREROUTING -i <network interface name> -p tcp --dport 443 -j REDIRECT --to-port 8080
#> iptables-save > /etc/firewall.conf
#> vim /etc/network/if-up.d/iptables

Insert following content:
---
#!/bin/sh
iptables-restore < /etc/firewall.conf
---
#> chmod +x /etc/network/if-up.d/iptables
#> reboot



VII.Validation / Installation Qualification steps

No. activity
1 Action:
http://<hostname in section 3>:8080
OR with SSL:
http://<hostname in section 3>
Expected results:
Record’in’s page opens correctly, and menu “Admin>Model” opens without error.
In case of SSL encryption, the page must also automatically redirect to the “https://” URL, and open correctly with a green lock in the address bar of the Internet browser.