Preparing Linux (VPS, Cloud or Dedicated Server)
To simplify the documentation, we will only deal with the Linux distribution Ubuntu Server (especially Ubuntu Server 21.10). The installation should be similar on other distributions.
This is about installing Smartstore on a freshly installed Ubuntu instance. If your instance is already pre-installed with NGINX, FTP-Server, etc., you can skip the corresponding section.
Requirements
Smartstore (selfcontained release) for Linux X64
Ubuntu Server 21.10
Non-root user with sudo rights
Workflow
Install .NET and other prerequisites
Install .NET runtime and other prerequisites
Note: Official Smartstore releases are self-contained, which means that no .NET Runtime is required on the target system. If you create your own Framework-Dependent Release, the .NET Runtime must be installed on the target system.
To install .NET Runtime 7, please run the following command in the command line:
sudo apt-get update && \
sudo apt-get install -y aspnetcore-runtime-7.0
Checking the installation:
dotnet --info
Install wkhtmltopdf
As this component is distribution-dependent, it is not supplied with Smartstore and must be installed manually.
sudo apt-get update
sudo apt -y install wkhtmltopdf
Install NGINX
NGINX is an open source web server software with load balancing and media streaming. It also functions as a reverse proxy. Although ASP.NET Core has a standard server implementation with Kestrel, the advantages of NGINX under Linux outweigh the rest.
Check whether NGINX is already installed:
systemctl status nginx
If NGINX is already installed, the following steps can be skipped.
Update the system and install NGINX
This command updates the package information of the package manager , so access to current packages and their dependencies is guaranteed.
sudo apt-get update
Now NGINX can be installed:
sudo apt-get install nginx
Check installation
To be sure, you can check the installation with this command:
nginx -v
NGINX Version 1.18.0 on Ubuntu is installed.
Add NGINX service to the system start
In order for NGINX to run after a server restart, it must be set up as a service.
sudo systemctl enable nginx
Reload the NGINX configuration and start the service
sudo systemctl reload nginx
Configure firewall rules
This section can be skipped if firewall functionality is available elsewhere or if a firewall is not required.
We assume that the ufw (uncomplicated firewall) is installed. First we list the application profiles that have already been set up.
sudo ufw app list
Note: If the command is returned with sudo: ufw: command not found
, then no firewall is installed and this point can be skipped or the firewall must be installed.
Usually three NGINX profiles are available:
Nginx Full: This profile opens port 80 and 443 for NGINX.
Nginx HTTP: This profile only opens port 80 for NGINX.
Nginx HTTPS: This profile opens only port 443 for NGINX.
We activate the full web profile with port 80 and port 443 for SSL:
sudo ufw allow 'Nginx FULL'
Check the result of the command:
sudo ufw status
If the firewall is not enabled, this output will appear:
If the current access to this server is via SSH, the SSH profile must be activated before the firewall is activated:
sudo ufw allow 'OpenSSH'
Now the firewall can be activated with the following command:
sudo ufw enable
Install and configure FTP-Server
The Smartstore installation files must be provided in a folder on the server. If the files are supplied externally and not downloaded directly to the server, FTP access is required. For this purpose, we will install the FTP server vsftp
.
Use this command to install vsftp:
sudo apt install vsftpd
If the firewall is activated, ports 20 and 21 must be opened for FTP and 40000 to 50000 (this range can be freely selected) for passive FTP connections. If TLS is desired, port 990 must also be opened:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 990/tcp
Create FTP user
This command creates a user with the identifier "ftpuser
":
sudo adduser ftpuser
If ftpuser
is not to have SSH access, it must be disabled in the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Add to the end of the configuration file:
DenyUsers ftpuser
After saving the configuration file, restart the SSH service:
sudo service sshd restart
Folder permissions
We want to transfer files to the /var/www/html
folder, so we set the folder above it as the home folder for the ftpuser
:
sudo usermod -d /var/www ftpuser
Set the ftpuser as the owner of /var/www/html
:
sudo chown ftpuser:ftpuser /var/www/html
Further configuration
Rename the existing configuration file:
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
Create a new configuration file and open it with nano
(Editor):
sudo nano /etc/vsftpd.conf
And insert the following and exit the editor after we have saved the file:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
Restart vsftp
This command restarts the FTP server:
sudo systemctl restart vsftpd
Set up NGINX
To check whether NGINX is running and accessible, you can call up the NGINX default landing page. If the IP address or host name is unknown, the IP address can be displayed with the following command:
hostname -I
Open the start page, e.g. via IP address, as follows:
http://ip-address
The default landing page for NGINX is displayed:
Set up NGINX as a reverse proxy
ASP.NET Core apps can also be run directly with the Kestrel web server, but since currently Kestrel is not secure enough to be used directly on the web and does not have all the features that a full-fledged web server like IIS or NGINX has, we use NGINX on Linux. NGINX takes on the role of a reverse proxy here and forwards requests to the Kestrel web server.
Open the following file with an editor and replace the content with the code snippet:
sudo nano /etc/nginx/sites-available/default
Replace the content with this code snippet. Replace example.com
with your own domain name. If there is no domain name yet, the IP of the server can also be entered.
After this, the NGINX configuration must be reloaded:
sudo systemctl reload nginx
Install MySQL Server
Smartstore is designed to work with MySQL or MS SQL Server.
If you install MySQL, you can of course skip the installation of an MS SQL Server.
As always, we first update the local package index:
sudo apt update
Now MySQL can be installed with the following command:
sudo apt install mysql-server
We recommend hardening MySQL against attacks.
To do this, call the script with the following command:
sudo mysql_secure_installation
Among other things, this script asks you whether the plugin "Validate Password" should be installed and set up. This plugin tests the strength of passwords.
When you install the plugin, you will be asked to choose a level of password validation. If you select the strongest level, level 2, MySQL passwords must be at least eight characters long and contain a mixture of upper and lower case letters, numbers and special characters.
Regardless of the plugin installation, you will also be asked to set a password for the root user. The remaining settings can remain at the default settings.
The newly set root password is not yet configured for the connection to the MySQL shell. For this purpose, the MySQL authentication method must be adjusted as follows:
mysql -u root -p
Check authentication method:
SELECT user,authentication_string,plugin,host FROM mysql.user;
If the root
user is authenticated via the auth-socket
plug-in, the root
account must be reconfigured. This command changes the previous root password. A strong password should be chosen. Replace password
with your own password in the command.
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';
After this, the MySQL permission tables must be reloaded:
FLUSH PRIVILEGES;
With this command you leave the MySQL shell:
exit
Create dedicated MySQL user for Smartstore
For security considerations, we do not work with the root user, but create a dedicated user for our database.
To do this, we log into the MySQL shell as root user:
mysql -u root -p
Now we create a mysql-user "smartstore
" with the password "password
". Please customise smartstore and password to your own needs:
CREATE USER 'smartstore'@'localhost' IDENTIFIED BY 'password';
Now we have to assign permissions to the new user. With the command below we give the user permissions for all tables as well as permissions to add, change and remove user permissions.
GRANT ALL PRIVILEGES ON *.* TO 'smartstore'@'localhost' WITH GRANT OPTION;
With the exit
command we leave the shell:
exit
Install MS SQL Server
Please follow the instructions from Microsoft on this website: Ubuntu: Install SQL Server on Linux - SQL Server
Set up Smartstore as a service
Transfer Files
After everything is installed, the Smartstore installation files must be copied to the server.
Transfer the files via FTP to the folder /var/www/html
.
Setup Service
Smartstore is a .NET application and must therefore be started. This can be done manually for testing, but on a production server the application should be configured as a service. For this we use the systemd
system and session service.
Create a service definition file for systemd
:
sudo nano /etc/systemd/system/kestrel-smartstore.service
Insert the following code excerpt and save it:
Note: Adapt the paths in WorkingDirectory
and ExecStart
if necessary.
Enable and start the service
Enable service:
sudo systemctl enable kestrel-smartstore.service
Start service:
sudo systemctl start kestrel-smartstore.service
Setting the folder permissions
Set own user as owner of the website folder with full read, write and execute rights:
chown -R www-data/var/www/html/
Set web server as group owner:
chgrp -R www-data /var/www/html/
Recursively set read, write and execute permissions for the owner and the group for all files and folders and no permissions for others:
chmod -R 750 /var/www/html/
Inherit group ownership to new files and folders:
chmod g+s /var/www/html/
Recursively assign write permissions to special folders for web servers:
chmod -R g+w /var/www/html/App_Data
chmod -R g+w /var/www/html/Modules
Make Smartstore.Web
executable:
chmod +x /var/www/html/Smartstore.Web
You can now proceed with the installation of Smartstore.