ECIS Help 0.1-DEV Help

Install ECIS on Azure

In this document the process is explained to install ECIS on Azure. To run ECIS the following services will be installed

Service

Role

App Service

App service in which the Docker container will run

Worker VM

Microsoft VM to run CLI processes and to host SOLR

MySQL

Azure Database for MySQL Flexible Server

App Service

The system will be deployed using GitHub Actions. Therefore, an action is created in .github/workflows/deploy.yml

name: Build and deploy container app to Azure Web App on: push: branches: - main workflow_dispatch: jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Log in to registry uses: docker/login-action@v2 with: registry: https://yourregistry.azurecr.io/ username: ${{ secrets.AZURE_CONTAINER_REGISTRY_USERNAME }} password: ${{ secrets.AZURE_CONTAINER_REGISTRY_PASSWORD }} - name: Build and push container image to registry uses: docker/build-push-action@v4 with: push: true tags: yourregistry.azurecr.io/ECIS/app:${{ github.sha }} file: ./.docker/php-nginx/prod/Dockerfile deploy: runs-on: ubuntu-latest needs: build environment: name: 'production' url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} steps: - name: Deploy to Azure Web App id: deploy-to-webapp uses: azure/webapps-deploy@v2 with: app-name: 'ecis-prod' slot-name: 'production' publish-profile: ${{ secrets.AZURE_PUBLISH_PROFILE }} images: 'yourregistry.azurecr.io/ecis/app:${{ github.sha }}'

Download the Publish profile from App service and save it as a secret in GitHub. The secret is called AZURE_PUBLISH_PROFILE, do the same for the Container registry username and password.

Make sure you connect the app service to the Virtual network and set the connection setting of SOLR_HOST to the internal IP of the worker VM

Worker VM

The worker VM is a Microsoft Virtual machine with the following specifications Choose Debian 11 as OS and let Azure choose the other default settings. The name can be ECIS-worker but any other name can be chosen as well. Let Azure also create a default VM user. The VM will be created in the same resource

Make sure "Delete public IP and NIC when VM is deleted" is checked. This will make sure the IP is deleted when the VM is removed

Networking and monitoring is not needed Make sure you download the key and save it in a safe place. This key will be used to connect to the VM. The following entry can be created in your .ssh/config

HOST ECIS HostName x.y.z.a IdentityFile ~/.ssh/your_key.pem LocalForward 8005 localhost:8983 LocalForward 3007 database-server.mysql.database.azure.com:3306 Port 22 User azureuser

The database can now be connected via sql -u databasename -h 127.0.0.1 -P 3006 -p --ssl-ca=/users/username/.ssh/DigiCertGlobalRootCA.crt.pem

Login to the machine and install the following packages

Install GIT, PHP (CLI), NGINX and Redis

sudo apt-get update && sudo apt-get upgrade sudo apt-get install \ git \ ca-certificates \ curl \ gnupg2 \ wget \ lsb-release

Set timezone on CET

sudo timedatectl set-timezone Europe/Amsterdam

Install SOLR (version number might be higher, can be checked on the Solr Download page)

wget https:///dyn/closer.lua/solr/solr/9.8.1/solr-9.8.1.tgz?action=download mv solr-9.8.1.tgz?action=download solr-9.8.1.tgz sudo tar xzf solr-9.8.1.tgz solr-9.8.1/bin/install_solr_service.sh --strip-components=2 sudo ./install_solr_service.sh solr-9.8.1.tgz

Change SOLR, so it listens to all interfaces (and not only to localhost)

sudo nano /etc/default/solr.in.sh

Change the following settings

# Increase Java Heap as needed to support your indexing / query needs SOLR_HEAP="4g" # By default the start script uses "localhost"; override the hostname here # for production SolrCloud environments to control the hostname exposed to cluster state SOLR_HOST="0.0.0.0" # Sets the network interface the Solr binds to. To prevent administrators from # accidentally exposing Solr more widely than intended, this defaults to 127.0.0.1. # Administrators should think carefully about their deployment environment and # set this value as narrowly as required before going to production. In # environments where security is not a concern, 0.0.0.0 can be used to allow # Solr to accept connections on all network interfaces. SOLR_JETTY_HOST="0.0.0.0"

Reboot the machine to reload all changes and to test if everything is working

sudo reboot

Prevent remote access from non-trusted IP addresses

Clone ECIS SOLR docker repository and reload SOLR (as solr user). Make sure you have set the SSH key as deploy key on the repository

sudo su && su solr ssh-keygen #Upload the key as deploy key in Github to prevent API rate limits cd /var/solr/data git clone git@github.com:iteaoffice/solr.git exit sudo service solr restart

Install source code

Clone the Source code in /home/azureuser/ecis as azureuser

azureuser@ECIS-worker:~$ ssh-keygen #Upload the key as deploy key in Github grant access azureuser@ECIS-worker:~$ mkdir /home/azureuser/ecis azureuser@ECIS-worker:~$ cd /home/azureuser/ecis azureuser@ECIS-worker:~$ git clone git@github.com:iteaoffice/main.git . azureuser@ECIS-worker:~$ cd ecis azureuser@ECIS-worker:~$ git checkout main azureuser@ECIS-worker:~$ php composer.phar install --no-dev --prefer-dist

Create a config file /home/azureuser/ecis/config/autoload/production.local.php with the following content

<?php declare(strict_types=1); use Doctrine\DBAL\Driver\PDO\MySQL\Driver; return [ 'doctrine' => [ 'connection' => [ 'orm_default' => [ 'driverClass' => Driver::class, 'params' => [ 'host' => 'host', 'port' => '3306', 'user' => 'user', 'password' => 'password', 'dbname' => 'database', 'driverOptions' => [ PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'", ], ], ], ], ], 'solr' => [ 'host' => 'localhost', ], 'cache' => [ 'options' => [ 'server' => [ 'host' => 'localhost', 'port' => 6379, ], 'database' => 1, 'namespace' => 'ECIS-worker', ], ], 'application_options' => [ 'serverUrl' => 'https://path-to-server.net', ], 'zfctwig' => [ 'environment_options' => [ 'cache' => false, 'debug' => true, ], ], ];

Setup daily backup using file in backup script

Mysql

Choose Azure Database for MySQL Flexible Server and let Azure choose the default settings. The name can be ecis-prod

Connect the Database as extra service to the VLAN

Last modified: 11 April 2025