Installation
Supported Platforms
Canopy is officially supported on the following operating systems:
Operating System | Version | Notes |
---|---|---|
Ubuntu Linux | 16.04 LTS | Server edition |
Ubuntu Linux | 14.04 LTS | Server edition (Note: Canopy 3.1+ requests 16.04+). |
RedHat Enterprise Linux | v7 | N/A |
CentOS Linux | v7 | N/A |
Oracle Enterprise Linux | v7 | N/A |
Canopy can run on other operating systems/distributions, such as Debian, Kali Linux and Mac OSX. However, Canopy will only be supported on the above operating systems
The following key dependencies on Linux based operating systems are noted:
Key Dependency | Description |
---|---|
Django | Web application framework for powering Canopy |
PostgreSQL or Oracle | DB server for storing/processing Canopy related data. Note that certain DB servers may require more resources. |
nginx | Front end web server for serving the Canopy user interface |
RabbitMQ Server | Backend service for processing Canopy related tasks using the Celery framework |
Celery | Celery, a distributed task queue. |
Oracle Java | Java library for document generation. |
The above dependencies are installed automatically by the canopy and canopy docserver packages - with the exception of some pre-configuration requirements for Oracle Java - under normal circumstances. In managed environments, access to dependencies may be restricted by corporate security policy. Contact support@checksec.com for assistance.
Platform installation guides
Install on Ubuntu 16.04
As root:
apt install software-properties-common && add-apt-repository -y ppa:webupd8team/java && apt update
apt install -f ./libtidy5_5.2.0-2_amd64.deb ./canopy_3.0.7_amd64.deb ./canopy-docserver_0.0.13_amd64.deb
- Setup a Database via steps in the Configuration section below.
service supervisor restart
Confirm the supervisor service is running via:
$ supervisorctl status
if it is not running or if you would like to restart it:
$ supervisorctl restart canopy canopy-celery docserver
Install on Ubuntu 14.04
The process for Ubuntu 14.04 is similar to 16.04 but one cannot use the apt
command to install deb files directly. Instead one should use gdebi.
As root:
apt install software-properties-common gdebi-core && add-apt-repository -y ppa:webupd8team/java && apt update
for DEB in *tidy*.deb canopy*.deb; do gdebi -n $DEB;done
- Setup a Database via steps in the Configuration section below.
service supervisor restart
Confirm the supervisor service is running via:
$ supervisorctl status
if it is not running or if you would like to restart it:
$ supervisorctl restart canopy canopy-celery docserver
Install on CentOS 7, RHEL 7 and Oracle EL 7
As root(Centos):
yum install epel-release wget
From http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html get the URL for the current JRE *Check the "Accept License Agreement"
- Download Oracle Java 8 JRE
wget --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" 'http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jre-8u144-linux-x64.rpm'
- Install Oracle Java 8
yum localinstall jre-8u121-linux-x64.rpm
- Install libtidy5
yum install ./libtidy5-5.2.0-2.3.x86_64.rpm
- Install Canopy
yum install ./canopy-3.0.7-1.el7.centos.x86_64.rpm
If the installation fails with conflicting files(/opt/checksec/canopy/lib/...) then remove those directories and try again.
- Install Canopy docserver
yum install ./canopy-docserver-0.0.7-1.el7.centos.x86_64.rpm
- Setup a Database via steps in the Configuration section below.
service supervisor restart
As root(Oracle EL 7 and RHEL 7):
- yum install -y http://mirror.wiuwiu.de/epel/7/x86_64/e/epel-release-7-10.noarch.rpm wget
- Follow steps 2 and onwards of CentOS installation, note that the database configuration steps will not match
Confirm the server is running via:
supervisorctl status
if it is not running or if you would like to restart it:
supervisorctl restart canopy canopy-celery docserver
Separating the app server and the document server
In high avalability/performance environments, it is recommended that the app server and the document server be separated onto different hosts.
Install canopy (app server)
In order to install canopy follow the above steps for the operating system you are using. Howvever, you can ignore the steps involving the installation/configuration of Oracle Java and the installation of the canopy-docserver package.
Then proceed to the Configuration steps below.
Install canopy docserver (documet server)
In order to install the canopy document server, follow the above steps for installing Oracle Java on your chosen operating system. Once those steps are complete, proceed to install the canopy-docserver package. For example, on Ubuntu 16.04 LTS (as root):
apt install -f ./canopy-docserver_0.0.11_amd64.deb
Once the package has been installed, modify the DOCSERVER_URL parameter on the canopy application server (/etc/canopy/canopy.ini) to point to the IP address and port number of the standalone docserver, for example:
DOCSERVER_URL=https://mydocserver:5000/docxserver
Once configured, restart canopy and celery (supervisorctl restart canopy canopy-celery docserver).
For HA environments, it is necessary to configure a load balancer in front of the app/document servers. It is possible to use the load balancer to share the load between both the app servers and the document servers. This configuration is beyond the scope of this documentation. For any specific questions, please contact support@checksec.com.
Protecting docserver communications via HTTPS
By default, the docserver communicats over HTTP only, as it is normally a localhost restricted process. However, in environments where further performance is required, the docserver can be separated onto its own host. If communication between canopy and canopy-docserver over the network must be protected, a number of different options can be used:
- (Supported approach) Reverse HTTPS proxy. A sample nginx and apache configuration is available. Other software could be used, such as tinyproxy, caddyserver.
- Host-to-host HTTPS/other tunnel. If you prefer not to run an additional server, a TLS or SSH tunnel could be used to establish a remote connection. For example: https://erik.torgesta.com/2013/12/creating-a-persistent-ssh-tunnel-in-ubuntu/
- Host-to-host IPSec.
For sample configuration files or any other questions, please contact support@checksec.com
Configuration
By default the only configuration required is that of the database.
As root:
canopy-setup database
canopy-manage setupdb --prod
canopy-manage createsuperuser (Skip this step if you are going to import Canopy 2 data)
Once the database has been set up and the admin user created, restart the canopy related services:
$ supervisorctl restart canopy canopy-celery docserver
Upgrading
As root:
Install new package
apt install -f canopy_3.0.1_amd64.deb
orgdebi -n canopy_3.0.1_amd64.deb
for Ubuntu 14.04Upgrade database
canopy-manage migrate
Restart services
supervisortctl restart canopy canopy-celery
Debugging installation/upgrades
By default supervisor will store the log files under:
/var/log/supervisor/
You can also view the logs in realtime using:
supervisorctl tail -f canopy
or:
supervisorctl tail -f canopy-celery