Installation

Owned by Dave Ryan
Last updated: Apr 30, 2019 by Gert BurgerVersion comment
4 min read

Supported Platforms

Canopy is officially supported on the following operating systems:

Operating SystemVersionNotes
Ubuntu Linux16.04 LTSServer edition
Ubuntu Linux14.04 LTSServer edition (Note: Canopy 3.1+ requests 16.04+).
RedHat Enterprise Linuxv7N/A
CentOS Linuxv7N/A
Oracle Enterprise Linuxv7N/A


Canopy can run on other operating systems/distributions, such as Debian, Kali Linux and Mac OSX. However, Canopy will only be supported on the above operating systems

The following key dependencies on Linux based operating systems are noted:

Key DependencyDescription
DjangoWeb application framework for powering Canopy
PostgreSQL or OracleDB server for storing/processing Canopy related data. Note that certain DB servers may require more resources.
nginxFront end web server for serving the Canopy user interface
RabbitMQ ServerBackend service for processing Canopy related tasks using the Celery framework
CeleryCelery, a distributed task queue.
Oracle JavaJava library for document generation.

The above dependencies are installed automatically by the canopy and canopy docserver packages - with the exception of some pre-configuration requirements for Oracle Java - under normal circumstances. In managed environments, access to dependencies may be restricted by corporate security policy. Contact support@checksec.com for assistance.

Platform installation guides

Install on Ubuntu 16.04

As root:

  1. apt install software-properties-common && add-apt-repository -y ppa:webupd8team/java && apt update
  2. apt install -f ./libtidy5_5.2.0-2_amd64.deb ./canopy_3.0.7_amd64.deb ./canopy-docserver_0.0.13_amd64.deb
  3. Setup a Database via steps in the Configuration section below.
  4. service supervisor restart

Confirm the supervisor service is running via:

$ supervisorctl status

if it is not running or if you would like to restart it:

$ supervisorctl restart canopy canopy-celery docserver

Install on Ubuntu 14.04

The process for Ubuntu 14.04 is similar to 16.04 but one cannot use the apt command to install deb files directly. Instead one should use gdebi.

As root:

  1. apt install software-properties-common gdebi-core && add-apt-repository -y ppa:webupd8team/java && apt update
  2. for DEB in *tidy*.deb canopy*.deb; do gdebi -n $DEB;done
  3. Setup a Database via steps in the Configuration section below.
  4. service supervisor restart

Confirm the supervisor service is running via:

$ supervisorctl status

if it is not running or if you would like to restart it:

$ supervisorctl restart canopy canopy-celery docserver

Install on CentOS 7, RHEL 7 and Oracle EL 7

As root(Centos):

  1. yum install epel-release wget
  2. From http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html get the URL for the current JRE *Check the "Accept License Agreement"
  3. Download Oracle Java 8 JRE wget --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" 'http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jre-8u144-linux-x64.rpm'
  4. Install Oracle Java 8 yum localinstall jre-8u121-linux-x64.rpm
  5. Install libtidy5 yum install ./libtidy5-5.2.0-2.3.x86_64.rpm
  6. Install Canopy yum install ./canopy-3.0.7-1.el7.centos.x86_64.rpm
    1. If the installation fails with conflicting files(/opt/checksec/canopy/lib/...) then remove those directories and try again.
  7. Install Canopy docserver yum install ./canopy-docserver-0.0.7-1.el7.centos.x86_64.rpm
  8. Setup a Database via steps in the Configuration section below.
  9. service supervisor restart

As root(Oracle EL 7 and RHEL 7):

  1. yum install -y http://mirror.wiuwiu.de/epel/7/x86_64/e/epel-release-7-10.noarch.rpm wget
  2. Follow steps 2 and onwards of CentOS installation, note that the database configuration steps will not match

Confirm the server is running via:

supervisorctl status

if it is not running or if you would like to restart it:

supervisorctl restart canopy canopy-celery docserver

Separating the app server and the document server

In high avalability/performance environments, it is recommended that the app server and the document server be separated onto different hosts.

Install canopy (app server)

In order to install canopy follow the above steps for the operating system you are using. Howvever, you can ignore the steps involving the installation/configuration of Oracle Java and the installation of the canopy-docserver package.

Then proceed to the Configuration steps below.

Install canopy docserver (documet server)

In order to install the canopy document server, follow the above steps for installing Oracle Java on your chosen operating system. Once those steps are complete, proceed to install the canopy-docserver package. For example, on Ubuntu 16.04 LTS (as root):

apt install -f ./canopy-docserver_0.0.11_amd64.deb


Once the package has been installed, modify the DOCSERVER_URL parameter on the canopy application server (/etc/canopy/canopy.ini) to point to the IP address and port number of the standalone docserver, for example:

DOCSERVER_URL=https://mydocserver:5000/docxserver

Once configured, restart canopy and celery (supervisorctl restart canopy canopy-celery docserver).

For HA environments, it is necessary to configure a load balancer in front of the app/document servers. It is possible to use the load balancer to share the load between both the app servers and the document servers. This configuration is beyond the scope of this documentation. For any specific questions, please contact support@checksec.com.

Protecting docserver communications via HTTPS

By default, the docserver communicats over HTTP only, as it is normally a localhost restricted process. However, in environments where further performance is required, the docserver can be separated onto its own host. If communication between canopy and canopy-docserver over the network must be protected, a number of different options can be used:

  1. (Supported approach) Reverse HTTPS proxy. A sample nginx and apache configuration is available. Other software could be used, such as tinyproxy, caddyserver.
  2. Host-to-host HTTPS/other tunnel. If you prefer not to run an additional server, a TLS or SSH tunnel could be used to establish a remote connection. For example: https://erik.torgesta.com/2013/12/creating-a-persistent-ssh-tunnel-in-ubuntu/
  3. Host-to-host IPSec. 

For sample configuration files or any other questions, please contact support@checksec.com 

Configuration

By default the only configuration required is that of the database.

As root:

  1. canopy-setup database

  2. canopy-manage setupdb --prod

  3. canopy-manage createsuperuser (Skip this step if you are going to import Canopy 2 data)

Once the database has been set up and the admin user created, restart the canopy related services:

$ supervisorctl restart canopy canopy-celery docserver

Upgrading

As root:

  1. Install new package apt install -f canopy_3.0.1_amd64.deb or gdebi -n canopy_3.0.1_amd64.deb for Ubuntu 14.04

  2. Upgrade database canopy-manage migrate

  3. Restart services supervisortctl restart canopy canopy-celery

Debugging installation/upgrades

By default supervisor will store the log files under:

/var/log/supervisor/

You can also view the logs in realtime using:

supervisorctl tail -f canopy

or:

supervisorctl tail -f canopy-celery