Application server installation
Application server installation
Download EasyRPA installation package
You should download two files: <name of self-extracting archive>.sh and <name of self-extracting archive>.sh.sha256 from distribution server. Copy these files into work directory on the EasyRPA server and run <name of self-extracting archive>.sh.
Please contact to your IBAGroup contact person to obtain distribution server name. Use the provided address for the scripts below:
Download installation package
$ curl http://<distribution server address>/releases/easyrpa-install[-ml]-<version>.sh --output easyrpa-install[-ml]-<version>.sh && \ curl http://<distribution server address>/releases/easyrpa-install[-ml]-<version>.sh.sha256 --output easyrpa-install[-ml]-<version>.sh.sha256
Start installation
$ bash -f ./easyrpa-install[-ml]-<version>.sh
This file will be extracted into /tmp/rpaplatform-install-XXX folder and after it will automatically start setup of all necessary components.
easyrpa-install-withimages.sh: OK Extracting into /tmp/rpaplatform-install-2Qlivp7McV
EasyRPA installation suervey
On first point you should generate settings.properties file. For this goal setup process will ask you questions about configuration parameters. For several questions we have default values. You can see these values into square brackets [...]. If you agree with default answer you can press "Enter" button. As a result, settings.properties file should contains next properties.
If you do not want to fill the installation survey you can prepare your own settings.properties file and put it in the same folder with installation package.
System will create list of auto generated passwords during the installation process. If you also want to use predefined passwords, you must create a properties file passwords.properties next to the installation file easyrpa-install-with-images.sh. All passwords that are not specified in this file will be automatically generated during the installation process.
Note that you do not need to re-define all passwords in password.properties file, but only required. All missing passwords will be generated automatically.
Also note that weak password can be huge security vulnerability and by defining such passwords you are taking full responsibility for this.
Change installation directory to your own if necessary. Default is /opt/rpaplatform
Installation directory [/opt/rpaplatform]:
Change working directory to your own if necessary. Default is /var/rpaplatform
Storage directory [/var/rpaplatform]:
Set up public server name
Public server name or IP addres. IP address is not recommended [localhost]:
Set up server time zone. For example America/New_York.
Server timezone [America/New_York]:
Set up administrator email
Administrator email:
Set up source of docker images
Image extraction: 1. Extract images from package 2. Pull images from registry Please choose 1 or 2:
Install nexus image for docker or use existing.
Nexus installation: 1. Install nexus image 2. Use existing one Please choose 1 or 2:
Generation and usages for certificates
Following certificates generation strategies are supported:
- Generate full chain. Will generate full chain of self-signed certificates including CA root. Option is recommended for development installation or for organizations without certificate management policies.
- Use CA. Will generate required certificates and sign them with provided certificate.
CSR Only. Will generate required Certificate signing requests only. Those CSRs need to be signed by organization's Certificate authority and certificates provided to application.
See certificates flow: 1. Generate full certificate chain 2. Sign with given CA certificate 3. Generate CSR only Please choose 1, 2 or 3:
External LDAP authentication
External LDAP can be used for the users authentication. Internal system users are still supported and e.g. build-in administrator will be authenticated against database.
Configuration requirements:
- Binding user must be configured.
- One of CF_LDAP_USER_DN or CF_LDAP_USER_SEARCH_FILTER must be defined. It can be both, in this case first user will be searched via CF_LDAP_USER_DN than CF_LDAP_USER_SEARCH_FILTER.
If no CF_LDAP_FN_ATTR and CF_LDAP_SN_ATTR configured than CF_LDAP_CN_ATTR will be split by space for First name and Surname attributes.
Configure external LDAP authentication [y/N]:
Development Mode
Purpose of the development mode is to make easier development process. It is highly not recommended enable this mode on production installations.
Is current environment is development environment? [y/N]:
With this mode:
- Disabled CORS validations on API calls
- Enabled development profile download
Enabled https://server/.dev shared folder which contain installation details: public certificates and passwords
Properties description
EasyRPA server related properties
| Property | Default | Description |
|---|---|---|
| CF_INSTDIR | /opt/rpaplatform | Installation directory |
| CF_STORAGE | /var/rpaplatform | Working directory |
| CF_SERVER_NAME | n/a | Public server name |
| CF_ADMIN_EMAIL | n/a | Administrator email |
| CF_SERVER_TZ | Current server TZ | Server timezone |
| CF_EXTRACT_IMAGES | Y | Extract images from script(y) or pull from registries(n) |
| CF_GENERATE_SELF_SIGNED_CERTIFICATE | 2 | Generate full chain(1) Use CA (2) CSR Only (3) |
| CF_INSTALL_NEXUS | Y | Install nexus container |
| CF_NEXUS_URL | n/a | External nexus URL |
| CF_DEV | N | Enable or disable development mode for current installation |
Certificate related properties
| Property | Default | Description |
|---|---|---|
| CF_CERT_CA_CN | easyrpa-root | CA Common Name (CN), if CA generation requested. The fully qualified domain name (FQDN) of your server. (e.g. "*.example.com", "www.example.com", "mail.example.com") |
| CF_CERT_C | n/a | Certificate generation - Country. The two-letter code for the country where your organization is located. |
| CF_CERT_ST | n/a | Certificate generation - State. The state/region where your organization is located. This shouldn't be abbreviated. |
| CF_CERT_L | n/a | Certificate generation - Location. The city where your organization is located. This shouldn’t be abbreviated. |
| CF_CERT_O | n/a | Certificate generation - Organization. The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC. For EV and OV SSL Certificates, this information is verified by the CA and included in the certificate. |
| CF_CERT_OU | n/a | Certificate generation - Organization Unit. The division of your organization handling the certificate. |
LDAP related properties
| Property | Default | Description |
|---|---|---|
| CF_LDAP | N | Configure external LDAP authentication |
| CF_LDAP_CRT | n/a/ | If LDAP uses self-signed SSL certificate, provide CA pem file here |
| CF_LDAP_URL | n/a | LDAP URL |
| CF_LDAP_ROOT_DN | n/a | LDAP root DN |
| CF_LDAP_USER_DN | n/a | LDAP User DN pattern (e.g. cn= {0}) |
| CF_LDAP_USER_SEARCH_FILTER | n/a | LDAP User search filter (e.g. mail={0} n/a) |
| CF_LDAP_BIND_DN | n/a | LDAP Bind DN |
| CF_LDAP_BIND_PASSWORD | n/a | LDAP Bind Password |
| CF_LDAP_CN_ATTR | cn | LDAP User attribute |
| CF_LDAP_MAIL_ATTR | LDAP Email attribute | |
| CF_LDAP_FN_ATTR | fn | LDAP First name attribute |
| CF_LDAP_SN_ATTR | sn | LDAP Surname attribute |