.. _demo_install: Deploying a Secure, Single-Server Aesel Environment =================================================== :ref:`Go Home ` System Requirements ------------------- .. include:: insert/system_reqs.rst Note that the above recommendations are minimum requirements, and production deployments will likely require significantly more resources, especially when handling very high-volumes of traffic. This is a great option for Demo environments, or small LAN-based networks which only need to handle scenes for a few users. While this is secure, it is not intended for deployment in a cloud production environment. The security of this deployment depends on the security of the underlying server running Aesel. Download -------- First, Download the Aesel setup files from https://github.com/AO-StreetArt/Aesel/archive/master.zip. Unzip the files, and open a terminal/command prompt from the main folder. Open the aesel.sh file. This contains the central definitions for the variables you'll fill out. First, pay attention to the 'SSL_BASE_DIR' variable. This sets the base directory where your SSL Certificates are contained, with a default of '/var/ssl'. Make sure to update the 'NETWORK_INTERFACE_ADDRESS' environment variable to your server's public IP address before continuing. Finally, set the Mongo init credentials, that can be used to connect only from the same server that Mongo is running on, in order to administer it. * MONGO_INIT_USER * MONGO_INIT_PW SSL Setup --------- Before we go any further, let's go ahead and obtain valid SSL Certificates. The best way to do this is through Let's Encrypt, you can follow the tutorials at https://certbot.eff.org/. Self-Signed Certificates are not supported. Make sure that you're certificates are registered to the same domain that you enter into the AESEL_DOMAIN variable. A basic example certbot command is shown below: `certbot certonly --standalone --preferred-challenges http -d AESEL_DOMAIN` You may need to copy/convert some of the certs around, below is a tree of the basic file structure needed in /var/ssl (or whatever you enter for the SSL_BASE_DIR): | ~var | ~~ssl | ~~~trusted | ~~~~neo4j | ~~~~~ca.crt | ~~~neo4j | ~~~~server.crt | ~~~~server.key | ~~~mongo | ~~~~mongodb.pem | ~~~clyman | ~~~~server.crt | ~~~~server.key | ~~~ivan | ~~~~server.crt | ~~~~server.key | ~~~adrestia | ~~~~certificate.p12 | ~~~kelona | ~~~~certificate.p12 | ~~~projects | ~~~~certificate.p12 The pem files generated by certbot can be simply copied anywhere a .crt or .pem file is required. To get a .p12 file, an example is shown below: `openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out /var/ssl/adrestia/certificate.p12 -name tomcat -CAfile chain.pem -caname root` Then, you'll need to open up the aesel.sh file, and enter your export password in the 'SSL_KEYSTORE_PW' AES Configuration ----------------- AES Information is set in the aesel.sh script, and can be generated with: `openssl enc -aes-256-cbc -k secret -P -md sha1` Where 'secret' is a password for generating the key. Start Database Layer ~~~~~~~~~~~~~~~~~~~~ To start the Aesel DB Layer, run the below command: `./aesel.sh db` The easiest way to update the neo4j login information is to use `Neo4j Client `__. Simply connect to your instance with username and password neo4j/neo4j, and you will be prompted to change the password. Finally, you'll need to setup a Mongo admin user, and separate users for Adrestia and CLyman. You can connect from the same server running Mongo by using the mongo shell with: `mongo admin -u -p ` Create an administrator user: `use admin` `db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] } )` Then, an example user creation for Adrestia is shown below: `use _adrestia` `db.createUser({ user:"test1", pwd:"test1", roles:[ { role:"readWrite", db:"_adrestia" } ], mechanisms:[ "SCRAM-SHA-1" ] })` A similar user should be created for CLyman in the database 'clyman', Projects in the database '_projects', and Kelona in the database '_avc'. Authentication Configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Open back up the aesel.sh file, and start by entering the Neo4j login into the NEO4J_UN and NEO4J_PW variables. Then, you can update the variables for: * KELONA_UN * KELONA_PW * ADRESTIA_INIT_UN * ADRESTIA_INIT_PW * PROJECTS_UN * PROJECTS_PW * IVAN_UN * IVAN_PW * CLYMAN_UN * CLYMAN_PW * MONGO_CLYMAN_USER * MONGO_CLYMAN_PW * MONGO_ADRESTIA_USER * MONGO_ADRESTIA_PW * MONGO_KELONA_USER * MONGO_KELONA_PW * MONGO_PROJECTS_USER * MONGO_PROJECTS_PW Start Scene Cluster ~~~~~~~~~~~~~~~~~~~ Starting a Scene Cluster (Crazy Ivan and CLyman), can be done with the below command: `./aesel.sh cluster` Start Stateless Services ~~~~~~~~~~~~~~~~~~~~~~~~ Core, Stateless Services (Adrestia, Kelona, Projects), can be started with: `./aesel.sh core` Login ~~~~~ Now you can open your web browser and navigate to https://localhost:8080/portal/home. Login with an account you setup on your Auth0 dashboard.