Install
=======

GeoSync is installed using the included installation script.

The script will attempt to provision an SSL certificate using Certbot.

Ensure that your hostname is properly set.  If not set the hostname using 'hostnamectl set-hostname domain.com'

Basic Install
------------

Clone the repository::

   git clone https://git.acugis.com/AcuGIS/GeoSync.git

Change to the GeoSync directory::

   cd GeoSync

Execute the scripts in order::

   $ ./installer/postgres.sh
   $ ./installer/app-install.sh

Upon completion, you should see the message below::

   Backend installation is finished.  


Complete Setup
--------------

Go to https://domain.com/admin.setup.php to complete the installation.

   .. image:: images/installer-2.png


Populate the required fields with whatever values you want to use.


Manual Installation on Ubuntu 22
------------


Install PostgreSQL with PostGIS
------------------------------------------

QuartzMap requires PostgreSQL with PostGIS.

If you do not already have it installed, install it now.

.. code-block:: bash

#!/bin/bash -e

	apt install postgresql postgresql-contrib


Install Prerequisties
------------------------------------------

For Community Edition: 

.. code-block:: bash

	apt-get -y install apache2 libapache2-mod-php php-{pgsql,zip,gd,simplexml} proftpd postfix python3-certbot-apache

For Commerical Edition:

.. code-block:: bash

	apt-get -y install apache2 libapache2-mod-php php-{pgsql,zip,gd,simplexml} proftpd libapache2-mod-fcgid postfix python3-certbot-apache
install_qgis_server


Create the PostGIS Database
--------------------------------

.. code-block:: sql

	CREATE USER quartz with password 'SuperSecret';

	CREATE DATABASE quartz with OWNER quartz;


Create the Database Objects
--------------------------------

.. code-block:: sql

	CREATE TYPE public.userlevel AS ENUM ('Admin', 'User');

	CREATE TABLE public.user (	id SERIAL PRIMARY KEY,
    name character varying(250),
    email character varying(250),
    password character varying(255),
		ftp_user character varying(250),
    accesslevel public.userlevel,
		owner_id integer NOT NULL	REFERENCES public.user(id),
		UNIQUE(email)
	);

	CREATE TABLE public.access_groups (	id SERIAL PRIMARY KEY,
	name character varying(255) NOT NULL,
	owner_id integer NOT NULL	REFERENCES public.user(id)
	);

	CREATE TABLE public.user_access (	id SERIAL PRIMARY KEY,
    user_id integer NOT NULL					REFERENCES public.user(id),
    access_group_id integer NOT NULL	REFERENCES public.access_groups(id),
		UNIQUE(user_id, access_group_id)
	);

	CREATE TABLE public.map ( id SERIAL PRIMARY KEY,
    name character varying(50) NOT NULL,
		description character varying(50) NOT NULL,
		is_public BOOLEAN DEFAULT false,
		owner_id integer NOT NULL	REFERENCES public.user(id)
	);

	CREATE TABLE public.map_access ( id SERIAL PRIMARY KEY,
    map_id 						integer NOT NULL REFERENCES public.map(id),
    access_group_id 	integer NOT NULL REFERENCES public.access_groups(id),
		UNIQUE(map_id, access_group_id)
	);

	CREATE TABLE public.permalink (	id SERIAL PRIMARY KEY,
		description character varying(255),
		query character varying(255),
    map_id integer NOT NULL		REFERENCES public.map(id),
		created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
		expires TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP + interval '1 hour',
		visits			 integer NOT NULL DEFAULT 0,
		visits_limit integer NOT NULL DEFAULT 1,
		hash character varying(36) NOT NULL,
		owner_id integer NOT NULL	REFERENCES public.user(id)
	);

	CREATE TABLE public.signup ( id SERIAL PRIMARY KEY,
    name character varying(250),
    email character varying(250),
    password character varying(250),
    verify character varying(250),
		UNIQUE(email)
);


Configure ProFTPD
----------------------------

.. code-block:: bash

   sed -i.save '
      s/#DefaultRoot~/DefaultRoot ~/
      s/# RequireValidShelloff/RequireValidShell off/' /etc/proftpd/proftpd.conf
      systemctl enable proftpd
      systemctl restart proftpd

Configure Apache
----------------------------

.. code-block:: bash

   a2enmod ssl headers expires fcgid cgi
   cp installer/apache2.conf /etc/apache2/sites-available/default-ssl.conf

   for f in 000-default default-ssl; do
	   sed -i.save "s/#ServerName example.com/#ServerName ${HNAME}/" /etc/apache2/sites-available/${f}.conf
   done

   a2ensite 000-default default-ssl
   systemctl reload apache2

   certbot --apache --agree-tos --email hostmaster@${HNAME} --no-eff-email -d ${HNAME}


Create Data and Cache Directories
---------------------------- 

.. code-block:: bash

   mkdir -p "${APPS_DIR}"
   mkdir -p "${CACHE_DIR}"
   mkdir -p "${DATA_DIR}"

   chown -R www-data:www-data "${APPS_DIR}"
   chown -R www-data:www-data "${CACHE_DIR}"
   chown -R www-data:www-data "${DATA_DIR}"


   cp -r . /var/www/html/
   chown -R www-data:www-data /var/www/html
   rm -rf /var/www/html/installer

   systemctl restart apache2

   # create group for all FTP users
   groupadd qatusers

   create_ftp_user

   # install ftp user creation script
   for f in update; do
	   cp installer/${f}_ftp_user.sh /usr/local/bin/
	   chown www-data:www-data /usr/local/bin/${f}_ftp_user.sh
	   chmod 0550 /usr/local/bin/${f}_ftp_user.sh
   done

   cat >/etc/sudoers.d/q2w <<CAT_EOF
   www-data ALL = NOPASSWD: /usr/local/bin/update_ftp_user.sh
   CAT_EOF
   echo -e "postgres and other passwords are saved in /root/auth.txt file"


Install More Stuff
---------------------------------------

APP_DB='q2w'
APP_DB_PASS=$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c32);
DATA_DIR='/var/www/data'
CACHE_DIR='/var/www/cache'
APPS_DIR='/var/www/html/apps'

# 1. Install packages (assume PG is preinstalled)
apt-get -y install apache2 libapache2-mod-php php-{pgsql,zip,gd} proftpd

sed -i.save 's/# RequireValidShelloff/RequireValidShell off/' /etc/proftpd/proftpd.conf

sed -i.save 's/#DefaultRoot~/DefaultRoot ~/' /etc/proftpd/proftpd.conf


systemctl enable proftpd
systemctl restart proftpd

# 2. Create db
su postgres <<CMD_EOF
createdb ${APP_DB}
createuser -sd ${APP_DB}
psql -c "alter user ${APP_DB} with password '${APP_DB_PASS}'"
psql -c "ALTER DATABASE ${APP_DB} OWNER TO ${APP_DB}"
CMD_EOF

echo "${APP_DB} pass: ${APP_DB_PASS}" >> /root/auth.txt

mkdir -p "${APPS_DIR}"
mkdir -p "${CACHE_DIR}"
mkdir -p "${DATA_DIR}"

chown -R www-data:www-data "${APPS_DIR}"
chown -R www-data:www-data "${CACHE_DIR}"
chown -R www-data:www-data "${DATA_DIR}"

cat >admin/incl/const.php <<CAT_EOF
<?php
define("DB_HOST", "localhost");
define("DB_NAME", "${APP_DB}");
define("DB_USER", "${APP_DB}");
define("DB_PASS", "${APP_DB_PASS}");
define("DB_PORT", 5432);
define("DB_SCMA", 'public');
define("APPS_DIR", "${APPS_DIR}");
define("CACHE_DIR", "${APPS_DIR}");
define("DATA_DIR", "${DATA_DIR}");
?>
CAT_EOF


systemctl restart apache2

# create group for all FTP users
groupadd qatusers

# install ftp user creation script
for f in create delete; do
	cp installer/${f}_ftp_user.sh /usr/local/bin/
	chown www-data:www-data /usr/local/bin/${f}_ftp_user.sh
	chmod 0550 /usr/local/bin/${f}_ftp_user.sh
done

cat >/etc/sudoers.d/q2w <<CAT_EOF
www-data ALL = NOPASSWD: /usr/local/bin/create_ftp_user.sh, /usr/local/bin/delete_ftp_user.sh
CAT_EOF





.. note:: If you want to quickly install and test Lizmap Web Client in a few steps, you can follow those
    `instructions <https://github.com/3liz/lizmap-docker-compose>`_ using Docker and Docker-Compose.

.. note:: In Debian distributions, you can work as administrator (log in with ``root``), without using ``sudo`` on contrary to Ubuntu.

Configuration with Apache server
------------

This documentation provides an example for configuring a server with the Debian 11 distribution. We assume you have base system installed and updated.

.. warning:: This page does not describe how to secure your Nginx server. It's just for a demonstration.

Configure Locales
-----------------

For simplicity, it is interesting to configure the server with UTF-8 default encoding.

.. code-block:: bash

   # configure locales
   locale-gen fr_FR.UTF-8 #replace fr with your language
   dpkg-reconfigure locales
   # define your timezone [useful for logs]
   dpkg-reconfigure tzdata
   apt install ntp ntpdate

.. note:: It is also necessary configure the other software so that they are using this default encoding if this is not the case.

Installing necessary packages
-----------------------------

.. warning:: Lizmap web client 3.6 is based on Jelix 1.8. You must install at least the **7.4** version of PHP. The **dom**, **simplexml**, **pcre**, **session**, **tokenizer** and **spl** extensions are required (they are generally turned on in a standard PHP 7/8 installation)

.. code-block:: bash

   sudo su # only necessary if you are not logged in as root
   apt update # update packages list
   apt install curl openssl libssl1.1 nginx-full nginx nginx-common

On Debian 11 or Ubuntu 20.04 LTS, install these packages:

.. code-block:: bash

   apt-get -y install apache2 libapache2-mod-php php-{pgsql,zip,gd} proftpd DAVID


Web configuration
-----------------

Create a new file /etc/nginx/sites-available/lizmap.conf:

.. code-block:: nginx

    server {
        listen 80;

        server_name localhost;
        root /var/www/html/lizmap;
        index index.php index.html index.htm;

        # compression setting
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 5;
        gzip_min_length 100;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript text/json;

        location / {
            try_files $uri $uri/ =404;
        }

        location ~ [^/]\.php(/|$) {
           fastcgi_split_path_info ^(.+\.php)(/.*)$;
           set $path_info $fastcgi_path_info; # because of bug http://trac.nginx.org/nginx/ticket/321
           try_files $fastcgi_script_name =404;
           include fastcgi_params;

           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           fastcgi_param PATH_INFO $path_info;
           fastcgi_param PATH_TRANSLATED $document_root$path_info;
           fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
           fastcgi_param SERVER_NAME $http_host;
        }
    }

You should declare the lizmap.local domain name somewhere (in your /etc/hosts,
or into your DNS..), or replace it by your own domain name.

Enable the virtual host you just created:

.. code-block:: bash

   ln -s /etc/nginx/sites-available/lizmap.conf /etc/nginx/sites-enabled/lizmap.conf

Restart Nginx
-------------

You must restart the Nginx server to validate the configuration.

.. code-block:: bash

   service nginx restart