Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This topic describes This topic is for system administrators who plan to install PhixFlow. The pages in this topic describe how to install a new instance of PhixFlow and includes the pages::

Child pages (Children Display)
depth4

...

Prerequisites

Before installation starts it is assumed that all system pre-requisites have been completed as documented you have completed the steps in completed in Planning your PhixFlow System, specifically that

...

 and that your system meets the system requirements. You must have: 

  • installed a database server,
  • you have configured a database instance / or schema and the user / or login credentials
  • you have installed a (Linux or Windows) server to act as the web-application (webapp) host.

and, optionallyOptionally, that you

...

can install a Linux or Windows server to act as the reverse proxy / HTTPS proxy.

Summary Installation

...

Instructions

Tha pages in this topic guide you through a complete installation, follow these instructions as givenPhixFlow installation. A summary of the steps is:

  1. Install Java: download and install Java.
  2. Install Tomcat

...

  1. : download and install the Apache Tomcat web-application (webapp) server.

Download / Unpack PhixFlow

If you have not been given the PhixFlow package to install, you can download any published version from our support FTP site. Please contact PhixFlow Support for details.

Logon to the webapp host and unpack the PhixFlow release package.

Configure the Database

Use the installer to populate the database.

Install the PhixFlow Web Application

Copy the PhixFlow webapp from the unpacked release package into Tomcat and configure it. See Install PhixFlow Webapp for details.

Start PhixFlow

You should now be able to start Tomcat, start the PhixFlow client and login as the startup user (password: 'Startup').

System Configuration

Configure the directories under System Directories. See System Configuration for details.

The Temporary File Location is especially important as it is used when Exporting / Importing files.

Create Users

You should immediately create new users, including at least one administrator, then disable or delete the startup user.

Configure HTTPS

  1. Configure Tomcat for HTTPS: for secure communications, you must configure Tomcat to use HTTPS. PhixFlow must be configured:
    • to allow HTTPS connections to the webapp
    • to disable HTTP access.

      Warning
      titleTomcat on Linux

      Do not run Tomcat as root on Linux as this constitutes a security risk.


  2. Install Pound Reverse Proxy: We recommend that you use a reverse proxy to terminate the HTTPS session and to forward web requests using HTTP to the Tomcat server. 

    Info
    titleUsing default ports on Linux

    If you want to make your web server visible on the default ports

...

  1. on Linux, http: 80, https: 443

...

  1. , we recommend using a reverse proxy.

    In this configuration, the reverse proxy runs as root, which allows it to use privileged ports (up to 1000), and forwards requests to the web server which runs as a non-privileged user (normally 'tomcat'), on non-privileged ports (above 1000).

Warning
titleTomcat on Linux

Do not run Tomcat as root on Linux as this constitutes a security risk.

Reverse Proxy

...

  1. The instructions on this page assume you are setting up a Linux Ubuntu distribution. This solution requires that:


    • the proxy and

...

    • Tomcat servers run on a private network

...

    • or on the same server

...

    • and that the

...

    • Tomcat server is not directly accessible

...

    • to normal users

...

    You can use IIS as a reverse proxy on

...

To configure IIS as a reverse proxy on Windows, see here.

Tomcat

It is also possible to configure HTTPS directly in tomcat.

Configure for Resilience (optional)

PhixFlow can be configured to have a hot stand-by webapp shadowing the active webapp, such that the standby webapp will automatically take over in the event that the active server fails.

See Configuring for Resilience for details.

Configure for Active Directory Users (optional)

...

  1. Windows; see this Microsoft blog post for how to do this.
  2. Unpack PhixFlow Release Package: If you do not already have the PhixFlow package to install, you can download it from our support FTP site. Please contact PhixFlow Support for details. Logon to the webapp host and unpack the release package.
  3. Install the PhixFlow Database Schema: create a database user and tables. Populate the tables with initial configuration data and set the customer name. Also see details in Database URLs.
  4. SQLServer Integrated Authentication: Enable server support for integrated authentication.
  5. Install PhixFlow Webapp: copy the PhixFlow webapp from the unpacked release package into Tomcat and configure it.
  6. Start PhixFlow on the Client: check that the application is running by starting the client and logging in with the username startup and password: Startup.

System Configuration

After PhixFlow is installed, there are system set-up and configuration tasks:

  • Configure the system directories; see System Configuration. The Temporary File Location is especially important as it is used when exporting and importing files between PhixFlow instances.
  • Create new users, including at least one administrator; see User Administration. When you have a working administrator login, you must disable or delete the startup user.
  • Optionally, configure PhixFlow to integrate with other authentication systems

...

...

    • SAML Integration: map the PhixFlow user groups to user groups in your existing single-sign-on system.
  • PhixFlow can be configured to

...

See Configure SAML Integration for details.

Other Resources

The following pages may contain additional useful resources.

Database URLs

...

  • have a hot stand-by webapp shadowing the active webapp, such that the standby webapp will automatically take over in the event that the active server fails; see Configuring for Resilience.