Versions Compared

Old Version 26

changes.mady.by.user Fiona Sargeant (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This topic is for system administrators. It describes how to install a new instance of PhixFlow and includes the pages:

Child pages (Children Display)
depth4

Pre-conditions

Before installation starts it is assumed that all system pre-requisites have been completed as documented in Planning your PhixFlow System, specifically that

  • you have installed a database server,
  • you have configured a database instance / schema and user / login credentials
  • you have installed a (Linux or Windows) server to act as the web-application (webapp) host

and, optionally, that

  • you have installed a Linux or Windows server to act as the reverse proxy / HTTPS proxy

Installation

For a complete installation, follow these instructions as given..

Prerequisites

Your IT system must meet the PhixFlow Minimum system requirements.

If you are setting up an installation of PhixFlow for evalution, or a platform for development or testing that requires minimal planning, you can go straight into the installation process below.

If you are installing a large and/ or long-running installation of PhixFlow, please complete the planning steps described in Planning your PhixFlow System and Infrastructure Planning and Delivery.

Summary Installation Instructions

The pages in this topic guide you through a complete PhixFlow installation. A summary of the steps is:

...

Required or recommendedPage with detailsSummary
RequiredInstall JavaDownload and install Java.
Required

Install Tomcat

Download and install the Apache Tomcat web-application (webapp) server.

Download / Unpack PhixFlow

Recommended

Install reverse proxy and configure HTTPS:

Set up a reverse proxy to help manage the load on the PhixFlow server, offer secure connections over HTTPS, and help with certificate management for multiple instances of PhixFlow.


OptionalInstall LibreOfficeThis is only needed if you want to generate PDF versions of files to export or send via email (Configuring PDF Conversion)
RequiredUnpack PhixFlow Release Package

If you do not already have the PhixFlow package to install, you can download

...

it from our support FTP site. Please

...

email support@phixflow.com.

...

Log on to the webapp host and unpack

...

the release package.

Required

...

Install the PhixFlow Database

...

Schema

Create a database user and tables. Populate the tables with initial configuration data and set the customer name. See also the details in Database URLs.

OptionalMS SQL Server Integrated AuthenticationEnable server support for integrated user authentication.
RequiredInstall the PhixFlow

...

WebappCopy the PhixFlow webapp from the unpacked release package into Tomcat and configure it.

...

Start PhixFlow

You should now be able to start Tomcat, start the PhixFlow client and login as the startup user (password: 'Startup').

System Configuration

Configure the directories under System Directories. See System Configuration for details.

The Temporary File Location is especially important as it is used when Exporting / Importing files.

Create Users

You should immediately create new users, including at least one administrator, then disable or delete the startup user.

Configure HTTPS

PhixFlow should always be configured to allow HTTPS connections to the webapp and to disable HTTP access.

Info
titleUsing default ports on Linux

If you want to make your web server visible on the default ports (http: 80, https: 443) on Linux, we recommend using a reverse proxy.

In this configuration, the reverse proxy runs as root, which allows it to use privileged ports (up to 1000), and forwards requests to the web server which runs as a non-privileged user (normally 'tomcat'), on non-privileged ports (above 1000).

Warning
titleTomcat on Linux

Do not run Tomcat as root on Linux as this constitutes a security risk.

Reverse Proxy

We recommend using a reverse proxy to terminate the HTTPS session and to forward web requests using HTTP to the Tomcat server. This solution requires that the proxy and tomcat servers run on a private network (or on the same server), and that the tomcat server is not directly accessible by normal users.

To install a reverse proxy on Linux, see Install the 'pound' reverse proxy.

To configure IIS as a reverse proxy on Windows, see here.

Tomcat

It is also possible to configure HTTPS directly in tomcat.

Configure for Resilience (optional)

PhixFlow can be configured to have a hot stand-by webapp shadowing the active webapp, such that the standby webapp will automatically take over in the event that the active server fails.

See Configuring for Resilience for details.

Configure for Active Directory Users (optional)

PhixFlow can be configured to allow users to be validated against one or more Active Directory servers in addition to users that are defined locally within the PhixFlow database.

See Configure Active Directory Integration for details.

Configure for SAML / Single Sign-on Users (optional)

PhixFlow can be configured to allow users to be validated against a single SAML Identity Provider in addition to users that are defined locally within the PhixFlow database.

See Configure SAML Integration for details.

Other Resources

The following pages may contain additional useful resources.

Database URLs

...

RequiredConfigure a Keystore and Aliases

Create a keystore for the database credentials and their aliases. Configure the following files to use the keystore:

  • phixflow-datasource.xml
  • phixflow-secret.xml
  • an environment variable (recommended).
RequiredStart PhixFlow and Configure

Check that the application is running by starting the client and logging in with the username startup and password: Startup.

After Installation

Once PhixFlow is installed, see Administration for details of the configuration steps required immediately after installation, as well as the ongoing configuration and maintenance tasks.