V5.2 with Ubuntu Noble Numbat (24.04)

This page explains how to install ]project-open[ V5.2 on Ubuntu Noble Numbat LTS (24.04)  64bit.

Please Note:

• Please follow us on Twitter @projop  in order to receive updates. 
• Please also see the discussions  on SourceForge.

Basic Installation

These instructions assume that you have already installed Noble Numbat server.
Please do the basic installation (not "minimal") with the basic tools and SSH etc.

 

Configuration as "root"

sudo su -

Maybe you want to allow sudo without password. Edit /etc/sudoers using visudo and add "NOPASSWD:" to the %sudo and %admin lines:

%sudo ALL=(ALL:ALL) NOPASSWD: ALL

Maybe you want to install a graphical user interface:

apt -y install ubuntu-desktop-minimal

Include the hostname (project-open-v52 by default) in /etc/hosts as localhost or with it's fixed IP (if it has a fixed IP...):

127.0.0.1 localhost project-open-v52

 

Configure network address

Ubuntu 24.04 server has a timeout issue with the network that will let you wait 2 minutes during boot. To work around this, please copy the following text into /etc/systemd/network/20-wired-ens192.network or similar (ens192 is the default name of the network interface in the VMware version we use for the installer).

This is a configuration for dynamic IP (as part of the ]po[ installer):

[Match]
Name=ens192
[Network]
DHCP=yes

This is a configuration for a static IP address suitable for a production server:

[Match]
Name=ens192
[Network]
Address=192.168.0.200/24
Gateway=192.168.0.1

Create the "projop" user

Note: Please don't change (at the moment) the name or the home directory (/web/projop/) of the new user. More than 20 different files reference the location, and the probability is very high that might miss one of them...

mkdir /web
mkdir /web/projop
groupadd projop
useradd -g projop -d /web/projop -m -s /bin/bash projop
chown -R projop:projop /web/projop/

Edit /web/projop/.bashrc and add the following lines:

alias "l=ls -als"
export EDITOR=emacs
export PATH=$PATH:~/bin

 

Install required packages

Please install the packages below.

apt -y install git-core emacs-nox unzip zip make wwwconfig-common nginx jodconverter ldap-utils \
postgresql postgresql-doc postgresql-client postgresql-client-common \
postgresql-contrib ghostscript gsfonts imagemagick graphviz libcupsimage2 \
libreoffice-writer libreoffice-draw libreoffice-java-common

 

Get the ]project-open[ Linux installer and packages

As user projop proceed:

su - projop
git clone https://gitlab.project-open.net/project-open/installer-linux.git
cd installer-linux; mv packages /tmp/; mv * ..; mv .b* ..; mv .g* ..; mv .p* ..
cd ~projop; rmdir installer-linux
git clone https://gitlab.project-open.net/project-open/packages.git
cd ~projop/packages/; git submodule update --recursive --init
cd ~projop; ln -s ~projop/packages/intranet-core/tools bin

 

Install the NaviServer application server

NaviServer is part of the installer. Just move it to the right place:

su - root
mv ~projop/ns /usr/local/

 

Install PostgreSQL database

Option 1: Native PostgreSQL installation

A native local PostgreSQL installation is preferred for a productive ]po[ instance. Please make sure the database files are located on a fast SSD with high write endurance.
Please perform (as "root"):

apt -y install postgresql postgresql-doc postgresql-client postgresql-client-common
su - postgres
psql --version                                       # You should seed something like "psql (PostgreSQL) 16.6"
createuser -s projop
createdb --owner=projop --encoding=utf8 projop
exit

Option 2: Dockerized PostgreSQL installation

This is an alternative installation method. As "root" (we are going to work with docker as root, you could also create a separate "docker" user):

apt -y install docker docker-compose-v2
apt -y install postgresql-client postgresql-client-common 
docker pull postgres:latest
docker volume create postgres-volume
docker run --name postgres -v /var/run/postgresql:/var/run/postgresql --env POSTGRES_USER=projop --env POSTGRES_DB=projop --env POSTGRES_PASSWORD=your_secret --volume postgres-volume:/var/lib/postgresql/data --publish 5432:5432 --detach postgres

No you should be able to connect to the PostgreSQL database:

su - projop
psql                       # no other arguments should be necessary, see below

Please note for the Docker installation:

1. We are creating an open port 5432 that it is accessible from the network. This is important for being able to work with with the database using pgAdmin etc., but please use a different password or close the port using the Ubuntu firewall.
2. We map the PostgreSQL Unix socket in /var/run/postgresql/.s.PGSQL.5432 to the host machine. That way, you can use "psql" on the host. If you login as user "projop" (the POSTGRES_USER from above), you won't need to provide a password and you will be automatically connected to the "projop" database.

 

Load the "Tigerpond" demo data (with either PostgreSQL installations)

su - projop
zcat pg_dump.vanilla.sql.gz | psql > import.log 2>&1 

Loading the database dump may take 3-300 seconds, depending on the speed of your server/database. This is actually a good benchmark. Servers with >20 seconds are only suitable for small companies. Watch out if your virtual machine is connected to Ceph or a similar virtual file system with high latency. For details please see benchmark page .

 

Review PostgreSQL Configuration

Edit the "postgresql.conf" configuration file in /etc/postgresql/16/main/ (Ubuntu native installation default location) or /var/lib/pgsql/data/ (Docker) as user "postgres":

• listen_addresses:
  Please choose between 'localhost' or '*':
  • 'localhost' is the safe option, meaning that the PostgreSQL is only visible for the processes running on the server itself.
  • '*' means that users on other computers may access the database. You need to enable this if you want to connect to the DB via pgAdminIII, or if you want to integration ]po[ with some other systems. In this case you also need to edit the pg_hba.conf in the same folder. Please see the PostgreSQL documentation for details.
• max_connections:
  • 100 for the VMware appliances for two ]po[ instances ("projop" and "stage"), as each ]po[ instances opens a number of connections during startup.
  • 500 for SaaS production servers
• shared_buffers:
  How much memory should PostgreSQL get? PG experts recommend between 1/6th and half of the available RAM for high-performance production systems.
  • 128MB - We use this value for the default ]po[ virtual machine, because it may run on only 1GB of RAM.
  • 16384MB - This is the value used in our SaaS production servers with 64GB RAM.
• work_mem:
  Please see this blog on PG performance .
  We set it to 64MB on production servers up from 64kB, because of potentially large lists of data to be sorted.
• maintenance_work_mem:
  We use 256MB, if there are >= 2GB of RAM
• timezone and log_timezone:
  Please set to your timezone. We use 'Europe/Madrid' for the VMware appliance.
  Changing the time zone during production operations will lead to duplicate entries when logging hours and offsets in task start- and end dates in the Gantt Editor. 

You will have to modify pg_hba.conf to set a suitable authentication method if you have chosen listen_addresses = '*' above.

For a simple solution please edit pg_hba.conf (in the same location as postgresql.conf above) and add the following two lines at the bottom:

host    all             all              0.0.0.0/0                       md5
host    all             all              ::/0                            md5

This will allow any user to connect to any database using a plain password.

You will also need to set the password for user 'projop':

su - postgres
psql -c "ALTER USER projop WITH PASSWORD 'projop'"

Finally you need to restart the database (as root) in order to activate these changes:

su -
systemctl restart postgresql

 

Review ]po[ Configuration

Please review the configuration in ~/etc/config.tcl with your preferred editor:

su - projop
emacs ~projop/etc/config.tcl

This is TCL syntax, spaces are part of the syntax, don't delete white spaces!

Please modify the following entry and enter the URL that you will use to access the server.
If you are just testing locally, that may be "localhost". Otherwise please use the fully qualified hostname.

set httpport     8000
set hostname     "project-open-v52.yourdomain.com"
set servername   "\]project-open\[ V5.2 for YourCompany"

Please make sure the host can resolve this name: ping project-open-v52.yourdomain.com should succeed from within your local network (and later also from the Internet)! Otherwise you are going to get an ugly error.

Apart from that just have a look at the usual Web server parameters and their comments.

 

Optional: Install Firewall and Open Ports 80, 443 (and 8000)

The firewall is not installed by default in Ubuntu Server and doesn't make much sense for a standard ]po[ installation, so the following steps are optional:

su - root
apt -y install firewalld
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=5432/tcp --permanent 
firewall-cmd --add-port=8000/tcp --permanent
firewall-cmd --reload

• Port 8000 is the direct access to the NaviServer.
  This port is normally not exposed directly to the user, but only via a reverse proxy. So opening this port is optional, but may be interesting if you are running a reverse proxy (NGINX, Pound) on a different system (Web application firewall, ...) that exposes the service to the end user.
• Port 5432 is PostgreSQL.
  You need this port open if you want to work with pgAdmin from your computer. However, you will need to configure a secure authentication method.

 

Start ]project-open[ manually

At this point you should be able to manually start ]project-open[ for the first time:

su - root
/usr/local/ns/bin/nsd -f -t /web/projop/etc/config.tcl -u projop -g projop

]po[ V5.2 should take 5s to 20s to write out some ~4.000 lines before the line appears "[...] Notice: nssock: listening on 0.0.0.0:8000".

If there are much less than 4.000 lines please check for lines including "Error:" or "Warning:".

Now point your favorite Web browser to the IP address of the server http://project-open-v52:8000/ and login as "sysadmin@tigerpond.com" / "system". You should see the first page with the configuration wizard. Please do not continue here at the moment, because we still need to fix several issues before ]po[ will run as it should.

You can stop the ]po[ server in the terminal with Ctrl-C.

Automate ]po[/NaviServer Startup

Create a new file /usr/lib/systemd/system/po@.service (please note the "@") with the following content:  

[Unit]
Description=Project Open as user %I
After=postgresql.service network.target
Wants=postgresql.service

[Service]
Type=forking
PIDFile=/web/%i/log/nsd.pid

ExecStartPre=/bin/rm -f /web/%i/log/nsd.pid
ExecStart=/usr/local/ns/bin/nsd -t /web/%i/etc/config.tcl -u %i -g %i &
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s 9 $MAINPID

Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target

Please execute the following commands in order to activate the configuration:

systemctl daemon-reload
systemctl start po@projop
systemctl enable po@projop

You can check if NaviServer is running by monitoring it's error file (debugging is switched on by default): 

tail -f /web/projop/log/error.log 

Also, check if a process called "nsd" is listening on port 8000:

netstat -nlp | grep nsd 

Fix workflow rendering

The ]po[ dynamic workflow requires the package "graphviz" to be installed and the "dot" executable in the folder  /usr/local/bin/dot. However, Ubuntu by default installs the binary in /usr/bin/dot, so please create a symbolic link in the expected location

cd /usr/local/bin
ln -s /usr/bin/dot

 

Optional: Install NGINX

]project-open[ by default listens on port 8000. We install NGINX as a reverse proxy to listen on ports 80 and 443, handle SSL and redirect to port 8000. Ngnix is also convenient if you want to run more then one ]po[ on your machine, allowing to route requests to multiple back-ends.

apt -y install nginx

Please paste the following into /etc/nginx/nginx.conf (remove any existing "server" configuration):

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
}

http {
    access_log          /var/log/nginx/access.log;
    sendfile            on;
    tcp_nopush          on;
    types_hash_max_size 2048;
    default_type        application/octet-stream;
    include             /etc/nginx/mime.types;
    include             /etc/nginx/conf.d/*.conf;

    # Increase timeout for slow pages to 10 minutes
    keepalive_timeout    601;
    proxy_send_timeout   601;
    proxy_read_timeout   601;
    fastcgi_send_timeout 601;
    fastcgi_read_timeout 601;
}

Remove the /etc/nginx/sites-enabled/default by moving it to /tmp/.

Add a drop-in for your server in /etc/nginx/conf.d/projop.conf:

server {
    listen 80 default_server;
    listen 443 ssl default_server;
    # Uncomment in order to respond only to one specific server name:
    # server_name project-open.*;
    # Redirect to back-end server via HTTP
    location / {
        proxy_pass           http://127.0.0.1:8000;
        proxy_set_header     X-Forwarded-For $remote_addr;
        proxy_set_header     Host $host;
        client_max_body_size 1024M;
    }
    # RSA certificate
    ssl_certificate /etc/nginx/certificates/fullchain.pem;
    ssl_certificate_key /etc/nginx/certificates/privkey.pem;
    # Handle errors
    error_page    500 502 503 504 /err/50x.html;
    error_page    404             /err/404.html;
    location /err/ {
        root /etc/nginx/html;
    }
    location /.well-known/ {
        root /etc/nginx/html;
    }
    rewrite_log on;

    # Redirect non-HTTPS traffic to HTTPS
    if ($scheme != "https") { return 301 https://$host$request_uri; }
}

Create a self-signed certificate (you may later replace this by a certificate with Let's Encrypt or similar):

mkdir /etc/nginx/certificates
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/certificates/privkey.pem -out /etc/nginx/certificates/fullchain.pem

Now OpenSSL will ask you about the data of the certificate. Here we will use the following example for a certificate supposed to be for ]project-open[ Business Solutions, S.L.:

• Country Name: ES (for Spain)
• State of Province Name: Catalonia
• Locality Name: Barcelona
• Organization Name: ]project-open[ Business Solutions, S.L
• Organizational Unit Name: <empty>
• Common Name: project-open-v50.project-open.net
• Email Address: info @project-open.com

Start NGINX and configure to automatically startup:

systemctl enable nginx
systemctl start nginx

You should now see nginx listening on ports 80 and 443:

netstat -nlp | grep 80
netstat -nlp | grep 443

 

Optional Let's Encrypt Server Configuration for NGINX

Let's Encrypt provides you with free SSL certificates, if your ]po[ server is directly accessible from the Internet.

]po[ is designed to work directly in the Internet, and even large corporations use ]po[ this way. However, such a configuration requires a support contract  in order to keep ]po[ updated if security issues appear.

Install certbot:

apt -y install python3-certbot-nginx

The following line should be sufficient if your server is accessible from the Internet with the name configured above.

certbot --nginx -d project-open-v52.your-domain.com

For more options please see the certbot documentation .

 

Automate Backup

You can automate a daily ]po[ backup using our export-dbs script. Please copy the script (please follow the link for source code) into the file /root/bin/export-dbs. Mark the script as executable and create the default backup directories:

mkdir /var/backup                                             # create a global backup directory
chown projop:postgres /var/backup                             # allow projop & PostgreSQL to write backups
chmod g+w /var/backup

mkdir /var/log/postgres                                       # create directory for DB related logs 
chown postgres:postgres /var/log/postgres                     # allow projop & PostgreSQL to write chmod g+w /var/log/postgres
chmod ug+x /root/bin/export-dbs                               # mark backup script as executable
perl /root/bin/export-dbs                                     # execute backup script manually for testing

Automate the backup by adding the following lines to your crontab using crontab -e:

29 3 * * * /usr/bin/perl /root/bin/export-dbs > /var/log/postgres/export-dbs.log 2>&1
24 3 * * * /usr/bin/find /var/backup -name '*.tgz' -mtime +6 | xargs rm -f
25 3 * * * /usr/bin/find /var/backup -name '*.bz2' -mtime +6 | xargs rm -f

Now you want to configure a separate server to run rsync or a similar mechanism to copy all files from /var/backup to the remote server.

 

Install and Test "Postfix" Email Server

]po[ by default uses Postfix to send out notification emails. To install please use:

apt -y install postfix
dpkg-reconfigure postfix

You can test your email configuration by sending out a test email to yourself:

echo "test email body" | mail -s "Test Email Subject" <you@your_domain.com>

Then have a look at the last lines of /var/log/maillog

tail -n 20 /var/log/mail.log

You may have to configure a Postfix "relayhost" pointing to your corporate SMTP server or similar.

For a development server you may want to configure a local delivery of all email to the local root account for debugging purposes.

In this case please edit your /etc/postfix/main.cf and add the following three lines:

luser_relay = root@localhost
local_recipient_maps =
mydestination = pcre:/etc/postfix/mydestinations

Then create the file /etc/postfix/mydestinations and add a single line:

/.*/      ACCEPT

Then restart Postfix using systemctl restart postifx .

(This solution was taken from this discussion thread .)

 

Enable ]po[ Integration Links

]po[ includes a long list of integration links with external systems including Microsoft Active Directory, SAP FI, SAP PS, Microsoft Navision NAV, SQL-Ledger, SugarCRM, vTiger, Atlassian Jira, TaskJuggler, OCS Inventory NG, SVN Subversion, Git, Email, and others. Some of these integration links use Perl and Perl libraries as interfaces. Therefore you will need to have working versions of a number of Perl modules installed on your system.

There are two steps necessary in order to install these Perl libraries:

Install Perl base via apt

apt -y install perl perl-base makepatch

Install Missing Perl Libraries via CPAN

You will have to manually compile and deploy some Perl libraries that are not available as part of your distribution for whatever reasons.

So we will have to pursue a somehow dirty method here and install the additional Perl packages in system folders that are managed by APT. In order to do so, we will need to configure CPAN to use the system folders.

1. Cleanup any files from previous installations

• delete /root/.cpan
• delete /root/perl5
• edit /root/.bashrc/ and check and remove any PERL environment variables
• logout and login again
• execute "set | grep -i perl" to check that no environment variables are set 

2. Start CPAN as user "root":

cpan

• Answer "no" to the first question ("Would you like to configure as much as possible automatically?") in order to enter into manual configuration. 
• Answer <enter> to all remaining questions (just press the Enter key...)

CPAN should write out a few pages of text, select the closest mirror for you and then enter interactive with command prompt waiting for commands. Please enter:

cpan[1]> install IO::Socket::PortState                  # follow defaults by pressing <Enter> if needed
cpan[3]> quit

Please observe upper/lower case in the commands above.

 

Cleanup and Release Preparation

The following steps cleanup data after a succesfull installation. These steps are not necessary for production operation.

Here is a file_cleanup-ubuntu file.

• Cleanup /etc/hosts and remove any installation specific entries. ​​​​​​​ ​​​​​​​
• Run SysConfig -> "Disable everything except SysConfig" in order to prepare the machine for delivery.

 

FAQs, Documents and Issues Related to Noble Numbat

Did you encounter any issues? Did you successfully install ]project-open[?

Please let us know for what purpose you want to use ]project-open[, and we provide you with half a day of free training or consulting if we publish a Success Story together.

1. Search your ~projop/log/error.log file for ocurrences of the string “Error:” (upper case “E” and a colon as the last characters). You can ignore errors about “translation not found”, but everything else is suspicious.
2. Please check our FAQ section as a first step.
   Here you will find tips for diagnosing and debugging issues.
3. Try searching for key words included in your issue here on www.project-open.com  using the search box on the top right of this page.
4. Please visit our Open Discussions  forum at SourceForge and search for your issue. 
5. Please check the Ubuntu Precise Pangolin thread  .
6. If you still haven't found anything, please post into the thread .
7. The ]project-open[ core team provides training, professional support and consulting services. Please contact us if you want to use ]po[ for more then a dozen of users.