Installing FileCloud web servers for high availability

1. To install the FileCloud web servers, see Direct Installation.
   
2. After installation, make sure that each web server node has the following services running on it:
   Apache
   Cron
   Message queue
   Web DRM
   Push service
   Memcache (If multiple memcache server are needed for SSO session caching)
   Document preview
3. In Linux environments:
   • Add the MongoDB repository to install MongoDB tools.
   • When you are hosting MongoDB on separate servers, disable the instance of MongoDB running on the web application server, by running:
     

     systemctl stop mongodb
     systemctl disable mongodb

     
     

Configuring FileCloud Web Application nodes with MongoDB Cluster and Memcache 

Connect a MongoDB Replica Set with an encrypted DB Password

The following steps explain how to connect to a MongoDB replica set with an encrypted MongDB user password so that it does not appear as plain text in cloudconfig.php. 

To encrypt the password:

1. Generate a secure key for encryption.
   First run the tool genkey.php to create a random password. 
   1. In a command line enter:
      In Windows:
      

      cd c:\xampp\htdocs\resources\tools\security
      PATH=%PATH%;C::\xampp\php

      
      In Linux:
      

      cd /var/www/html/resources/tools/security

   2. Then, for both Windows and Linux, enter the genkey.php script to generate the secure key for encrypting the plain text password. Since genkey.php outputs to the screen by default, direct the output to the file securekey.key:
      

      php genkey.php > securekey.key

2. Use the fcencrypt.php script with the key generated in the previous step (securekey.key) to encrypt the plain text password ("aSecretPassword" in the example below).
   1. At the command prompt, enter:
      

      php fcencrypt.php --message "aSecretPassword" --key "securekey.key"

      The encrypted message is returned:
      

      Encrypted message: 
      PgxQKdMU+k5756194hlIcUcp5Qod7oXe2XgaQNO+qri9nHIoTBVYBA7PuLthEu7Eq+Mx4vZ/vQ==

   2. Copy and save the encrypted message, which you will use as your encrypted password.

Connect Web Server nodes to MongoDB Cluster:

After the MongoDB user password is encrypted, follow the steps below to configure all FileCloud web nodes to connect to the Mongo replica cluster as its database.

1. Open the configuration file and change the following configurations to match the replica set details. Repeat this step for each web node.
   Windows Location: xampp/htdocs/config/cloudconfig.php
   Linux Location: /var/www/html/config/cloudconfig.php
   

   // ... Cloud Database 
   define("TONIDOCLOUD_DBSERVER", "mongodb://hostname of Mongo1,hostname of Mongo2,hostname of Mongo3/?replicaSet=rs0&connectTimeoutMS=1000");
   // ... Audit Database
   define("TONIDOCLOUD_AUDIT_DBSERVER", "mongodb://hostname of Mongo1,hostname of Mongo2,hostname of Mongo3/?replicaSet=rs0&connectTimeoutMS=1000");
   // … Settings Database 
   define("TONIDOCLOUD_SETTINGS_DBSERVER", "mongodb://hostname of Mongo1,hostname of Mongo2,hostname of Mongo3/?replicaSet=rs0&connectTimeoutMS=1000"); 
   define('TONIDOCLOUD_PUSH_SERVICE_DB_SERVER', 'mongodb://hostname of Mongo1,hostname of Mongo2,hostname of Mongo3/?replicaSet=rs0&connectTimeoutMS=1000’);
   

   
   
2. Add the key file and the encrypted password in cloudconfig.php. Repeat this step for each web node.
   

   define('TONIDOCLOUD_ENCRYPTION_KEYFILE', 'c:\xampp\htdocs\resources\tools\security\securekey.key');
   
   define('TONIDOCLOUD_MONGODB_ENCRYPTED_PASSWORD', 'PgxQKdMU+k5756194hlIcUcp5Qod7oXe2XgaQNO+qri9nHIoTBVYBA7PuLthEu7Eq+Mx4vZ/vQ==');

   Where the value for TONIDOCLOUD_ENCRYPTION_KEYFILE is the location of your securekey.key tool and the value for TONIDOCLOUD_MONGODB_ENCRYPTED_PASSWORD is your encrypted password.
   
   
3. Add the MongoDB user and encrypted password string using MongoDB URI function. Repeat this step for each web node.
   

   function
   FC_MONGODB_URI_OPTIONS(){
       return [
               "username" => "dbuser",
           	"password" => "%tonidocloud_mongodb_password%"
       ];
   }

4. Edit the configuration file at:
   Windows location: xampp/htdocs/config/localstorageconfig.php
   Linux location:  /var/www/html/config/localstorageconfig.php
   
   Add/replace the following keys in the file. Repeat this step for each web node.
   

   define("TONIDO_LOCALSTORAGE_DBSERVER", "mongodb://hostname of Mongo1,hostname of Mongo2,hostname of Mongo3/?replicaSet=rs0&connectTimeoutMS=1000");

   
   
   
5. Add the auto backup mongodump parameter. Repeat this step for each web node.
   

   define("AUTOBACKUP_MONGODUMP_PARAMS", '--host "rs0/ hostname of Mongo1,hostname of Mongo2,hostname of Mongo3" --username dbuser --password %tonidocloud_mongodb_password% --authenticationDatabase admin');

   
   

Memcache Configuration:

1. Configure Memcache for NTFS caching and storage encryption. Repeat this step for each web node. 
   The Memcache component doesn’t offer HA capability for NTFS permission caching and storage encryption, so adding the following setting is required.
   
   Windows Location: xampp/htdocs/config/cloudconfig.php
   Linux Location: /var/www/html/config/cloudconfig.php
   
   

   define("TONIDOCLOUD_MEMCACHED_SERVER", "memcachehostname/ip");

   
   
2. SSO in the FileCloud HA setup requires Memcache to handle the login session. Repeat this step for each web node.
   Edit the configuration file:
   Windows: xampp/htdocs/thirdparty/simplesaml/config/config.php
   Linux: /var/www/html/thirdparty/simplesaml/config/config.php

1. 1. Locate the line 'store.type' => 'phpsession' and change the reference to ‘store.type’ => ‘memcache’
   2. Set the Memache hostname to the Memcache server IP or hostname.
      

      'memcache_store.servers' => array(
      array(
      array('hostname' => 'memcachehostname/ip'),
      ),
      ),

   3. If multiple Memcache servers are used then the Memcache server hostname or IP needs to be specified in FileCloud configuration file. Instead of Step b, above, do the following:.
      Edit the configuration file:
      Windows Location: xampp/htdocs/config/cloudconfig.php
      Linux Location: /var/www/html/config/cloudconfig.php
      
      Set the Memache hostnames to each Memcache server IP or hostname.
      

      function SSO_MEMCACHED_SERVERS() {
      return [
      [
      ['hostname' => ' memcachehostname/ip1'],
      ['hostname' => ' memcachehostname/ip2'],
      ],
      ];
      }

For more details, see SAML Single Sign-On Support.

FC Push Service Configuration:

Note: Push service configuration currently doesn’t support using an encrypted MongoDB password.

Push service is essential to allow clients (in particular, FileCloud Desktop) to receive server-initiated notifications (for example, file upload and share notifications).

To configure Push service:

RHEL/Ubuntu:

1. Open and edit the .env file:
   

   Linux: /opt/fcpushservice/.env

   Windows:  xampp\pushservice\.env
   
   

2. Update the MongoDB connection string:
   

   FCPS_DB_DSN=mongodb://dbuser:passw0rd1@dbserver01,dbserver02,dbserver03:27017

    
3.  Restart the fcpushservice.
   

   In Linux, enter:
   

   systemctl restart fcpushservice

   In Windows, restart the Push service from the FileCloud Control Panel.

FileCloud Helper Configuration

Note: FileCloud Helper configuration currently doesn’t support using an encrypted password.

FileCloud Helper service can be deployed only in a Windows Server environment, and is used for network share solr indexing and realtime syncing of network shares. 

1. To configure the IP binding for FileCloud Helper, edit the file C:\xampp\FileCloudHelper\config.ini and change the address binding to the IP of the FileCloud Helper server.
   
2. To configure FileCloud Helper to connect to the MongoDB replica set edit the file C:\xampp\FileCloudHelper\realtime.ini and change the db connection string to match the replica set value.
   

   settingsdb= mongodb://dbuser:passw0rd1@dbserver01,dbserver02,dbserver03:27017
   clouddb= mongodb://dbuser:passw0rd1@dbserver01,dbserver02,dbserver03:27017
   syncdb= mongodb://dbusToer:passw0rd1@dbserver01,dbserver02,dbserver03:27017

To enable the Helper service, see Indexing of Network Folders. 

The Helper service should be running with a logon account. For help, see Install Helper Service.

Additional Configurations and considerations:

For S3 storage:

1. If you are using Amazon S3 for backend storage, then edit the amazons3storageconfig.php file.
   Linux location: /var/www/html/config/amazons3storageconfig.php
   Windows location: c:\xampp\htdocs\config\amazons3storageconfig.php
   
   If the file is not found, copy amazons3storageconfig-sample.php and rename it amazons3storageconfig.php on each of the nodes.
   
   A temp space must be mounted to the same mount point on each of the nodes (For example /mount/fctemp in linux or F:\fctemp or //hostname/tempfolder in windows).
   
   
2. Add/replace the following key:
   

   define("TONIDOCLOUD_NODE_COMMON_TEMP_FOLDER", "/mount/fctemp"); 

Document Preview

If you have enabled Document Converter service, it must be started in each node.  

The local webserver will use the local service to handle document preview.

See Document Preview for help setting up Document Converter on the web nodes.

Apache Logon Account

For Windows systems connected to a domain, it is recommended that you run the below services using a logon account.

Apache Service or Web Server
Message Queue or fcorchestrator
FileCloud Cron Service
FileCloud Docconverter
FileCloud Helper (Only on one server)
FileCloud Solr(Only on one server)