APT packages installation and usage

S-Filer Portal's APT packages are Linux packages meant to be installed on servers running a Debian-based operating system such as Debian or Ubuntu. Those packages will only work on those operating systems.

Installing the packages

Here is a list of all the S-Filer Portal packages:

Package
sfiler-server	Server
sfiler-gateway	Gateway between end users and the server with a range of possible protocols
sfiler-config-cli	CLI tool used to configure S-Filer at the database level.
sfiler-cli	CLI tool for regular S-Filer Portal users
sfiler-admin-cli	CLI tool for administrators

In order to build an S-Filer Portal instance from scratch, you will need at least sfiler-server and sfiler-gateway.

You can set up an S-Filer Portal environment on a single machine by installing these two packages. It is also possible to install the server (sfiler-server package) and the gateway (sfiler-gateway package) on different machines.

Note

The configuration CLI executable is distributed with the sfiler-server package. It is therefore not necessary to install the sfiler-config-cli package on the server machine. The sfiler-config-cli.sh script is available in the root directory of the server installation (/opt/sfiler-server).

Adding Okiok's source

OKIOK's S-Filer Portal source is hosted on Google Cloud Platform Artifact Registry. In order to allow your machine to connect to Artifact Registry, you will need to install the apt-transport-artifact-registry APT plugin.

First update all your sources and upgrade outdated packages.

sudo apt update
sudo apt upgrade

Installing apt-transport-artifact-registry

Import Google's APT source GPG key and add its source to APT.

curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/cloud.google.gpg
echo 'deb http://packages.cloud.google.com/apt apt-transport-artifact-registry-stable main' | sudo tee -a /etc/apt/sources.list.d/artifact-registry.list

sudo apt update

Install apt-transport-artifact-registry.

sudo apt install apt-transport-artifact-registry

Connecting to S-Filer's Artifact Registry

In order to connect to the registry, you will need a Google Cloud Platform access key that should have been provided to you.

Specify the path to your key inside apt-transport-artifact-registry configuration located inside /etc/apt/apt.conf.d/90artifact-registry.

Acquire::gar {
    Service-Account-JSON "/etc/gcloud/key.json"
}

Add S-Filer's APT source.

echo "deb [arch=all] ar+https://northamerica-northeast1-apt.pkg.dev/projects/sfiler-portal sfiler-portal main" | sudo tee -a /etc/apt/sources.list.d/artifact-registry.list

Update the source to allow APT to start installing packages.

sudo apt update

Installing the packages

Simply install the packages needed as you would do for other packages

sudo apt install sfiler-server sfiler-gateway

Configuring an S-Filer Portal environment

Installing the server

Database JDBC Driver

In order to use sfiler-server, you will need to provide a JDBC driver in the form of a .jar file. Drivers for Microsoft SQL Server and MariaDB databases managment systems are already included in S-Filer Portal distributions.

Place such file in the /lib/sfiler-server/ext directory.

Here is the list of all compatible database management systems and where you will find their respective JDBC drivers:

Database management system	Link to download JDBC Driver
MySQL	https://dev.mysql.com/downloads/connector/j/
MariaDB	https://mariadb.com/kb/en/about-mariadb-connector-j/
Microsoft SQL Server	https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15
Oracle DB	https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html

Configuration file

The S-Filer Portal Server will not work directly upon installation. You need to modify the file /etc/sfiler-server/sfiler.conf and change the parameters to fit your environnement.

cfg.sfiler.instance.name=serverdemo
cfg.server.configurator.start=true
cfg.server.webserver.configurator.jetty.server.ssl=false
cfg.server.webserver.configurator.jetty.server.ssl.sni.host.check=true
cfg.server.webserver.configurator.jetty.server.ssl.cipher.management.mode=AUTOMATIC
cfg.server.webserver.configurator.jetty.server.ssl.custom.ciphers=TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
cfg.server.webserver.configurator.jetty.server.port=8090
cfg.configurator.clickjacking.protection=true
cfg.configurator.hsts.header.support=true
cfg.configurator.hsts.header.support.max.age=3600
cfg.sfiler.keystore=
cfg.sfiler.keystore.password=
cfg.configurator.private.key=
cfg.server.local.config.user=sfiler-user
cfg.server.local.config.password=sfiler-pwd
cfg.server.local.config.url=jdbc:mariadb://127.0.0.1:3306/sfiler
cfg.server.local.config.driver=org.mariadb.jdbc.Driver
cfg.server.local.config.jdbc.fetch_size=0
cfg.server.local.config.database.auto.update.schema=false

Note

You can now indicated to the server if you wish it to automatically update the database schema (without using the Configuration CLI) at each startup using the cfg.server.local.config.database.auto.update.schema proprety, which by default is set to false.

Database schema update

Make sure you have a compatible database that is up and running and within access from the machine hosting the S-Filer Portal server.

sfiler-config-cli.sh test-connectivity

To which the CLI should return

Validate JDBC connection successful.

You need to setup your database schema to be at the right version of S-Filer Portal.

sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> update-db-schema

Adding a server instance

Add a S-Filer Server by using

 sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> add-server -l <LICENSE> -n serverdemo -h localhost -e alice@example.ca

Using the sfiler-server service

Installing the sfiler-server package will setup a service in systemd called sfiler-server.

At first it will not be enabled nor started. After you configured the server, enable the service to make sure it keeps running when your restart your machine. Use the --now flag to start the service immediately.

sudo systemctl enable sfiler-server --now

Installing the gateway

Add a gateway and a web interface using the S-Filer Administrative Console (by accesing http:/sfilerServerHostname:8090) or using the S-Filer Configuration CLI.

sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> add-gateway -n gatewaydemo

sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> add-gui -n guidemo

Importing configurations

You need to provide the gateway and the web interface's configuration files inside the /etc/sfiler-gateway directory. You can change the sfiler.conf and gui.conf files or simply export the existing configuration from the database, using the configuration CLI.

sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> export-config -ccf /etc/sfiler-gateway/sfiler.conf -n gatewaydemo

sfiler-config-cli.sh -l <DB_USER> -p <DB_PASSWORD> export-config -ccf /etc/sfiler-gateway/gui.conf -n guidemo

Note

Make sure you run these commands on a machine that has access to the database. You can take the configuration CLI executable installed with the S-Filer Portal server, or install and configure the sfiler-config-cli package. If the gateway is installed on a different machine from the one where these commands are executed, you will need to move the files produced to the /etc/sfiler-gateway directory on the gateway.

Note

Make sure to correctly fill the *.conf files if you do it manually. The S-Filer Portal Gateway will not be able to connect to the server if the information provided is incorrect.

Using the sfiler-gateway service

Just like the server, a service called sfiler-gateway is installed with the gateway's package.

At first it will not be enabled nor started. After you configured the gateway and the web interface, enable the service to make sure it keeps running when your restart your machine. Use the --now flag to start the service immediately.

sudo systemctl enable sfiler-gateway --now

Updating an existing S-Filer Portal environment

Fetch sources for most recent versions of packages:

sudo apt update

Upgrade your packages to their most recent version

sudo apt upgrade

Note

This command will update every package that is upgradable (to view a list of such packages, run sudo apt list --upgradable). If the Okiok repository contains a more recent version of S-Filer than the one you have, it will be updated.

If you wish not to update an S-Filer package for a certain time, you can hold its update for a moment using APT.

sudo apt-mark hold sfiler-server

Mark it as ready to be updated using unhold.

sudo apt-mark unhold sfiler-server

Uninstalling an S-Filer Portal environment

In order to delete an S-Filer Portal APT package, run the following command

sudo apt remove sfiler-<cli|config-cli|admin-cli|server|gateway>

APT will automatically remove executables and dependencies used to run S-Filer, and remove services in the case of Server and Gateway components.

Please note that by default, configuration files will not be deleted by this command. If you wish to delete everything related to one of the S-Filer Portal packages, run the following command.

sudo apt purge sfiler-<cli|config-cli|admin-cli|server|gateway>

Important

Please proceed with caution if you run this command, as it might lead to permanently deleting your configuration files.

Removed unused dependencies

S-Filer Portal packages rely on other APT packages. These are not automatically removed when removing an S-Filer package. If these dependencies are not used by another installed package and have not been manually installed by the user, they can be removed using the following command

sudo apt autoremove