How to install Apache, Postgresql, PHP and run Time Trex Workforce Management

in Centos 6.5
After the installation of fresh centos, set the appropriate network configuration
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Press i key to insert letter(to edit the script)

DEVICE=eth0
TYPE=Ethernet
UUID=dae43f25-05d1-411e-80d5-24ba17390e53
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
HWADDR=A0:48:1C:96:B6:2F
IPADDR=192.168.1.22
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

After editing of the network script press the ESC key and type :wq to save and exit.
Upgrade to the latest version.
yum -y upgrade
yum -y install nano

Preparations
Set a fully qualified domain name (FQDN) hostname on your server
No matter your server is a testing machine or production server, it's strongly recommended to set
a fully qualified domain name (FQDN) hostname.
Enter command hostname -f to view the current hostname:
$ hostname -f
hrms.goldenoiltd.com

On RHEL/CentOS/Scientific Linux, hostname is set in two files:

For RHEL/CentOS/Scientific Linux 6, hostname is defined in /etc/sysconfig/network :

HOSTNAME=hrms.goldenoiltd.com

For RHEL/CentOS/Scientific Linux 7, hostname is defined in /etc/hostname.

hrms.goldenoiltd.com
/etc/hosts

: hostname <=> IP address mapping. Warning: List the FQDN hostname as first

item.
127.0.0.1

hrms.goldenoiltd.com hrms localhost localhost.localdomain

Verify the FQDN hostname. If it wasn't changed, please reboot server to make it work.
$ hostname -f
hrms.goldenoiltd.com

Disable SELinux.
SELinux will be disabled by setting below value in its config file /etc/selinux/config. After
server reboot, SELinux will be completely disabled.
Vi /etc/selinux/config
SELINUX=disabled

If you prefer to let SELinux prints warnings instead of enforcing, you can set below value
instead:
SELINUX=permissive

Disable it immediately without rebooting your server.

# setenforce 0

Reboot centos
Reboot

Adjust Iptables/Firewall
Add the following line:
iptables -F
iptables
iptables
iptables
iptables

-A
-A
-A
-A

INPUT
INPUT
INPUT
INPUT

-p
-p
-p
-i

tcp --tcp-flags ALL NONE -j DROP

tcp ! --syn -m state --state NEW -j DROP
tcp --tcp-flags ALL ALL -j DROP
lo -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22

-j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 80

-j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 443

-j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

iptables -L
iptables-save | sudo tee /etc/sysconfig/iptables

Install Apache and Postgresql

Apache is a free open source software which runs over 50% of the worlds web servers.
To install apache, open terminal and type in this command:
yum -y install httpd mod_ssl postgresql postgresql-server postgresql-contrib

Install PHP
PHP is an open source web scripting language that is widely used to build dynamic webpages.
To install PHP on your virtual private server, open terminal and type in this command:
yum search phpyum -y install php php-pgsql php-bcmath php-common php-dba php-devel php-gd
php-cli php-mbstring php-embedded php-pdo php-pear php-imap php-soap

Set PHP Timezone:

Open your php.ini file with the file editor
nano /etc/php.ini

Uncomment date.timezone= under [Date]

Add the following line of code to the uncommented line
date.timezone = "Africa/Lagos"
service httpd start

Initialize postgresql database using following command:

service postgresql initdb
service postgresql start

su - postgres
-bash-4.1$ psql -U postgres
psql (8.4.20)
type "help" for help.
postgres=#

To exit from posgresql prompt, type \q following by typing exit to return back to the Terminal.
Set postgres user password
Login to postgresql prompt,
su - postgres
-bash-4.1$ psql -U postgres
postgres=#

.. and set postgres password with following command:

postgres=# \password postgres
Enter new password: G0ilit88
Enter it again: G0ilit88
postgres=# \q

Configure PostgreSQL-MD5 Authentication

MD5 authentication requires the client to supply an MD5-encrypted password for
authentication. To do that, edit /var/lib/pgsql/9.3/data/pg_hba.conf file:
nano /var/lib/pgsql/9.3/data/pg_hba.conf

Add or Modify the lines as shown below

[...]
# TYPE

DATABASE

USER

ADDRESS

# "local" is for Unix domain socket connections only

local
all
all
# IPv4 local connections:
host
all
all
127.0.0.1/32

METHOD

md5
md5

host
all
all
# IPv6 local connections:
host
all
all
[...]

192.168.1.0/24

md5

::1/128

md5

Configure PostgreSQL-Configure TCP/IP

By default, TCP/IP connection is disabled, so that the users from another computers cant access
postgresql. To allow to connect users from another computers, Edit file
/var/lib/pgsql/9.3/data/postgresql.conf:
nano /var/lib/pgsql/9.3/data/postgresql.conf

Find the lines:

[...]
#listen_addresses = 'localhost'
[...]
#port = 5432
[...]

Uncomment both lines, and set the IP address of your postgresql server or set * to listen from
all clients as shown below:
listen_addresses = '*'
port = 5432

Restart postgresql service to save changes:

service postgresql restart

Create New User and Database

For example, let us create a new user called goil_users with password GOIL.Goldenoil,
and database called goldenoil_hrm.
Switch to postgres user:
su - postgres
-bash-4.1$ psql -U postgres
password for user postgres:
psql (8.4.20)
Type "help" for help
postgres=#

First thing to do it to create the database user:

postgres=#
postgres=#
postgres=#
postgres=#
postgres=#

CREATE USER goil_users WITH PASSWORD 'GOIL.Goldenoil';

SELECT usename FROM pg_user;
\du
ALTER USER goil_users WITH SUPERUSER;
\du

To tightly secure PostgreSQL for unwanted write access (to the public schemas anyway) we first
have to revoke it for everyone:
postgres=# REVOKE CREATE ON SCHEMA public FROM PUBLIC;
postgres=# REVOKE USAGE ON SCHEMA public FROM PUBLIC;

Then give back access to the postgres user itself:

postgres=#
postgres=#
postgres=#
postgres=#

GRANT
GRANT
GRANT
GRANT

CREATE ON SCHEMA public TO postgres;

USAGE ON SCHEMA public TO postgres;
CREATE ON SCHEMA public TO goil_users;
USAGE ON SCHEMA public TO goil_users;

From now on, every user that you create does not have write access to the public schema of any
database. I think this is a better default, you now explicitly have to grant write access to a user if
you really need it.
Now, lets create the database and the necessary tables for storing our data. We already know the
database is going to be called "goldenoil_hrm" so go ahead and create it and grant our fresh
user (read) access to it:
postgres=# CREATE DATABASE goldenoil_hrm WITH OWNER goil_users;
postgres=# \l
postgres=# GRANT ALL PRIVILEGES ON DATABASE goldenoil_hrm TO goil_users;
postgres=# \q

To connet to your created database and username

-bash-4.1$ psql -h localhost -U goil_users goldenoil_hrm
Password for user goil_user:GOIL.Goldenoil
goldenoil_hrm=#

We should also set the processes to run automatically when the server boots (php will run
automatically once Apache starts):
chkconfig httpd on
chkconfig postgresql on

Now, you can check your phpinfo.php page to verify the change took place.

also, create test /var/www/html/info.php script containing the following

nano /var/www/html/info.php
<?php
phpinfo();
?>

Then Save and Exit.

Restart apache so that all of the changes take effect on your virtual server:
service httpd restart

and try to access it at http://your_server_ip/info.php . If the PHP info page is rendered in

your browser then everything looks good and you are ready to proceed further.
install zip support in case its not already installed on the system
yum -y install unzip

Unzip TimeTrexHRM in /var/www/TimeTrex

cd /var/www/
unzip TimeTrex_Community_Edition_v9.1.3.zip
mv TimeTrex_Community_Edition_v9.1.3 TimeTrex
cd /var/www/TimeTrex

Rename timetrex.ini.php-example_(linux|windows) to timetrex.ini.php

mv timetrex.ini.php-example_linux timetrex.ini.php
chown -R nobody.nobody .
chmod -R 777 timetrex.ini.php
chmod -R 777 templates_c

Go back to root
cd
mkdir
chmod
mkdir
chmod
mkdir
chmod

/var/log/timetrex
-R 777 /var/log/timetrex
/var/timetrex/storage
-R 777 /var/timetrex/storage
/tmp/timetrex
-R 777/tmp/timetrex

open the timetrex.ini.php file, edit to your choice that sue your system
;<?php die('Access denied...');?>
;
;
; TimeTrex Configuration File

; *Linux* Example
;
;
;
; System paths. NO TRAILING SLASHES!
;
[path]
cache_dir = /tmp/timetrex
storage_dir = /var/timetrex/storage
log_dir = /var/log/timetrex
;URL to TimeTrex web root directory. ie: http://your.domain.com/<*BASE_URL*>
;DO NOT INCLUDE http://your.domain.com, just the directory AFTER your domain
base_url = /interface
;
;log directory
;
;Linux
log = /var/log/timetrex
;
;Misc storage, for attachments/images
;
;Linux
storage = /var/timetrex/storage
;
;Full path and name to the PHP CLI Binary
;
;Linux
php_cli = /usr/bin/php
;
; Database connection settings. These can be set from the installer.
;
[database]
;type = mysqli
type = postgres8
host = localhost
database_name = goldenoil_hrm
user = goil_users
password = GOIL.Goldenoil
;
; Email delivery settings.
;
[mail]
;Least setup, deliver email through TimeTrex's email relay via SOAP (HTTP
port 80)
;Deliver email through local sendmail command specified in php.ini
;delivery_method = mail
;Deliver email through remote SMTP server with the following settings.
delivery_method = soap, smtp
smtp_host = goldenoiltd.com
smtp_port = 465
smtp_username = hrms@goldenoiltd.com
smtp_password = wUGi#zMUdX2T
;
; Cache settings
;
[cache]
enable = TRUE

;Linux
dir = /tmp/timetrex
[debug]
;Set to false if you're debugging
production = TRUE
enable = FALSE
enable_display = FALSE
buffer_output = TRUE
enable_log = FALSE
verbosity = 10
[other]
; Force all clients to use SSL.
force_ssl = FALSE
installer_enabled = FALSE
primary_company_id = 2
hostname = localhost
; System Administrators Email address to send critical errors to if
necessary. Set to FALSE to disable completely.
system_admin_email = hrms@goldenoiltd.com
default_interface = html5
;WARNING: DO NOT CHANGE THIS AFTER YOU HAVE INSTALLED TIMETREX.
;If you do it will cause all your passwords to become invalid,
;and you may lose access to some encrypted data.
salt = 0

configure goldenoiltd.conf to serve the TimeTrexHRM in /var/www/TimeTrex by creating a

new Virtual Host Directive in /etc/httpd/conf.d/

vi /etc/httpd/conf.d/goldenoiltd.conf
<VirtualHost *:80>
ServerAdmin webmaster@goldenoiltd.com
DocumentRoot /var/www/TimeTrex
ServerName hrms.goldenoiltd.com
<Directory "/var/www/TimeTrex">
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

ErrorLog /var/www/TimeTrex/goldenoiltd.com-error.log
CustomLog /var/www/TimeTrex/goldenoiltd.com-ccess.log combined
</VirtualHost>

restart apache for the change to take effect using

service httpd restart

or

Configure Apache to use the Signed SSL Certificate (Self-sign and CA sign)
These instructions will help you generate a generic self-signed certificate, which may be used to
provide SSL service for all name-based hosts on your VPS. Please note that self-signed
certificates will generate warnings in a visitors browser; proceed to Installing a Commercial
SSL Certificate if you need to set up SSL on a domain using a certificate signed by a
commercial SSL provider.
Self-Signed Certificate
mkdir /etc/httpd/ssl
openssl req -new -x509 -sha256 -days 365 -nodes -out
/etc/httpd/ssl/hrms.goldenoiltd.com.pem -keyout
/etc/httpd/ssl/hrms.goldenoiltd.com.key

You will be asked for several configuration values. Enter values appropriate for your
organization and server, as shown here. This example will create a certificate valid for 365 days;
you may wish to increase this value. Weve specified the FQDN (fully qualified domain name)
of the VPS for the Common Name entry, as this certificate will be used for generic SSL
service.
Generating a 1024 bit RSA private key
...................................++++++
..............................++++++
writing new private key to '/etc/httpd/ssl/hrms.goldenoiltd.com.pem'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [GB]:NG
State or Province Name (full name) [Berkshire]:Anambra
Locality Name (eg, city) [Newbury]:Onitsha
Organization Name (eg, company) [My Company Ltd]:Goldenoil LTD, LLC
Organizational Unit Name (eg, section) []:Palm Oil refining
Common Name (eg, YOUR name) []:hrms.goldenoiltd.com
Email Address []:it@goldenoiltd.com

CA signed
mkdir /etc/httpd/ssl

cd /etc/httpd/ssl
openssl req -new -days 365 -nodes -keyout hrms_goldenoiltd_com.key -out
hrms_goldenoiltd_com.csr

Here are the values we entered for our example certificate. Note that you can ignore the extra
attributes.
Generating a 1024 bit RSA private key
......................................................++++++
....++++++
writing new private key to 'hrms.goldenoiltd.com.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [GB]:NG
State or Province Name (full name) [Berkshire]:Anambra
Locality Name (eg, city) [Newbury]:Onitsha
Organization Name (eg, company) [My Company Ltd]:Goldenoiltd LTD
Organizational Unit Name (eg, section) []:Oil Refining
Common Name (eg, YOUR name) []:hrms.goldenoiltd.com
Email Address []:it@goldenoiltd.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Execute the following command to protect the key:

chmod 400 /etc/httpd/ssl/hrms_goldenoiltd_com.key

Files for your domain will be created in /etc/httpd/ssl. You may now submit the file ending
in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA
signs the request. Save this file as /etc/httpd/ssl/hrms_goldenoiltd_com.crt.
Execute the following command to protect the signed certificate:
chmod 400 /etc/httpd/ssl/hrms_goldenoiltd_com.crt

Get the CA Root Certificate

Now youll need to get the root certificate for the CA that you paid to sign your certificate. You
may obtain the root certs for various providers from these sites:
Verisign
Thawte
Globalsign
Comodo
For example, if we downloaded a root cert for Comodo, we would save it to

/etc/httpd/ssl/hrms_goldenoiltd_com.ca-bundle.

Configure Apache to use the Signed SSL Certificate and Redirect Request to SSL
In the following example, edit the virtual host configuration file for the site you would like to
enable SSL on (hrms.goldenoiltd.com in our example). Add the following stanza to your
virtual hosting configuration file, (e.g. /etc/httpd/conf.d/goldenoiltd.conf). Note that
weve reproduced the configuration for the non-SSL version of the site, with the addition of four
lines for SSL. This example uses the CA certificate file for a certificate signed by Comodo.

nano /etc/httpd/conf.d/goldenoiltd.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName hrms.goldenoiltd.com
Redirect permanent / https://hrms.goldenoiltd.com/
</VirtualHost>

Go to /etc/httpd/conf.d/ssl.conf file and disable the entire virtualhost and path to default
self-signed certificate with # sign before the line statement e.g
Add # sign first to the following line statements in the ssl.conf file
#<VirtualHost _default_:443>
#ErrorLog logs/ssl_error_log
#TransferLog logs/ssl_access_log
#LogLevel warn
#SSLEngine on
#SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

#<Files ~ "\.(cgi|shtml|phtml|php3?)$">
#
SSLOptions +StdEnvVars
#</Files>
#<Directory "/var/www/cgi-bin">
#
SSLOptions +StdEnvVars
#</Directory>
#CustomLog logs/ssl_request_log \
#
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>

Then configure your own custom ssl virtualhost config file in /etc/httpd/conf.d directory.
nano /etc/httpd/conf.d/vhost.conf
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/hrms_goldenoiltd_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/hrms_goldenoiltd_com.key
SSLCACertificateFile /etc/httpd/ssl/hrms_goldenoiltd_com.ca-bundle
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>

<Directory /var/www/TimeTrex>
AllowOverride All
</Directory>
ServerAdmin webmaster@goldenoiltd.com
DocumentRoot /var/www/TimeTrex
ServerName hrms.goldenoiltd.com
ErrorLog /var/www/TimeTrex/goldenoiltd.com-error.log
CustomLog /var/www/TimeTrex/goldenoiltd.com-ccess.log combined
</VirtualHost>

restart apache for the change to take effect using

service httpd restart

Point your web browser to:

https://hrms.goldenoiltd.com/interface/install/install.php

http://192.168.1.213/interface/html5/#!m=Login
https://hrms.goldenoiltd.com/interface/html5/#!m=Login