Installing 1C Server + Postgres PRO + Apache + HASP Emulator in Centos 8

Training

Updating, adding EPEL repository, installing software

$ sudo dnf -y update$ sudo dnf -y install epel-release$ sudo dnf -y install wget bzip2 traceroute net-tools nano bind-utils telnet htop atop iftop lsof git rsync policycoreutils-python-utils tar zip unzip

Change the hostname of the server

$ sudo hostnamectl set-hostname server1c$ sudo nano /etc/hosts…192.168.11.235 server1c

On the client machine, the server should ping the domain name

Installing Postgres PRO

Adding the Postgres Pro repository

$ sudo rpm -i http://repo.postgrespro.ru/pgpro-12/keys/centos.rpm$ sudo dnf makecache

Install PostgreSQL PRO std

$ sudo dnf -y install postgrespro-std-12

Checking the status

$ sudo systemctl status postgrespro-std-12

We delete the base, which was created by default

$ sudo rm -rf /var/lib/pgpro/std-12/data

We initialize the database, modify the settings for working with 1c and add support for the Russian language

$ sudo /opt/pgpro/std-12/bin/pg-setup initdb --tune=1c --locale=ru_RU.UTF-8

without –locale = … an error pops up: the sort order is not supported by the database

Add the service to startup and check the availability of port 5432

$ sudo systemctl enable --now postgrespro-std-12$ ss -nltup

Configuring Postgres PRO

Let us authorize users from our network

$ sudo nano /var/lib/pgpro/std-12/data/pg_hba.conf…#IPv4 local connections:host all all 127.0.0.1/32 md5host all all 192.168.11.0/24 md5

Create a password for the postgres user

$ sudo su - postgres$ psql=# ALTER USER postgres WITH ENCRYPTED PASSWORD 'vTH886v4g2TqcD';=# q$ exit

Restarting the postgrespro-std-12 service

$ sudo systemctl restart postgrespro-std-12

Server 1C installation

First, you need to download the server 1c distribution kit for linux to the / tmp directory You can do this from the official website, or search on the Internet

Unpack the archive with the distribution kit and install

$ cd /tmp$ tar xvf rpm64_8_3_17_1549.tar.gz$ sudo dnf -y localinstall *.rpm

Change the owner and group of the / opt / 1C directory

$ sudo chown -R usr1cv8:grp1cv8 /opt/1C

Add the srv1cv83 service to startup, start it and check the status

$ sudo systemctl enable srv1cv83$ sudo systemctl start srv1cv83$ sudo systemctl status srv1cv83

Setting up the 1C server

We create a directory in which 1c configurations will be stored for connecting to the base

$ sudo mkdir -p /mnt/1c/base$ sudo chown -R usr1cv8:grp1cv8 /mnt/1c/base

We edit the configuration file of the server 1c srv1cv83, specify the path to the new directory

$ sudo nano /etc/sysconfig/srv1cv83…SRV1CV8_DATA=/mnt/1c/base

Restart the srv1cv83 service and check the status

$ sudo systemctl restart srv1cv83$ sudo systemctl status srv1cv83

Installing and configuring the HASP driver

Install the required utility

$ sudo dnf -y install glibc

Download rpm packages

$ cd /tmp$ wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/CentOS/7/haspd-7.90-eter2centos.x86_64.rpm$ wget http://download.etersoft.ru/pub/Etersoft/HASP/last/x86_64/CentOS/7/haspd-modules-7.90-eter2centos.x86_64.rpm

Install them

$ sudo dnf -y localinstall haspd*

Configuring

$ sudo nano /etc/haspd/hasplm.conf…NHS_IP_LIMIT = 127.0.0.1, 192.168.11.0/24

This line lists the networks and hosts that will be able to see the HASP key

Restart the haspd service, look at the status

$ sudo systemctl restart haspd$ sudo systemctl status haspd

Configuring Firewalld

Opening ports

$ sudo firewall-cmd --permanent --add-port=80/tcp$ sudo firewall-cmd --permanent --add-port=1540/tcp$ sudo firewall-cmd --permanent --add-port=1541/tcp$ sudo firewall-cmd --permanent --add-port=1560/tcp$ sudo firewall-cmd --permanent --add-port=5432/tcp$ sudo firewall-cmd --reload$ sudo firewall-cmd --list-all

Creation of a 1c database (on a windows machine through the administration console of 1C Enterprise servers)

Launch the 1C Enterprise server administration console with the right mouse button (RMB):

Central 1C:Enterprise 8.3 servers - Создать - Центральный сервер 1С:Предприятие 8.3

Протокол: TCPИмя: server1cIP порт: 1540

Installing 1C Server + Postgres PRO + Apache + HASP Emulator in Centos 8 2

The “Local cluster” cluster will be created automatically

Installing 1C Server + Postgres PRO + Apache + HASP Emulator in Centos 8 3

Now we create an information base

Выбираем "Local cluster" - Информационные базы - ПКМ - Создать - Информационная база

Installing 1C Server + Postgres PRO + Apache + HASP Emulator in Centos 8 4

Имя: base1cЗащищенное соединение: выключеноСервер баз данных: sever1cТип СУБД: PostgreSQLБаза данных: base1cПользователь сервера БД: postgresПароль пользователя БД: vTH886v4g2TqcD (этот пароль был задан на этапе установки БД)Создать базу данныз в случае ее отсутствия: +

Installing 1C Server + Postgres PRO + Apache + HASP Emulator in Centos 8 5

Installing fonts to prepare for web server publishing

Installing the required packages

$ sudo dnf -y install rpm-build ttmkfdir fontconfig freetype libgsf unixODBC

We also need a package cabextractbut under Centos 8 it is not in the base repositories. Therefore, we download it from a third-party source and install

$ cd /tmp$ wget https://pkgs.dyn.su/el8/base/x86_64/cabextract-1.9-2.el8.x86_64.rpm$ sudo dnf -y localinstall cabextract-1.9-2.el8.x86_64.rpm

Download the specification file for installing microsoft fonts

$ wget http://corefonts.sourceforge.net/msttcorefonts-2.5-1.spec

Preparing the font package

$ rpmbuild -bb msttcorefonts-2.5-1.spec

Running the rpmbuild … command should download all the fonts and build the package. If during the execution of the command an error appears, for example: “Connection timed out, could not resolve the mirror address”, you need to run the command again.

Installing the font package

$ sudo rpm -ivh $HOME/rpmbuild/RPMS/noarch/msttcorefonts-2.5-1.noarch.rpm

Installing the Apache web server

Install Apache

$ sudo dnf -y install httpd

We add it to startup, run it and see the status

$ sudo systemctl enable --now httpd$ sudo systemctl status httpd

Let’s create a directory, it will be used as a publishing path for the 1c web server

$ sudo mkdir -p /var/www/infobase

Let’s create an empty file, it will be specified as the configuration file of the 1c web server

$ sudo touch /etc/httpd/conf.d/base.conf

Next, we publish the 1C database

$ cd /opt/1C/v8.3/x86_64$ sudo ./webinst -apache24 -wsdir base -dir /var/www/infobase/ -connStr "Srvr=server1c;Ref=base1c;" -confPath /etc/httpd/conf.d/base.confPublication successful

Where

-dir — путь к папке вебсервера, ранее созданная директория-connStr — путь к расположеныю файловой базы 1С-confPath — путь к файлу конфигурации вебсервера, ранее созданный файл (должен быть быть пустым)-publish - указывает необходимое действие, в данном случае публикацию, может быть опущен, так как это действие по умолчанию-wsdir - имя публикации, по которому к базе следует обращаться из браузера, обратите внимание, что оно регистрозависимое-connstr - строка соединения, состоит из нескольких частей: Srvr - имя сервера, Ref - имя базы на сервере, каждая часть должна заканчиваться служебным символом ";"

Change the owner and group of the created file, restart Apache

$ sudo chown apache:apache /var/www/infobase/default.vrd$ sudo systemctl restart httpd

SELinux configuration

Create a file with a description of web 1c policies for Selinux

$ cd /tmp$ nano httpd_1c.temodule httpd_1c 1.0;require {type httpd_t;type httpd_tmp_t;type user_home_t;type httpd_sys_content_t;class dir { add_name create read remove_name rmdir write };class file { create lock open read rename setattr unlink write };class file execute;}============= httpd_t ==============!!!! This avc is allowed in the current policyallow httpd_t httpd_sys_content_t:file write;!!!! This avc is allowed in the current policyallow httpd_t user_home_t:dir { add_name create read remove_name rmdir write };allow httpd_t user_home_t:file rename;!!!! This avc is allowed in the current policyallow httpd_t user_home_t:file { create lock open read setattr unlink write };!!!! This avc can be allowed using the boolean ‘httpd_tmp_exec’allow httpd_t httpd_tmp_t:file execute;

Compile and install the policy

$ sudo checkmodule -M -m -o httpd_1c.mod httpd_1c.te$ sudo semodule_package -o httpd_1c.pp -m httpd_1c.mod$ sudo semodule -i httpd_1c.pp

Restart Apache Server

$ sudo systemctl restart httpd

In my case, the upper rule did not help, I had to do the following:

Analyzing the log, compiling and installing another policy

$ cd /tmp$ sudo grep httpd /var/log/audit/audit.log | grep denied | audit2allow -m httpdlocalconf > httpdlocalconf.te$ sudo grep httpd /var/log/audit/audit.log | grep denied | audit2allow -M httpdlocalconf$ sudo semodule -i httpdlocalconf.pp

Checking in the browser:

http://192.168.11.235/base

Or through a 1C thin client at the same address.

This completes the installation of Server 1c with the PostgreSQL database and the publication of the server on the web. You can plug in a USB dongle with a license to the server and work. But if you deploy for testing purposes, you can install a HASP emulator.

Installing HASP emulator in Centos 8 from source

Install build utilities

$ sudo dnf -y install gcc gcc-c++ make

Installing kernel headers

$ sudo dnf -y install kernel-devel

Installing utilities for building dependencies

$ sudo dnf -y install jansson-devel libusb.i686 elfutils-libelf-devel

Install GIT

$ sudo dnf -y install git

Download sources VHCI_HCD, LIBUSB_VHCI and USB_HASP to the / usr / src directory

$ cd /usr/src$ sudo wget https://sourceforge.net/projects/usb-vhci/files/linux%20kernel%20module/vhci-hcd-1.15.tar.gz/download -O vhci-hcd-1.15.tar.gz$ sudo wget https://sourceforge.net/projects/usb-vhci/files/native%20libraries/libusb_vhci-0.8.tar.gz/download -O libusb_vhci-0.8.tar.gz$ sudo git clone https://github.com/sam88651/UsbHasp.git

Unpack the sources VHCI_HCD and LIBUSB_VHCI

$ sudo tar -xpf libusb_vhci-0.8.tar.gz$ sudo tar -xpf vhci-hcd-1.15.tar.gz

Compiling VHCI_HCD

$ KVER=uname -r$ cd vhci-hcd-1.15$ sudo mkdir -p linux/${KVER}/drivers/usb/core$ sudo cp /usr/src/kernels/${KVER}/include/linux/usb/hcd.h linux/${KVER}/drivers/usb/core$ sudo sed -i 's/#define DEBUG///#define DEBUG/' usb-vhci-hcd.c$ sudo sed -i 's/#define DEBUG///#define DEBUG/' usb-vhci-iocifc.c$ sudo sed -i 's/VERIFY_READ, //' usb-vhci-iocifc.c$ sudo sed -i 's/VERIFY_WRITE, //' usb-vhci-iocifc.c$ sudo make KVERSION=${KVER}

Install VHCI_HCD

$ sudo make install

Load the usb_vhci_hcd module

$ echo "usb_vhci_hcd" | sudo tee /etc/modules-load.d/usb_vhci.conf$ sudo modprobe usb_vhci_hcd

Load the usb_vhci_iocifc module

$ echo "usb_vhci_iocifc" | sudo tee -a /etc/modules-load.d/usb_vhci.conf$ sudo modprobe usb_vhci_iocifc

Compiling LIBUSB_VHCI

$ cd ../libusb_vhci-0.8$ sudo ./configure$ sudo make -s

Install LIBUSB_VHCI

$ sudo make install$ echo "/usr/local/lib" | sudo tee /etc/ld.so.conf.d/libusb_vhci.conf$ sudo ldconfig

Compiling UsbHasp

$ cd ../UsbHasp$ sudo make -s

Install UsbHasp

$ sudo cp dist/Release/GNU-Linux/usbhasp /usr/local/sbin

Create a directory for dumping usb keys

$ sudo mkdir /etc/usbhaspkey/

Create a system unit usbhaspemul.service

$ sudo nano /etc/systemd/system/usbhaspemul.service[Unit]Description=Emulation HASP key for 1CRequires=haspd.serviceAfter=haspd.service[Service]Type=simpleExecStart=/usr/bin/sh -c 'find /etc/usbhaspkey -name "*.json" | xargs /usr/local/sbin/usbhasp'Restart=always[Install]WantedBy=multi-user.target

Add the usbhaspemul service to startup

$ sudo systemctl daemon-reload$ sudo systemctl enable usbhaspemul

We load the dumps of usb-keys to the / etc / usbhaspkey / directory (search for dumps on the Internet)

$ sudo cp /tmp/Dumps/1c_server_x64.json /etc/usbhaspkey/$ sudo cp /tmp/Dumps/100user.json /etc/usbhaspkey/

Trying to run USB HASP Emulator, check the status

$ sudo systemctl start usbhaspemul$ sudo systemctl status usbhaspemul

miscellanea

The server was deployed in VirtualBox, parameters:

OS: Centos 8.2 dvd isoсеть: сетевой мост$ cat /etc/hosts192.168.11.235 server1cВ винде в drivers/etc/hosts192.168.11.235 server1c
Sidebar