Installing AVAA Server on AL2023
⚠ This guide is outdated
Before starting, a domain name is required and should already point to the server we are about to configure in this guide.
Security Group
Make sure the security group allows the following inbound TCP ports:
- 80 (HTTP)
- 443 (HTTPS)
- 41744 (AVAA WebSocket)
Upgrade system and install httpd
We will use Apache httpd to serve the editor and AVAA generated files
sudo dnf upgrade -y
sudo dnf install -y screen wget nano httpd
sudo usermod -a -G apache ec2-user
Now logout and login again to take into account latest usermod
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
Apache setup
mkdir /var/www/html/avaa
sudo nano /etc/httpd/conf.d/avaa.conf
Basic configuration file (adapt with your domain name)
<VirtualHost *:80>
ServerName demo.avaa-toolkit.org
ServerAlias demo.avaa-toolkit.org
DocumentRoot /var/www/html/avaa
ErrorLog /var/www/avaa_error.log
CustomLog /var/www/avaa_access.log combined
</VirtualHost>
Start apache and setup auto restart on reboot
sudo systemctl start httpd && sudo systemctl enable httpd
Install AVAA and configure server mode
cd ~/
wget https://avaa-toolkit.org/release/latest -O avaa-latest.zip
unzip ./avaa-latest.zip
cd ./avaa-toolkit
chmod +x ./avaa-toolkit.sh
# create a folder for user generated files
mkdir ./tickets
# move the editor to html root, so it becomes the front page
mv ./editor/* /var/www/html/avaa/
# install java
sudo dnf install -y java-21-amazon-corretto
# https://cloudkatha.com/how-to-install-java-8-11-17-on-amazon-linux-2023-instance/#42_Install_Java_11_on_Amazon_Linux_2023
Install certbot for SSL certificate
HTTPS is required for WebSocket connections so we need to set it up. LetsEncrypt provides free certificates and can be automated with certbot.
sudo dnf install -y gcc augeas-libs augeas-devel python-devel
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-apache
Now let's obtain a certificate
sudo /opt/certbot/bin/certbot certonly --webroot --webroot-path "/var/www/html/avaa" -d demo.avaa-toolkit.org
SSL setup
Let's change now our httpd configuration file
sudo nano /etc/httpd/conf.d/avaa.conf
You should adapt the following sample configuration:
<VirtualHost *:80>
ServerName demo.avaa-toolkit.org
ServerAlias demo.avaa-toolkit.org
DocumentRoot /var/www/html/avaa
ErrorLog /var/www/avaa_error.log
CustomLog /var/www/avaa_access.log combined
Redirect permanent / https://demo.avaa-toolkit.org/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/letsencrypt/live/demo.avaa-toolkit.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo.avaa-toolkit.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/demo.avaa-toolkit.org/chain.pem
ServerAdmin dev@avaa-toolkit.org
ServerName demo.avaa-toolkit.org
ServerAlias *.demo.avaa-toolkit.org
DocumentRoot /var/www/html/avaa
ErrorLog /var/www/avaa_error_log_ssl
Alias /tickets /home/ec2-user/avaa-toolkit/tickets
Alias /assets /home/ec2-user/avaa-toolkit/assets
Alias /include /home/ec2-user/avaa-toolkit/include
</VirtualHost>
<Directory "/home/ec2-user/avaa-toolkit/tickets">
Require all granted
Options Indexes
Order allow,deny
Allow from all
</Directory>
<Directory "/home/ec2-user/avaa-toolkit/assets">
Require all granted
Order allow,deny
Allow from all
Options Indexes FollowSymLinks
</Directory>
<Directory "/home/ec2-user/avaa-toolkit/include">
Require all granted
Order allow,deny
Allow from all
</Directory>
We must also install httpd ssl dependencies
sudo dnf install -y openssl mod_ssl
sudo systemctl restart httpd
Do a chmod +x on your user dir, and restart apache
(https://askubuntu.com/questions/451922/apache-access-denied-because-search-permissions-are-missing)
Make a Java compatible certificate for the WebSocket server
# create a valid full CAfile
sudo cat /etc/letsencrypt/live/demo.avaa-toolkit.org/fullchain.pem /etc/letsencrypt/live/demo.avaa-toolkit.org/chain.pem > allchain.pem
Build JKS
# use password "avaapass"
sudo openssl pkcs12 -export -in /etc/letsencrypt/live/demo.avaa-toolkit.org/cert.pem -inkey /etc/letsencrypt/live/demo.avaa-toolkit.org/privkey.pem -out cert.p12 -name avaacert -CAfile allchain.pem -caname root
sudo keytool -importkeystore -deststorepass avaapass -destkeypass avaapass -destkeystore avaacert.jks -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass avaapass -alias avaacert
Make sure avaacert.jks is in avaa-toolkit directory (currently the certificate path/name/password are hardcoded)
Configure AVAA launcher to use SSL
File avaa-toolkit.sh
java -Xmx8g -jar ./avaa-toolkit.jar --server --server-ssl --server-allowed-origin "https://demo.avaa-toolkit.org"
Adapt with your server's RAM and domain origin
Install FFmpeg
# https://www.johnvansickle.com/ffmpeg/
wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
tar xvf ffmpeg-release-amd64-static.tar.xz
sudo mv ffmpeg-*-amd64-static/ff* /usr/local/bin/
Install Chromium (for PDF)
sudo dnf -y install https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
Edit avaa-config.xml and set the exe attribute
<PDF exe="/usr/bin/google-chrome-stable">
Install deface
yum install libglvnd-glx
Install Python torch (cpu)
sudo dnf -y install pip
pip install torch --index-url https://download.pytorch.org/whl/cpu
Install R
https://github.com/rstudio/r-builds/issues/197
Start AVAA in a screen
screen -S avaa
cd ~/avaa-toolkit/
./avaa-toolkit.sh