If certbot from Let's Encrypt is not used certificates will need to be updated annually.
keytool -import -alias noodle.domain.tld -trustcacerts -file noodlecert.crt -keystore noodle.pfx
Add the following to the Host tag in server.xml
<Context docBase="ROOT" override="true">
<Resources cachingAllowed="false" />
</Context>Add the following to multiserver or intranet.bat
-Xmx50m -Xms50m -XX:+UseG1GC
Put the following in the MOTD file:
<script>
if (location.href.indexOf("?") < 0) {
location.href = location.href.replace(/(https?:\/\/[^\/]+)(\/.*)?/, "$1/SPNEGO.po");
}
</script>The same can be done for SAML.po
sed -i -e 's/#\(.*[0-9]\/com\)/\1/g' /etc/apk/repositories
apk update
apk add openjdk11 postgresql postgresql-contrib
service postgresql start
#Noodle
cd /opt
tar -xf Noodle.tar.gz
cd Noodle
su postgres -c 'cd;psql --file /opt/Noodle/init.sql'
mv noodle.openrc /etc/init.d/noodle
service noodle startOther Linux Installation examples available.
dnf install -y epel-release
dnf install -y tar postgresql-server postgresql-contrib java-11-openjdk
#optional
dnf install -y vim tmux bc id3lib html2text p7zip-plugins libjpeg-turbo poppler-utils unzip netpbm-progs perl-Image-ExifTool
#optional manual install catdoc unrtf ffmpeg
newcfg (){
F="$1"
chown --reference="$F" "$F".new
chmod --reference="$F" "$F".new
mv -f "$F".new "$F"
}
#PostgreSQL
/usr/bin/postgresql-setup --initdb --unit postgresql
systemctl enable postgresql
TMP=/var/lib/pgsql/data/pg_hba.conf
cp $TMP $TMP.original
cat $TMP | grep -vP "^ *host.*127" > $TMP.new
echo -e "host\tall\tall\t127.0.0.1/32\tpassword" >> $TMP.new
newcfg $TMP
TMP=/var/lib/pgsql/data/postgresql.conf
cp $TMP $TMP.original
MT=$(cat /proc/meminfo | grep MemTotal | perl -pe 's/^[^ ]* *([0-9]+) *kB$/$1\/1000/g');
#java+linux=(512+256)
ECS=$(echo "($MT-(512+256))/2" | bc);
SB=$(echo "($MT-(512+256))/4" | bc);
cat $TMP | perl -pe 's/^#?(effective_cache_size)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = '$ECS'MB$2/g' \
| perl -pe 's/^#?(shared_buffers)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = '$SB'MB$2/g' \
| perl -pe 's/^#?(max_locks_per_transaction)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = 512$2/g' \
| perl -pe 's/^#?(max_connections)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = 60$2/g' \
| perl -pe 's/^#?(checkpoint_segments)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = 30$2/g' \
| perl -pe 's/^#?(log_min_duration_statement)[ \t]*=[ \t]*[^ \t]+([ \t].*)?$/$1 = 30000$2/g' \
| perl -pe 's/^#?(log_line_prefix)[ \t]*=[ \t]*[^#]+(#.*)?$/$1 = '\''%m: '\''\t\t$2/g' \
> $TMP.new
newcfg $TMP
systemctl start postgresql
#Noodle
cd /opt
tar -zxf ./Noodle.tar.gz
su postgres -c 'cd;/usr/bin/psql -d postgres -U postgres --file /opt/Noodle/init.sql'
cd Noodle
cp noodle.service /lib/systemd/system/
systemctl enable noodle
systemctl start noodleOther Linux Installation examples available.
Any user with access to system tools can reset the admin password with a web browser.
Any person with access to the SQL server can change the admin password to another users password
select object_id, username, password from users where username = 'admin' or username = '$ME';
update users set password = '$PASS' where object_id = '$ID';For example
update users set password = 'P3b*cH.5fOBTJl5ELM)W' where username = 'admin';Example scripts for a High availability install of Noodle 7.08.05+.
1) Install 3+ Linux instances with password-less key authentication, run the following on each (using real IPs and domains);
hostname must match domain name.
IP1=192.168.0.141 #dn1
IP2=192.168.0.142 #dn2
IP3=192.168.0.143 #dn3
IP="$(ip addr show | grep "inet " | grep -v 127.0.0.1 | head -n 1 | perl -pe 's/\/.*//g;s/.* //g')"
apt update
apt -y dist-upgrade
apt -y install ceph-fuse openjdk-11-jre
apt -y purge snapd landscape-common
apt -y autoremove
#if public domains are not in use;
echo "
$IP1 dn1 dn
$IP2 dn2 dn
$IP3 dn3 dn
" >> /etc/hosts2) Install Ceph from the admin node (all nodes will wipe /dev/xvdb);
(Ubuntu 20.04 requires this patch first.)
POOL=noodle
apt-get -y install ceph-deploy
ceph-deploy new dn1 dn2 dn3
ceph-deploy install dn1 dn2 dn3
ceph-deploy mon create-initial
ceph-deploy admin dn1 dn2 dn3
ceph-deploy mgr create dn1 dn2 dn3
for N in dn1 dn2 dn3 ; do
ceph-deploy osd create $N --data /dev/xvdb
done
ceph-deploy mds create dn1 dn2 dn3
for N in dn1 dn2 dn3 ; do
ceph-deploy mon add $N
done
ceph osd pool create ${POOL}_data 16
ceph osd pool create ${POOL}_meta 16
ceph fs new ${POOL}_fs ${POOL}_meta ${POOL}_data
for N in dn1 dn2 dn3 ; do
ssh $N "echo 'none /opt/Noodle/FSDB fuse.ceph ceph.name=client.admin,_netdev,defaults 0 0' >> /etc/fstab && mount -a"
done3) Install CockroachDB on all nodes;
cd /opt
wget -qO- https://binaries.cockroachdb.com/cockroach-v19.2.2.linux-amd64.tgz | tar xvz
cp /opt/Noodle/cockroachdb.service /lib/systemd/system/
perl -pi -e "s/\$IPS/${IP1},${IP2},${IP3}/g;s/\$IP/${IP1}/g" /lib/systemd/system/cockroachdb.service
systemctl enable cockroachdb
systemctl start cockroachdb4) initialize CockroachDB from the admin node;
./cockroach-v19.2.2.linux-amd64/cockroach init --insecure --host=${IP}
echo "CREATE USER noodleuser; CREATE DATABASE noodledb WITH ENCODING = 'UNICODE'; GRANT ALL ON DATABASE noodledb to noodleuser;" | ./cockroach-v19.2.2.linux-amd64/cockroach sql --insecure --host=${IP}:262575) Install Noodle on all nodes;
cd /opt
tar -xf Noodle.tar.gz
cd ./Noodle
echo "NoodleNodes[] = ${IP1}, ${IP2}, ${IP3}
FSDB = /opt/Noodle/FSDB" >> conf/noodle.properties
perl -pi -e 's/^(DatabaseManager.DB.intranet.Connection.Url = ).*/$1"jdbc:postgresql:\/\/'"$IP"':26257\/noodledb"/g' conf/noodle.properties
cp noodle.service /lib/systemd/system/
perl -pi -e 's/postgreql.service/ceph.target cockroachdb.service/g' /lib/systemd/system/noodle.service
systemctl enable noodle
systemctl start noodleletsencrypt offers free HTTPS certificates with the limitation that you need to set them up to auto renew every ~3 months. Below are some example scripts that last of which should be called from cron.
DOMAIN=noodle.example.com
EMAIL=me@example.com
PASS=example
DIR=/opt/Noodle/ACME. /opt/Noodle/settings.sh
apt install -y certbot
systemctl disable certbot
mkdir $DIR
certbot register --agree-tos --no-eff-email -m "$EMAIL"
certbot certonly --webroot \
--webroot-path $DIR \
--cert-name "$DOMAIN" \
-d "$DOMAIN"
/opt/Noodle/deploy.shsystemctl restart noodle.service. /opt/Noodle/settings.sh
certbot renew --webroot \
--webroot-path $DIR \
--cert-name "$DOMAIN" \
--deploy-hook /opt/Noodle/deploy.shCurrently Noodle must be restarted to reload the keystore.
OpenJDK is the upstream for all Java builds but does not release builds itself, so there are now many java distributions, some with additional patches. In addition to the Linux distributions (Debian/Ubuntu, Fedora/RedHat, Arch, openSUSE, etc) building off OpenJDK for their package managers the following are available;
| Build | Permissive | Pure | Commercial Support |
| Adoptium (AdoptOpenJDK) / IBM | Yes | Optional | Yes |
| Microsoft (JClarity) | Yes | No | No |
| Azul Zulu | Yes | No | Yes |
| Amazon Corretto | Yes | No | Yes |
| SAP | Yes | No | Yes |
| Liberica | Yes | No | Yes |
| RedHat for Windows | Yes | No | Yes |
| ojdkbuild | Yes | Yes | No |
| Oracle | No | No | Yes |
Windows users can subscribe to releases on github until the windows store catches up with Linux repositories since the year 1998
sudo -i
apt update
apt -y upgrade
apt -y dist-upgrade
apt install -y postgresql-contrib openjdk-11-jre
#optional
apt install -y p7zip-full sysstat catdoc antiword html2text unrtf libid3-tools ffmpeg
#postgresql
su postgres -c 'cd;psql --file /opt/Noodle/init.sql'
echo "host all all 127.0.0.1/32 password" >> /etc/postgresql/12/main/pg_hba.conf
systemctl restart postgresql.service
#Noodle
cd /opt
tar -xf Noodle.tar.gz
cd Noodle
mv noodle.service /lib/systemd/system/
systemctl enable noodle.service
systemctl start noodle.serviceOther Linux Installation examples available.