Install

Short manual for installing Flamingo4

0. Download Flamingo

Download the version of Flamingo of your choice. If you're uncertain which version suits you, we recommend using the stable version. This version is tested en considered usable for the public. The releases can be found here: Releases

(Older versions can be found here: Archive. )

The release contains:

• 2 .war-files
  • viewer-admin.war: The administrative application.
  • viewer.war: The viewer application

When the version of Flamingo is 4.3 or later, only 2 war files are zipped. The following is not zipped any more.

• Deps: dependencies needed for running the applications
• Database: directory with sql scripts for creating a new database. For updating an existing database, please see Update

---

• You have to set the data directory
• For using Solr follow the instructions here

1. Install Java,Tomcat and a database

Install:

• Java (JDK 1.8 or 11 - a LTS version)
• Tomcat (7 or newer): Docs
• A database, currently supported
  • Postgres (9.6 or newer) Docs
  • Oracle (12.2 or newer)
  • MSSQL (2017 or higher)

Note: if you plan on using TLS secured services that use a signing party that is not recognised by the Java runtime (such as any service signed with a PKIOverheid Certificaten provided by Logius for example PDOK https services) now would be a good time to install the required signing certificates. If you don't you may run into error with messages like: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Example commands to retrieve the certificate and install it in the store are show below.

cd /tmp
wget http://cert.pkioverheid.nl/RootCA-G2.cer
wget http://cert.pkioverheid.nl/RootCA-G3.cer
wget http://cert.pkioverheid.nl/EVRootCA.cer
sudo keytool -importcert -file RootCA-G2.cer -alias "Staat der Nederlanden Root CA G2" -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -storepass changeit -v -noprompt -trustcacerts
sudo keytool -importcert -file RootCA-G3.cer -alias "Staat der Nederlanden Root CA G3" -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -storepass changeit -v -noprompt -trustcacerts
sudo keytool -importcert -file EVRootCA.cer -alias "Staat der Nederlanden EV Root CA" -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -storepass changeit -v -noprompt -trustcacerts

or

cd C:\TEMP
Invoke-WebRequest -Uri "http://cert.pkioverheid.nl/RootCA-G2.cer" -OutFile "C:\TEMP\RootCA-G2.cer"
Invoke-WebRequest -Uri "http://cert.pkioverheid.nl/RootCA-G3.cer" -OutFile "C:\TEMP\RootCA-G3.cer"
Invoke-WebRequest -Uri "http://cert.pkioverheid.nl/EVRootCA.cer" -OutFile "C:\TEMP\EVRootCA.cer"
keytool -importcert -file RootCA-G2.cer -alias "Staat der Nederlanden Root CA G2" -keystore "C:\Program Files\Oracle\Java\jre\lib\security\cacerts" -storepass changeit -v -noprompt -trustcacerts
keytool -importcert -file RootCA-G3.cer -alias "Staat der Nederlanden Root CA G3" -keystore "C:\Program Files\Oracle\Java\jre\lib\security\cacerts" -storepass changeit -v -noprompt -trustcacerts
keytool -importcert -file EVRootCA.cer -alias "Staat der Nederlanden EV Root CA" -keystore "C:\Program Files\Oracle\Java\jre\lib\security\cacerts" -storepass changeit -v -noprompt -trustcacerts

The default password of the java certificate store is changeit also this certificate needs to be re-installed after updating the java runtime. For reasons why this situation is as it is please see the following:

• https://www.logius.nl/ondersteuning/pkioverheid/browserondersteuning-pkioverheid/
• https://cert.pkioverheid.nl/
• https://zoek.officielebekendmakingen.nl/stcrt-2008-1885.html
• ([keytool documentation](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html))

2. Create Database and insert data

This section is divided by the different options of the supported databases. In the packaged zip, there is a directory called "database", which contains scripts for each supported database.

Postgres

1. Create a user in the Postgres instance

CREATE USER flamingo4 WITH PASSWORD 'secret' CREATEDB;

2. Login with that created user to make sure all objects created are owned by this user. You can do this by using

SET SESSION AUTHORIZATION flamingo4;

3. Create a Database:

CREATE DATABASE flamingo4;

Skip the next steps (4 and 5) when the version is 4.3 or later. All the needed Database objects are created when the application is started. Also a default admin user is created. Username: 'admin' Password: 'flamingo' Don't forget to change it!

4. Execute downloaded script (in "database" directory).

5. Insert admin user/password by creating a sha-1 digest. (default the password is 'admin') Here you can create your own sha-1 digest from any password you like to use: http://hash.online-convert.com/sha1-generator

insert into user_(username, password) values ('admin', '<digest>');

Oracle

ToDo

MSSQL

1. Create a user (for example: flamingo)

2. Create a database owned by this user (for example, also named flamingo)

For more details see:

• For postgres: UsePostgreSQL
• For MS SQL server: UseMSSQL

3. Prepare Tomcat

Download the dependency jars needed in tomcat: Deps

1. In the 'unzipped deps' you'll find 2 .jar files in: debs/lib/ Copy all files to the tomcat 'lib' folder (for example: /usr/share/tomcat7/lib/)

2. Edit server.xml (on Ubuntu systems you can find it in eg.: '/etc/tomcat7/server.xml') and add the Database connection settings. Search for the Search for the <GlobalNamingResources> and add the following element (use your own password instead of "secret"):

For Postgres

   <Resource
	name="jdbc/geo_viewer"
	auth="Container"
	type="javax.sql.DataSource"
	username="flamingo4"
	password="secret"
	driverClassName="org.postgresql.Driver"
	url="jdbc:postgresql://localhost:5432/flamingo4"
	maxActive="40"
	validationQuery="select 1"
	timeBetweenEvictionRunsMillis="30000"
	minEvictableIdleTimeMillis="5000"
/>

For Oracle

<Resource
	name="jdbc/geo_viewer"
	auth="Container"
	type="javax.sql.DataSource"
	username="flamingo"
	password="secret"
	driverClassName="oracle.jdbc.OracleDriver"
	url="jdbc:oracle:thin:@serverl:1526/PNBT"
	maxActive="100"
	validationQuery="select 1 from dual"
	timeBetweenEvictionRunsMillis="30000"
	minEvictableIdleTimeMillis="5000"
/>

For MSSQL

<Resource name="jdbc/geo_viewer"
	auth="Container"
	type="javax.sql.DataSource"
	username="<<USERNAME>>"
	password="<<PASSWORD>>"
	driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
	url="jdbc:sqlserver://<<HOST>>;database=<<DATABASE_NAME>>;integratedSecurity=false;"
	maxActive="40"
	validationQuery="select 1"
	timeBetweenEvictionRunsMillis="30000"
	minEvictableIdleTimeMillis="5000"
 />

4. Deploy applications

1. Copy the 2 *.war files (viewer.war and viewer-admin.war) to the tomcat webapps directory

5. Test application

1. Open a webbrowser and go to the page: http://<tomcathost>:<tomcatport>/viewer-admin

2. A login page is shown. If flamingo 4.3 or later is installed the default password is 'flamingo' and the username 'admin'. DON'T FORGET TO CHANGE When using a earlier version of Flamingo you have created the password in one of the steps mentioned earlier.

3. If you can't login, properly something is wrong... Check the log file 'geo-viewer-admin.log' in the <catalina-base>/log directory.