Installing OFBiz ERP
(not sure why but failed at proxy from 80/443 to 8080/8443)

I'm starting here assuming you have a type of Ubuntu server OS installed on a machine. At this stage the only way to communicate with your server is to be at it's physical keyboard & screen, or to SSH into it with some terminal type console window (CMD for Windows OS). If you named your server myerp , named it's admin erpadmin and you are using a normal computer to access it, in the terminal window type ssh erpadmin@myerp and hit enter. If it looks like an error occured you can use the internal IP that you saw while installing the OS, like this, ssh erpadmin@192.168.1.184.

The first login always asks you to approve the key for encryption so just answer yes. then put in the password you made for that admin. After you're in, do the following:

• sudo nano /etc/apt/sources.list #(note that the first use of SuDo has you enter the admin password again)
  then add these lines at the bottom of the file,
  # I put this next line in here
  deb http://download.webmin.com/download/repository sarge contrib
  Ctrl+X says leave the Nano file editor, then answer "Y"es to save the changes, then press your enter key to finish.
  ...OR...
  Ctrl+O then [Enter], then Ctrl+X, which is, write out the changes, and leave.

• sudo wget http://www.webmin.com/jcameron-key.asc

• sudo apt-key add jcameron-key.asc

• sudo apt-get update

• sudo apt-get install -y apt-transport-https asciidoctor asciidoctor-doc

• sudo apt-get install -y build-essential

• sudo apt-get install -y libdbi-perl libdbd-pg-perl libhtml-entities-numbered-perl libhtml-html5-entities-perl libtest-exception-perl libmodule-build-perl libwrap0 libwrap0-dev mcrypt libmcrypt-dev zip unzip zip unzip

• sudo apt -y install git #(on Ubuntu 20.04 it's preinstalled, but you can still run it to see)

• sudo apt -y upgrade #(look at the messages output near the top after this operation starts. "no longer requirred:")

• sudo apt -y autoremove #(on a fresh install, this is safe. Once I did it on a complex system and many bad things happened!!!)

• sudo apt-get -y install webmin

A reboot is comming next, but in this case we side track because of an old paranoia I have from fresh installation problems MariaDB on Ubuntu Servers back when 18.04 was new.

At this point you can access the Webmin system with https://myerp:10000/ and login with any real user with login capabilities you made on the system, but most likely you'll only use the one you created during the OS installation.

Since Webmin uses the "snakeoil" private key for secure websites, you will get the warning pages in a browser. Click the thing for advanced, then look for the thing for accept the risks and click it too.

One minor sidetrack, the Pearl Webmin GUI always has some suggested modules to install.

In Webmin's left-side-panel, go to the "Webmin -> Tools" section and click the Pearl Modules option. This GUI is an alternative to the "cpan[1]> " shell. Switch from the "Install module" tab to the "Suggested modules" tab. You'll probably see the right-side-box "Modules to Install" already populated with some things like "Authen::Libwrap". Those are the things ready to install, so just click the [Install Selected Modules] button at the bottom to install what's in the suggested queue.

• Open Webmin in a browser by the computers name during OS install (https://myerp:10000/), or the IP Address of that machine in your network (maybe https://192.168.1.184:10000/ or something like that).

• Use the Bootup and Shutdown section of "Webmin -> System" to disable Apparmor

  • Check the box for apparmor, then scroll to the bottom of that screen. Find the button [Disable Now and On Boot], and click it.

• sudo reboot now, or click the button for [Reboot System], and pro tip, since you use it a lot, click the star atop the next page to add it to favorites. The favorites button is the star near your logout button at the bottom of the left-side-panel.

Go back to your terminal window and login again with ssh. (note, you could also do these commands via Webmin, but sometimes a terminal is faster)

Ubuntu's APT repositories will put the 10.3 version of MariaDB on by the commands below, but...
You can go to the "Webmin -> System -> Software" section and put this
mariadb-server mariadb-client mariadb-backup mariadb-test mariadb-common
into the text box for "( ) Package from APT", click it's radio button, and then the [Install] button.

...OR...

• sudo apt -y install mariadb-server mariadb-client mariadb-backup mariadb-test mariadb-common

After that's done, go back at the Webmin page, look low on the left-side-panel and click the Refresh Modules section, then after it's done select the MySQL Database Server option of "Webmin -> Servers" section. The main screen panel should say "MariaDB Database Server" at the top and you can see that server is running because there's a button to stop it but not one to start it.

To set, or at least know what your DB Admin Password is, do one of two things:
In the the "Webmin -> Servers" section, click the MySQL Database Server option. At the bottom right, look for the button named "Change Administration Password" and click it. Write your "CHANGE-THIS-TO-A-PASSWORD" password in twice then click [Save Now].
...OR...
Go back to your Terminal Window to issue the following commands.

• sudo mysql -u root

  • USE mysql; #(note the difference between the command prompt before and after you do this command)

  • UPDATE user SET plugin='mysql_native_password' WHERE User='root';

  • UPDATE user SET authentication_string=password('CHANGE-THIS-TO-A-PASSWORD') WHERE user='root';

  • FLUSH PRIVILEGES;

  • EXIT; ...OR... \q

• If you used the Terminal Window, and your window in Webmin is still at "MariaDB Database Server", refresh the page, if not navagate there again with the servers menu. It should be waiting for you to enter the "CHANGE-THIS-TO-A-PASSWORD" password you just made a couple steps ago. You should now see the GUI controls for manipulating your database schema again.

You could re-enable the apparmor protective software at this point, or you could wait till after everything works right.

• Use Bootup and Shutdown section of "Webmin -> System" to enable Apparmor

  • Check the box for apparmor, then scroll to the bottom of that screen. Find the button [Start Now and On Boot], and click it.

• sudo reboot now, or click the button for [Reboot System].

After the reboot, have a look at the "MariaDB Database Server" module to see if it's running. It should be.

Somehow, this is the only stated system requirement for the OFBiz software; specifically OpenJDK 8. I don't know if other versions are fine.

During the MariaDB install above, you were given an opportunity to work with a software management GUI. You'll use it again now, but take a closer look at a handy feature.

Go to the "Webmin -> System -> Software" section and find the [Search APT] button just past that "( ) Package from APT" option and click it. Unless you are blocking pop-up's for the Webmin, you'll see a search box in the top left area of your monitor. Write openjdk in it's text box and click it's [Submit Query] button or your Enter key. If you click on a link for a software version it will close that window and write that software name in the pachage manager ready to be installed.

You can go to the "Webmin -> System -> Software" section and put this
openjdk-8-jdk openjdk-8-jre openjdk-8-doc openjdk-8-dbg
into the text box for "( ) Package from APT, click it's radio button, and then the [Install] button.

...OR...

• sudo apt -y install openjdk-8-jdk openjdk-8-jre openjdk-8-doc openjdk-8-dbg

Check the install with "java -version".

Also do this because Rahul said so.

• sudo cat >> /etc/environment <<EOL

• JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64

• JRE_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre

• EOL

...BUT...
That didn't work for me so I used the file editor in Webmin to add the lines.

Go to the "Webmin -> Tools -> File Manager" section and browse your way to the /etc folder then page through till you get to the file called "environment" in that folder. When you hover over that file a vertical elipsis (3-dots) appears on the left side. That tool permits editing the file. You can copy and paste the block below into that file and don't disturb the PATH="... line:

JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64"

JRE_HOME="/usr/lib/jvm/java-8-openjdk-amd64/jre"

A command line alternative to this is:

• sudo pico /etc/environment

Generally that environment isn't loaded for the currently logged in users, so log them out or just reboot the system.

The first thing the Apache folks want us to do is download the system and the keys to check it's integrity.

You can use the Webmin File manager to pull-down a file into any directory. From inside the "Webmin -> Tools -> File Manager" section, click the [File] part of the top right tools menu. You want the last choice in it's context menu; click Download from remote URL. Then after chosing that the new dialogue box requires you to type or copy/paste the URL of that resource;
... first software: https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip
... second the PGP Signature key: https://dlcdn.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.asc
... ... the SHA512 key: https://dlcdn.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.sha512
... ... and the KEYS thing: https://dlcdn.apache.org/ofbiz/KEYS which.
...OR...

• wget https://dlcdn.apache.org/ofbiz/apache-ofbiz-18.12.05.zip #(I'm fairly certian there's no difference between dlcdn & downloads)

• wget https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.asc

• wget https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.sha512

• wget https://downloads.apache.org/ofbiz/KEYS

So you got your stuff, now to do something with it. Again you have two chioices, the Webmin Filemanager, or the Terminal Window.

In the extreme top right of the "Webmin -> Tools -> File Manager" section, click thetool icon for "Command Shell" >_. That lets you run commands as if you are in a dedicated Terminal Window (not quite as good, but sufficient), and in the directory currently displayed by the file manager. Whichever way you choose, run these commands to test things:

• gpg --import KEYS

• gpg --verify apache-ofbiz-18.12.05.zip.asc apache-ofbiz-18.12.05.zip

So both of those should have given you positive outputs instead of error messages:

Success:

[erpadmin@myerp ~]# gpg --import KEYS

gpg: key 7A580908847AF9E0: 22 signatures not checked due to missing keys

gpg: /root/.gnupg/trustdb.gpg: trustdb created

gpg: key 7A580908847AF9E0: public key "Jacopo Cappellato (CODE SIGNING KEY) <jacopoc@apache.org>" imported

gpg: key 28BA80E8847AF9E0: 2 signatures not checked due to missing keys

gpg: key 28BA80E8847AF9E0: public key "Jacopo Cappellato (CODE SIGNING KEY) <jacopoc@apache.org>" imported

gpg: Total number processed: 2

gpg: imported: 2

gpg: no ultimately trusted keys found

[erpadmin@myerp ~]# gpg --verify apache-ofbiz-18.12.05.zip.asc apache-ofbiz-18.12.05.zip

gpg: Signature made Sun Jan 2 10:57:07 2022 UTC

gpg: using RSA key 7A580908847AF9E0

gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <jacopoc@apache.org>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to the owner.

Primary key fingerprint: 3545 C5E3 1CC2 D029 B2CC AD06 7A58 0908 847A F9E0

Now you know that the UPS/FedEX/USPS/whatever didn't damage your fancy Brookstone product in transit. Any errors while installing it will have nothing to do with wget or Internet connections / hop-stations for transporting the files.

Time for the unboxing ceremony, live stream yourself on Tic-Toc or Snapchat I guess. Like other things above, you can unzip that "apache-ofbiz-18.12.05.zip" file with Webmin's Filemanager, or with commands in a Terminal Window. In webmin, hover the mouse over the left edge of the files row and click the vertical elipsis (3-dots) for a menu that has the unzip option (Extract) which has a submenu for extra options like deleting the zip after or loading in the password if it had one.
...OR...

• unzip apache-ofbiz-18.12.05.zip

• mv apache-ofbiz-18.12.05 /usr/local/apache-ofbiz #(this is a renaming of the folder despite mv meaning move)

• rm -f apache-ofbiz-18.12.05.zip

So now it's likely you have a subfolder of apache-ofbiz in your erpadmin home folder, and a specific subfolder inside apache-ofbiz that has the version number still in it's name. That's a good "best practice". The exact name choices for things are not very important, as long as you make sure to edit commands to suit your changes instead of mindlessly copy/paste'ing into a Terminal Window.

So the next phase of this journy will happen inside that /home/erpadmin/apache-ofbiz/apache-ofbiz-18.12.05 location. I'm reccomending to use the Terminal Window for this part instead of the Webmin GUI interface. REMINDER, look for error messages in the output after issuing a command.

• ssh erpadmin@myerp #(if you aren't already logged into your server)

• cd apache-ofbiz/apache-ofbiz-18.12.05

• ./gradle/init-gradle-wrapper.sh

• ./gradlew cleanAll loadAll #(This is going to do a lot. Pack a lunch. My personal wait time was 40 minutes with a FiOS residential connection.)

  • Two Hours Later...
    > Task :loadAll
    
    BUILD SUCCESSFUL in 36m 33s
    25 actionable tasks: 20 executed, 5 up-to-date
    

• ./gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
  #(Don't do this one if you just want to play around. See the details in your /home/user/erpadmin/apache-ofbiz/apache-ofbiz-18.12.05/README.adoc and/or /home/user/erpadmin/apache-ofbiz/apache-ofbiz-18.12.05/INSTALL file. See also: https://docs.asciidoctor.org/asciidoctor/latest/get-started/)

  • Two Hours Later...
    > Task :loadAdminUserLogin
    
    BUILD SUCCESSFUL in 20m 31s
    27 actionable tasks: 23 executed, 4 up-to-date
    

• At the first attempt to hit https://myerp:8443/webtools I got an error so needed to put allowed host names into the "security.properties" file hiding in the "/home/omerpadmin/apache-ofbiz/apache-ofbiz-18.12.05/framework/security/config/" folder.
  Open that file to edit line 157 from

  • host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
    ...TO...

  • host-headers-allowed=localhost,myerp,192.168.1.184,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
    ... or whatever is appropriate for your situation.
    

• ./gradlew ofbiz #(This is the command that makes the software active for use. Not really permanent though, like after a reboot run it again or add it to cron.)

  • Two Minutes Later...
    ____ __________ _
    / __ \/ ____/ __ )(_)___
    / / / / /_ / __ / /_ /
    / /_/ / __/ / /_/ / / / /_
    \____/_/ /_____/_/ /___/ is started and ready.
    
    ...AND...
    
    YYYY-MM-DD HH:MM:SS,NNN |OFBiz-JobQueue-0 |ServiceDispatcher |T| Sync service [default/runServiceOnSubscriptionExpiry] finished in [408] milliseconds
    

• At the first attempt to hit https://myerp:8443/webtools I got an error so needed to put allowed host names into the "security.properties" file hiding in the "/home/omerpadmin/apache-ofbiz/apache-ofbiz-18.12.05/framework/security/config/" folder.
  Open that file to edit line 157 from

  • host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
    ...TO...

  • host-headers-allowed=localhost,myerp,192.168.1.184,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
    ... or whatever is appropriate for your situation.

So somehow in all that, Apache has a private type of Tomcat mini server running and a demo SSL cert going because it's connecting via the 443 (8443) port.

As hinted to above, it won't be running after a server reboot, so either every restart you have to remember to do "cd /home/erpadmin/apache-ofbiz/apache-ofbiz-18.12.05 && ./gradlew ofbiz" or you can make a new Cron job. Open "Webmin -> System -> Scheduled Cron Jobs" and click a button for [Create a new scheduled cron job].

• Change the Execute cron job as field to erpadmin

• In the Command field paste your version of cd /home/erpadmin/apache-ofbiz/apache-ofbiz-18.12.05. && ./gradlew ofbiz

• Add a Description if you want to

• In the Simple schedule dropdown, select the When system boots option

• Click that [Create] button

I guess now, you "gotta git'yer lurn on."

This method is posted on Apache's Confluence Wiki pages.

In my particular case, I will be putting this instance on a production server in my Router's DMZ server. It's a virtualized environment managed with the Virtualmin GUI, and it will be in a sub-server of one of my FQDN's.

Prerequisites for OFBiz

The first thing on their list is the Java 8 install, which is the same as "These commands are for the OpenJDK-8 software:" above.

Get the OFBiz Software

Now, it's a matter of finding a way to get the latest version of OFBiz down onto your server in the right place for you. Their instructions put it into /var/www/ofbiz which is great if you are doing a standalone server. I'm a virtualized webserver using Virtualmin, so below is for my system. Assume my subserver is myerp, its FQDN is erp-sas.com, its admin for that environment is sassyadmin (the Apache instructions use ofbiz), and the password is terriblepassword. After things are done its access point will be https://myerp.outsourcedmath.com/webtools. If you don't already have a Virtual Server to put things into, make one. In the Virtualmin tab of the left-side-panel click create virtual server for a brand new FQDN, or be in an existing FQDN and during that create a server process select Create a Sub-Server from the options at the top of that creation page.

OFBiz 18.12.05 was the latest as of this writing. It's link was https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip for the zip type archive. So the instructions above in "Getting and building the OFBiz ERP System:" for the download and verify remain the same. On my system I need to be in the folder for /home/sassyadmin/domains/myerp.erp-sas.com and the unzipped stuff will go into it's subfolder of /public_html.

So now you should have downloaded the software and the associated verification keys, checked it for validity, and moved the unzipped files and folders to the root location of that website. The owner and Group of the stuff should all be your admin account, e.g.for me it's sassyadmin and for Apache it's ofbiz. So from your /home/sassyadmin/domains/myerp.erp-sas.com/public_html folder, logged in as the sassyadmin account you will start to run commands to build out the OFBiz system. Run the gradle/init-gradle-wrapper.sh command now.

Prerequisites for MariaDB

Unlike the instructions above for "These first commands are for the MariaDB software and adding the Webmin interface for it:" above, you probably don't have the required "libmariadb-java" program library. Install it with sudo apt-get install libmariadb-java or the many ways discussed above in thei document. Back in your /home/sassyadmin/domains/myerp.erp-sas.com/public_html folder, run the mkdir -p framework/entity/lib/jdbc command, then the cp /usr/share/java/mariadb-java-client.jar framework/entity/lib/jdbc command to get the relevant MariaDB connector we just installed into the hands of Apache's Gradle command scripts.

Building the Database

The Apache instructions give the simple and quick command line method as shown below, but Webmin/Virtualmin can be used to make accounts and databases also. The proper nouns used below are something you can be creative with, but must be consistent when editing config files. Having too many things named ofbiz___ is a great way to get dangerously confused.

• mysql -u root -p
  rootUserPassword

  • create database ofbizmain; #(the main data storage location)

  • create database ofbizolap; #(the OLAP data storage location)

  • create database ofbiztenant; #(the mulit-Tennant data storage location)

  • use mysql;

  • select database();

  • create user bizadmin@localhost;

  • create user olapadmin@localhost;

  • create user tenantadmin@localhost;

  • set password for 'bizadmin'@'localhost' = PASSWORD("goodPassword1");

  • set password for 'olapadmin'@'localhost' = PASSWORD("goodPassword2");

  • set password for 'tenantadmin'@'localhost' = PASSWORD("goodPassword3");

  • grant all privileges on ofbizmain.* to 'bizadmin'@localhost identified by 'goodPassword1';

  • grant all privileges on ofbizolap.* to 'bizadmin'@localhost identified by 'goodPassword1';

  • grant all privileges on ofbiztenant.* to 'bizadmin'@localhost identified by 'goodPassword1';

  • grant all privileges on ofbizmain.* to 'olapadmin'@localhost identified by 'goodPassword2';

  • grant all privileges on ofbizolap.* to 'olapadmin'@localhost identified by 'goodPassword2';

  • grant all privileges on ofbiztenant.* to 'olapadmin'@localhost identified by 'goodPassword2';

  • grant all privileges on ofbizmain.* to 'tenantadmin'@localhost identified by 'goodPassword3';

  • grant all privileges on ofbizolap.* to 'tenantadmin'@localhost identified by 'goodPassword3';

  • grant all privileges on ofbiztenant.* to 'tenantadmin'@localhost identified by 'goodPassword3';

  • EXIT; ...OR... \q

These types of commands are so common that software like phpMyAdmin has things where you put in one word and it creates the username, password and linked database all in one click. I struggle with granting *.* as the Apache instructions show instead of localmysql.* for the usernames because I'm not contanerized or single purpose server. It might seem paranoid, but why give a bigger attack surface to yourself? Since I see statements in the config indicating that each database user account has to have read access at minimum on the other databases, I just did it the way I think would be appropriate and reasonably secure for other systems using the same data server.

Configuration File Edits

Apache's instructions have us edit the Configuration file for database connections and then make the databases and accounts, but I think it's wiser to get familiar with the names of the databases and users before editing the config files.

Quite different from "Getting and building the OFBiz ERP System:" above, we need to tinker with the OFBiz configuration file before the long build procedure starts. Of the many ways noted above in this document, pick your favorite and open /home/sassyadmin/domains/myerp.erp-sas.com/public_html/framework/entity/config/entityengine.xml for editing.

Near line 54 is the delegator block and that is the first place to edit. They have you alter localderby, localderbyolap, and localderbytenant to be localmysql, localmysqlolap, and localmysqltenant. Find & Replace text editing tools are not reccommended, but if you are careful, and only change things in the delegator blocks 9 locations, you should be fine.

<delegator name="default" entity-model-reader="main" entity-group-reader="main" entity-eca-reader="main" distributed-cache-clear-enabled="false">
<group-map group-name="org.apache.ofbiz" datasource-name="localmysql"/>
<group-map group-name="org.apache.ofbiz.olap" datasource-name="localmysqlolap"/>
<group-map group-name="org.apache.ofbiz.tenant" datasource-name="localmysqltenant"/>
</delegator>

Because of what I saw in this config file and the info under the subheading "Running OFBiz Automated Tests" of the instructions this stems from, I assumed their instructions want us to alter the lines near 60 & 67 too the same way you see things done above.

Now you'll start also doing copy/paste of the three unique users/passwords and database names in the MariaDB system you probably already created via the instructions above.

Near line 338, we see the localmysql datasource block starting. That identifier is how the delegator blocks above, find the appropriate datasource blocks below.

<datasource name="localmysql"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"

Near line 358, we change a few things starting with com.mysql.jdbc.Driver, where we want it to be org.mariadb.jdbc.Driver.

<inline-jdbc
jdbc-driver="org.mariadb.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1:3306/ofbizmain?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="bizadmin"

jdbc-password="goodPassword1"
isolation-level="ReadCommitted"
pool-minsize="2"

Near line 371, we see the localmysqlolap datasource block. Change that name if you picked your own database name.

<datasource name="localmysqlolap"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"

Near line 391, we make changes appropriate for the OLAP portion

<inline-jdbc
jdbc-driver="org.mariadb.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1:3306/ofbizolap?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="olapadmin"

jdbc-password="goodPassword2"
isolation-level="ReadCommitted"
pool-minsize="2"

Near line 404, we see the localmysqltenant datasource block. Change that name if you picked your own database name.

<datasource name="localmysqltenant"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"

Near line 424, we make changes appropriate for the Tenant portion.

<inline-jdbc
jdbc-driver="org.mariadb.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1:3306/ofbiztenant?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="tenantadmin"

jdbc-password="goodPassword3"
isolation-level="ReadCommitted"
pool-minsize="2"

Load Data Into the Daatabases

Apache's instructions give two seperate commands to populate the system with data before launching it's webserver. The command below is their minimal ready for service but no demo data. Your prompt in a Terminal window should be in that "" directory, then issue the command:

./gradlew "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin

I personally ran into one snag with this command. My system had a openjdk11 & openjre11 on it from a previous & failed attempt at installing this as the Tomcat+Derby version. Uninstalling the Java 11 versions fixed the problem.

If the command doesn't end with this:

> Task :loadAdminUserLogin

BUILD SUCCESSFUL in 4m 28s
12 actionable tasks: 9 executed, 3 up-to-date

scroll up through the messages scanning for anything that might make sense to you. A typo in that config file can error it out.

Preparing and Launching the OFBiz Server

Edit the framework/security/config/security.properties file with your favorite method. Near line 155, add your URL that it will serve from to the list of "host-headers-allowed":

# -- no spaces after commas,no wildcard, can be extended of course...
host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
host-headers-allowed=localhost,127.0.0.1,myerp.erp-sas.com

While you have that file open, read the comments and alter things as you see fit. The security model for passwords is from the 1980's so tweak it if you like; e.g. today a minimum password should be 9 characters.

So now you're at a big moment, from your ~/domains/myerp.erp-sas.com/public_html folder, run the following command:

• ./gradlew ofbiz

After you see something like this...

____ __________ _
/ __ \/ ____/ __ )(_)___
/ / / / /_ / __ / /_ /
/ /_/ / __/ / /_/ / / / /_
\____/_/ /_____/_/ /___/ is started and ready.

...AND...

YYYY-MM-DD HH:MM:SS,NNN |OFBiz-JobQueue-0 |ServiceDispatcher |T| Sync service [default/runServiceOnSubscriptionExpiry] finished in [NNN] milliseconds
YYYY-MM-DD HH:MM:SS,NNN |OFBiz-JobQueue-0 |ServiceDispatcher |T| Sync service [default/cancelAllBackorders] finished in [NNN] milliseconds

... you know you have a fully functioning OFBiz system. Do a Ctrl+C in the Terminal Window to stop the server.

The appropriate way to have this system running is with a System Daemon. This is a sudo type thing so either do it that way, or you can also open the Webmin tab in the left-side-panel and select "System -> Bootup and Shutdown" selecting + Create a new systemd service to create the new file.

Apache says the file is "/etc/systemd/system/ofbizd.service", but because Ubuntu 20.04 & Virtualmin have that folder just filled with symbolic links to the "/lib/systemd/system" folder, I'm making the "/lib/systemd/system/ofbizd.service" file and then running "ln -s /lib/systemd/system/ofbizd.service /etc/systemd/system/ofbizd.service" after.

If you use the ordinary file editor, these are the contents of the file:

[Unit]

Description=OFBiz Service Daemon

After=network.target auditd.service

[Service]

User=sassyadmin

WorkingDirectory=/home/sassyadmin/domains/myerp.erp-sas.com/public_html

ExecStart=/home/sassyadmin/domains/myerp.erp-sas.com/public_html/gradlew ofbiz

ExecStop=/home/sassyadmin/domains/myerp.erp-sas.com/public_html/gradlew 'ofbiz --shutdown'

[Install]

WantedBy=multi-user.target

To enable the service on reboot:

• sudo systemctl enable ofbizd.service

To start/stop the service in the systemd way:

• sudo systemctl start ofbizd.service

• sudo systemctl stop ofbizd.service

I have the Biz server off right now.

Enabling the Proxy and LetsEncrypt SSL

Differing from the Apache instructions, I pull in the SSL keys through the Virtualmin GUI right after creating the server/subserver. If you didnt do that, look in your left-side-panel for "Virtualmin -> myerp.erp-sas.com", then select "Server Configuration -> SSL Certificate". On that new page look for the tab along the top called "Let's Encrypt" and click it. Click the button on that page for [* Request Certificate]. If something goes wrong, make some notes and figure it out, they only take a couple of failed requests per day from misconfigured servers.

When successful it will put the keys in:

• SSL certificate file /home/sassyadmin/domains/myerp.erp-sas.com/ssl.cert

• SSL private key file /home/sassyadmin/domains/myerp.erp-sas.com/ssl.key

If you didn't go the same route, know where it's storing the keys for your website connector to OFBiz.

First, edit the framework/webapp/config/url.properties file to disable the built-in HTTPS. (Some browsers are configured to try the https first.) In that file set no.http=N, port.https.enabled=N, port.https= to empty if it isn't already so, and create a new line for this service.http.parameters.require.encrypted=N.

Now we tinker with the "Apache Webserver" (apache2) because some of us never found a way to run Tomcat side-by-side with Apache-2.

Inside the "Webmin -> Servers -> Apache Webserver -> Global Configuration -> Modules" area, check the boxes for proxy and proxy_ajp if they arent already then click the [Enable Selected Modules] button. That GUI will refresh the server so that they are available immediately.

If you'd rather do it with the Terminal Window:

• sudo a2enmod proxy

• sudo a2enmod proxy_ajp

Depending on some things..., in your /etc/apache2/sites-enabled folder, you eiter have the *.conf files of active servers or you have symbolic links to the files in the /etc/apache2/sites-available folder. You can edit the Conf file for your /etc/apache2/sites-available/myerp.erp-sas.com.conf server directly or edit it with the GUI. I reccomend the GUI.

Get back to "Virtualmin -> myerp.erp-sas.com", then select "Services -> Configure Website". In the new window, click the button for [Edit Directives]. Editing via this method is one way to get the specialized proxy directives in place. (If you are puzzled by the other buttons on the VIrtual Server Options GUI, you can edit the file directly then open the GUI areas to see how it's appeared in the right section; e.g. look in the Aliases and Redirects before and after editing the Config.) Somewhere in that file (at the bottom is fine), add the following lines:

# One way to ensure auto forwarding http to https
RewriteEngine on

RewriteCond %{SERVER_NAME} =myerp.erp-sas.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

# getting from the OFBiz's internal Tomcat server to the Apache2 Webserver

ProxyRequests Off

<Proxy *>

AddDefaultCharset off

Order deny,allow

Allow from all

</Proxy>

ProxyVia On

ProxyPreserveHost On

ProxyPass /.well-known !

ProxyPass "/" "ajp://localhost:8009/"

Click the [Save and close] button near the bottom left. Click the [Apply Changes] button near the top right.

From "Virtualmin -> myerp.erp-sas.com -> Services" select "Configure SSL Website". Same as before, in the new window, click the button for [Edit Directives]. Add the following lines:

# getting from the OFBiz's internal Tomcat server to the Apache2 Webserver

ProxyRequests Off

ProxyVia On

ProxyPreserveHost On

<Proxy *>

AddDefaultCharset off

Order deny,allow

Allow from all

</Proxy>

ProxyPass /.well-known !

<Location />

ProxyPass ajp://localhost:8009/

</Location>

# Static pages don't have to process through Tomcat.

<LocationMatch "^/(?!js|css|png|jpg|jpeg|gif)">

Require all granted

</LocationMatch>

While your inside that file you'll notice that it already has the directives for the SSL keys in place.

Click the [Save and close] button near the bottom left. Click the [Apply Changes] button near the top right.

Finishing Up & Starting Services

Either run the sudo systemctl start ofbizd.service command, or go to "System -> Bootup and Shutdown", check the box for ofbizd.service then scroll down to click [Start Now and On Boot].