This page contains notes about installing OntoWiki on a new Ubuntu server. The original test server was from Elastic Hosts, running Ubuntu 16.04. Subsequently, I'm running a server from Scaleway running Ubuntu 16.04.

There are several pages documenting processes for installing OntoWiki on Ubuntu. Main page:

• https://github.com/AKSW/OntoWiki/wiki/Install-Ontowiki

Other pages:

• https://github.com/AKSW/OntoWiki/wiki/Setup
• https://github.com/AKSW/OntoWiki/wiki/GetOntoWikiUsers
• https://github.com/AKSW/OntoWiki/wiki/Ubuntu-Quick-Install-Guide
• https://github.com/AKSW/OntoWiki/wiki/SetupDevelopers

Some of the information there seems to be out of date, and in any case, it is quite scattered. This page is an attempt to bring all of this together in one place, with the simplifying precondition that this only needs to be good enough for one operating system: Ubuntu.

UPDATE: We have dropped using ElasticHosts in favour of Scaleway.

You need to choose between a Virtual Machine and a Linux Container (I chose Ubuntu 16.04, as it was the latest LTS release available). I had problems installing PHP on the Linux Container, so opted for a Virtual Server instead. If you don't want the IP address to change, ten you need to buy a static IP address from ElasticHosts.

TODO - suggest settings for processor speed, RAM and storage.

Using a VC1S instance for €2.99 a month.

It's bad to do everything as root! Create a new user (in what follows, I call this user admin, but that is not necessary) with sudo access (sudo access based on documentation at https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart):

# adduser admin
# adduser admin sudo

Note - a better approach for setting up the admin user may be to follow the instructions here to "Protect su by limiting access only to admin group".

We'll also allow the admin user to see system journal messages (e.g. with journalctl -xe):

# adduser admin systemd-journal

Log in as user admin. Everything else will be done from the admin account.

# su - admin

To ensure that apt is set up properly, do this before installing anything:

sudo apt-get update

This should not be necessary, but just in case:

The server needs to know where to look for packages. This is configured in /etc/apt/sources.list. Use https://repogen.simplylinux.ch/ to generate a new sources.list file, and replace the old one (saving a copy first!). Then, in order to retrieve the new list of packages:

sudo apt-get update

If you try installing packages without doing this, you will get some warnings from perl about unset environment variables.

Following the instructions at perlgeek.de to generate locales (I used en_GB.UTF-8 UTF-8):

TODO- try running locale before and after the reconfigure to spot the difference.

sudo dpkg-reconfigure locales

Then use the up/down arrow keys to select the locales to generate, and press return to generate them. The next screen allows you to select a default locale (I used en_GB.UTF-8 UTF-8).

Later, we'll use git and make to install OntoWiki.

sudo apt-get install git make

This is optional, but recommended. I found that my server was under attack with people attempting to crack the root password almost as soon as the server was up. You can see this kind of attack by viewing system logs:

journalctl -xe

It's up to you how much you do. This looks like a good starting point:

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

Some of these hardening activities can only be done after Apache and PHP have been installed.

Install the Uncomplicated Firewall, ufw. Allow access via ports for ssh and http, and the following too:

sudo apt-get install ufw
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow 8890
sudo ufw enable
sudo ufw status verbose

Using documentation:

• https://www.howtoforge.com/tutorial/install-apache-with-php-and-mysql-on-ubuntu-16-04-lamp/
• https://github.com/AKSW/OntoWiki/wiki/Ubuntu-Quick-Install-Guide

Install these packages:

sudo apt-get install apache2 php7.0 libapache2-mod-php7.0 php7.0-odbc

Apache runs as user www-data, group www-data (you can verify this with grep APACHE_RUN /etc/apache2/envvars). We will set up files in the web home (/var/www/html) to be owned by the same user/group, and add our admin user to that group:

sudo adduser admin www-data

IMPORTANT! Now log out of the admin account, and log back in again in order to gain the group www-data. You can verify group membership:

groups

Change the ownership of the web home files to www-data and allow any user in the www-data group to write to them:

sudo chown -R www-data: /var/www/html
sudo find /var/www/html -type f -exec chmod 664 {} + -o -type d -exec chmod 775 {} +

sudo apache2ctl restart

Assuming the installation went successfully, you should now see Apache's default start page when you visit http://192.168.1.100 (substitute the ip address of your server here).

OntoWiki depends on some PHP extensions:

sudo apt-get install php7.0-xml php7.0-mbstring

Install OntoWiki from GitHub:

cd /var/www/html
git clone https://github.com/AKSW/OntoWiki.git
cd OntoWiki
make deploy

Change the ownership of the web home files to www-data and allow any user in the www-data group to write to them:

sudo chown -R www-data: /var/www/html
sudo find /var/www/html -type f -exec chmod 664 {} + -o -type d -exec chmod 775 {} +

Save a copy of the Apache config file before making changes to it:

sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.orig

TODO - see if this Directory directive is necessary:

Then add the following to /etc/apache2/apache2.conf: (ACTUALLY I THINK THIS BUGGERS THINGS UP!!) Needs testing again.

<Directory /var/www/html/OntoWiki>
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

Add the following to the bottom of the file /etc/apache2/apache2.conf, substituting the IP address of your server:

ServerName  192.168.1.100

Check that you have made no errors:

sudo apache2ctl configtest

sudo apt-get install virtuoso-opensource

This leads to the following message:

Following installation, users and passwords in Virtuoso can be managed using the command line tools (see the full documentation) or via the Conductor web application which is installed by default at http://localhost:8890/conductor.
Two users ("dba" and "dav") are created by default, with administrative access to Virtuoso. Secure passwords must be chosen for these users in order to complete the installation.
If you leave this blank, the daemon will be disabled unless a non-default password already exists.
Password for DBA and DAV users: 

IMPORTANT! I have had problems using passwords with punctuation characters like % and $. You will get an error message during the installation to notify you of these. You will need to configure OntoWiki with this Virtuoso dba password.

Create the OntoWiki config file from the supplied with the distribution:

cp /var/www/html/OntoWiki/config.ini.dist /var/www/html/OntoWiki/config.ini

Edit /var/www/html/OntoWiki/config.ini specifying the virtuoso dba user password (set when you installed virtuoso):

store.virtuoso.password    = "yourpassword"

TODO - sort out what is actually need here. Currently I have done none of this, and things seem to work.

According to https://github.com/AKSW/OntoWiki/wiki/Install-Ontowiki, there should be a file /var/lib/virtuoso-opensource-6.1/db/virtuoso.ini, where we //Find the option "DirsAllowed", it is a comma-separated list of dirs from which Virtuoso is allowed to open files. Add your PHP's temp directory (usually /tmp) and your OntoWiki directory under your webroot.// , but that file does not exist. In fact, the file exists at /etc/virtuoso-opensource-6.1/virtuoso.ini. TODO -see what happens if we don't set DirsAllowed like this.

The docs (https://github.com/AKSW/OntoWiki/wiki/Install-Ontowiki) also say the we need to create a dir sudo mkdir /var/lib/virtuoso-opensource-6.1/ontowiki, but since there's no virtuoso.ini to put into it, I'm not sure that's correct. having made this dir, it remains empty after running OntoWiki, although perhaps it is needed for when we start adding real linked data - needs testing.

We are currently creating a dataset from the Co-ops UK data that has over 13,000 SSEInitiatives. We want to get these into our map-app using one SPARQL query (there may be better ways to do this). So, the following update has been made to /etc/virtuoso-opensource-6.1/virtuoso.ini

; Increased ResultSetMaxRows to accommodate query made by map-app for 
; all SSEInitiatives in co-ops UK dataset. Matt Wallis.
;ResultSetMaxRows           = 10000
ResultSetMaxRows           = 15000

Virtuoso needs to be restarted for this change to take effect.

See Virtuoso docs on Bluk RDF loading

Create a directory for Bulk Data loading, and configure virtuoso.ini to use it:

admin@ise-0:~$ pwd
/home/admin
admin@ise-0:~$ mkdir -p Virtuoso/BulkLoading/Data
admin@ise-0:~$ sudo vim /etc/virtuoso-opensource-6.1/virtuoso.ini
[sudo] password for admin: 
admin@ise-0:~$ grep DirsAllowed /etc/virtuoso-opensource-6.1/virtuoso.ini
DirsAllowed              = ., /usr/share/virtuoso-opensource-6.1/vad, /home/admin/Virtuoso/BulkLoading/Data
admin@ise-0:~$ sudo service virtuoso-opensource-6.1 stop
admin@ise-0:~$ sudo service virtuoso-opensource-6.1 start

sudo service virtuoso-opensource-6.1 restart
sudo apache2ctl restart

When I tried this, the virtuoso restart failed to start it, so I had to follow up with

sudo service virtuoso-opensource-6.1 start

The following tests assume that you are using Virtuoso's default serverport. You can verify the port number used by examining /etc/virtuoso-opensource-6.1/virtuoso.ini, looking for

[HTTPServer]
ServerPort                  = 8890

Note: this is the ServerPort in the [HTTPServer] section of the file - ServerPort appears elsewhere too - make sure you get the right one.

See if the conductor, the web-based management tool for Virtuoso, is running. Visit http://192.168.1.100:8890/conductor/ (substitute 192.168.1.100 with your server's IP address).

Test the following SPARQL query (list all the named graphs)...

SELECT distinct ?graph WHERE { 
  GRAPH ?graph { 
	?s ?p ?o
  }
}

... over HTTP, by visiting the following in your browser (substitute 192.168.1.100 with your server's IP address):

http://192.168.1.100:8890/sparql?default-graph-uri=&query=SELECT+distinct+%3Fgraph+WHERE+%7B+%0D%0A%0D%0A++GRAPH+%3Fgraph+%7B+%0D%0A++++%3Fs+%3Fp+%3Fo%0D%0A++%7D%0D%0A%7D%0D%0A+%0D%0A&format=text%2Fhtml&timeout=0&debug=on

Save copies of the config files:

sudo cp /etc/odbc.ini /etc/odbc.ini.orig
sudo cp /etc/odbcinst.ini /etc/odbcinst.ini.orig

Edit the config files: /etc/odbc.ini and /etc/odbcinst.ini so that they look like this:

$ cat /etc/odbcinst.ini
[virtuoso-odbc]
Driver = /usr/lib/odbc/virtodbc.so
$ cat /etc/odbc.ini
[ODBC Data Sources]
VOS = Virtuoso

[VOS]
Driver = virtuoso-odbc
Description=Virtuoso OpenSource Edition
Address=localhost:1111

cd /var/www/html/OntoWiki/
make odbctest

Visit http://192.168.1.100/OntoWiki with your browser. You should see a place to log in to OntoWiki.

Contrary to the documentation at https://github.com/AKSW/OntoWiki/wiki/Getting-Started-Users, it does not seem possible to log in to the SuperAdmin account. Instead, login as Admin, but leave the password field empty.

Note: when I do this, I get an error message, but going back in the browser leads me to OntoWiki, logged in as Admin.

You can then set a password and email address by using the top-level menu User/Preferences. IMPORTANT: you need to check the box that says "Change password".