Installing Lacuna TSA on Ubuntu Server
To install an on-premises instance of Lacuna TSA on Ubuntu Server, follow the steps below. For other platforms, click here.
Prerequisites
- Ubuntu Server (any version currently in support by vendor, latest LTS version recommended)
- PKI SDK license (in Base64 format)
- TSA certificate (either in PKCS#12 format or hosted on an Amplia instance)
Install the ASP.NET Core Runtime 6.0
Important
These instructions assume you are logged in as root. If you are not, run sudo su -
before continuing!
Follow the instructions below depending on your Ubuntu version to:
- Register the Microsoft key and add the product repository (this only needs to be done on versions prior to 22 and once per machine)
- Install the package
aspnetcore-runtime-6.0
Ubuntu 22.04 (LTS)
apt-get update
apt-get install aspnetcore-runtime-6.0
Ubuntu 20.04 (LTS)
curl -O https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
apt-get update
apt-get install aspnetcore-runtime-6.0
Ubuntu 18.04 (LTS)
curl -O https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
apt-get update
apt-get install aspnetcore-runtime-6.0
Ubuntu 16.04 (LTS)
curl -O https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
apt-get update
apt-get install aspnetcore-runtime-6.0
Test the installation
To test the installation, run:
dotnet --list-runtimes
The expected output is similar to:
Microsoft.AspNetCore.App 6.0.* [*/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.* [*/dotnet/shared/Microsoft.NETCore.App]
Tip
For other operating system versions and alternative ways to install the ASP.NET Core Runtime, see this page
Install additional dependencies:
apt-get install libc6-dev libgdiplus
Install Lacuna TSA
Create a local user to run the Lacuna TSA server:
mkdir /var/lacuna-tsa
useradd --system --home-dir /var/lacuna-tsa lacuna-tsa
chown lacuna-tsa:lacuna-tsa /var/lacuna-tsa
Create the site folder, download and extract the binaries:
mkdir /usr/share/lacuna-tsa
curl -O https://cdn.lacunasoftware.com/tsa/tsa-1.2.1.tar.gz
tar xzf tsa-1.2.1.tar.gz -C /usr/share/lacuna-tsa
chmod -R a=,u+rwX,go+rX /usr/share/lacuna-tsa
Note
Site binaries can be read by any user and can only be changed by root users. This means that the application user (lacuna-tsa) can read but not change the files, which is intentional.
Create the configuration file from the given template:
mkdir /etc/lacuna-tsa
cp /usr/share/lacuna-tsa/config-templates/linux/appsettings.conf /etc/lacuna-tsa/
chown -R root:lacuna-tsa /etc/lacuna-tsa
chmod -R a=,u+rwX,g+rX /etc/lacuna-tsa
Note
Configuration files can only be read by members of the lacuna-tsa group and can only be changed by the root user. This is important to protect sensitive data stored on the configuration files from unauthorized access.
Configure Lacuna TSA
Edit the configuration file and follow the instructions on it to configure your Lacuna TSA instance:
nano /etc/lacuna-tsa/appsettings.conf
If your TSA key is hosted on an Amplia instance, you will need to fill the [Amplia]
section. To fill the ApiKey
setting you must create an application on your existing
Amplia instance and generate an API key for it:
- Sign in to your Amplia instance
- Click on Applications on the left menu, then on Add
- Fill out a name and select the subscription on which the certificates should be issued (not on Sys Admin)
- Mark the Manager role
- Click on Create
- Click on Keys, then on Add
- Fill out some description and, on the Expiration field, choose "Never expires"
- Click on Create
- Copy the API key generated (this value cannot be retrieved later)
Fill the remaining settings according to the instructions on the configuration file.
Set up a daemon
Create the service definition file:
touch /etc/systemd/system/lacuna-tsa.service
nano /etc/systemd/system/lacuna-tsa.service
Enter the following:
[Unit]
Description=Lacuna TSA
[Service]
WorkingDirectory=/usr/share/lacuna-tsa
ExecStart=/usr/bin/dotnet Lacuna.Tsa.Server.dll
Restart=always
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=lacuna-tsa
User=lacuna-tsa
Environment=ASPNETCORE_ENVIRONMENT=Linux
Environment=ASPNETCORE_URLS=http://+:5005
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
Save the file, then enable the service and start it:
systemctl enable lacuna-tsa
systemctl start lacuna-tsa
systemctl status lacuna-tsa
The expected output is similar to:
● lacuna-tsa.service - Lacuna TSA
Loaded: loaded (/etc/systemd/system/lacuna-tsa.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-12-01 17:58:50 -03; 2 days ago
Main PID: 33858 (dotnet)
Tasks: 29 (limit: 4627)
Memory: 58.5M
CPU: 10.842s
CGroup: /system.slice/tsa.service
└─33858 /usr/bin/dotnet Lacuna.Tsa.Server.dll
dez 04 15:01:29 server.patorum.com systemd[1]: Started Lacuna TSA.
dez 04 15:01:29 server.patorum.com lacuna-tsa[193611]: info: Lacuna.Tsa.Server.ApplicationStarter[0]
dez 04 15:01:29 server.patorum.com lacuna-tsa[193611]: Application starting (version: 1.2.0 RTM)
dez 04 15:01:31 server.patorum.com lacuna-tsa[193611]: info: Lacuna.Tsa.Server.ApplicationStarter[0]
dez 04 15:01:31 server.patorum.com lacuna-tsa[193611]: Application started
Hint: Some lines were ellipsized, use -l to show in full.
If necessary, restart the service: systemctl restart lacuna-tsa
To test that the Lacuna TSA server is running, run:
curl http://localhost:5005/api/system/info
The expected output is something like:
{"productName":"Lacuna TSA","productVersion":"...","timestamp":"..."}
Set up a reverse proxy server
Note
If you prefer to use Apache instead of Nginx, see this article.
Install Nginx (if not already installed):
apt-get install nginx
Test that Nginx is running:
curl -I http://localhost/
Check the first lines of the output, which should be similar to:
HTTP/1.1 200 OK
Server: nginx/...
...
Disable the default Nginx site:
rm /etc/nginx/sites-enabled/default
Create a site configuration file for Lacuna TSA:
touch /etc/nginx/sites-available/lacuna-tsa
nano /etc/nginx/sites-available/lacuna-tsa
Enter the following, replacing the domain on the server_name
entry:
server {
listen 80;
server_name tsa.patorum.com;
location / {
proxy_pass http://localhost:5005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Tip
Ideally, your site configuration should contain the entries ssl_certificate
and ssl_certificate_key
with a valid SSL certificate. This configuration is outside of the scope of these instructions.
Enable the site:
ln -sf /etc/nginx/sites-available/lacuna-tsa /etc/nginx/sites-enabled/lacuna-tsa
Test the Nginx configuration and reload it:
nginx -t
nginx -s reload
Test the site:
curl -H "Host: tsa.patorum.com" http://localhost/api/system/info