0%

安装MRBS并配置CAS

最近帮助院系使用MRBS(Meeting Room Booking System)搭建了一个简单的会议室预约系统,并配置了Apereo CAS登陆。

安装MRBS

前半部分主要参考的是MRBS的官方安装文档

  1. https://sourceforge.net/projects/mrbs/files/ 下载MRBS,同时,需要保证机器上已经安装了nginx, mysql/mariadb, fcgiwrap, php-fpm, php-xmlphp-curl

  2. 解压MRBS的压缩包。在本文中,MRBS被安装在了/var/www/mrbs/中。

  3. 创建数据库,根据官方文档,需要在MySQL中创建MRBS有关的数据表(PostgreSQL的情况类似,见文档):

    1
    2
    mysqladmin create mrbs
    mysql mrbs < tables.my.sql
  4. 修改web文件夹中的配置文件config.inc.php

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    <?php // -*-mode: PHP; coding:utf-8;-*-
    namespace CCSE;
    //填写MRBS网页的名字

    /**************************************************************************
    * MRBS Configuration File
    * Configure this file for your site.
    * You shouldn't have to modify anything outside this file.
    *
    * This file has already been populated with the minimum set of configuration
    * variables that you will need to change to get your system up and running.
    * If you want to change any of the other settings in systemdefaults.inc.php
    * or areadefaults.inc.php, then copy the relevant lines into this file
    * and edit them here. This file will override the default settings and
    * when you upgrade to a new version of MRBS the config file is preserved.
    *
    * NOTE: if you include or require other files from this file, for example
    * to store your database details in a separate location, then you should
    * use an absolute and not a relative pathname.
    **************************************************************************/

    /**********
    * Timezone
    **********/

    // The timezone your meeting rooms run in. It is especially important
    // to set this if you're using PHP 5 on Linux. In this configuration
    // if you don't, meetings in a different DST than you are currently
    // in are offset by the DST offset incorrectly.
    //
    // Note that timezones can be set on a per-area basis, so strictly speaking this
    // setting should be in areadefaults.inc.php, but as it is so important to set
    // the right timezone it is included here.
    //
    // When upgrading an existing installation, this should be set to the
    // timezone the web server runs in. See the INSTALL document for more information.
    //
    // A list of valid timezones can be found at http://php.net/manual/timezones.php
    // The following line must be uncommented by removing the '//' at the beginning
    $timezone = "Asia/Shanghai";
    //设定时区

    /*******************
    * Database settings
    ******************/
    // Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL
    $dbsys = "mysql";
    //设定数据库类型
    // Hostname of database server. For pgsql, can use "" instead of localhost
    // to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost"
    // tells the system to use Unix Domain Sockets, and $db_port will be ignored;
    // if you want to force TCP connection you can use "127.0.0.1".
    $db_host = "localhost";
    // If you need to use a non standard port for the database connection you
    // can uncomment the following line and specify the port number
    $db_port = 3306;
    //端口
    // Database name:
    $db_database = "mrbs";
    //数据库名称
    // Schema name. This only applies to PostgreSQL and is only necessary if you have more
    // than one schema in your database and also you are using the same MRBS table names in
    // multiple schemas.
    //$db_schema = "public";
    // Database login user name:
    $db_login = "username";

    // Database login password:
    $db_password = 'password';
    //登陆名和密码

    // Prefix for table names. This will allow multiple installations where only
    // one database is available
    $db_tbl_prefix = "mrbs_";
    //表前缀
    // Set $db_persist to TRUE to use PHP persistent (pooled) database connections. Note
    // that persistent connections are not recommended unless your system suffers significant
    // performance problems without them. They can cause problems with transactions and
    // locks (see http://php.net/manual/en/features.persistent-connections.php) and although
    // MRBS tries to avoid those problems, it is generally better not to use persistent
    // connections if you can.
    $db_persist = FALSE;
  5. 配置nginx

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    server {
    listen 443 ssl http2;

    server_name mrbs.website.edu;
    root /var/www/mrbs/web;
    index index.php

    access_log /var/log/nginx/mrbs-access.log;
    error_log /var/log/nginx/mrbs-error.log;

    ssl_certificate cert.pem;
    ssl_certificate_key key.pem;





    location ~* \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    #php-fpm的位置需根据实际情况填写
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }


    }

在进行上述的配置之后,应该就可以正常访问MRBS的界面了。如果出现403等错误,可能需要

1
chown -R www-data:www-data /var/www/mrbs/

配置CAS

CAS登陆是借助MRBS内置的phpCAS实现的。

需要在config.inc.php加上以下的配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
//CAS

$auth['session'] = 'cas';
$auth["type"] = "cas";
//$auth['cas']['debug'] = true;
//debug模式,如果需要自行开启

$auth["admin"][] = "admin-username";
//之后如果从CAS登入这个username,它会被赋予管理员权限

include_once('lib/CAS.php');

$auth['cas']['host']='cas.website.edu';
$auth['cas']['port']= 443;
$auth['cas']['context']='/cas';
//这里的路径是Apereo CAS的通用路径,每个机构可能会不一样。

$auth['cas']['ca_cert_path']='/var/www/mrbs/web/lets-encrypt-r3.pem';
//由于机构的CAS使用的证书是LE的,因此这里的证书是lets-encrypt-r3,具体情况需要根据cas服务器的证书具体讨论

配置Attribute(可选)

如果需要让MRBS现实将/var/www/mrbs/web/lib/CAS/Client.php里面的['phpCAS']['user']替换为['phpCAS']['attributes']['name'](根据实际情况修改)

其他

如果配置CAS后尝试登陆报错,可以在配置文件里面加一行phpCAS::setDebug();,然后可以在/tmp/phpCAS.log里面找到详细的日志信息。

参考资料