安装MRBS并配置CAS

最近帮助院系使用MRBS（Meeting Room Booking System）搭建了一个简单的会议室预约系统，并配置了Apereo CAS登陆。

安装MRBS

前半部分主要参考的是MRBS的官方安装文档。

1. 从 https://sourceforge.net/projects/mrbs/files/ 下载MRBS，同时，需要保证机器上已经安装了nginx, mysql/mariadb, fcgiwrap, php-fpm, php-xml 和 php-curl。

2. 解压MRBS的压缩包。在本文中，MRBS被安装在了/var/www/mrbs/中。

3. 创建数据库，根据官方文档，需要在MySQL中创建MRBS有关的数据表（PostgreSQL的情况类似，见文档）：

   1 2	mysqladmin create mrbs mysql mrbs < tables.my.sql

4. 修改web文件夹中的配置文件config.inc.php：

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85

   <?php // -*-mode: PHP; coding:utf-8;-*- namespace CCSE; //填写MRBS网页的名字 /************************************************************************** * MRBS Configuration File * Configure this file for your site. * You shouldn't have to modify anything outside this file. * * This file has already been populated with the minimum set of configuration * variables that you will need to change to get your system up and running. * If you want to change any of the other settings in systemdefaults.inc.php * or areadefaults.inc.php, then copy the relevant lines into this file * and edit them here. This file will override the default settings and * when you upgrade to a new version of MRBS the config file is preserved. * * NOTE: if you include or require other files from this file, for example * to store your database details in a separate location, then you should * use an absolute and not a relative pathname. **************************************************************************/ /********** * Timezone **********/ // The timezone your meeting rooms run in. It is especially important // to set this if you're using PHP 5 on Linux. In this configuration // if you don't, meetings in a different DST than you are currently // in are offset by the DST offset incorrectly. // // Note that timezones can be set on a per-area basis, so strictly speaking this // setting should be in areadefaults.inc.php, but as it is so important to set // the right timezone it is included here. // // When upgrading an existing installation, this should be set to the // timezone the web server runs in. See the INSTALL document for more information. // // A list of valid timezones can be found at http://php.net/manual/timezones.php // The following line must be uncommented by removing the '//' at the beginning $timezone = "Asia/Shanghai"; //设定时区 /******************* * Database settings ******************/ // Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL $dbsys = "mysql"; //设定数据库类型 // Hostname of database server. For pgsql, can use "" instead of localhost // to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost" // tells the system to use Unix Domain Sockets, and $db_port will be ignored; // if you want to force TCP connection you can use "127.0.0.1". $db_host = "localhost"; // If you need to use a non standard port for the database connection you // can uncomment the following line and specify the port number $db_port = 3306; //端口 // Database name: $db_database = "mrbs"; //数据库名称 // Schema name. This only applies to PostgreSQL and is only necessary if you have more // than one schema in your database and also you are using the same MRBS table names in // multiple schemas. //$db_schema = "public"; // Database login user name: $db_login = "username"; // Database login password: $db_password = 'password'; //登陆名和密码 // Prefix for table names. This will allow multiple installations where only // one database is available $db_tbl_prefix = "mrbs_"; //表前缀 // Set $db_persist to TRUE to use PHP persistent (pooled) database connections. Note // that persistent connections are not recommended unless your system suffers significant // performance problems without them. They can cause problems with transactions and // locks (see http://php.net/manual/en/features.persistent-connections.php) and although // MRBS tries to avoid those problems, it is generally better not to use persistent // connections if you can. $db_persist = FALSE;

5. 配置nginx

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

   server { listen 443 ssl http2; server_name mrbs.website.edu; root /var/www/mrbs/web; index index.php access_log /var/log/nginx/mrbs-access.log; error_log /var/log/nginx/mrbs-error.log; ssl_certificate cert.pem; ssl_certificate_key key.pem; location ~* \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; #php-fpm的位置需根据实际情况填写 include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }

在进行上述的配置之后，应该就可以正常访问MRBS的界面了。如果出现403等错误，可能需要

1

chown -R www-data:www-data /var/www/mrbs/

配置CAS

CAS登陆是借助MRBS内置的phpCAS实现的。

需要在config.inc.php加上以下的配置：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

//CAS

$auth['session'] = 'cas';
$auth["type"] = "cas";
//$auth['cas']['debug'] = true;
//debug模式，如果需要自行开启

$auth["admin"][] = "admin-username";
//之后如果从CAS登入这个username，它会被赋予管理员权限

include_once('lib/CAS.php');

$auth['cas']['host']='cas.website.edu';
$auth['cas']['port']= 443;
$auth['cas']['context']='/cas';
//这里的路径是Apereo CAS的通用路径，每个机构可能会不一样。

$auth['cas']['ca_cert_path']='/var/www/mrbs/web/lets-encrypt-r3.pem';
//由于机构的CAS使用的证书是LE的，因此这里的证书是lets-encrypt-r3，具体情况需要根据cas服务器的证书具体讨论

配置Attribute（可选）

如果需要让MRBS现实将/var/www/mrbs/web/lib/CAS/Client.php里面的['phpCAS']['user']替换为['phpCAS']['attributes']['name']（根据实际情况修改）

其他

如果配置CAS后尝试登陆报错，可以在配置文件里面加一行phpCAS::setDebug();，然后可以在/tmp/phpCAS.log里面找到详细的日志信息。

参考资料

• How to setup CAS login using the MRBS 1.7.1 release? （这个配置有问题，建议不要照抄）