Preparing IIS and MS SQL
The following steps only need to be performed once. If you have already prepared your server you may skip this section.
- An up-to-date Windows Server 2016 or higher; we recommend the latest version.
- MS SQL; we recommend the latest version.
- Decide on a portal host name. Portal host name may be something like "myportal.company.com". An additional site for file storage should be chosen as well, in the form "files.myportal.company.com".
- HTTPS certificate for your portal's site. This certificate must of course be valid for the above-mentioned portal host names (i.e. myportal.company.com, files.myporrtal.company.com, or *.company.com).
Installing your HTTPS certificate
- Copy your HTTPS certificate to the server. Ideally it should be in .pfx format. Double-click on it to install it. Choose to install it for all users, with all extended properties, and into the "Personal" or "Web Hosting" certificate store:
- Install IIS from the server manager's Add Roles and Features:
- In the next page (Features), check HTTP Activation under WCF Services:
- Check "Application Development" and all of its child features except CGI.
- Once installation is finished, download and install IIS' URL Rewrite module from https://www.iis.net/downloads/microsoft/url-rewrite and then exit the installer (no need to install any of the suggested additional components).
- Open the IIS console. You can delete the Default Web Site provided by default.
- Create directory c:\inetpub\online and Add Website 'online' as following:
- Name the site 'online', physical path c:\inetpub\online, binding must be https, set the host name to be the portal's selected host name (i.e. "myportal.mycompany.com"). Under "SSL certificate" select the HTTPS certificate you've previously installed.
- Once you've confirmed, test the site by trying to access it using your browser, entering the HTTPS URL address containing the portal host name (i.e. https://myportal.mycompany.com). You may need to open firewall ports accordingly (443 by default). You should see an IIS 403 forbidden message:
- Create directory c:\inetpub\files and repeat the same steps to a another site named 'files'. The only difference should be the site name ('files') and the physical path (i.e. c:\inetpub\files):
- Once again, try to access the specified HTTPS URL as specified under host name (i.e. https://myfiles.mycompany.com). Here too you should see a 403 forbidden message.
Do not proceed to the next section until you've successfully completed this one.
Setting up the SQL database
- If not already done, install MS SQL. Only database engine services are required.
- If you are unsure about the settings, leave them on default. Authentication mode must be set to "Mixed mode". We suggest using the default database instance (MSSQLSERVER).
- Install SQL Server Management Studio (SSMS).
- Launch SQL Server Configuration Manager, and enable TCP/IP under SQL Server Network Configuration -> Protocols for MSSQLSERVER:
- Restart the SQL service.
- Using SMSS, create a database named 'cameyoonline'. Under the Options page, find the Service Broker section and set Broker Enabled to True. Click OK.
- Create a Login and User for the database to be used by the Cameyo Portal IIS ASP.NET application: under the server's node (top-most node), find the Security node and right-click on it. Select New | Login.
- Set 'cameyosql' as login name, and select "SQL Server authentication". Uncheck the "Enforce password expiration" box. Enter a strong password and write it down for your own record:
- Under the Databases root node, expand the 'cameyoonline' node. Right-click the Security node and select New | User. Enter 'cameyosql' in both the User name and Login name fields.
- In the Membership section of this user, check the following items:
- Click OK.
- Note: if you haven't unchecked the "Enforce password expiration" box as instructed above, you will need to manually log into the database to set the user's password. In this case, simply login to the database as SQL Server user 'cameyosql' with the password you specified above, and re-enter it to un-expire it. Only then will you be able to open again the Login properties of this user under the server's Security | Logins node and uncheck the "Enforce password expiration" checkbox. If you've unchecked that box as indicated above, you can skip this entire step.
Deploying Cameyo Portal
The Cameyo Portal installation package you received looks like this:
- Launch Setup.exe and fill-in the details according to what you've defined in the above steps:
- Expect to see a success message. If needed, logs are created and the sub-folder Logs\ under Setup.exe's directory.
At this point, you will need to set the placeholder values in Web.config (c:\inetpub\online\Web.config). Placeholder values are marked between percent signs: "%...%"
Initializing the Cameyo Portal
- Access the online site from your browser (i.e. https://myportal.mycompany.com).
- Access time will be slower during the very first access while the portal initializes.
- You should then see the following page:
- Click on the Login button. Your initial super-admin credentials are:
- Login: admin@cameyo
- Password: welcome123
- Change the password.
- admin@cameyo is a special super-admin, thus it is recommended to create another administrator account for your daily operations. You can do so in the /users/add page.
Congratulations. Your Cameyo standalone portal is now ready to use. As a first step, you might want to set your basic company settings on the /company page. Initially your company is simply named NewCo, you can change this.
If you're using a self-signed HTTPS certificate for your standalone IIS portal site, you must ensure that your Play servers also trust this certificate -- both in Windows and in Java:
- Windows: from your Play servers, use your Web browser to navigate to the portal's HTTPS site. If you don't see the 'secure site' validation in your URL bar, import your self-made certificate into the computer. This can be done by double-clicking on the .cer file and importing it into a trusted store.
- Java: from your Play servers do the following (assuming your JRE is in C:\Program Files\JRE):
- Launch certmgr.msc and find your self-signed certificate. Export it, i.e. into c:\CameyoPortal.cer
- Make a backup copy of your existing "cacerts" file: xcopy "C:\Program Files\JRE\lib\security\cacerts" *.bak
- Launch an elevated command prompt and run:
- "C:\Program Files\JRE\bin\keytool.exe" -import -alias CameyoPortal -keystore "C:\Program Files\JRE\lib\security\cacerts" -trustcacerts -file c:\CameyoPortal.cer
- If prompted for a password, the default one is: "changeit"
- You can verify successful import using the command: keytool -list -keystore "C:\Program Files\JRE\lib\security\cacerts"