Show pagesourceOld revisionsBacklinksBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents Howto install SavaPage on NethServer7 Description Libre Software Benefits Key Features Prerequisites: Step 1 Install dependencies Step 2: Install Java JDK Step 3: Install Poppler Step 4: Install ImageMagick Step 5: Install Avahi Step 6: Create a systemaccount for SavaPage Step 7: Set open files for SavaPage Step 8: Configure CUPS and Samba Step 9: Open ports for SavaPage Step 10: Set default papersize Step 11: Download and Install SavaPage 12: Create backup Step 13: Setting up an external database. Step 14: Change password of superuser "postgres" Step 15: Configure Secure Sockets Layer Step 16: Add SavaPage system variables Step 17: Change SavaPage to use PostgreSQL Step 18: Initial configuration Apendix: handy weblocations Howto install SavaPage on NethServer7 Version / Revision: V1.0 / R1 For: Nethserver 7RC Skill: Intermediate Users Published: 2016-11-29 Review: 2016-00-00 Contact: Nethserver community forum, robb Description SavaPage is a Libre Print Management Solution that uses Open Standards and Commodity Hardware for Secure Pull-Printing, Pay-Per-Print, Tracking and Tracing and PDF Creation that functions on top of CUPS. SavaPage has all the functions of a regular Print Management System, and more. Including Pay-Per-Print, Secure Follow-Me Printing, Tracking & Tracing, PDF Creation, LDAP (Active Directory) Integration, NFC Authentication, On-line Payments (Credit Cards, Bank Accounts, Bitcoin), Point-of-Sale Payments, Prepaid Print Cards, etc… SavaPage is a Print Server deployed on a central GNU/Linux system. Any workstation or device that supports the Internet Printing Protocol (IPP) or IP Printing (JetDirect), like Windows, Mac and GNU/Linux workstations, can use SavaPage printers. Mac OS X and iOS devices can use AirPrint® [2]. Android and Chrome OS devices can use Google Cloud Print to print to SavaPage. As a backdoor any device can use Web Print and Mail Print to print. When a user prints to SavaPage the printed pages are immediately shown in the SavaPage Web Application that runs in any modern web browser. SavaPage accumulates print jobs per user in a single personal preview where it can be manipulated and pruned before storing or routing it as PDF document. And yes, you can even route to a “real” printer. The SavaPage Web App offers a Common Printing Dialog for printing to printers installed at the server side (proxy printing). This makes SavaPage the only printer you need on your desktop. The SavaPage Web App is optimized for desktop clients as well as mobile devices. This opens up useful scenario's. Like, a user walking up to the printer of his choice and releasing a print job by pushing a button on his smartphone. Administrators on the go can easily monitor the system on their tablet. SavaPage turns printing into a user experience where soft copies are likely to be more attractive than hard copies, and where precious paper, trees and money is saved along the way. And, if printing is needed after all, SavaPage is the logical stopover where, on second thought, n-up, gray-scale and duplex proxy-printing can be applied to reduce the costs of printing to a minimum. So, why print when you can SavaPage? Libre Software SavaPage is Libre Software licensed under the GNU Affero General Public License (AGPL) version 3 as published by the Free Software Foundation. Benefits The key benefits of SavaPage are * Less administration. SavaPage is the one printer you need to print to any printer in your organization. * Zero install. A generic PostScript driver and web browser is all you need to print from Windows, Mac and GNU/Linux and preview the result. * Multi-platform. Corporate printers are sandboxed in the Web App Preview and thus available on all mobile and desktop platforms for pass-through (proxy) printing. * Easy follow-me printing. Several hold-release scenarios, optionally with NFC cards, are supported. Users can even use their own mobile device as print release terminal. * Mobile printing. Google Cloud Print, iOS AirPrint®, Web Print and Mail Print is supported out of the box. * Think before you print. SavaPage Web App shows a print preview that makes you think twice. Do you really need to print all these pages? * Eco-friendly. Create environmental awareness by drawing end-user attention to the cost of printing, and save precious paper, trees and money along the way. * Reduction of printing costs. Remove unnecessary pages and graphics. Save as PDF, or route to a "real" printer with n-up, gray-scale and duplex to reduce printing costs. * No pre-printed paper needed. Eliminate the cost of pre-printed paper. Create virtual letterheads and apply them to any print job. * Libre Software and Open Standards above Proprietary Software. * Commodity Hardware above expensive Proprietary Devices. * Peer-To-Peer Cooperation above Centralized Corporation. The SavaPage Community is there to help. Key Features The key features of SavaPage are: - One SavaPage Printer Driver - Generic PostScript Driver print from Windows, Mac OS X and GNU/Linux. - Secure Internet Print. Mobile Print - Google Cloud Print from Android and Chrome OS. - AirPrint® from iOS (iPad, iPhone). Driverless Printing - Web Print and Mail Print to print from any device. Follow-me Printing - Release Terminals - NFC Authentication Web Apps for Desktops and Mobile Devices Easy authentication - Username/Password, ID/PIN and NFC Card authentication. - LDAP (Active Directory) Integration. - Raspberry Pi Network Card Reader. User Web App - Real-time print preview with Browse, Sort and Delete options. - Server-side Proxy Printing (no local drivers needed). - PDF Download or Email of accumulated print jobs. - Multi-page Letterheads. - Option to remove graphics from PDF and proxy print output. - Innovative Eco Print to reduce ink and toner cost. - Delegated Print for delegates to proxy print for other users and groups. - Job Ticket Print for voluminous proxy print jobs. Admin Web App - Comprehensive Web App to configure the SavaPage environment. - Multi-language support. - Customizable Web Interface. - SSL Encryption. SavaPage Financial - Pay-per-Print - Vouchers - Point-of-Sale Web App - Online Payments (credit cards, bank accounts, Bitcoin). Tooling and Tuning - Command-Line Interface to server methods. - Web Services API. - Third party Database support. Third Party Integration - External Print Suppliers (Smartschool). - Third Party Print Management Systems (PaperCut). Comprehensive Documentation - User Manual in PDF, EPUB and HTML format. Prerequisites: NethServer7 base install Printserver module This howto describes the procedure to install SavaPage on a NethServer7 server. There are still some loose ends that need discussion. Step 1 Install dependencies SavaPage needs several applications that are installed on most distributions by default. which check by typing which in the terminal output should be something like: [root@NS7-sp ~]# which Usage: /usr/bin/which [options] [--] COMMAND [...] Write the full path of COMMAND(s) to standard output. (+ all options) If which is not installed add it to your server: yum install which gzip Check with: gzip --version. Install with: yum install gzip strings Strings is part of binutils package. Check with rpm -qa | grep binutils. Install with yum install binutils. perl Check with: perl -v Install with: yum install perl. Step 2: Install Java JDK Savapage is a java application. It uses either JDK 7 or 8. Since Webtop 5 will be the default groupware solution which uses JDK 8, it makes sense to use OpenJDK 8: Check with: java -version If installed you get this return: openjdk version "1.8.0_111" OpenJDK Runtime Environment (build 1.8.0_111-b15) OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode) If not installed: yum install java-1.8.0-openjdk-devel Step 3: Install Poppler SavaPage uses Poppler to convert documents to pdf. In order to do the pdf magic, SavaPage uses pdftoppm. Check if Poppler is installed: pdftoppm -v If the outcome is as below, poppler is already installed [root@ns7 ~]# pdftoppm -v pdftoppm version 0.26.5 Copyright 2005-2014 The Poppler Developers - http://poppler.freedesktop.org Copyright 1996-2011 Glyph & Cog, LLC Otherwise install poppler: yum install poppler-utils Step 4: Install ImageMagick SavaPage needs the convert command of the ImageMagick software suite to manipulate images. Check by entering the following command: convert –version If imagemagic is not installed, install it with: yum install ImageMagick (beware of the CapiTals) Step 5: Install Avahi Install Avahi. Avahi is needed if you want to print to SavaPage from iOS devices (iPad, iPod, iPhone). Check if Avahi is already installed: [root@ns7 ~]# avahi-browse --version -bash: avahi-browse: command not found Install Avahi: yum install avahi-tools Check if avahi-browse is available: [root@ns7 ~]# avahi-browse --version avahi-browse 0.6.31 Step 6: Create a systemaccount for SavaPage SavaPage runs and installs under a system user account called savapage. This account is fixed, you cannot choose another name. You are free though to pick a location for the application. However, GNU/Linux Filesystem Hierarchy Standard (FHS) dictates that the application is installed in the /opt/savapage directory. useradd -r savapage From the CentOS deployment guide: -r Create a system account with a UID less than 500 and without a home directory Next, create the install directory and set the ownership to the savapage account: mkdir /opt/savapage Set ownership to savapage directory: chown savapage:savapage /opt/savapage Step 7: Set open files for SavaPage Give SavaPage enough room to open files: Edit /etc/security/limits.conf add the following lines at the end of the file: savapage hard nofile 65535 savapage soft nofile 65535 Step 8: Configure CUPS and Samba CUPS: change /etc/cups/cupsd.conf replace everything between Maxlogsize 0 and Set the default printer/job policies… with # Allow remote access Port 631 # Show shared printers on the local network. Browsing Off BrowseOrder allow,deny BrowseAllow all BrowseLocalProtocols CUPS dnssd WebInterface Yes Listen /var/run/cups/cups.sock Listen localhost:631 # MaxJobs 0 PreserveJobHistory Yes PreserveJobFiles No SystemGroup admin # Default authentication type, when authentication is required... DefaultAuthType Basic # Restrict access to the server... <Location /> # Allow shared printing... Order allow,deny Allow @LOCAL </Location> # Restrict access to the admin pages... <Location /admin> Order allow,deny Allow @LOCAL </Location> # Restrict access to configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL </Location> Samba: For Samba, just edit the /etc/samba/smb.conf file and disable the [printers] share definition. Step 9: Open ports for SavaPage SavaPage uses several ports. They must be opened in Shorewall. config set savapage service status enabled TCPPorts 8631,8632,8639,5353,5222 UDPPorts 8631,8632,8639,5353,5222 access green signal-event firewall-adjust Step 10: Set default papersize In terminal type: sudo su -c 'echo a4 > /etc/papersize' Step 11: Download and Install SavaPage Change to the savapage user sudo su savapage cd /opt/savapage Download the latest savapage-setup-version-linux-x64.bin file from the savapage.org website (where version is the latest version) wget https://www.savapage.org/download/installer/savapage-setup-version-linux-x64.bin Install with sh ./savapage-setup-version-linux-x64.bin (where version is the latest version of savapage) During install you will be prompted for accepting the AGPL license. Type yes and press <enter> Some parts of the installation require root privileges. If the savapage user has these privileges, you can let them be done by the savapage user, otherwise you will be prompted for root credentials. After install you can access the savapage admin webinterface at https://yourserver:8632/admin Log in with user: admin and passwd admin. Change this immediately after logging in. Configuring SavaPage is highly depending on how you want to use the software. Read the admin manual for more information on this. There are a LOT of options, so don’t skip reading the admin manual part! (you have been warned) BEWARE: savapage overwrites the systemd cups.service See the /opt/savapage/server/providers/cups/linux/roottasks script, and https://issues.savapage.org/view.php?id=692 why this is done. 12: Create backup Later in the install process you need to configure an external (PostgGreSQL) database. In order to populate this databse properly, you need a backup of your default internal database. Creating a backup can be done through the webinterface of the admin or through the commandline. Via admin webinterface: on the left side: click options then on the right side: click backups and the backup now button. Via commandline: Stop the SavaPage service: sudo systemctl savapage.service stop. Then as user savapage: savapage-db --db-export Step 13: Setting up an external database. By default SavaPage uses an internal database. For production this must change in order to prevent a hanging and unresponsive system. Your whole server can hang if you have too many concurrent printjobs using the internal server. SavaPage currently supports PosgreSQL as external database. Steps to install and configure SavaPage using PostgreSQL are as follows: Exit the savapage user from the commandline: exit Install PostgreSQL as root or sudoer: sudo yum install postgresql-server postgresql-contrib Initialize postgresql: sudo postgresql-setup initdb By initializing postgresql the postgresql.conf and pg_hba.conf (amongst others) are created. These are the main configuration files we need to tweak postgresql. By default, PostgreSQL does not allow password authentication. We will change that by editing its host-based authentication (HBA) configuration. Edit pg_hba.conf Open the HBA configuration file with your favorite text editor: $ sudo nano /var/lib/pgsql/data/pg_hba.conf Find the lines that looks like this, near the bottom of the file: pg_hba.conf excerpt (original) host all all 127.0.0.1/32 ident host all all ::1/128 ident Then replace “ident” with “md5”, so they look like this: pg_hba.conf excerpt (updated) host all all 127.0.0.1/32 md5 host all all ::1/128 md5 Configure PostgreSQL TCP connections NOTE: if PostgreSQL is installed on the same server as SavaPage, you can leave it as it is, and accept the defaults, i.e. access from localhost only. P.S. in that case, you might consider setting the “password_encryption = on” anyhow. If SavaPage is installed on another server, change the location to allow access to pgsql: # Access from another host, in this case: x.x.x.x (for ip6 enter the ip6 address) host all all x.x.x.x/32 md5 host all all ::1/128 md5 Save and exit Edit postgresql.conf By default TCP/IP connections are disabled from remote computers. To enable access from remote computers uncomment listen_address. If PostgreSQL is on the same server as SavaPage, you can keep listenaddress as localhost. $ sudo nano /var/lib/pgsql/data/postgresql.conf Change: #listen_addresses = localhost to: Listen_addresses = 'x.x.x.x' This allows remote access from ip address x.x.x.x only. If you want remote access from multiple computers in your network use a comma separated list of addresses: Listen_addresses='addres1,addres2,localhost' Uncomment: #password_encryption = on to: password_encryption = on Save and exit the editor Restart the PostgreSQL service systemctl restart postgresql Step 14: Change password of superuser "postgres" By default the postgres user has no password. Set a (strong) password for this user: sudo -u postgres psql postgres You are now in psql, the command interface for postgresql, and in the database “postgres”. In your terminal it looks like this at the moment: $ postgres=# To change your password: $ \password postgres and type your new password when asked for it. Type ‘\q’ and hit enter to quit. Create a psql user and database for SavaPage sudo -u postgres createuser -P savapage sudo -u postgres createdb -O savapage savapage Step 15: Configure Secure Sockets Layer SSL: SavaPage installs with a self-signed certificate. This can be changed with a letsencrypt certificate. If necessary, scripts are available. You can also use your own SSL certificate. In the SavaPage manual you can find how: https://www.savapage.org/docs/manual/app-tools-ssl-key.html#app-tools-ssl-key-import Step 16: Add SavaPage system variables For easy access add the path to the savapage commands in profile.d echo 'pathmunge /opt/savapage/server/bin/linux-x64/' > /etc/profile.d/savapage.sh Make the script executable: chmod +x /etc/profile.d/savapage.sh Step 17: Change SavaPage to use PostgreSQL Stop SavaPage service: systemctl stop savapage.service Edit the savapage server settings nano /opt/savapage/server/server.properties Scroll all the the way down and find the database settings. Comment the internal database entry by adding a # in front of the line: #database.type=Internal Remove the # in front of the parameters for PostGreSQL use: # PostgreSQL connection example database.type=PostgreSQL database.driver=org.postgresql.Driver database.url=jdbc:postgresql://localhost/databasename database.user=databaseuser database.password=databaseuser password Save and exit the editor Change to the SavaPage user: sudo su savapage Initialize the database for SavaPage. If you already have printers and users in the local database, do a backup of the internal database first. savapage-db --db-init Restore the backup of the internal database: In step 12 you created a backup of the default database. As user savapage restore the database: savapage-db --db-import /path/to/backup/savapage-backup (default path is /opt/savapage/server/data/backups/savapage-export-timestamp.zip) Start the SavaPage service as root or sudo user. Type exit to return to root user. sudo systemctl start savapage.service Now head over to https://yourNS7server:8632/admin You will be able to log in with the admin account. Default password is admin, if you didn’t already change this, now is a good time to do so. Step 18: Initial configuration When you log in the admin interface for the first time you will see the dashboard. On the right there is an overview of your SavaPage install. You will notice a “Setup is needed” in red. This means that the initial configuration for SavaPage has not been done yet. There are a few steps you need to take to configure SavaPage for use: (If not already done) Change the admin password As a first security measure change the master password for the built-in admin account. This account is independent and not related to the operating system or domain. The password needs to meet minimum strength requirements, and must contain at least six characters. Select Options → Advanced → Reset internal admin password Enter and confirm the new password and press the Apply button. Set Locale Set the system's locale; ensure that these are correct before proceeding. Select Options → Advanced → Locale, and enter the locale string. Some examples are: en, en-GB, en-US, nl, nl-NL, nl-BE. You can leave the locale empty to accept the system default. The locale is applied to all system messages which are logged in the system log or send by email. Set Currency Code Set the system's currency code; ensure that these are correct before proceeding. Select Options → Financial, and enter the ISO 4217 Currency code. Some examples are: USD, EUR, GBP. The currency symbol is determined in the context of the user or system locale. Set User Source SavaPage optionally imports user information from a Unix (PAM, NIS, etc.) or LDAP source. Select Options → User Source. Select Unix if the user accounts are setup and defined on the local system as standard Unix accounts or mapped into the system from a central directory service such as LDAP via nsswitch.conf and PAM. Most large established networks will use this option. Note: For administrators wishing to customize the PAM authentication method at the application level, SavaPage reports itself as “savapage”. The LDAP option is appropriate for large networks with existing LDAP domains. This includes networks running OpenLDAP, Apple Open Directory, Novell eDirectory and Microsoft Active Directory. More information on LDAP is available in Section 4.10.1.2, “LDAP”. After selecting the source, enter the necessary parameters (LDAP only) and press the Apply button. For NethServer specific configuration, you need to configure LDAP as follows: Adjust the settings to what you have chosen for Samba4 AD information on your NethServer7 instance. User Synchronization Skip this step if you did not set an external User Source in the previous step. Otherwise, select Options → User Creation → Synchronization → Synchronize now to import users. Important An option exists to import a subset of users from the source by selecting a group. This option is relevant if only a subset of users will ever use SavaPage. Select Options → User Creation → Change Group to select the group. Tip Test the import first by pushing the Test button. A simulated import will start, with each step echoed below the button, so you can verify the effect of your action. Set Mail Options Select Options → Mail, enter the SMTP and Message options and press the Apply button. Data from the Messages section is used for system generated mail messages. You can send a test mail message to a recipient of your choice by pressing the Test button after you applied the changes. Driverless Printing Mail Print and Web Print are disabled by default. You can enable and configure these options at Options → Mail Print and Options → Web Print. If you enabled one of the driverless printing options, decide which PDF converters you want to enable at Options → Advanced → Converters. Beware that you might need to install the converter software on the SavaPage host. Share SavaPage Client Files SavaPage client files are located in directory /opt/savapage/client. This includes the SavaPage Printer Driver and JMX related files. It is useful to share this directory over the network so users can use, copy or install the files they need on their workstation. Common sharing methods include: • Samba - used to share files to Windows based workstations. GUI tools are available on GNU/Linux to help you with sharing the client directory via Samba. However, some system administrators may be more comfortable creating the share by hand-editing the /etc/samba/smb.conf file. The following configuration will share the directory in read-only form: [savapage-client] path = /opt/savapage/client comment = SavaPage Client public = yes only guest = yes read only = yes • NFS - a popular sharing method used for GNU/Linux and Unix based workstations. Note The /opt/savapage/client directory is standard shared via the client/ URL. Testing Now the installation is complete, it is time to do a basic test to check if the system is ready-to-use. Pick a workstation and login as a user that is part of the user source as configured in “Set User Source”. Install the SavaPage Printer Driver. See the instructions at Section 10.1 of the SavaPage user manual: https://www.savapage.org/docs/manual/ch-printer.html#ch-printer-driver, “Printing with a Driver”. Open a Web Browser and go to the User Web App at https://server.domain.tld:8632/user Login to the Web App with the same credentials as used in the workstation login. Print a test document such as a web page or basic document to the SavaPage printer. Thumbnail images of the printed pages should appear in the Web App. Add a balance to allow loggin in If the user has no credit to print, he can not log in the userinterface. In order to add credit to the user balance, Apendix: handy weblocations Savapage website: https://www.savapage.org Savapage Download location: https://www.savapage.org/download Savapage wiki: https://wiki.savapage.org Savapage manual: https://www.savapage.org/docs/manual/ userguide, ht application userguide/savapage.txt Last modified: 2017/12/10 10:30by rob bosch