Difference between revisions of "Globalyzer Server Installation"

From Lingoport Wiki
Jump to: navigation, search
(Created page with "= Pre-Requisites = Before installing or updating the Globalyzer Server, please verify this section is complete. == Introduction == Globalyzer Server is the central rules an...")
 
(HTTP/2 less relevant to gzserver - remove it)
Line 154: Line 154:
 
For an example configuration, see:
  
For an example configuration, see:
 
* [[ HTTPS configuration | HTTPS Configuration ]]
  
* [[ HTTPS configuration | HTTPS Configuration ]]
 
== HTTP/2 ==
  
 
HTTP/2 is recommended but not required. It can offer improved performance, especially when many concurrent users are accessing the UI.
  
 
HTTP/2 requires HTTPS, so it can only be used once HTTPS has been configured.
  
 
For an example configuration, see:
  
* [[ HTTP2 Configuration | HTTP2 Configuration ]]
  
   
 
== Email Sender ==
  
== Email Sender ==

Revision as of 17:46, 21 November 2025

Pre-Requisites

Before installing or updating the Globalyzer Server, please verify this section is complete.

Introduction

Globalyzer Server is the central rules and configuration server for the Globalyzer static analysis clients.

  • Globalyzer Clients (CLI, IDE plugins, or Globalyzer invoked from Command Center) connect to the Globalyzer Server to:
    • Retrieve rule sets and scanning configurations
    • Optionally upload scan metadata (depending on configuration)

Globalyzer Server can be hosted:

  • By Lingoport in the cloud, or
  • On-premises, under the customer’s control

This document describes deploying an **on-premises Globalyzer Server** using Docker and MySQL 8, with host directories mounted as Docker bind volumes.

Basic Deployment Diagram

At a high level:

  • One or more **Globalyzer Clients** (developer workstations, CI servers, Command Center, etc.) connect to
  • A **Globalyzer Server instance** (running in Docker on a Linux VM)
  • The Globalyzer Server uses a dedicated **MySQL 8 database container** for its metadata and configuration

(For Command Center users: Command Center will typically run Globalyzer Client jobs and point them at the Globalyzer Server URL configured here.)

IT

When Lingoport hosts the Globalyzer Server, access from your environment (CI systems, developer machines, Command Center, etc.) to the hosted server must be arranged. Lingoport manages security, including which IP addresses or networks are allowed to connect.

When installing Globalyzer Server on premises, the customer IT group is critical to a successful deployment. In particular, the IT team that sets up the Linux system must understand:

  • That Docker will be used to run both MySQL 8 and the Globalyzer Server
  • That Globalyzer Clients will connect to the Globalyzer Server URL
  • Which users need access to the web UI and via which ports / DNS names

Lingoport recommends a brief meeting with the IT team before installation to confirm:

  • Hardware and OS are ready
  • Docker is installed and usable
  • Firewall and DNS will allow access to the Globalyzer Server URL
  • Outbound access to Docker Hub is available (alternatively a docker image snapshot may be provided over SFTP)

Requirements

Before installing Globalyzer Server, ensure the following:

  • Hardware
  • Linux
  • Docker
  • Firewall / Ports
  • (Optional but recommended) HTTPS and HTTP/2

The next sections describe each of these points.

Hardware & Software Requirements

The following sections describe the hardware and software requirements for Globalyzer Server.

Note that this section is specific to Globalyzer Server. Command Center has separate hardware requirements described on the Command_Center_Installation page.

Hardware Requirements

Typical minimums for a dedicated Globalyzer Server VM:

Element Required (minimum)
CPU 2 cores (4 preferred)
Memory 8 GB (16 GB preferred for larger teams)
Disk 100 GB (data growth depends on usage)

The Globalyzer Server may:

  • Be hosted by Lingoport
  • Reside on its own VM
  • Share a VM with other Lingoport components (for example, Command Center), provided hardware resources are sufficient

Other Linux and Windows machines may have Globalyzer Clients installed that connect to this server.

Software Requirements

Since this is a Docker-based installation:

  • The Globalyzer Server application (Tomcat + Globalyzer) runs in a Docker container
  • The MySQL 8 database runs in a separate Docker container
  • Configuration and export directories are mounted as bind volumes on the Linux VM

This requires:

  • A supported Linux distribution (see below)
  • A working Docker installation (Engine + CLI)

Supported Browsers and Versions

The Globalyzer Server UI is accessed via a browser. The following browsers are supported:

  • Chrome: 117+
  • Edge: 117+
  • Firefox: 71+

Access and Ports / Firewall

Globalyzer Server needs to be accessible by:

  • Lingoport and/or customer admins (for configuration, rule management, monitoring)
  • Globalyzer Clients (CLI, IDE, Command Center, CI jobs, etc.)

Ports (Internal to company network)

Services Ports Inbound (session) Outbound (session) Notes
SSH (for system config/maintenance) 22 Y N System configuration and maintenance on the Globalyzer Server VM.
Globalyzer Server (HTTP/HTTPS) 8080 (HTTP) and/or 443 (HTTPS) Y N Default 8080 (configurable via install.conf). HTTPS usually provided by a reverse proxy (e.g. Apache, Nginx) and an SSL certificate.
SMTP/SMTPS 25 or 465 or 587 N Y For email notifications from Globalyzer Server. Depends on corporate mail setup.
Globalyzer Clients → Globalyzer Server 8080 or 443 N Y Outbound from client machines / CI / Command Center to the Globalyzer Server URL.

Note: MySQL runs in a Docker container on the same VM and is not typically exposed externally. All access is from the Globalyzer Server container.

External Access

Services Ports Inbound Outbound Notes
Lingoport SSH access 22 Y N Optional but recommended for ease of upgrades and troubleshooting (if allowed by security policy).
RHEL/Alma/Ubuntu Packages 80 (Debian) 443 (RHEL/others) N Y Operating system package repositories (may be internal mirrors).
hub.docker.com 80 and 443 N Y Location of the lingoport/gzserver Docker image. Image snapshot may also be provided by Lingoport over SFTP as an alternative.

HTTPS

HTTPS is recommended but not strictly necessary for Globalyzer Server. Many customers choose to:

  • Expose Globalyzer Server internally over HTTP (port 8080), and/or
  • Place a reverse proxy (such as Apache or Nginx) in front of the container, terminating HTTPS on port 443.

If HTTPS is already standardized by your IT group, follow that process and simply point the HTTPS VirtualHost/ServerName to the Globalyzer Server container / port.

For an example configuration, see:

Email Sender

Globalyzer Server can send notifications to users (for example, license warnings or other system emails) depending on configuration.

For email delivery, you will need the following information:

  • SMTP host URL (such as smtp.yourcompany.com)
  • Authorization method (SMTP, SMTPS, etc.)
  • Sender email address (for example globalyzer@customerdomain.com)
  • Sender password (this is the value placed in email_password in install.conf)

Additional email settings (such as host and port) may be configured in the Globalyzer server configuration. Coordinate with Lingoport support if you are unsure which values to use.

Docker Install

Docker is the underlying platform used to run the Globalyzer Server and MySQL 8 containers.

The supported versions of Linux for Docker installation are:

Other Linux versions may work, but the above are the distributions and processes that have been verified.

Credentials

Globalyzer Server manages its own user database and can also integrate with your directory service (LDAP) or SAML/SSO depending on license and version.

Globalyzer Server User Database

At installation time:

  • A default administrator user is created (details provided by Lingoport support).
  • It is strongly recommended to change the initial administrator password and store it securely.

From that admin account you can create additional Globalyzer Server users and manage roles.

LDAP Integration

Globalyzer Server can use your company’s LDAP directory for authentication and authorization. In this mode:

  • Users log in with their LDAP username and password.
  • If they are authenticated and belong to one of the configured Globalyzer LDAP groups (admin / manager / member), a Globalyzer account is created/updated using LDAP attributes.
  • LDAP remains the source of truth for user lifecycle: when a user is removed from LDAP they can no longer access Globalyzer.

LDAP configuration involves:

  • Enabling LDAP mode (environment variable GZSERVER_LDAP_MODE=true for the server process).
  • Configuring the LDAP section in GzserverConfig.groovy, including:
    • Mapping user attributes (first name, last name, email, phone, title, country, time zone) via gzserver.ldap.ctx.*.
    • Mapping LDAP groups to Globalyzer roles via gzserver.ldap.admin.groupName, gzserver.ldap.manager.groupName, gzserver.ldap.member.groupName.
    • Defining a “no access” message for users who authenticate but are not in any Globalyzer LDAP group.
    • Configuring LDAP server connection properties, including:
      • LDAP server URL (for example grails.plugin.springsecurity.ldap.context.server = 'ldap://ldap.example.com:389')
      • Manager DN and password used for LDAP binds
      • Base DNs and filters for user and group searches.

Passwords in GzserverConfig.groovy may be stored either in plain text or encrypted using the globalyzer-encrypt-password.jar utility distributed with the Globalyzer Server zip. See Globalyzer_Server_LDAP_Installation for detailed instructions and examples, including:

  • Encrypted manager passwords
  • A dedicated continuous integration (CI) user (for Globalyzer Lite / automated scans) configured via:
    • gzserver.ldap.ci_user
    • gzserver.ldap.ci_password (plain text or ENC(...))
  • How login behavior changes on LDAP servers (LDAP User / Password fields, removal of “Forgot password” link, restrictions on editing profiles, etc.)
  • How to enable detailed LDAP debug logging using logback-debug.groovy and the -Dlogging.config=... JVM option.

For Docker-based deployments, the LDAP configuration is still applied inside the Globalyzer Server container via GzserverConfig.groovy and environment variables. The steps in Globalyzer_Server_LDAP_Installation apply regardless of whether the server is deployed via Docker or on bare Tomcat.

SAML / SSO Integration

Globalyzer Server can also be integrated with SAML-based SSO so that users authenticate via your corporate Identity Provider (IdP).

At a high level, SSO configuration involves:

  • Configuring the Globalyzer Server as a SAML Service Provider (SP).
  • Importing/exchanging metadata (IdP and SP).
  • Adjusting Globalyzer’s security configuration to delegate authentication to the SSO provider.
  • Coordinating user and group mapping so SSO identities map to the appropriate Globalyzer roles.

The SSO configuration is performed after the base Docker installation and does not change the installation steps described on this page.

For detailed SSO configuration steps and examples, see:

New Globalyzer Server Installation

sudo user

A Linux user with sudo privileges is required as the user under which to prepare and run the installation scripts. For example:

  • ec2-user on Amazon Linux systems

The Globalyzer installation script itself must ultimately run with root privileges. It will exit with an error if it is not run as root.

Create the database conf directory

Use the sudo user’s home directory as the base for Docker data directories. For example, on Amazon Linux with user ec2-user:

  • Home: /home/ec2-user

The installer will create the MySQL configuration directory automatically:

  • /home/ec2-user/mysql/conf.d

Optionally, you may create a basic MySQL client configuration file as well: 

vi /home/<user>/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

The installer also creates additional directories under home_directory for exports, backups, and internal configuration.

Configuration

Your Lingoport contact will provide the Globalyzer Server installation scripts and configuration file. You should receive files similar to:

  • install.conf
  • InstallGzserver.sh
  • UpdateGzserver.sh (name may vary)
  • UninstallGzserver.sh (name may vary)

Copy these files to a directory under the sudo user’s home, for example: 

/home/ec2-user/globalyzerServerInstall

or, in general: 

/home/<user>/globalyzerServerInstall

Set up install.conf

The install.conf file controls installation settings. The top portion is intended to be edited by the customer; the lower portion is preconfigured for access to the Lingoport Docker Hub account.

A typical install.conf will look like this: 

#
# Provide your home directory, lingoport/ and gzserver/ folders will be created
#
home_directory=/home/ec2-user

#
# Provide the Globalyzer Server version
#
gzserver_image_version=6.8


#
# Provide the Globalyzer Server port
#
serverPort=8080


#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=_dbrootpass_

# Provide an email username and password you wish to use for automated emails from the system
email_username=_emailusername_
email_password=_emailpassword_

# The URL the server will use
gzserver_url=_gzserverurl_


# DO NOT CHANGE THE STUFF BELOW


#
# Provide your Docker Hub username
#
docker_username=lingoport_provided_customer_account

#
# Provide your Docker Hub account token
#
docker_account_token=lingoport_provided

#
# Provide the Docker network name you want to create
#
database_network=mysqlnetsgzserver


docker_image=lingoport/gzserver

Edit the following values:

  • home_directory – base directory where the installer will create:
    • lingoport/
    • gzserver/export
    • gzserver/config
    • gzserver/backup
    • mysql/conf.d
  • gzserver_image_version – the Globalyzer Server image version provided by Lingoport (for example 6.8).
  • serverPort – host port for HTTP access to the Globalyzer Server container (default 8080).
  • database_root_password – root password to create for the MySQL 8 database container.
  • email_username and email_password – credentials for the SMTP account you wish to use for system email notifications. These are not prompted for by the installer and must be set correctly in install.conf.
  • gzserver_url – the full URL that clients will use to reach Globalyzer Server, such as:

The initial install.conf provided by Lingoport typically uses placeholder values such as _dbrootpass_, _emailusername_, _emailpassword_, and _gzserverurl_. These are examples only and must be replaced before production use.

Do not change the values below the # DO NOT CHANGE THE STUFF BELOW line unless instructed by Lingoport support. Those values:

  • Provide the Docker Hub username and token used to pull the lingoport/gzserver image
  • Configure the Docker network name and image name

Run InstallGzserver.sh

From the directory containing the scripts: 

cd /home/<user>/globalyzerServerInstall
chmod +x *.sh
sudo ./InstallGzserver.sh

Notes:

  • The script must run as root (for example via sudo). It will exit if id -u is not 0.
  • If any of the following are missing or empty in install.conf, the script will prompt for them:
    • database_root_password
    • gzserver_url
    • docker_username
    • docker_account_token
  • email_username and email_password are not prompted and will be used exactly as written in install.conf.

What the installer does

InstallGzserver.sh performs the following high-level steps:

  1. Reads install.conf and prompts for any missing values listed above.
  2. Creates directories under home_directory:
    1. lingoport/
    2. gzserver/export
    3. gzserver/config
    4. gzserver/backup
    5. mysql/conf.d
  3. Changes directory to $home_directory/gzserver/config to store container IDs and related files.
  4. Ensures a Docker network exists with name database_network (default: mysqlnetsgzserver).
  5. Starts a MySQL 8 container:
    1. Name: gzserverDatabase
    2. Network alias: mysqlservergzserver
    3. Network: $database_network
    4. Environment:
      1. MYSQL_ROOT_PASSWORD=$database_root_password
      2. MYSQL_DATABASE=GZSERVER
    5. Volume:
      1. $home_directory/mysql/conf.d:/etc/mysql/conf.d
    6. MySQL options:
      1. --character-set-server=utf8mb4
      2. --collation-server=utf8mb4_unicode_ci
      3. --default-authentication-plugin=mysql_native_password
  6. Waits until the MySQL container reports ready (using mysqladmin ping inside the container).
  7. Logs in to Docker Hub using:
    1. docker_username
    2. docker_account_token
  8. Starts the Globalyzer Server container:
    1. Image: $docker_image:$gzserver_image_version (for example lingoport/gzserver:6.8)
    2. Network alias: gzservernet
    3. Network: $database_network
    4. Port mapping: $serverPort:8080 (host:container)
    5. Volume:
      1. $home_directory/gzserver/export:/home/gzserver/.gzserverihost/export
    6. Restart policy: --restart unless-stopped
  9. Waits ~20 seconds, then updates the Globalyzer server configuration inside the container by replacing:
    1. _dbrootpass_$database_root_password
    2. _emailusername_$email_username
    3. _emailpassword_$email_password
    4. _gzserverurl_$gzserver_url
  10. Restarts the Globalyzer Server container so the new configuration is applied.
  11. Prints a summary message and a docker logs -f command you can use to follow the startup.

The installer saves container IDs in:

  • $home_directory/gzserver/config/gz_mysql_id.txt
  • $home_directory/gzserver/config/gz_container_id.txt

These are used by the update/uninstall scripts.

Re-install Globalyzer Server

If you need to re-run InstallGzserver.sh on the same system:

  • First run the provided uninstall script (for example UninstallGzserver.sh) to clean up containers.
  • Optionally remove the existing lingoport/gzserver image:
sudo docker image ls
sudo docker image rm --force <gzserver-image-id>
  • Adjust install.conf as needed, then run:
sudo ./InstallGzserver.sh

Note: Database backup

The installer creates:

  • $home_directory/gzserver/backup – intended as the location for database backup files

If you received a database backup script (for example BackupGzserverDatabase.sh) from Lingoport, run: 

chmod +x *.sh
sudo ./BackupGzserverDatabase.sh

The database backup SQL file will typically be placed under:

  • $home_directory/gzserver/backup

Note on MySQL data location:

  • By default, the MySQL container stores its data in a Docker-managed volume under /var/lib/docker/volumes on the host.
  • This data persists across container restarts and image updates.
  • The data can be removed if the container and its associated volume are deleted (for example with docker rm -v or by an uninstall process that removes volumes).

For this reason, it is recommended to keep regular database backups before performing any destructive maintenance.

Verify Installation

Once InstallGzserver.sh completes:

  1. Check that containers are running:
sudo docker ps

You should see at least:

  • A MySQL 8 container (for example mysql:8.0)
  • A Globalyzer Server container (for example lingoport/gzserver:6.8)
  1. Follow the Globalyzer Server logs:

The installer prints a docker logs command at the end, such as: 

docker logs -f <gzserver-container-id>

Wait until Tomcat and Globalyzer report successful startup. First-time startup can take several minutes (commonly up to ~8 minutes).

  1. Access the Globalyzer Server URL:

Open a browser and navigate to the URL configured in install.conf (the gzserver_url value), for example: 

http://myserver.mycompany.com:8080/gzserver

or 

https://globalyzer.mycompany.com/gzserver

You should see the Globalyzer Server login page.

  1. Log in with the administrator account:

Use the administrator credentials provided by Lingoport support. After logging in, you can:

  • Change the administrator password
  • Create additional users
  • Configure rule sets and scanning options

For a fresh install, it is expected that there are no rule sets or projects configured yet. For upgrades, you may need to restore a database backup if you are migrating from an earlier system.

If the installation is unsuccessful, do not repeatedly re-run the install script; instead:

  • Run the uninstall script
  • Adjust configuration or correct issues
  • Re-run the install

Globalyzer Server Update

Scripts

Your Globalyzer Server distribution may include an update script (for example UpdateGzserver.sh). This script typically:

  • Backs up the existing database (or instructs you to do so)
  • Stops the running Globalyzer Server container
  • Pulls the new lingoport/gzserver image version
  • Starts the new container version using existing data and configuration

Make sure to keep a copy of your current install.conf before updating.

Backup the database

Before updating to a new version, it is strongly recommended to back up the database. If you have a backup script: 

chmod +x *.sh
sudo ./BackupGzserverDatabase.sh

Verify that the backup file is present under:

  • $home_directory/gzserver/backup

Edit install.conf

To update to a new Globalyzer Server image version:

  • Change the gzserver_image_version in install.conf, for example:
gzserver_image_version=6.9

Do not modify the fields below the # DO NOT CHANGE THE STUFF BELOW line unless instructed by Lingoport.

Run the update script

If provided: 

chmod +x UpdateGzserver.sh
sudo ./UpdateGzserver.sh

After the update:

  • Use sudo docker ps to verify the Globalyzer Server container is running with the new image version.
  • Navigate to the Globalyzer Server URL and confirm the system is operational.

Start and Stop System

You can manage Globalyzer Server via Docker commands on the VM.

  • To list running containers:
sudo docker ps
  • To stop Globalyzer Server:
sudo docker stop <gzserver-container-id>
  • To start Globalyzer Server again:
sudo docker start <gzserver-container-id>

You can also identify the container by name if your installation uses fixed names.

Uninstall

To completely uninstall Globalyzer Server, use the uninstall script provided by Lingoport, for example: 

sudo ./UninstallGzserver.sh

The uninstall script:

  • Must be run as root (for example via sudo).
  • Sources install.conf (to obtain home_directory).
  • Changes directory to $home_directory/gzserver/config.
  • Reads the Globalyzer Server container ID from gz_container_id.txt and stops/removes that container.
  • Reads the MySQL container ID from gz_mysql_id.txt and stops/removes that container.

If either of the ID files is missing, the script exits with an error message (for example if the server has not been installed or containers were removed manually).

The uninstall script:

  • Does not remove the Docker network created during install.
  • Does not remove host directories under $home_directory.
  • Does not explicitly remove MySQL data volumes (they remain on the host unless removed separately).

After uninstalling, verify: 

sudo docker ps

You should not see Globalyzer Server or its MySQL container listed as running.

FAQ and Troubleshooting

Make sure the Server URL is reachable

Navigate to the server URL configured in install.conf (gzserver_url). Is the login screen available?

If not:

  • Check that both containers are running:
sudo docker container ls -a

You should see entries similar to: 

CONTAINER ID   IMAGE                   COMMAND                  STATUS       PORTS
...            lingoport/gzserver:6.8  "catalina.sh run"        Up ...       0.0.0.0:8080->8080/tcp
...            mysql:8.0               "docker-entrypoint.s…"   Up ...       3306/tcp, 33060/tcp
  • Verify DNS points to the correct VM.
  • Verify firewall rules allow access to the configured serverPort.
  • If behind HTTPS / reverse proxy, verify the proxy configuration and TLS certificate.

LDAP login issues

If you have configured LDAP and logins are failing:

  • Review your settings against Globalyzer_Server_LDAP_Installation:
    • Attribute mappings (gzserver.ldap.ctx.*)
    • Group names (gzserver.ldap.*.groupName)
    • Search bases and filters for users and groups
    • Manager DN and password
  • Enable detailed logging by:
    • Placing the logback-debug.groovy file (from the Globalyzer Server zip) on the server.
    • Adding -Dlogging.config=/path/to/logback-debug.groovy to JAVA_OPTS for the Globalyzer Server process.
    • Restarting the Globalyzer Server container.

This will cause additional LDAP diagnostic information to be written to the Globalyzer server logs, helping to pinpoint configuration issues.

To check files on disk

To inspect files inside the Globalyzer Server container (for logs or configuration):

1. Find the container ID: 

sudo docker container ls -a

2. Run a shell in the container: 

sudo docker exec -it <gzserver-container-id> bash

Within that shell, you can explore the filesystem (for example, /usr/local/tomcat, logs directories, or the export path mapped from $home_directory/gzserver/export).

How to backup and restore a system

A typical backup/restore process:

  • Backup the Globalyzer Server database
  sudo ./BackupGzserverDatabase.sh

This will create one or more files such as: 

  <home_directory>/gzserver/backup/gzserver_backup_YYYY-MM-DD_HHMMSS.sql

(Exact naming may vary depending on the backup script.)

  • Stop the current Globalyzer Server and MySQL containers
  sudo docker ps
  sudo docker stop <GlobalyzerServerContainerID> <MySQLContainerID>
  sudo docker ps
  • Install or update Globalyzer Server
  sudo ./InstallGzserver.sh
  or
  sudo ./UpdateGzserver.sh
  • Verify that Globalyzer Server comes up in the browser

Log in with the administrator account; for a fresh install, no rule sets or users beyond the admin account are expected.

  • Restore from the database (if applicable)

If you have a restore script (for example RestoreGzserverDatabase.sh): 

  sudo ./RestoreGzserverDatabase.sh YYYY-MM-DD_HHMMSS

Where YYYY-MM-DD_HHMMSS matches the timestamp in your backup file name.

  • Verify that Globalyzer Server is populated with the correct information

Log in and check rule sets, users, and other configuration.

Next Steps

Globalyzer Server is now ready to be used. Typical next steps include:

  • Configure Globalyzer Server users and roles.
  • Set up rule sets and scanning configurations.
  • Update Globalyzer Clients (CLI, IDE, or Command Center) to point to the Globalyzer Server URL you configured.
  • Follow the corresponding Globalyzer Client or Command Center user guides for integrating scans into your development and CI/CD processes.
Retrieved from "http://wiki.lingoport.com/index.php?title=Globalyzer_Server_Installation&oldid=99653"