For months I was searching for a system capable to track and store out internal documents. I tested several systems like alfresco, opendocman,…..

In the end I decided to give OpenKM a try.

OpenKM runs on a JBoss application server, so you are bound to Java.  They use Jackrabbit for their hierarchical content storage.  The frontend is realized with GWT (Google Web Tollkit).

For a full feature list click here.

OpenKM install hints:

I installed OpenKM on a recent Debian 6.0

Getting .pdf, .docx, .xlsx preview running:

First you need to install OpenOffice. Make sure you install …-math, …-writer, … -draw, …-calc packages.

OpenOffice hast to bee run in headless mode. I use following startup script:

#!/bin/sh
### BEGIN INIT INFO
# Provides:        OpenOffice Headless
# Required-Start:    
# Required-Stop:    
# Default-Start:    2 3 5
# Default-Stop:        
# Short-Description:    OpenOffice Headless
### END INIT INFO

PIDFILE=/var/run/openoffice-server.pid

case "$1" in
'start')
 if [ -f $PIDFILE ]; then
 echo "OpenOffice headless server has already started."
 sleep 5
 exit
 fi
 echo "Starting OpenOffice headless server"
 soffice "-accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager" -nologo -headless -nofirststartwizard & > /dev/null 2>&1
 touch $PIDFILE
 ;;
'stop')
 if [ -f $PIDFILE ]; then
 echo "Stopping OpenOffice headless server."
 killall -9 soffice && killall -9 soffice.bin
 rm -f $PIDFILE
 exit
 fi
 echo "Openoffice headless server is not running."
 exit
 ;;
*)
 echo "Usage: $0 { start | stop }"
 ;;
esac
exit 0

To get the preview stuff working you need also pdf2swf. Check your /bin directory there should be a pdf2swf executable or if you prefer you could take the swftool package from ubuntu.

The last step to get the previewer feature running is to set the corresponding config. flags at the OpenKm.cfg file.

  • system.openoffice=on
  • system.pdf2swf=/usr/bin/pdf2swf

Mail Notification configuration:

Mail notification is straight forward. Go to /opt/OpenKM-4.1_JBoss-4.2.3.GA/server/default/deploy/mail-service.xml . Edit the section to your needs.

If you face the problem that the links in your notification mails are pointing to localhost, you can alter the application.url flag in your OpenKM.cfg.

  • application.url={yourURL}:{yourPort}/OpenKM/es.git.openkm.frontend.Main/index.jsp

Changing from port 8080 -> 80

GoTo /opt/OpenKM-4.1_JBoss-4.2.3.GA/server/default/deploy/jboss-web.deployer/server.xml and edit

Change the port field to 80.

Securing your JBoss

One last thing needs to be done :-). Security! Holy Moly… what… yep.. Jboss runs out of the box like an open barn door. So a good idea would be to secure the jmx-console and web-console stuff. Because of that the jmx-console and web-console are standard servlets you can protect them very easily via enabling the security-constraint.

Securing the jmx-console:

1. Edit \server\default\deploy\jmx-console.war\WEB-INF\web.xml and uncomment the security-constraint section:

<!-- A security constraint that restricts access to the HTML JMX console
 to users with the role JBossAdmin. Edit the roles to what you want and
 uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
 secured access to the HTML JMX console.-->
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 <description>An example security config that only allows users with the
 role JBossAdmin to access the HTML JMX console web application
 </description>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>JBossAdmin</role-name>
 </auth-constraint>
 </security-constraint>

 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>JBoss JMX Console</realm-name>
 </login-config>

 <security-role>
 <role-name>JBossAdmin</role-name>
 </security-role>
</web-app>

2. Edit \server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml. Uncomment the following section:

 <jboss-web>
 <!-- Uncomment the security-domain to enable security. You will
 need to edit the htmladaptor login configuration to setup the
 login modules used to authentication users.-->
 <security-domain>java:/jaas/jmx-console</security-domain>

</jboss-web>

3. Edit \server\default\conf\props\jmx-console-roles.properties file

4. Edit \server\default\conf\props\jmx-console-users.properties file

5. Edit \server\default\conf\login-config.xml edit following section

 props/web-console-users.properties
 props/web-console-roles.properties

6. under \server\default\conf\props\ copy and rename the two jmx-console-xx to web-console-xx.

Automatically start OpenKM (Jboss) via init scripts:

If you want to start your OpenKM automatically at boot time you can use this init script:

#!/bin/sh
# /etc/init.d/jbossokm: Start and stop JBoss Application Service
### BEGIN INIT INFO
# Provides:        OpenKM
# Required-Start:    
# Required-Stop:    
# Default-Start:    2 3 5
# Default-Stop:        
# Short-Description:    OpenKM
### END INIT INFO

ECHO=/bin/echo
TEST=/usr/bin/test
JBOSS_START_SCRIPT=/opt/OpenKM-4.1_JBoss-4.2.3.GA/bin/run.sh
JBOSS_STOP_SCRIPT=/opt/OpenKM-4.1_JBoss-4.2.3.GA/bin/shutdown.sh

$TEST -x $JBOSS_START_SCRIPT || exit 0
$TEST -x $JBOSS_STOP_SCRIPT || exit 0

start() (
 $ECHO "Starting JBoss OKM."
 rm -rf /path/to/server/default/tmp
 rm -rf /path/to/server/default/work
 rm -rf /path/to/server/default/log
 su -l -c "$JBOSS_START_SCRIPT -b 0.0.0.0 > /dev/null 2> /dev/null &"
 $ECHO "Done."
 )

stop () (
 $ECHO "Stopping JBoss OKM. "
 su -l -c "$JBOSS_STOP_SCRIPT -S > /dev/null &"
 sleep 10
 $ECHO "Done."
)

case "$1" in
 start )
 start
 ;;
 stop )
 stop
 ;;
 restart )
 stop
 sleep 30
 start
 ;;
 * )
 $ECHO "Usage: jbossokm {start|stop|restart}"
 exit 1
 esac
 exit 0

Shutdown problems (network unreachable exception)

If you get an exception at shutdown or your shutdown script does not kill your JBoss then you could check sysctl-setting under /etc/sysctl.d/bindv6only.conf.

Make sure that the net.ipv6.bindv6only=0. !

If you would like to show your appreciation consider to support the guys from OpenKM with a donation 🙂

See PayPal subscription link at the bottom of the page