安装MRBS并配置CAS

最近帮助院系使用MRBS（Meeting Room Booking System）搭建了一个简单的会议室预约系统，并配置了Apereo CAS登陆。

安装MRBS

前半部分主要参考的是MRBS的官方安装文档。

1. 从 https://sourceforge.net/projects/mrbs/files/ 下载MRBS，同时，需要保证机器上已经安装了nginx, mysql/mariadb, fcgiwrap , php-fpm, php-xml 和 php-curl。

2. 解压MRBS的压缩包。在本文中，MRBS被安装在了/var/www/mrbs/中。

3. 创建数据库，根据官方文档，需要在MySQL中创建MRBS有关的数据表（PostgreSQL的情况类似，见文档）：

   mysqladmin create mrbs
   mysql mrbs < tables.my.sql
   

4. 修改web文件夹中的配置文件config.inc.php：

   <?php // -*-mode: PHP; coding:utf-8;-*-
   namespace CCSE;
   //填写MRBS网页的名字
   
   /**************************************************************************
    *   MRBS Configuration File
    *   Configure this file for your site.
    *   You shouldn't have to modify anything outside this file.
    *
    *   This file has already been populated with the minimum set of configuration
    *   variables that you will need to change to get your system up and running.
    *   If you want to change any of the other settings in systemdefaults.inc.php
    *   or areadefaults.inc.php, then copy the relevant lines into this file
    *   and edit them here.   This file will override the default settings and
    *   when you upgrade to a new version of MRBS the config file is preserved.
    *
    *   NOTE: if you include or require other files from this file, for example
    *   to store your database details in a separate location, then you should
    *   use an absolute and not a relative pathname.
    **************************************************************************/
   
   /**********
    * Timezone
    **********/
   
   // The timezone your meeting rooms run in. It is especially important
   // to set this if you're using PHP 5 on Linux. In this configuration
   // if you don't, meetings in a different DST than you are currently
   // in are offset by the DST offset incorrectly.
   //
   // Note that timezones can be set on a per-area basis, so strictly speaking this
   // setting should be in areadefaults.inc.php, but as it is so important to set
   // the right timezone it is included here.
   //
   // When upgrading an existing installation, this should be set to the
   // timezone the web server runs in.  See the INSTALL document for more information.
   //
   // A list of valid timezones can be found at http://php.net/manual/timezones.php
   // The following line must be uncommented by removing the '//' at the beginning
   $timezone = "Asia/Shanghai";
   //设定时区
   
   /*******************
    * Database settings
    ******************/
   // Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL
   $dbsys = "mysql";
   //设定数据库类型
   // Hostname of database server. For pgsql, can use "" instead of localhost
   // to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost"
   // tells the system to use Unix Domain Sockets, and $db_port will be ignored;
   // if you want to force TCP connection you can use "127.0.0.1".
   $db_host = "localhost";
   // If you need to use a non standard port for the database connection you
   // can uncomment the following line and specify the port number
   $db_port = 3306;
   //端口
   // Database name:
   $db_database = "mrbs";
   //数据库名称
   // Schema name.  This only applies to PostgreSQL and is only necessary if you have more
   // than one schema in your database and also you are using the same MRBS table names in
   // multiple schemas.
   //$db_schema = "public";
   // Database login user name:
   $db_login = "username";
   
   // Database login password:
   $db_password = 'password';
   //登陆名和密码
   
   // Prefix for table names.  This will allow multiple installations where only
   // one database is available
   $db_tbl_prefix = "mrbs_";
   //表前缀
   // Set $db_persist to TRUE to use PHP persistent (pooled) database connections.  Note
   // that persistent connections are not recommended unless your system suffers significant
   // performance problems without them.   They can cause problems with transactions and
   // locks (see http://php.net/manual/en/features.persistent-connections.php) and although
   // MRBS tries to avoid those problems, it is generally better not to use persistent
   // connections if you can.
   $db_persist = FALSE;
   

5. 配置nginx

   server {
     listen 443 ssl http2;
   
     server_name mrbs.website.edu;
     root           /var/www/mrbs/web;
     index index.php
   
     access_log /var/log/nginx/mrbs-access.log;
     error_log /var/log/nginx/mrbs-error.log;
   
     ssl_certificate     cert.pem;
     ssl_certificate_key key.pem;
   
   
   
   
   
     location ~* \.php$ {
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       #php-fpm的位置需根据实际情况填写
       include         fastcgi_params;
       fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
       fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
     }
   
   
   }
   

在进行上述的配置之后，应该就可以正常访问MRBS的界面了。如果出现403等错误，可能需要

chown -R www-data:www-data /var/www/mrbs/

配置CAS

CAS登陆是借助MRBS内置的phpCAS实现的。

需要在config.inc.php加上以下的配置：

//CAS

$auth['session'] = 'cas';
$auth["type"] = "cas";
//$auth['cas']['debug'] = true;
//debug模式，如果需要自行开启

$auth["admin"][] = "admin-username";
//之后如果从CAS登入这个username，它会被赋予管理员权限

include_once('lib/CAS.php');

$auth['cas']['host']='cas.website.edu';
$auth['cas']['port']= 443;
$auth['cas']['context']='/cas';
//这里的路径是Apereo CAS的通用路径，每个机构可能会不一样。

$auth['cas']['ca_cert_path']='/var/www/mrbs/web/lets-encrypt-r3.pem';
//由于机构的CAS使用的证书是LE的，因此这里的证书是lets-encrypt-r3，具体情况需要根据cas服务器的证书具体讨论

配置Attribute（可选）

如果需要让MRBS现实将/var/www/mrbs/web/lib/CAS/Client.php里面的['phpCAS']['user']替换为['phpCAS']['attributes']['name']（根据实际情况修改）

其他

如果配置CAS后尝试登陆报错，可以在配置文件里面加一行phpCAS::setDebug();，然后可以在/tmp/phpCAS.log里面找到详细的日志信息。

参考资料

• How to setup CAS login using the MRBS 1.7.1 release? （这个配置有问题，建议不要照抄）