Production MDM server setup
Prerequisites
- Ubuntu 22.04 LTS server (for testing, a virtual machine having 4 Gb RAM, 2xCPU, 20 Gb SSD is recommended) Hardware requirements for production
- Public IP (IPv4) address
- SSH access
- Domain name bound to the public address (we used build.h-mdm.com)
- Opened ports
- Direct access to the Internet (at least during the installation)
The setup should be done as root.
At a glance
In this video, we set up a server from the very beginning (creating a VM).
1. Install required software
apt update apt install -y aapt tomcat9 postgresql vim certbot unzip net-tools
Notice: The version of Tomcat 9 installed by apt in Ubuntu 20.04 (9.0.31) has a HTTPS-related bug, and Headwind MDM doesn’t work properly with HTTPS. Headwind MDM installer will automatically upgrade Tomcat to the minimal required version – do not skip this step.
2. Setup the database
su - postgres psql postgres=# CREATE USER hmdm WITH PASSWORD 'topsecret'; postgres=# CREATE DATABASE hmdm WITH OWNER=hmdm; postgres=# \q exit
Notice: you may wish to use your own password for better security. Remember it and use at step 4 when running a Headwind MDM installation script.
3. Download and unzip the binary installer
Notice: get the URL of the latest web installer version on the “Download” page.
wget https://h-mdm.com/files/hmdm-5.25-install-ubuntu.zip unzip hmdm-5.25-install-ubuntu.zip cd hmdm-install/
Alternative: build Headwind MDM
git clone https://github.com/h-mdm/hmdm-server.git cd hmdm-server/ apt install -y maven cp server/build.properties.example server/build.properties mvn install
4. Install Headwind MDM
To start installation, run the console command:
./hmdm_install.sh
We recommend to confirm suggested answers to the installer questions (install required software, Tomcat upgrade, etc.).
Important: on Tomcat 9, you need to use a subdirectory of the “Tomcat sandbox” (/var/lib/tomcat9) for storing files, because Tomcat has no permission to write files outside the sandbox. Scripts and other files unrelated to Tomcat are placed to /opt/hmdm by default.
After this step, you can already check that Headwind MDM web panel can be opened by opening http://build.h-mdm.com:8080 in a web browser.
If you’re getting an error “Failed to deploy WAR file”, just restart the installer script.
Further, installer configures HTTPS via LetsEncrypt (a free HTTPS certificate engine), setups regular certificate renewal, and downloads required APK files. We recommend answering “YES” to all installer steps.
LetsEncrypt will ask you to enter your email. You can safely share your email because LetsEncrypt never sends any spam. After agreeing with terms and conditions (required), disable sending email to you by answering “NO”.
5. Validate the installation
Make sure the administrator panel is working. https://build.h-mdm.com should open the web panel.
The default login and password is admin:admin (you will be prompted to change the password – choose a strong one!)
If you got any issues while installing Headwind MDM, you need to look into Tomcat logs to diagnose the problem. Tomcat 9 writes its logs to the system log of Linux:
journalctl -u tomcat9.service
Make a backup of your XML configuration file!
There is a bug in Tomcat 9 which causes occasional removal of the XML configuration after updating the WAR file. To avoid the server fault after upgrading, we strongly recommend to make a backup.
cp /var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml /var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml~
6. Enroll devices
Open the Devices section and click the QR code icon.
If you see the QR code, Headwind MDM installation is completed, congratulations!
What’s next?
You may proceed with the device enrollment. To enroll the device, follow this instruction or watch the video manual.