Install Adobe Campaign Classic on Debian
Psst! Listen up, fellow campaigners! Did you know that you can actually install Adobe Campaign Classic locally and it won’t cost you a penny? Of course, you won’t be able to run actual marketing campaigns with it, but you can use it as your personal development playground. It’s like having a sandbox, but for grown-ups. Go ahead, unleash your inner marketing genius and play around with Adobe Campaign to your heart’s content!
Download latest debian linux distribution
Before we dive into the installation and setup process for Adobe Campaign Classic, we need to install Debian Linux distribution on VirtualBox or any other virtual machine server. This will serve as our personal server running on the virtual machine, which we will later connect with the rich client.
You can also choose red hat linux distribution or even windows if you fancy UI
Download adobe campaign classic server
For the next step, an Adobe ID must be linked to the Adobe Experience Cloud solution. This is only possible if your company uses Adobe Campaign products or is part of the partner program. Without this linkage, you will not be able to continue. I understand that this can be a blocker, as not everyone works in a large corporation that is an Adobe Platinum Partner. However, I am confident you can find a way to access these files for learning purposes.
You can download the latest release of Adobe Campaign Classic from Adobe’s software distribution centre.
Once you are on the platform, navigate to the server utilities section where you can choose the latest version available for the Debian version that you have installed or plan to install on the virtual machine. In our case, we will download the latest installation files for Adobe Campaign for Debian 11.
Download the client console
The client console, or rich client, can be downloaded from the same location where you downloaded the application server installation files. Choose the version that aligns with the version of your application server, or, if not listed, take the latest version that is compatible.
Run the client console on MAC
The console client, is primarily a Windows-based application. However, Mac users have a couple of alternatives to run the console:
- Using a Virtual Machine: You can run a Windows virtual machine on your Mac using software like Parallels Desktop or VMware Fusion. Once you have Windows running virtually, you can install and run the Adobe Campaign Client Console within that environment.
- Remote Desktop Connection: If you have access to a Windows server or a desktop with the Adobe Campaign Console installed, you can use a Remote Desktop client for Mac to connect to the Windows system and use the console remotely.
As of the last update, Adobe Campaign does not offer a native Mac OS version of the Client Console. Users typically adopt one of the above methods to work around this limitation.
We could use Wine, which is capable of running Windows applications on UNIX-like operating systems, such as Linux and macOS. However, the effectiveness of Wine in running a specific application can vary widely, depending on the complexities of the application and its dependencies on Windows-specific features. Rest assured, while running the console on Wine, it did not perform well at all.
Installation of the application server
First command to run in our freshly installed Debian 11 terminal is always for installing updates.
sudo apt update sudo apt upgrade
sudo apt update
- Purpose: Updates the package index on your system.
- What It Does: Fetches the latest information about available packages and their versions from the configured repositories.
- Impact: Does not install or upgrade any packages; it simply refreshes the package list to ensure you have the most recent information.
sudo apt upgrade
- Purpose: Upgrades all installed packages to their latest available versions.
- What It Does: Downloads and installs the newest versions of the packages based on the updated package index from
sudo apt update
. - Impact: Ensures your system has the latest security patches, bug fixes, and feature updates for all installed software.
It is good practice to run these commands time to time or at least when installing new packages.
But before somehow I did not see setting during the installation that the newly created user will belong to the sudo group. If the same happend to you during the installation run following command for your user if you all good skip it.
sudo adduser <username> sudo
If you are using VirtualBox, it is also necessary to install Guest Additions. Without these tools, you will not be able to share files with the virtual machine, and you will need to download the Adobe Campaign installation files separately. (Alternatively, you can download the rpm files directly from the Debian preinstalled browser.)
This action will autorun the process which will self install the necessary tools.
All the necessary files are available in the virtual machine, so we can proceed directly to the main event of this installation – running the package manager to install our beloved power marketing platform.
dpkg -i nlserver6-v7-XXXX-linux-2.6-amd64.deb
This will leave you with errors regarding dependencies that need to be installed
Selecting previously unselected package nlserver6-v7. (Reading database ... 33880 files and directories currently installed.) Preparing to unpack nlserver6-v7-9359-amd64_deb11.deb ... Unpacking nlserver6-v7 (9359.0.0) ... dpkg: dependency problems prevent configuration of nlserver6-v7: nlserver6-v7 depends on libc-ares2; however: Package libc-ares2 is not installed. nlserver6-v7 depends on libpcre16-3; however: Package libpcre16-3 is not installed. nlserver6-v7 depends on openjdk-11-jdk-headless; however: Package openjdk-11-jdk-headless is not installed.
And to install these missing dependecies run following command
apt-get install -f
Installation of database server
With Adobe Campaign server installed now we also have install database engine. I have selected PosgtreSQL as it is Open Source and supported by Adobe Campaign
Adobe Campaign Classic is compatible with the following database servers:
- Microsoft SQL Server
- Oracle
- PostgreSQL
Installation guide shows also MySQL support but that is not mentioned in the compatibility matrix
sudo apt install postgresql
By default, PostgreSQL is configured to use the “peer” authentication method, which means that it will only allow users to log in if their system username matches their PostgreSQL username.
To change this, you can edit the pg_hba.conf
file, which is located in the /etc/postgresql/<version>/main/
directory.
Open the file in a text editor:
sudo nano /etc/postgresql/<version>/main/pg_hba.conf
Replace <version>
with the version number of PostgreSQL installed on your system (e.g. 13).
Find the line that reads:
local all all peer
And change “peer” to “md5”, like this:
local all all md5
Save and close the file.
Restart PostgreSQL
Run the following command to restart the PostgreSQL service:
sudo systemctl restart postgresql
Issues with postgres user password
In case you are unable to create a new user or access the interactive terminal ‘psql
‘, it may be because during the second installation of PostgreSQL, you were not prompted to set a password.
root@debian-2gb-fsn1-1:~# sudo -u postgres createuser --interactive could not change directory to "/root": Permission denied Enter name of role to add: accdbuser Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) n Shall the new role be allowed to create more new roles? (y/n) n Password: Password: createuser: error: could not connect to database template1: FATAL: password authentication failed for user "postgres"
To fix this, you need to change the configuration for the local PostgreSQL authentication method and set the last column to “ident”. This means that PostgreSQL will use the operating system’s user authentication to verify the user’s identity. You can use this method to run all commands below and then change back the settings to “md5”.
Then you can change password by accessing the PostgreSQL interactive terminal (psql
) as the postgres
user.
sudo -u postgres psql
Start the interactive terminal to change password.
\password postgres
The \password postgres
command is used to change the password for the postgres
user in PostgreSQL.
To quit interactive terminal type:
\q
Add a new user
To add a new user in PostgreSQL, run the following command:
This will launch an interactive prompt where you can enter the name of the new user and specify whether it should be a superuser or not.
sudo -u postgres createuser --interactive
Now we will set user password by following commands if not already asked for it:
sudo -u postgres psql
ALTER USER accdbuser PASSWORD 'accdbuser'
Create database
We will create database our database with following command:
sudo -u postgres createdb <database_name>
Configure adobe campaign application server
With all set we can start to create our AC instance but first we need to switch to neolane user by:
sudo su - neolane
Now we can create our first Adobe Campaign application server instance configuration files.
nlserver config -verbose -addinstance:sandbox/*/eng
We have to change internal user password by running:
nlserver config -internalpassword
It comes with empty password, this by the default serverConf.xml configuration is not allowed, so when the prompts for the current password, we do not have to type anything and just press enter to the next step and set up the new password.
if you ever forget the internal password you can reset it by removing attribute value from serverConf.xml, reload configuration and run the previous ‘nlserver config -internalpassword‘ command.
<!-- XTK authentication mode internalPassword : Password of internal account internalSecurityZone : Authorized zone for the internal account Default: 'lan' --> <xtk internalPassword="<remove_my_forgotten_password>" internalSecurityZone="lan"/>
Reload server configuration
nlserver config -reload
Enable services in instance configuration
Find your sandbox instance configuration under /usr/local/neolane/nl6/conf/ and change it as follows.
<?xml version='1.0'?> <serverconf> <shared> <dataStore hosts="*" lang="eng" uploadWhitelist="(?i).*\.(jpg|jpeg|png|favicon|xml|gif|bmp|txt|tab|csv|css|htm|html|zip|pdf|ppt|pptx|xls|xlsx|doc|docx|odt|p12|p8)"> <dataSource name="default"> <dbcnx encrypted="1" login="accdbuser:accdb" password="<pwd>" provider="PostgreSQL" server="localhost"/> </dataSource> </dataStore> </shared> <!-- do not need mail server to run for now --> <mta autoStart="false" statServerAddress=""> <child> <smtp> <IPAffinity name="default,mid.default,dev.default,test.default"> <!-- For dev instances, if you need a default IP (not recommended), use address="0.0.0.0" --> <IP address="" heloHost="" publicId="" weight=""/> </IPAffinity> </smtp> </child> </mta> <stat autoStart="true"/> <!-- we want to run after configuration is done if set to true we will produce error log for wfserver.log --> <wfserver autoStart="false"/> <inMail autoStart="false"/> <sms autoStart="false"/> <interactiond autoStart="false"/> <web> <redirection IMSOrgId="" databaseId="" trackingPassword=""/> </web> <securityZone name="public"> <securityZone name="vpn"> <!-- Add customer specifc IPs here, HTTPS access will be mandatory to login <subNetwork name="Cus1" mask="x.x.x.x/y"/> --> </securityZone> </securityZone> </serverconf>
We can run Adobe Campaign instance by following command
nlserver watchdog -svc -noconsole
Command above is one of the most used commands when working with Adobe Campaign application server from shell. You can mark it down somewhere for future reference.
Another helpful command to know is how to check which Adobe Campaign processes are currently running, based on your instance configuration. This is a useful way to monitor the health and performance of your Adobe Campaign instance.
nlserver pdump
neolane@debian:~$ nlserver pdump 20:13:56 > Application server for Adobe Campaign Classic (7.3.3 build 9359@c636bf3 of 03/06/2023) watchdog (126636) - 6.5 MB syslogd@default (126585) - 26.0 MB stat@nxp_sandbox (126609) - 42.2 MB web@default (126610) - 259.6 MB
Virtual Machine installation notes
I was unable to connect to the Adobe Campaign server from my host operating system while using VM network settings set to NAT. After switching to Bridged networking mode, however, my virtual machine was able to appear as a separate physical device on my network, making it much easier to connect to and access from my host machine.
However, I recognize that I may need to find a more permanent solution in the future since I will need to change connection details every time I start my server. If any of you have experience making NAT mode work, I would greatly appreciate your advice
As far as I know, the issue is not related to the firewall since Debian does not come with a default firewall installed. I have attempted to make it work with port forwarding, but this has not resolved the problem. Additionally, I have tried several solutions found on Stack Overflow, but unfortunately, none of them have worked for me.
To switch networkgin mode we need to open our Debian VM settings and hange Network adapter mode to the Bridged Adapter. That’s it we are all set, almost.
Next we have check the IP address of our virtual machine by running a command:
ip addr show
That will give us plenty of information, for us is relevant enp0s3 inet ip address, which from example below, is 192.168.0.101
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic enp0s3 valid_lft 85605sec preferred_lft 85605sec inet6 fe80::a00:27ff:fe68:5410/64 scope link valid_lft forever preferred_lft forever
sing the rich client from our host environment. Be sure to download the correct version of the rich console client from the same software distribution page.
Integrating web server
If you are hosting your sandbox on a virtual private server (VPS), you need to integrate a web server with the Adobe Campaign application server before you can connect to and configure it. However, if you don’t need to upload files via the rich console, you can skip the web server integration step for your local sandbox on a virtual machine (VM).
- Install apache server
sudo apt install apache2
After apache is installed you can follow documentation found on the official Adobe Campaign pages. Can be found by searching “Integration into a Web server for Linux”
- Disable apache modes. It will ask you that you trying to disable essential modules and we need to force disbale them by adding -f at the end.
a2dismod auth_basic authn_file authz_default authz_user autoindex cgi dir env negotiation userdir -f
Mods explained you can skip if you are not interested
auth_basic
: This module provides basic authentication for web pages and requires users to enter a username and password to access certain pages. Disabling this module could compromise the security of your web application by allowing unauthorized access to protected resources.authn_file
: This module allows you to authenticate users against a file-based authentication system. Disabling this module could prevent users from being able to authenticate, which could result in a degraded user experience or even a complete loss of functionality, depending on how your web application is designed.authz_default
: This module provides a default authorization scheme for your web application, allowing you to restrict access to certain resources based on various criteria. Disabling this module could result in unauthorized access to protected resources or even a complete loss of functionality, depending on how your web application is designed.authz_user
: This module allows you to control access to resources based on user authentication status. Disabling this module could result in unauthorized access to protected resources or even a complete loss of functionality, depending on how your web application is designed.autoindex
: This module provides directory indexing, which allows users to view the contents of a directory on the web server. Disabling this module could prevent users from being able to access certain resources or even a complete loss of functionality, depending on how your web application is designed.cgi
: This module allows you to run CGI scripts on the web server. Disabling this module could prevent users from being able to access certain resources or even a complete loss of functionality, depending on how your web application is designed.dir
: This module provides directory-based configuration options for Apache. Disabling this module could prevent users from being able to access certain resources or even a complete loss of functionality, depending on how your web application is designed.env
: This module provides environment-based configuration options for Apache. Disabling this module could prevent users from being able to access certain resources or even a complete loss of functionality, depending on how your web application is designed.negotiation
: This module allows Apache to perform content negotiation to determine the best representation of a resource to send to the client. Disabling this module could prevent users from being able to access certain resources or even a complete loss of functionality, depending on how your web application is designed.userdir
: This module allows users to have personal web directories on the server. Disabling this module could prevent users from being able to access their personal web directories or even a complete loss of functionality, depending on how your web application is designed.
- Create the file nlsrv.load in /etc/apache2/mods-available and insert the following content.
This step was at least from what I understood only for Debian 8 as in the official documentation. But without it I could not enable apache mod later.
LoadModule requesthandler24_module /usr/local/[INSTALL]/nl6/lib/libnlsrvmod.so
- Create symbolic link to apache neolane configuration into apache mods-available configuration folder (it is similar to shortcut in winodws, this will make sure when we update AC build the configuration stays up to date)
ln -s /usr/local/neolane/nl6/conf/apache_neolane.conf /etc/apache2/mods-available/nlsrv.conf
- Enable apache configuration
a2enmod nlsrv
- Edit apache envvars /etc/apache2/envvars
# Added Neolane if [ "$LD_LIBRARY_PATH" != "" ]; then export LD_LIBRARY_PATH="/usr/local/neolane/nl6/lib:$LD_LIBRARY_PATH"; else export LD_LIBRARY_PATH=/usr/local/neolane/nl6/lib; fi export USERPATH=/usr/local/neolane
- Add Adobe Campaign users to the Apache user group
usermod neolane -G www-data usermod www-data -G neolane
- Restart apache (good to know command)
sudo systemctl start apache2
Now the <domain>/r/test should work and give you something similar to
<redir status='OK' date='2023-05-09 18:13:37.604Z' build='9359' sha1='c636bf3' instance='sandbox' sourceIP='xxx.xxx.xxx.xxx' host='domain.com' localHost='host'/>
Adding SSL certificates
Adobe Campaign by default wont let you connect over http. This can be changed in the instance configuration overriding the security zones settings. Take a look at the serverConfig.xml and you may find that http is only allowed when you are connecting from the localhost (same machine) all other zones allowHttp is set to false.
<!-- Security zone allowDebug : Authorize debug mode for Web applications Default: false allowEmptyPassword : Authorize the user to use the application without a password Default: false allowHTTP : Authorize the use of HTTP for operator logon Default: false allowSQLInjection : Authorize the use of SQLDATA in expressions Default: false allowUserPassword : Authorize user/password session tokens Default: false label : Label Default: NewLabel() name : Internal name Default: NewName() sessionTokenOnly : Do not use the security token Default: false showErrors : Display error details Default: false --> <!-- subNetwork : Sub-network label : Label Default: NewLabel() mask : Mask or address name : Internal name Default: NewName() proxy : Mask or address of (reverse) proxy used by this sub-network to access the instance. In this case, the 'X-Forwarded-For' header will be tested instead of this proxy. Default: 127.0.0.1 --> <!-- securityZone : -->
You can override main configuration settings by copying zones configuration to your instance configuration.
It is not good practice to change serverConfig.xml unless the setting is used by all instances eg. enabling TLS protocol for email MTA server.
You can set the allowHTTP for public zone to true.
For SSL encryption, I recommend using Let’s Encrypt. It offers a free and reliable solution that is suitable for most websites. Let’s Encrypt certificates are recognized by major web browsers and can improve your website’s security and search engine rankings.
For Let’s Encrypt SSL certificates we need to install certbot first. Certbot is a free and open-source software tool that simplifies the process of obtaining and renewing SSL/TLS certificates from Let’s Encrypt, a certificate authority that provides free SSL/TLS certificates.
sudo apt-get install certbot python3-certbot-apache
Obtain Let’s Encrypt SSL certificates.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email your-email@example.com -d example.com -d www.example.com
sudo certbot
: This command runscertbot
, the tool used to obtain and install SSL/TLS certificates.--apache
: This option specifies that you want to use the Apache plugin forcertbot
, which automatically updates your Apache virtual host configuration files to use SSL/TLS.--agree-tos
: This option tellscertbot
to agree to the Let’s Encrypt Terms of Service.--redirect
: This option configures Apache to automatically redirect all HTTP traffic to HTTPS, ensuring that all traffic is encrypted.--hsts
: This option configures Apache to use HTTP Strict Transport Security (HSTS), which instructs web browsers to always use HTTPS when connecting to your website, even if the user types in “http://” in the address bar.--staple-ocsp
: This option enables OCSP stapling, which improves the performance and security of SSL/TLS by caching certificate validation information.--email your-email@example.com
: This option specifies the email address to be used for important account notifications and for renewing the SSL/TLS certificates before they expire.-d example.com -d www.example.com
: These options specify the domain names for which you want to obtain SSL/TLS certificates. In this example,certbot
will request certificates for bothexample.com
andwww.example.com
Certbot will add following configuration under /etc/apache/sites-available.
-rw-r--r-- 1 root root 1.5K May 7 11:26 000-default-le-ssl.conf
Change the certbot configuration:
<IfModule mod_ssl.c> <VirtualHost _default_:443> #you can set your email as contact in case users come across any apache error #ServerAdmin webmaster@localhost ServerName sandbox.example.com #do not need #DocumentRoot /var/www/html #include apache_neolane.conf @todo: test without it :) include /usr/local/neolane/nl6/conf/apache_neolane.conf ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/letsencrypt/live/sandbox.nexpire.sk/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sandbox.nexpire.sk/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Certbot –apache also enables the site configuration and reloads the apache configuration for you
Check if the SSL ceritificates are working
First application instance configuration via wizard
If we are not accessing Adobe Campaign instance from the same network or VPN we have to at least for the configuration purpose change security zone for internal user to public so our login will not be rejected.
<xtk internalPassword="pwd" internalSecurityZone="lan"/><!-- default seeting is 'lan' change it to 'public' only for configuration -->
Everytime we deploy new configuration and connect to that instance, the first login will lead us through the deployment wizard.
On the first step we select our DB engine and server host which is localhost and select to use existing database, we have created it already before.
Fill the connection strings for database set timezone settings (these cannot be changed after)
Last but not least is to select what packages we want to install. I have selected for now only Marketing campaigns (Campaign) as you can always return back to it and install more later. Also beware here you cannot remove these packages once they are installed.
Last step before installation of all packages we will have to set password for admin user. Which is second system user along with the internal.
Now you can close the window and login again as admin. Enjoy!
NOTE: admin user by default security zone is set to LAN so if we run our instance on virtual private server we should add another administrator user or change security zone of admin user.
I have not configured anything yet nor installed any additional packages. I will add to this article more information later.