OMERO.server installation on CentOS 7


CentOS 7 will reach End Of Life on June 30, 2024. We recommend to use RHEL 9/Rocky 9 instead. Please read OMERO.server installation on RHEL 9/Rocky Linux 9.

This is an example walkthrough for installing OMERO on CentOS 7, using a dedicated local system user. You can use this as a guide for setting up your own test server. For production use you should also read the pages listed under Optimizing Server Configuration. This guide will install Python 3.6. Since 5.6, a new OMERODIR variable is used, you should first unset OMERO_HOME (if set) before beginning the installation process.

This guide describes how to install using the recommended versions for Java, Ice, PostgreSQL. This should be read in conjunction with Version requirements.

This guide does not describe how to install OMERO.web. To deploy OMERO.web, please read OMERO.web installation on CentOS 7 and IcePy 3.6.

These instructions assume your Linux distribution is configured with a UTF-8 locale (this is normally the default).

For convenience in this walkthrough, we will use the omero-server system user and the main OMERO configuration options have been defined as environment variables. When following this walkthrough you can either use your own values, or alternatively create settings.env for example under /tmp e.g. /tmp/settings.env containing the variables below and source it when required:




# Location of the OMERO.server
export OMERODIR=/opt/omero/server/OMERO.server

# Location of the virtual environment for omero-py

export ICE_HOME=/opt/ice-3.6.5		


Installing prerequisites

The following steps are run as root.

Install Java 11, Ice 3.6.5 and PostgreSQL 14:

To install Java 11 and other dependencies:

yum -y install epel-release

yum -y install unzip wget bc

# install Java
yum -y install java-11-openjdk

# install dependencies

yum -y install python3
yum -y install openssl

To install Ice 3.6.5:

curl -sL > \

yum -y install glacier2 \
icebox \
icegrid \
icepatch2 \
libfreeze3.6-c++ \
libice3.6-c++ \

To install PostgreSQL 14:

yum -y install
yum -y install postgresql11-server postgresql11

PGSETUP_INITDB_OPTIONS=--encoding=UTF8 /usr/pgsql-11/bin/postgresql-11-setup initdb

sed -i.bak -re 's/^(host.*)ident/\1md5/' /var/lib/pgsql/11/data/pg_hba.conf
systemctl start postgresql-11.service

systemctl enable postgresql-11.service


if you are installing PostgreSQL in a Docker container, some of the commands above will not work. For more details check

Create a local omero-server system user, and a directory for the OMERO repository:

useradd -mr omero-server
# Give a password to the omero user
# e.g. passwd omero-server
chmod a+X ~omero-server

mkdir -p "$OMERO_DATA_DIR"
chown omero-server "$OMERO_DATA_DIR"

Make the settings.env available to the omero-server system user by copying in to the user home directory. The file will need to be sourced each time you switch user. You could add . ~/settings.env to the omero-server system user bash profile.

Create a database user and initialize a new database for OMERO:

echo "CREATE USER $OMERO_DB_USER PASSWORD '$OMERO_DB_PASS'" | su - postgres -c psql
su - postgres -c "createdb -E UTF8 -O '$OMERO_DB_USER' '$OMERO_DB_NAME'"

psql -P pager=off -h localhost -U "$OMERO_DB_USER" -l

Installing OMERO.server

The following step is run as root.

We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using pip:

# Create a virtual env
python3 -mvenv $VENV_SERVER

# Upgrade pip
$VENV_SERVER/bin/pip install --upgrade pip

# Install the Ice Python binding
$VENV_SERVER/bin/pip install

# Install server dependencies
$VENV_SERVER/bin/pip install omero-server

Download and unzip OMERO.server:

cd /opt/omero/server
wget -q $SERVER -O
unzip -q OMERO.server*

Change the ownership of the OMERO.server directory and create a symlink:

# change ownership of the folder
chown -R omero-server OMERO.server-*
ln -s OMERO.server-*/ OMERO.server

Configuring OMERO.server

The following steps are run as the omero-server system user. (su - omero-server)

The variable OMERODIR set in settings.env above must point to the location where OMERO.server is installed. e.g. OMERODIR=/path_to_omero_server/OMERO.server.

Note that this script requires the same environment variables that were set earlier in settings.env, so you may need to copy and/or source this file as the omero user.

Configure the database and the location of the data directory:

omero config set "$OMERO_DATA_DIR"
omero config set "$OMERO_DB_NAME"
omero config set omero.db.user "$OMERO_DB_USER"
omero config set omero.db.pass "$OMERO_DB_PASS"
omero db script -f $OMERODIR/db.sql --password "$OMERO_ROOT_PASS"
psql -h localhost -U "$OMERO_DB_USER" "$OMERO_DB_NAME" < $OMERODIR/db.sql

Weaker ciphers like ADH are disabled by default in new versions of OpenSSL and TLS versions 1.0 and 1.1 have been dropped from JDK packages. In order to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, the OMERO.web client or the CLI and import data, you need to generate self-signed certificates after installing the omero-certificates package.

omero certificates

Additionally on CentOS7, it is necessary to prevent the OMERO.server from advertising Diffie-Hellmann key exchange to the clients. While this key-exchange algorithm is disabled in the OMERO side, if it is advertised it can lead to client errors (e.g. omero-py>=5.13.0), which will fail to connect to OMERO because of a dh-key error. To prevent this, it might be necessary to remove Diffie-Hellmann key exchange from the IceSSL configuration. On CentOS7, this can be done by running the following code:

omero config set omero.glacier2.IceSSL.Ciphers=HIGH:!DH

See also Client Server SSL verification.

Running OMERO.server

The following steps are run as the omero-server system user. (su - omero-server)

OMERO should now be set up. To start the server run:

omero admin start

Should you wish to start OMERO automatically, a systemd service file could be created. An example omero-server-systemd.service is available.

Copy the systemd.service file and configure the service:

cp omero-server-systemd.service /etc/systemd/system/omero-server.service

systemctl daemon-reload

systemctl enable omero-server.service

You can then start up the service.

Securing OMERO

The following steps are run as root.

If multiple users have access to the machine running OMERO you should restrict access to OMERO.server’s configuration and runtime directories, and optionally the OMERO data directory:

chmod go-rwx $OMERODIR/etc $OMERODIR/var

# Optionally restrict access to the OMERO data directory
# chmod go-rwx "$OMERO_DATA_DIR"