Basic Setup Guide

Basic


Introduction

This product need a certain level of technical expertise. If you don't know what you are doing, you might break the System and cause bad things to happen.

  • Item Name : Basic

Welcome to this getting started & setup guide.

This setup guide will help you setup the required basics that are needed for almost every of our products.

Requirements

You will need the following sofwares to install and use this product:

  1. A Server (KVM, though LXC can work)

For our server we are using Debian 11 "bullseye" 64 bit. This should work on any other systems, tho probably changes are nessessary to make.

Getting Started #back to top

We have the option of using nginx or apache. In both cases we need PHP

Make sure you system is up-to-date by executing sudo apt-get update -y && sudo apt-get upgrade -y.

PHP

Since PHP8 is not in the official Debian repositories, we need to add the external repository from "survy".

                                    root@server:~# sudo apt install ca-certificates apt-transport-https software-properties-common gnupg2 git unzip -y
                                    root@server:~# echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list
                                    root@server:~# wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -
                                    root@server:~# sudo apt update -y
                                

After that we can install the packages we need.

                                    root@server:~# sudo apt install -y php8.1-zip php8.1-common php8.1-mysql php8.1-ssh2 php8.1-xml php8.1-curl php8.1-gd php8.1-imagick php8.1-mbstring
                                

Apache2

see the above PHP installation.

                                    root@server:~# sudo apt install -y apache2 libapache2-mod-php8.1
                                    root@server:~# sudo a2enmod rewrite
                                

After that we need to enable our custom .htaccess file by edition the apache2-configuration:

open the apache2-config with sudo nano /etc/apache2/apache2.conf and find the following block:

                                    <Directory /var/www/>
                                        Options Indexes FollowSymLinks
                                        AllowOverride None
                                        Require all granted
                                    </Directory>
                                

Now, change the AllowOverride from None to All. The line should now be: AllowOverride All.

Quit the editor using ctrl + x and confirm with y

Restart apache with sudo systemctl restart apache2 and we are done.

Nginx

Nginx is an alternative to apache2 so it cannot be used at the same time!

Install nginx with the following command:

                                        root@server:~# sudo apt install nginx
                                

Since there are no PHP Modules for nginx, we need to install fpm:

                                    root@server:~# sudo apt install php8.1-fpm
                                

Now we can modify the configuration /etc/nginx/sites-enable/default or create a new one in the folder /etc/nginx/sites-available/

                                    ##
                                    # Default server configuration
                                    #
                                    server {
                                        listen 80 default_server;
                                        listen [::]:80 default_server;
                                    
                                        # document root
                                        root /var/www/html;
                                    
                                        # Add index.php to the list if you are using PHP
                                        index index.php;
                                        
                                        # Website-Name
                                        server_name _;
                                    
                                        # PHP Handler via FPM
                                        location ~ \.php$ {
                                            include snippets/fastcgi-php.conf;
                                            fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
                                        }	
                                    
                                        # Rewrite assets to _views
                                        location ~* ^\/(assets|css|png|img|imgs|images|js)\/(.*) {
                                                    rewrite (.*) /_views/$1 break;
                                                    return 301;
                                            }
                                    
                                        # use PHP if the file does not exist
                                        location / {
                                            try_files $uri $uri/ /index.php?$args;
                                        }
                                    
                                        # disallow direct config access
                                        location /config.json {
                                            deny all;
                                        }
                                        
                                        # allow .well-known access
                                        location ~ /\.(?!well-known).* {
                                            deny all;
                                            access_log off;
                                            log_not_found off;
                                        }
                                    }                                    
                                

Enable the page and reload nginx with sudo systemctl reload nginx and you should be good to go.

Database setup

If not stated otherwise, the product needs a database to run on. We are using MariaDB and this will explain how to set it up and create a new user for the product.

                                    root@server:~# sudo apt install mariadb-server mariadb-client
                                

Next, we need to configure mysql with the right things. Run sudo mysql_secure_installation

                                    root@server:~# sudo mysql_secure_installation
                                    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
                                    SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

                                    In order to log into MariaDB to secure it, we'll need the current
                                    password for the root user.  If you've just installed MariaDB, and
                                    you haven't set the root password yet, the password will be blank,
                                    so you should just press enter here.

                                    Enter current password for root (enter for none): 
                                    OK, successfully used password, moving on...

                                    Setting the root password ensures that nobody can log into the MariaDB
                                    root user without the proper authorisation.

                                    Set root password? [Y/n] Y
                                    New password: 
                                    Re-enter new password: 
                                    Password updated successfully!
                                    Reloading privilege tables..
                                    ... Success!


                                    By default, a MariaDB installation has an anonymous user, allowing anyone
                                    to log into MariaDB without having to have a user account created for
                                    them.  This is intended only for testing, and to make the installation
                                    go a bit smoother.  You should remove them before moving into a
                                    production environment.

                                    Remove anonymous users? [Y/n] Y
                                    ... Success!

                                    Normally, root should only be allowed to connect from 'localhost'.  This
                                    ensures that someone cannot guess at the root password from the network.

                                    Disallow root login remotely? [Y/n] Y
                                    ... Success!

                                    By default, MariaDB comes with a database named 'test' that anyone can
                                    access.  This is also intended only for testing, and should be removed
                                    before moving into a production environment.

                                    Remove test database and access to it? [Y/n] Y
                                    - Dropping test database...
                                    ... Success!
                                    - Removing privileges on test database...
                                    ... Success!

                                    Reloading the privilege tables will ensure that all changes made so far
                                    will take effect immediately.

                                    Reload privilege tables now? [Y/n] Y
                                    ... Success!

                                    Cleaning up...

                                    All done!  If you've completed all of the above steps, your MariaDB
                                    installation should now be secure.

                                    Thanks for using MariaDB!

                                

First we just press enter, since we do not currently have a root password. After that we always answer with Y and when ask to input our root-password we just enter root.
It should be noted, that this is not a security issue, since we are only allowing a root-login from localhost (the server itself). If you plan to use something like phpmyadmin, it is advised to use a secure password.

Now, let's create a user to use with the product.
Enter the mysql shell be running sudo mysql. You should get a shell similiar to this:

                                    root@server:~# sudo mysql
                                    Welcome to the MariaDB monitor.  Commands end with ; or \g.
                                    Your MariaDB connection id is 57
                                    Server version: 10.3.23-MariaDB-0+deb10u1 Debian 10
                                    
                                    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
                                    
                                    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
                                    
                                    MariaDB [(none)]> 
                                

This means, we are successfully connect to the database and can now create the new user.

                                    MariaDB [(none)]> CREATE USER 'CP'@'localhost' IDENTIFIED BY 'CP';
                                

Again, we are only allowing the user to login from localhost, so user CP as the password is fine.

                                    MariaDB [(none)]> GRANT ALL PRIVILEGES ON * . * TO 'CP'@'localhost';
                                

This will grant the user access to all databases. Since we do not have created on for the specific product. You can also do this step after importing this database and just grant access to the one database.

                                    MariaDB [(none)]> FLUSH PRIVILEGES;
                                

Run this to reload the privilege tables.

This concludes the basic setup. You can now continue the setup of the actual product.