GNet Solutions » GNU/Linux Administration

• Table of contents
• Preparing The Server
• Installing BeansBooks
• Configure BeansBooks
  • Configure MySQL
• Configure Apache2 VirtualHost
• Securing BeansBooks with SSL
• Resources

This is a simple guide for setting up an instance of BeansBooks on a LAMP server.

Preparing The Server¶

• Obtain a root shell and upgrade the server:
  

  sudo -s
  apt-get update && apt-get upgrade
  

• Set the hostname in the hosts:
  

  vi /etc/hosts
  

  • And add/modify the following:
    

    127.0.1.1     beans.example.com beans
    

• And also edit the hostname file:
  

  vi /etc/hostname
  

  • And add/modify the following:
    

    beans
    

• Reboot to apply the hostname settings:
  

  reboot
  

Installing BeansBooks¶

• Install a few prerequisite packages:
  

  apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd mysql-server mysql-client git openssl
  

• Clone BeansBooks
  

  cd /var
  mv www www.old
  git clone --recursive https://github.com/system76/beansbooks.git www
  cd www
  

Configure BeansBooks¶

• Copy the example.htaccess file to .htaccess within your working directory
  

  cp example.htaccess .htaccess
  

• Temporarily disable Forced SSL connection by commenting out two lines in the .htaccess file. Open the file for editing:
  

  nano .htaccess
  

  • Look for the following two lines, and add a # character before them:
    

    #RewriteCond %{HTTPS} !=on
    #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    

• Update the permissions on two directories before proceeding:
  

  chmod -R 770 application/logs
  chmod -R 770 application/cache
  

• Create a configuration file:
  

  touch application/classes/beans/config.php
  chmod 660 application/classes/beans/config.php
  

• Change the ownership to the apache4 user:
  

  chown -R www-data:www-data /var/www
  

Configure MySQL¶

• Log into the MySQL console:
  

  mysql -h localhost -u root -p
  

  • Create the beans user with the beansdb password and the beans database:
    

    CREATE USER 'beans'@'localhost' IDENTIFIED BY 'beansdb';   
    CREATE DATABASE IF NOT EXISTS  `beans` CHARACTER SET utf8 COLLATE utf8_general_ci;
    GRANT ALL PRIVILEGES ON `beans`.* TO 'beans'@'localhost';
    
    flush privileges;
    exit
    

Configure Apache2 VirtualHost¶

• Edit the default apache2 Vhost config:
  

  vi /etc/apache2/sites-available/default
  

  • And add/modify the following VirtualHost block:
    

    <VirtualHost *:80>
        ServerName beans.example.com
    
        DocumentRoot /var/www           
        <Directory /var/www>
            Options -Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>
    

    
    NOTE: Make sure AllowOverride is set to ALL, or else the .htaccess file will not work.

• Restart apache2:
  

  service apache2 restart
  

• Now navigate to http://beans.example.com to complete the setup using the setup wizard.

Securing BeansBooks with SSL¶

• Generate a strong SSL key and a CSR to send for signing by a CA:
  

  mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
  openssl req -sha512 -out beans.example.com.csr -new -newkey rsa:4096 -nodes -keyout beans.example.com.key
  

• Make sure to securely copy the SSL certificate to beans.example.com.crt

• Edit the apache2 default ssl Vhost config file:
  

  vi /etc/apache2/sites-available/default-ssl
  

  • And Add the following:
    

    <VirtualHost *:443>
        ServerName beans.example.com
    
        DocumentRoot /var/www            
        <Directory /var/www>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
    
        SSLEngine on
    
        SSLCertificateFile /etc/apache2/ssl/beans.example.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/beans.example.com.key
    
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
    
        BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
    

• Enable forced SSL connection by uncommenting the two lines from earlier in the .htaccess file. Open the file for editing:
  

  vi .htaccess
  

  • Look for the following two lines, and remove the # characters before them:
    

    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    

• Restart apache2:
  

  service apache2 restart
  

• Now BeansBooks will be accessible from https://beans.example.com

Resources¶

• https://github.com/system76/beansbooks