Support #566
Updated by Daniel Curtis about 9 years ago
{{>toc}}
This is a simple guide for setting up an instance of BeansBooks on a LAMP server.
h2. Preparing The Server
* Obtain a root shell and upgrade the server:
<pre>
sudo -s
apt-get update && apt-get upgrade
</pre>
* Set the hostname in the hosts:
<pre>
vi /etc/hosts
</pre>
#* And add/modify the following:
<pre>
127.0.1.1 beans.example.com beans
</pre>
* And also edit the hostname file:
<pre>
vi /etc/hostname
</pre>
#* And add/modify the following:
<pre>
beans
</pre>
* Reboot to apply the hostname settings:
<pre>
reboot
</pre>
h2. Installing BeansBooks
* Install a few prerequisite packages:
<pre>
apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd mysql-server mysql-client git openssl
</pre>
* Clone BeansBooks
<pre>
cd /var
mv www www.old
git clone --recursive https://github.com/system76/beansbooks.git www
cd www
</pre>
h2. Configure BeansBooks
* Copy the @example.htaccess@ example.htaccess file to @.htaccess@ .htaccess within your working directory
<pre>
cp example.htaccess .htaccess
</pre>
* Temporarily disable Forced SSL connection by commenting out two lines in the @.htaccess@ file. Open the file for editing:
<pre>
nano .htaccess
</pre>
#* Look for the following two lines, and add a @#@ character before them:
<pre>
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</pre>
* Update the permissions on two directories before proceeding:
<pre>
chmod -R 770 application/logs
chmod -R 770 application/cache
</pre>
* Create a configuration file:
<pre>
touch application/classes/beans/config.php
chmod 660 application/classes/beans/config.php
</pre>
* Change the ownership to the apache4 apache24 user:
<pre>
chown -R www-data:www-data /var/www /var/www/
</pre>
h3. Configure MySQL
* Log into the MySQL console:
<pre>
mysql -h localhost -u root -p
</pre>
#* Create the *beans* user with the *beansdb* password and the *beans* database:
<pre>
CREATE USER 'beans'@'localhost' IDENTIFIED BY 'beansdb';
CREATE DATABASE IF NOT EXISTS `beans` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `beans`.* TO 'beans'@'localhost';
flush privileges:
exit
</pre>
h2. Configure Apache2 Apache24 VirtualHost
* Edit the apache2 apache24 config:
<pre>
vi /etc/apache2/sites-available/default
</pre>
#* And add/modify the following @VirtualHost@ block:
<pre>
<VirtualHost *:80>
ServerName beans.example.com
DocumentRoot /var/www
<Directory /var/www> /usr/local/www/beans.example.com>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</pre>
NOTE: Make sure AllowOverride is set to ALL, or else the @.htaccess@ file will not work.
* Restart apache2:
<pre>
service apache2 restart
</pre>
* Now navigate to http://beans.example.com to complete the setup using the setup wizard.
h2. Securing BeansBooks with SSL
* Generate a strong SSL key and a CSR to send for signing by a CA:
<pre>
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
openssl req -sha512 -out beans.example.com.csr -new -newkey rsa:4096 -nodes -keyout beans.example.com.key
</pre>
* Make sure to securely copy the SSL certificate to *beans.example.com.crt*
* Edit the apache24 config file:
<pre>
vi /etc/apache2/sites-available/default-ssl
</pre>
#* And Add the following:
<pre>
<VirtualHost *:443>
ServerName beans.example.com
DocumentRoot /var/www
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/beans.example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/beans.example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</pre>
* Enable forced SSL connection by uncommenting the two lines from earlier in the @.htaccess@ file. Open the file for editing:
<pre>
vi .htaccess
</pre>
#* Look for the following two lines, and add a @#@ character before them:
<pre>
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</pre>
* Restart apache24:
<pre>
service apache24 restart
</pre>
* Now BeansBooks will be accessible from https://beans.example.com
h2. Resources
* https://github.com/system76/beansbooks