Support #566
Updated by Daniel Curtis almost 10 years ago
{{>toc}} This is a simple guide for setting up an instance of BeansBooks on a LAMP server. h2. Preparing The Server * Obtain a root shell and upgrade the server: <pre> sudo -s apt-get update && apt-get upgrade </pre> * Set the hostname in the hosts: <pre> vi /etc/hosts </pre> #* And add/modify the following: <pre> 127.0.1.1 beans.example.com beans </pre> * And also edit the hostname file: <pre> vi /etc/hostname </pre> #* And add/modify the following: <pre> beans </pre> * Reboot to apply the hostname settings: <pre> reboot </pre> h2. Installing BeansBooks * Install a few prerequisite packages: <pre> apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd mysql-server mysql-client git openssl </pre> * Clone BeansBooks <pre> cd /var mv www www.old git clone --recursive https://github.com/system76/beansbooks.git www cd www </pre> h2. Configure BeansBooks * Copy the @example.htaccess@ file to @.htaccess@ within your working directory <pre> cp example.htaccess .htaccess </pre> * Temporarily disable Forced SSL connection by commenting out two lines in the @.htaccess@ file. Open the file for editing: <pre> nano .htaccess </pre> #* Look for the following two lines, and add a @#@ character before them: <pre> #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </pre> * Update the permissions on two directories before proceeding: <pre> chmod -R 770 application/logs chmod -R 770 application/cache </pre> * Create a configuration file: <pre> touch application/classes/beans/config.php chmod 660 application/classes/beans/config.php </pre> * Change the ownership to the apache4 user: <pre> chown -R www-data:www-data /var/www </pre> h3. Configure MySQL * Log into the MySQL console: <pre> mysql -h localhost -u root -p </pre> #* Create the *beans* user with the *beansdb* password and the *beans* database: <pre> CREATE USER 'beans'@'localhost' IDENTIFIED BY 'beansdb'; CREATE DATABASE IF NOT EXISTS `beans` CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON `beans`.* TO 'beans'@'localhost'; flush privileges: exit </pre> h2. Configure Apache2 VirtualHost * Edit the default apache2 Vhost config: <pre> vi /etc/apache2/sites-available/default </pre> #* And add/modify the following @VirtualHost@ block: <pre> <VirtualHost *:80> ServerName beans.example.com DocumentRoot /var/www <Directory /var/www> Options -Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> </pre> NOTE: Make sure AllowOverride is set to ALL, or else the @.htaccess@ file will not work. * Restart apache2: <pre> service apache2 restart </pre> * Now navigate to http://beans.example.com to complete the setup using the setup wizard. h2. Securing BeansBooks with SSL * Generate a strong SSL key and a CSR to send for signing by a CA: <pre> mkdir /etc/apache2/ssl && cd /etc/apache2/ssl openssl req -sha512 -out beans.example.com.csr -new -newkey rsa:4096 -nodes -keyout beans.example.com.key </pre> * Make sure to securely copy the SSL certificate to *beans.example.com.crt* * Edit the apache2 default ssl Vhost apache24 config file: <pre> vi /etc/apache2/sites-available/default-ssl </pre> #* And Add the following: <pre> <VirtualHost *:443> ServerName beans.example.com DocumentRoot /var/www <Directory /var/www> Options FollowSymLinks AllowOverride All Require all granted </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/beans.example.com.crt SSLCertificateKeyFile /etc/apache2/ssl/beans.example.com.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </pre> * Enable forced SSL connection by uncommenting the two lines from earlier in the @.htaccess@ file. Open the file for editing: <pre> vi .htaccess </pre> #* Look for the following two lines, and remove the add a @#@ characters character before them: <pre> RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </pre> * Restart apache2: apache24: <pre> service apache2 apache24 restart </pre> * Now BeansBooks will be accessible from https://beans.example.com h2. Resources * https://github.com/system76/beansbooks