|
|
@@ -0,0 +1,267 @@
|
|
|
+# HISTORY
|
|
|
+```
|
|
|
+2024-05-24 * init and screen recording /A
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+TODO:
|
|
|
+
|
|
|
+- create DB (restore schema)
|
|
|
+- create user
|
|
|
+
|
|
|
+- create a bucket for storage
|
|
|
+create storage in Cloud Storge, Service account and key-secret pair
|
|
|
+```
|
|
|
+Cloud Storage, [create], do not expose to internet!
|
|
|
+Cloud Storage, Settings, Interoperability, [Create a key], Service account HMAC [Create new account]
|
|
|
+ Name: dox_2dz_fi-bookstack, [Create and continue]
|
|
|
+ Roles: Storage Object Admin, [Continue], [Done]
|
|
|
+ Save key and secret! Secret will be shown once.
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+```bash
|
|
|
+gsutil uniformbucketlevelaccess get gs://2dz-data-hub
|
|
|
+```
|
|
|
+Expected output
|
|
|
+```
|
|
|
+Uniform bucket-level access setting for gs://2dz-data-hub:
|
|
|
+ Enabled: False
|
|
|
+```
|
|
|
+
|
|
|
+- create a bucket user (GCP Service Account) with corresponding permissions
|
|
|
+```
|
|
|
+ IAM, Service accounts, [Create service account],
|
|
|
+ name: dox_2dz_fi-bookstack
|
|
|
+
|
|
|
+ Grant access:
|
|
|
+ New principal:
|
|
|
+ dox_2dz_fi-bookstack@....gserviceaccount.com
|
|
|
+ Roles
|
|
|
+ Storage Object Creator
|
|
|
+ Storage Object User
|
|
|
+ Storage Object Viewer
|
|
|
+ ? Storage Object Creator
|
|
|
+
|
|
|
+ ?? more
|
|
|
+ ? Storage Legacy Bucket Owner
|
|
|
+ ? Storage Legacy Bucket Reader
|
|
|
+ ? Storage Legacy Bucket Writer
|
|
|
+ ? Storage Legacy Object Owner
|
|
|
+ ? Storage Legacy Object Reader
|
|
|
+ allUsers
|
|
|
+
|
|
|
+```
|
|
|
+Extract the secret for connection: (noted to KeePassXC)
|
|
|
+```
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+- create CNAME/A record, point to a server
|
|
|
+```bash
|
|
|
+dig A dox.2dz.fi
|
|
|
+```
|
|
|
+
|
|
|
+- create home directory (/home/bookstack)
|
|
|
+- clone code from repo
|
|
|
+```bash
|
|
|
+sudo su
|
|
|
+cd /home
|
|
|
+git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
|
|
|
+mv /home/BookStack /home/dox_2dz_fi-bookstack
|
|
|
+chown -R anton:anton /home/dox_2dz_fi-bookstack/
|
|
|
+cd /home/dox_2dz_fi-bookstack/
|
|
|
+```
|
|
|
+
|
|
|
+Download composer and install in global mode (as normal user, not as root), later easy to update.
|
|
|
+```bash
|
|
|
+mkdir -p ~/utils/composer
|
|
|
+cd ~/utils/composer/
|
|
|
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
|
|
+php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
|
|
+php composer-setup.php
|
|
|
+php -r "unlink('composer-setup.php');"
|
|
|
+php composer.phar
|
|
|
+sudo mv composer.phar /usr/local/bin/composer
|
|
|
+```
|
|
|
+
|
|
|
+- build (composer install)
|
|
|
+```bash
|
|
|
+cd /home/dox_2dz_fi-bookstack/
|
|
|
+which composer
|
|
|
+composer install --no-dev
|
|
|
+```
|
|
|
+
|
|
|
+- configure .env
|
|
|
+```bash
|
|
|
+sudo su
|
|
|
+cd /home/dox_2dz_fi-bookstack/
|
|
|
+chown -R www-data:www-data storage/
|
|
|
+chmod -R 775 storage/
|
|
|
+chown -R www-data:www-data bootstrap/cache/
|
|
|
+chmod -R 775 bootstrap/cache/
|
|
|
+chown -R www-data:www-data public/uploads/
|
|
|
+chmod -R 775 public/uploads/
|
|
|
+chown -R www-data:www-data public/
|
|
|
+```
|
|
|
+
|
|
|
+``` credentials
|
|
|
+h: 172.21.32.6
|
|
|
+db: dox_2dz_fi-bookstack
|
|
|
+u: dox_2dz_fi-bookstack
|
|
|
+p: (see keepassXC)
|
|
|
+
|
|
|
+
|
|
|
+MAIL_VERIFY_SSL=false
|
|
|
+```
|
|
|
+
|
|
|
+Generate salt (as normal user)
|
|
|
+```bash
|
|
|
+cd /home/dox_2dz_fi-bookstack/
|
|
|
+id
|
|
|
+php artisan key:generate
|
|
|
+```
|
|
|
+
|
|
|
+- configure webserver (nginx)
|
|
|
+ - create site config
|
|
|
+```bash
|
|
|
+sudo su
|
|
|
+
|
|
|
+systemctl | grep php
|
|
|
+systemctl status php8.2-fpm.service
|
|
|
+less /lib/systemd/system/php8.2-fpm.service
|
|
|
+# observe for socket path
|
|
|
+ls -la /run/php/php-fpm.sock
|
|
|
+lrwxrwxrwx 1 root root 30 May 23 00:21 /run/php/php-fpm.sock -> /etc/alternatives/php-fpm.sock
|
|
|
+ls -la /etc/alternatives/php-fpm.sock
|
|
|
+lrwxrwxrwx 1 root root 24 May 23 00:21 /etc/alternatives/php-fpm.sock -> /run/php/php8.2-fpm.sock
|
|
|
+ls -la /run/php/php8.2-fpm.sock
|
|
|
+srw-rw---- 1 www-data www-data 0 May 23 00:21 /run/php/php8.2-fpm.sock
|
|
|
+```
|
|
|
+Check via configuration
|
|
|
+```bash
|
|
|
+fgrep -irn fpm.sock /etc/php/
|
|
|
+```
|
|
|
+Determine from output location of socket
|
|
|
+```
|
|
|
+/etc/php/8.2/fpm/pool.d/www.conf:41:listen = /run/php/php8.2-fpm.sock
|
|
|
+```
|
|
|
+
|
|
|
+```bash
|
|
|
+cd /etc/nginx/sites-available
|
|
|
+vi dox.2dz.fi.conf
|
|
|
+```
|
|
|
+
|
|
|
+e.g.: (SSL will be enabled later by CertBot)
|
|
|
+```ini
|
|
|
+server {
|
|
|
+ listen 80;
|
|
|
+ listen [::]:80;
|
|
|
+
|
|
|
+ server_name dox.2dz.fi;
|
|
|
+
|
|
|
+ root /home/dox_2dz_fi-bookstack/public;
|
|
|
+ index index.php index.html;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ try_files $uri $uri/ /index.php?$query_string;
|
|
|
+ }
|
|
|
+
|
|
|
+ location ~ \.php$ {
|
|
|
+ include snippets/fastcgi-php.conf;
|
|
|
+ fastcgi_pass unix:/run/php/php-fpm.sock;
|
|
|
+ }
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+- enable it
|
|
|
+```bash
|
|
|
+ln -s /etc/nginx/sites-available/dox.2dz.fi.conf /etc/nginx/sites-enabled/dox.2dz.fi.conf
|
|
|
+```
|
|
|
+
|
|
|
+Test webserver configuration, and reload it.
|
|
|
+```bash
|
|
|
+nginx -t
|
|
|
+nginx -s reload
|
|
|
+systemctl restart nginx
|
|
|
+ss -ntap | grep nginx
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+- upgrade DB (recreate/upgrade schema to the recent)
|
|
|
+```
|
|
|
+cd /home/dox_2dz_fi-bookstack/
|
|
|
+php artisan migrate
|
|
|
+```
|
|
|
+check DB
|
|
|
+```bash
|
|
|
+mysql -h(host) -u dox_2dz_fi-bookstack -p
|
|
|
+```
|
|
|
+```sql
|
|
|
+MySQL [dox_2dz_fi-bookstack]> SHOW DATABASES;
|
|
|
+MySQL [dox_2dz_fi-bookstack]> USE dox_2dz_fi-bookstack;
|
|
|
+MySQL [dox_2dz_fi-bookstack]> SHOW TABLES;
|
|
|
+MySQL [dox_2dz_fi-bookstack]> SELECT * FROM users;
|
|
|
+```
|
|
|
+
|
|
|
+- Enable SSL using Let's Encrypt and Certbot
|
|
|
+```bash
|
|
|
+apt install certbot python3-certbot-nginx
|
|
|
+certbot --nginx -d dox.2dz.fi
|
|
|
+nginx -t
|
|
|
+systemctl restart nginx
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Application should be up and running
|
|
|
+```
|
|
|
+firefox https://dox.2dz.fi/
|
|
|
+```
|
|
|
+
|
|
|
+Login with default credentials:
|
|
|
+```
|
|
|
+u: admin@admin.com
|
|
|
+p: password
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+```ini
|
|
|
+# File Upload Limit
|
|
|
+# Maximum file size, in megabytes, that can be uploaded to the system.
|
|
|
+FILE_UPLOAD_SIZE_LIMIT=50
|
|
|
+```
|
|
|
+- S3 driver to mount storage in Cloud Bucket
|
|
|
+- fine-tune (nginx.conf)
|
|
|
+```ini
|
|
|
+http {
|
|
|
+ #...
|
|
|
+ client_max_body_size 100m;
|
|
|
+ client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads
|
|
|
+ #...
|
|
|
+}
|
|
|
+```
|
|
|
+- fine-tune PHP
|
|
|
+```bash
|
|
|
+ps aux | grep php
|
|
|
+# observe path to php-fpm.conf file
|
|
|
+vi /etc/php/8.2/fpm/php-fpm.conf
|
|
|
+
|
|
|
+```
|
|
|
+```ini
|
|
|
+post_max_size = 10M
|
|
|
+upload_max_filesize = 10M
|
|
|
+memory_limit = 256M
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+```
|
|
|
+ref.
|
|
|
+https://www.bookstackapp.com/docs/admin/installation/#requirements
|
|
|
+https://www.bookstackapp.com/docs/admin/upload-config/#s3
|
|
|
+```
|
Anton TETERIN