Explorar el Código

* documentation portal that technical and not people understand /A

Anton TETERIN hace 4 meses
padre
commit
09a23b1554
Se han modificado 1 ficheros con 267 adiciones y 0 borrados
  1. 267 0
      CMS/BookStack@nginx-Debian12.md

+ 267 - 0
CMS/BookStack@nginx-Debian12.md

@@ -0,0 +1,267 @@
+# HISTORY
+```
+2024-05-24  * init and screen recording /A
+```
+
+
+TODO:
+
+- create DB (restore schema)
+- create user
+
+- create a bucket for storage
+create storage in Cloud Storge, Service account and key-secret pair
+```
+Cloud Storage, [create], do not expose to internet!
+Cloud Storage, Settings, Interoperability, [Create a key],  Service account HMAC [Create new account]
+  Name: dox_2dz_fi-bookstack, [Create and continue]
+  Roles: Storage Object Admin, [Continue], [Done]
+  Save key and secret! Secret will be shown once.
+```
+
+
+```bash
+gsutil uniformbucketlevelaccess get gs://2dz-data-hub
+```
+Expected output
+```
+Uniform bucket-level access setting for gs://2dz-data-hub:
+  Enabled: False
+```
+
+- create a bucket user (GCP Service Account) with corresponding permissions
+```
+  IAM, Service accounts, [Create service account],
+  name: dox_2dz_fi-bookstack
+
+ Grant access:
+    New principal:
+      dox_2dz_fi-bookstack@....gserviceaccount.com
+    Roles
+      Storage Object Creator
+      Storage Object User
+      Storage Object Viewer
+      ? Storage Object Creator
+
+      ?? more
+      ? Storage Legacy Bucket Owner
+      ? Storage Legacy Bucket Reader
+      ? Storage Legacy Bucket Writer
+      ? Storage Legacy Object Owner
+      ? Storage Legacy Object Reader
+      allUsers
+
+```
+Extract the secret for connection: (noted to KeePassXC)
+```
+
+```
+
+- create CNAME/A record, point to a server
+```bash
+dig A dox.2dz.fi
+```
+
+- create home directory (/home/bookstack)
+- clone code from repo
+```bash
+sudo su
+cd /home
+git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
+mv /home/BookStack /home/dox_2dz_fi-bookstack
+chown -R anton:anton /home/dox_2dz_fi-bookstack/
+cd /home/dox_2dz_fi-bookstack/
+```
+
+Download composer and install in global mode (as normal user, not as root), later easy to update.
+```bash
+mkdir -p ~/utils/composer
+cd ~/utils/composer/
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+php composer-setup.php
+php -r "unlink('composer-setup.php');"
+php composer.phar
+sudo mv composer.phar /usr/local/bin/composer
+```
+
+- build (composer install)
+```bash
+cd /home/dox_2dz_fi-bookstack/
+which composer
+composer install --no-dev
+```
+
+- configure .env
+```bash
+sudo su
+cd /home/dox_2dz_fi-bookstack/
+chown -R www-data:www-data storage/
+chmod -R 775 storage/
+chown -R www-data:www-data bootstrap/cache/
+chmod -R 775 bootstrap/cache/
+chown -R www-data:www-data public/uploads/
+chmod -R 775 public/uploads/
+chown -R www-data:www-data public/
+```
+
+``` credentials
+h: 172.21.32.6
+db: dox_2dz_fi-bookstack
+u: dox_2dz_fi-bookstack
+p: (see keepassXC)
+
+
+MAIL_VERIFY_SSL=false
+```
+
+Generate salt (as normal user)
+```bash
+cd /home/dox_2dz_fi-bookstack/
+id
+php artisan key:generate
+```
+
+- configure webserver (nginx)
+  - create site config
+```bash
+sudo su
+
+systemctl | grep php
+systemctl status php8.2-fpm.service
+less /lib/systemd/system/php8.2-fpm.service
+# observe for socket path
+ls -la /run/php/php-fpm.sock
+lrwxrwxrwx 1 root root 30 May 23 00:21 /run/php/php-fpm.sock -> /etc/alternatives/php-fpm.sock
+ls -la /etc/alternatives/php-fpm.sock
+lrwxrwxrwx 1 root root 24 May 23 00:21 /etc/alternatives/php-fpm.sock -> /run/php/php8.2-fpm.sock
+ls -la /run/php/php8.2-fpm.sock
+srw-rw---- 1 www-data www-data 0 May 23 00:21 /run/php/php8.2-fpm.sock
+```
+Check via configuration
+```bash
+fgrep -irn fpm.sock /etc/php/
+```
+Determine from output location of socket
+```
+/etc/php/8.2/fpm/pool.d/www.conf:41:listen = /run/php/php8.2-fpm.sock
+```
+
+```bash
+cd /etc/nginx/sites-available
+vi dox.2dz.fi.conf
+```
+
+e.g.: (SSL will be enabled later by CertBot)
+```ini
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name dox.2dz.fi;
+
+  root /home/dox_2dz_fi-bookstack/public;
+  index index.php index.html;
+
+  location / {
+    try_files $uri $uri/ /index.php?$query_string;
+  }
+
+  location ~ \.php$ {
+    include snippets/fastcgi-php.conf;
+    fastcgi_pass unix:/run/php/php-fpm.sock;
+  }
+}
+```
+
+
+- enable it
+```bash
+ln -s /etc/nginx/sites-available/dox.2dz.fi.conf /etc/nginx/sites-enabled/dox.2dz.fi.conf
+```
+
+Test webserver configuration, and reload it.
+```bash
+nginx -t
+nginx -s reload
+systemctl restart nginx
+ss -ntap | grep nginx
+```
+
+
+
+- upgrade DB (recreate/upgrade schema to the recent)
+```
+cd /home/dox_2dz_fi-bookstack/
+php artisan migrate
+```
+check DB
+```bash
+mysql -h(host) -u dox_2dz_fi-bookstack -p
+```
+```sql
+MySQL [dox_2dz_fi-bookstack]> SHOW DATABASES;
+MySQL [dox_2dz_fi-bookstack]> USE dox_2dz_fi-bookstack;
+MySQL [dox_2dz_fi-bookstack]> SHOW TABLES;
+MySQL [dox_2dz_fi-bookstack]> SELECT * FROM users;
+```
+
+- Enable SSL using Let's Encrypt and Certbot
+```bash
+apt install certbot python3-certbot-nginx
+certbot --nginx -d dox.2dz.fi
+nginx -t
+systemctl restart nginx
+
+```
+
+
+Application should be up and running
+```
+firefox https://dox.2dz.fi/
+```
+
+Login with default credentials:
+```
+u: admin@admin.com
+p: password
+```
+
+
+
+
+
+```ini
+# File Upload Limit
+# Maximum file size, in megabytes, that can be uploaded to the system.
+FILE_UPLOAD_SIZE_LIMIT=50
+```
+- S3 driver to mount storage in Cloud Bucket
+- fine-tune (nginx.conf)
+```ini
+http {
+	#...
+        client_max_body_size 100m;
+        client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads
+	#...
+}
+```
+- fine-tune PHP
+```bash
+ps aux | grep php
+# observe path to php-fpm.conf file
+vi /etc/php/8.2/fpm/php-fpm.conf
+
+```
+```ini
+post_max_size = 10M
+upload_max_filesize = 10M
+memory_limit = 256M
+```
+
+
+```
+ref.
+https://www.bookstackapp.com/docs/admin/installation/#requirements
+https://www.bookstackapp.com/docs/admin/upload-config/#s3
+```