Home Explore Help
Register Sign In
InstallAndUse
/
mgmt
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

* documentation portal that technical and not people understand /A

Anton TETERIN 4 months ago
parent
0f7861ff35
commit
09a23b1554
1 changed files with 267 additions and 0 deletions
Unified View Show Diff Stats
  1. 267 0
      CMS/BookStack@nginx-Debian12.md

+ 267 - 0
CMS/BookStack@nginx-Debian12.md
View File 

@@ -0,0 +1,267 @@
 
+# HISTORY
 
+```
 
+2024-05-24  * init and screen recording /A
 
+```
 
+
 
+
 
+TODO:
 
+
 
+- create DB (restore schema)
 
+- create user
 
+
 
+- create a bucket for storage
 
+create storage in Cloud Storge, Service account and key-secret pair
 
+```
 
+Cloud Storage, [create], do not expose to internet!
 
+Cloud Storage, Settings, Interoperability, [Create a key],  Service account HMAC [Create new account]
 
+  Name: dox_2dz_fi-bookstack, [Create and continue]
 
+  Roles: Storage Object Admin, [Continue], [Done]
 
+  Save key and secret! Secret will be shown once.
 
+```
 
+
 
+
 
+```bash
 
+gsutil uniformbucketlevelaccess get gs://2dz-data-hub
 
+```
 
+Expected output
 
+```
 
+Uniform bucket-level access setting for gs://2dz-data-hub:
 
+  Enabled: False
 
+```
 
+
 
+- create a bucket user (GCP Service Account) with corresponding permissions
 
+```
 
+  IAM, Service accounts, [Create service account],
 
+  name: dox_2dz_fi-bookstack
 
+
 
+ Grant access:
 
+    New principal:
 
+      dox_2dz_fi-bookstack@....gserviceaccount.com
 
+    Roles
 
+      Storage Object Creator
 
+      Storage Object User
 
+      Storage Object Viewer
 
+      ? Storage Object Creator
 
+
 
+      ?? more
 
+      ? Storage Legacy Bucket Owner
 
+      ? Storage Legacy Bucket Reader
 
+      ? Storage Legacy Bucket Writer
 
+      ? Storage Legacy Object Owner
 
+      ? Storage Legacy Object Reader
 
+      allUsers
 
+
 
+```
 
+Extract the secret for connection: (noted to KeePassXC)
 
+```
 
+
 
+```
 
+
 
+- create CNAME/A record, point to a server
 
+```bash
 
+dig A dox.2dz.fi
 
+```
 
+
 
+- create home directory (/home/bookstack)
 
+- clone code from repo
 
+```bash
 
+sudo su
 
+cd /home
 
+git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
 
+mv /home/BookStack /home/dox_2dz_fi-bookstack
 
+chown -R anton:anton /home/dox_2dz_fi-bookstack/
 
+cd /home/dox_2dz_fi-bookstack/
 
+```
 
+
 
+Download composer and install in global mode (as normal user, not as root), later easy to update.
 
+```bash
 
+mkdir -p ~/utils/composer
 
+cd ~/utils/composer/
 
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
 
+php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
 
+php composer-setup.php
 
+php -r "unlink('composer-setup.php');"
 
+php composer.phar
 
+sudo mv composer.phar /usr/local/bin/composer
 
+```
 
+
 
+- build (composer install)
 
+```bash
 
+cd /home/dox_2dz_fi-bookstack/
 
+which composer
 
+composer install --no-dev
 
+```
 
+
 
+- configure .env
 
+```bash
 
+sudo su
 
+cd /home/dox_2dz_fi-bookstack/
 
+chown -R www-data:www-data storage/
 
+chmod -R 775 storage/
 
+chown -R www-data:www-data bootstrap/cache/
 
+chmod -R 775 bootstrap/cache/
 
+chown -R www-data:www-data public/uploads/
 
+chmod -R 775 public/uploads/
 
+chown -R www-data:www-data public/
 
+```
 
+
 
+``` credentials
 
+h: 172.21.32.6
 
+db: dox_2dz_fi-bookstack
 
+u: dox_2dz_fi-bookstack
 
+p: (see keepassXC)
 
+
 
+
 
+MAIL_VERIFY_SSL=false
 
+```
 
+
 
+Generate salt (as normal user)
 
+```bash
 
+cd /home/dox_2dz_fi-bookstack/
 
+id
 
+php artisan key:generate
 
+```
 
+
 
+- configure webserver (nginx)
 
+  - create site config
 
+```bash
 
+sudo su
 
+
 
+systemctl | grep php
 
+systemctl status php8.2-fpm.service
 
+less /lib/systemd/system/php8.2-fpm.service
 
+# observe for socket path
 
+ls -la /run/php/php-fpm.sock
 
+lrwxrwxrwx 1 root root 30 May 23 00:21 /run/php/php-fpm.sock -> /etc/alternatives/php-fpm.sock
 
+ls -la /etc/alternatives/php-fpm.sock
 
+lrwxrwxrwx 1 root root 24 May 23 00:21 /etc/alternatives/php-fpm.sock -> /run/php/php8.2-fpm.sock
 
+ls -la /run/php/php8.2-fpm.sock
 
+srw-rw---- 1 www-data www-data 0 May 23 00:21 /run/php/php8.2-fpm.sock
 
+```
 
+Check via configuration
 
+```bash
 
+fgrep -irn fpm.sock /etc/php/
 
+```
 
+Determine from output location of socket
 
+```
 
+/etc/php/8.2/fpm/pool.d/www.conf:41:listen = /run/php/php8.2-fpm.sock
 
+```
 
+
 
+```bash
 
+cd /etc/nginx/sites-available
 
+vi dox.2dz.fi.conf
 
+```
 
+
 
+e.g.: (SSL will be enabled later by CertBot)
 
+```ini
 
+server {
 
+  listen 80;
 
+  listen [::]:80;
 
+
 
+  server_name dox.2dz.fi;
 
+
 
+  root /home/dox_2dz_fi-bookstack/public;
 
+  index index.php index.html;
 
+
 
+  location / {
 
+    try_files $uri $uri/ /index.php?$query_string;
 
+  }
 
+
 
+  location ~ \.php$ {
 
+    include snippets/fastcgi-php.conf;
 
+    fastcgi_pass unix:/run/php/php-fpm.sock;
 
+  }
 
+}
 
+```
 
+
 
+
 
+- enable it
 
+```bash
 
+ln -s /etc/nginx/sites-available/dox.2dz.fi.conf /etc/nginx/sites-enabled/dox.2dz.fi.conf
 
+```
 
+
 
+Test webserver configuration, and reload it.
 
+```bash
 
+nginx -t
 
+nginx -s reload
 
+systemctl restart nginx
 
+ss -ntap | grep nginx
 
+```
 
+
 
+
 
+
 
+- upgrade DB (recreate/upgrade schema to the recent)
 
+```
 
+cd /home/dox_2dz_fi-bookstack/
 
+php artisan migrate
 
+```
 
+check DB
 
+```bash
 
+mysql -h(host) -u dox_2dz_fi-bookstack -p
 
+```
 
+```sql
 
+MySQL [dox_2dz_fi-bookstack]> SHOW DATABASES;
 
+MySQL [dox_2dz_fi-bookstack]> USE dox_2dz_fi-bookstack;
 
+MySQL [dox_2dz_fi-bookstack]> SHOW TABLES;
 
+MySQL [dox_2dz_fi-bookstack]> SELECT * FROM users;
 
+```
 
+
 
+- Enable SSL using Let's Encrypt and Certbot
 
+```bash
 
+apt install certbot python3-certbot-nginx
 
+certbot --nginx -d dox.2dz.fi
 
+nginx -t
 
+systemctl restart nginx
 
+
 
+```
 
+
 
+
 
+Application should be up and running
 
+```
 
+firefox https://dox.2dz.fi/
 
+```
 
+
 
+Login with default credentials:
 
+```
 
+u: admin@admin.com
 
+p: password
 
+```
 
+
 
+
 
+
 
+
 
+
 
+```ini
 
+# File Upload Limit
 
+# Maximum file size, in megabytes, that can be uploaded to the system.
 
+FILE_UPLOAD_SIZE_LIMIT=50
 
+```
 
+- S3 driver to mount storage in Cloud Bucket
 
+- fine-tune (nginx.conf)
 
+```ini
 
+http {
 
+	#...
 
+        client_max_body_size 100m;
 
+        client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads
 
+	#...
 
+}
 
+```
 
+- fine-tune PHP
 
+```bash
 
+ps aux | grep php
 
+# observe path to php-fpm.conf file
 
+vi /etc/php/8.2/fpm/php-fpm.conf
 
+
 
+```
 
+```ini
 
+post_max_size = 10M
 
+upload_max_filesize = 10M
 
+memory_limit = 256M
 
+```
 
+
 
+
 
+```
 
+ref.
 
+https://www.bookstackapp.com/docs/admin/installation/#requirements
 
+https://www.bookstackapp.com/docs/admin/upload-config/#s3
 
+```