# HISTORY ``` 2024-05-24 * init and screen recording /A ``` TODO: - create DB (restore schema) - create user - create a bucket for storage create storage in Cloud Storge, Service account and key-secret pair ``` Cloud Storage, [create], do not expose to internet! Cloud Storage, Settings, Interoperability, [Create a key], Service account HMAC [Create new account] Name: dox_2dz_fi-bookstack, [Create and continue] Roles: Storage Object Admin, [Continue], [Done] Save key and secret! Secret will be shown once. ``` ```bash gsutil uniformbucketlevelaccess get gs://2dz-data-hub ``` Expected output ``` Uniform bucket-level access setting for gs://2dz-data-hub: Enabled: False ``` - create a bucket user (GCP Service Account) with corresponding permissions ``` IAM, Service accounts, [Create service account], name: dox_2dz_fi-bookstack Grant access: New principal: dox_2dz_fi-bookstack@....gserviceaccount.com Roles Storage Object Creator Storage Object User Storage Object Viewer ? Storage Object Creator ?? more ? Storage Legacy Bucket Owner ? Storage Legacy Bucket Reader ? Storage Legacy Bucket Writer ? Storage Legacy Object Owner ? Storage Legacy Object Reader allUsers ``` Extract the secret for connection: (noted to KeePassXC) ``` ``` - create CNAME/A record, point to a server ```bash dig A dox.2dz.fi ``` - create home directory (/home/bookstack) - clone code from repo ```bash sudo su cd /home git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch mv /home/BookStack /home/dox_2dz_fi-bookstack chown -R anton:anton /home/dox_2dz_fi-bookstack/ cd /home/dox_2dz_fi-bookstack/ ``` Download composer and install in global mode (as normal user, not as root), later easy to update. ```bash mkdir -p ~/utils/composer cd ~/utils/composer/ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');" php composer.phar sudo mv composer.phar /usr/local/bin/composer ``` - build (composer install) ```bash cd /home/dox_2dz_fi-bookstack/ which composer composer install --no-dev ``` - configure .env ```bash sudo su cd /home/dox_2dz_fi-bookstack/ chown -R www-data:www-data storage/ chmod -R 775 storage/ chown -R www-data:www-data bootstrap/cache/ chmod -R 775 bootstrap/cache/ chown -R www-data:www-data public/uploads/ chmod -R 775 public/uploads/ chown -R www-data:www-data public/ ``` ``` credentials h: 172.21.32.6 db: dox_2dz_fi-bookstack u: dox_2dz_fi-bookstack p: (see keepassXC) MAIL_VERIFY_SSL=false ``` Generate salt (as normal user) ```bash cd /home/dox_2dz_fi-bookstack/ id php artisan key:generate ``` - configure webserver (nginx) - create site config ```bash sudo su systemctl | grep php systemctl status php8.2-fpm.service less /lib/systemd/system/php8.2-fpm.service # observe for socket path ls -la /run/php/php-fpm.sock lrwxrwxrwx 1 root root 30 May 23 00:21 /run/php/php-fpm.sock -> /etc/alternatives/php-fpm.sock ls -la /etc/alternatives/php-fpm.sock lrwxrwxrwx 1 root root 24 May 23 00:21 /etc/alternatives/php-fpm.sock -> /run/php/php8.2-fpm.sock ls -la /run/php/php8.2-fpm.sock srw-rw---- 1 www-data www-data 0 May 23 00:21 /run/php/php8.2-fpm.sock ``` Check via configuration ```bash fgrep -irn fpm.sock /etc/php/ ``` Determine from output location of socket ``` /etc/php/8.2/fpm/pool.d/www.conf:41:listen = /run/php/php8.2-fpm.sock ``` ```bash cd /etc/nginx/sites-available vi dox.2dz.fi.conf ``` e.g.: (SSL will be enabled later by CertBot) ```ini server { listen 80; listen [::]:80; server_name dox.2dz.fi; root /home/dox_2dz_fi-bookstack/public; index index.php index.html; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php-fpm.sock; } } ``` - enable it ```bash ln -s /etc/nginx/sites-available/dox.2dz.fi.conf /etc/nginx/sites-enabled/dox.2dz.fi.conf ``` Test webserver configuration, and reload it. ```bash nginx -t nginx -s reload systemctl restart nginx ss -ntap | grep nginx ``` - upgrade DB (recreate/upgrade schema to the recent) ``` cd /home/dox_2dz_fi-bookstack/ php artisan migrate ``` check DB ```bash mysql -h(host) -u dox_2dz_fi-bookstack -p ``` ```sql MySQL [dox_2dz_fi-bookstack]> SHOW DATABASES; MySQL [dox_2dz_fi-bookstack]> USE dox_2dz_fi-bookstack; MySQL [dox_2dz_fi-bookstack]> SHOW TABLES; MySQL [dox_2dz_fi-bookstack]> SELECT * FROM users; ``` - Enable SSL using Let's Encrypt and Certbot ```bash apt install certbot python3-certbot-nginx certbot --nginx -d dox.2dz.fi nginx -t systemctl restart nginx ``` Application should be up and running ``` firefox https://dox.2dz.fi/ ``` Login with default credentials: ``` u: admin@admin.com p: password ``` ```ini # File Upload Limit # Maximum file size, in megabytes, that can be uploaded to the system. FILE_UPLOAD_SIZE_LIMIT=50 ``` - S3 driver to mount storage in Cloud Bucket - fine-tune (nginx.conf) ```ini http { #... client_max_body_size 100m; client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads #... } ``` - fine-tune PHP ```bash ps aux | grep php # observe path to php-fpm.conf file vi /etc/php/8.2/fpm/php-fpm.conf ``` ```ini post_max_size = 10M upload_max_filesize = 10M memory_limit = 256M ``` ``` ref. https://www.bookstackapp.com/docs/admin/installation/#requirements https://www.bookstackapp.com/docs/admin/upload-config/#s3 ```