2024-05-24 * init and screen recording /A
TODO:
create user
create a bucket for storage create storage in Cloud Storge, Service account and key-secret pair
Cloud Storage, [create], do not expose to internet!
Cloud Storage, Settings, Interoperability, [Create a key], Service account HMAC [Create new account]
Name: dox_2dz_fi-bookstack, [Create and continue]
Roles: Storage Object Admin, [Continue], [Done]
Save key and secret! Secret will be shown once.
gsutil uniformbucketlevelaccess get gs://2dz-data-hub
Expected output
Uniform bucket-level access setting for gs://2dz-data-hub:
Enabled: False
create a bucket user (GCP Service Account) with corresponding permissions
IAM, Service accounts, [Create service account],
name: dox_2dz_fi-bookstack
Grant access:
New principal:
dox_2dz_fi-bookstack@....gserviceaccount.com
Roles
Storage Object Creator
Storage Object User
Storage Object Viewer
? Storage Object Creator
?? more
? Storage Legacy Bucket Owner
? Storage Legacy Bucket Reader
? Storage Legacy Bucket Writer
? Storage Legacy Object Owner
? Storage Legacy Object Reader
allUsers
Extract the secret for connection: (noted to KeePassXC)
create CNAME/A record, point to a server
dig A dox.2dz.fi
create home directory (/home/bookstack)
clone code from repo
sudo su
cd /home
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
mv /home/BookStack /home/dox_2dz_fi-bookstack
chown -R anton:anton /home/dox_2dz_fi-bookstack/
cd /home/dox_2dz_fi-bookstack/
Download composer and install in global mode (as normal user, not as root), later easy to update.
mkdir -p ~/utils/composer
cd ~/utils/composer/
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar
sudo mv composer.phar /usr/local/bin/composer
build (composer install)
cd /home/dox_2dz_fi-bookstack/
which composer
composer install --no-dev
configure .env
sudo su
cd /home/dox_2dz_fi-bookstack/
chown -R www-data:www-data storage/
chmod -R 775 storage/
chown -R www-data:www-data bootstrap/cache/
chmod -R 775 bootstrap/cache/
chown -R www-data:www-data public/uploads/
chmod -R 775 public/uploads/
chown -R www-data:www-data public/
h: 172.21.32.6
db: dox_2dz_fi-bookstack
u: dox_2dz_fi-bookstack
p: (see keepassXC)
MAIL_VERIFY_SSL=false
Generate salt (as normal user)
cd /home/dox_2dz_fi-bookstack/
id
php artisan key:generate
configure webserver (nginx)
create site config
sudo su
systemctl | grep php
systemctl status php8.2-fpm.service
less /lib/systemd/system/php8.2-fpm.service
# observe for socket path
ls -la /run/php/php-fpm.sock
lrwxrwxrwx 1 root root 30 May 23 00:21 /run/php/php-fpm.sock -> /etc/alternatives/php-fpm.sock
ls -la /etc/alternatives/php-fpm.sock
lrwxrwxrwx 1 root root 24 May 23 00:21 /etc/alternatives/php-fpm.sock -> /run/php/php8.2-fpm.sock
ls -la /run/php/php8.2-fpm.sock
srw-rw---- 1 www-data www-data 0 May 23 00:21 /run/php/php8.2-fpm.sock
Check via configuration
fgrep -irn fpm.sock /etc/php/
Determine from output location of socket
/etc/php/8.2/fpm/pool.d/www.conf:41:listen = /run/php/php8.2-fpm.sock
cd /etc/nginx/sites-available
vi dox.2dz.fi.conf
e.g.: (SSL will be enabled later by CertBot)
server {
listen 80;
listen [::]:80;
server_name dox.2dz.fi;
root /home/dox_2dz_fi-bookstack/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php-fpm.sock;
}
}
enable it
ln -s /etc/nginx/sites-available/dox.2dz.fi.conf /etc/nginx/sites-enabled/dox.2dz.fi.conf
Test webserver configuration, and reload it.
nginx -t
nginx -s reload
systemctl restart nginx
ss -ntap | grep nginx
upgrade DB (recreate/upgrade schema to the recent)
cd /home/dox_2dz_fi-bookstack/
php artisan migrate
check DB
mysql -h(host) -u dox_2dz_fi-bookstack -p
MySQL [dox_2dz_fi-bookstack]> SHOW DATABASES;
MySQL [dox_2dz_fi-bookstack]> USE dox_2dz_fi-bookstack;
MySQL [dox_2dz_fi-bookstack]> SHOW TABLES;
MySQL [dox_2dz_fi-bookstack]> SELECT * FROM users;
Enable SSL using Let's Encrypt and Certbot
apt install certbot python3-certbot-nginx
certbot --nginx -d dox.2dz.fi
nginx -t
systemctl restart nginx
Application should be up and running
firefox https://dox.2dz.fi/
Login with default credentials:
u: admin@admin.com
p: password
# File Upload Limit
# Maximum file size, in megabytes, that can be uploaded to the system.
FILE_UPLOAD_SIZE_LIMIT=50
fine-tune (nginx.conf)
http {
#...
client_max_body_size 100m;
client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads
#...
}
fine-tune PHP
ps aux | grep php
# observe path to php-fpm.conf file
vi /etc/php/8.2/fpm/php-fpm.conf
post_max_size = 10M
upload_max_filesize = 10M
memory_limit = 256M
ref.
https://www.bookstackapp.com/docs/admin/installation/#requirements
https://www.bookstackapp.com/docs/admin/upload-config/#s3