2021-08-02 18:36:06 +02:00
|
|
|
# Debian Setup
|
|
|
|
|
|
|
|
This applies to Debian Buster, but similar instructions should apply for other Debian versions.
|
|
|
|
|
|
|
|
## What we will do
|
|
|
|
|
2021-11-11 21:32:16 +01:00
|
|
|
- We will use PHP 7.4
|
2021-08-02 18:36:06 +02:00
|
|
|
- We will use version v2.1.0 of 2fauth
|
|
|
|
- We will setup to use an Sqlite database
|
|
|
|
- We will use Nginx and PHP-FPM to serve our site on port `8000`
|
|
|
|
- We will run all this as user `www-data` without root
|
|
|
|
|
|
|
|
## Install dependencies
|
|
|
|
|
|
|
|
1. Update your apt repository list:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
apt-get update
|
|
|
|
```
|
|
|
|
|
|
|
|
1. Install the following packages:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
apt-get install -y --no-install-recommends \
|
2021-11-11 21:32:16 +01:00
|
|
|
php7.4 \
|
|
|
|
php7.4-sqlite3 php7.4-mysql \
|
|
|
|
php-xml php7.4-gd php7.4-mbstring \
|
2021-08-02 18:36:06 +02:00
|
|
|
unzip wget ca-certificates \
|
2021-11-11 21:32:16 +01:00
|
|
|
php7.4-fpm nginx
|
2021-08-02 18:36:06 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
## Download the code
|
|
|
|
|
|
|
|
Let's place 2fauth's code in `/srv`:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
mkdir -p /srv
|
|
|
|
VERSION=v2.1.0
|
|
|
|
wget -qO- "https://github.com/Bubka/2FAuth/archive/refs/tags/${VERSION}.tar.gz" | \
|
|
|
|
tar -xz --strip-components=1 -C /srv
|
|
|
|
```
|
|
|
|
|
|
|
|
## Nginx configuration
|
|
|
|
|
|
|
|
Set your Nginx configuration in `/etc/nginx/nginx.conf` as:
|
|
|
|
|
|
|
|
```nginx
|
|
|
|
events {}
|
|
|
|
http {
|
|
|
|
include mime.types;
|
|
|
|
|
|
|
|
access_log /dev/stdout;
|
|
|
|
error_log /dev/stderr;
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 8000;
|
|
|
|
server_name 2fAuth;
|
|
|
|
root /srv/public;
|
|
|
|
|
|
|
|
index index.php;
|
|
|
|
|
|
|
|
charset utf-8;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico { access_log off; log_not_found off; }
|
|
|
|
location = /robots.txt { access_log off; log_not_found off; }
|
|
|
|
|
|
|
|
error_page 404 /index.php;
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
2021-11-11 21:32:16 +01:00
|
|
|
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
2021-08-02 18:36:06 +02:00
|
|
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
|
|
include fastcgi_params;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ /\.(?!well-known).* {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
You can verify the Nginx configuration is valid with:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
nginx -t
|
|
|
|
```
|
|
|
|
|
|
|
|
## Install composer
|
|
|
|
|
|
|
|
Download the latest stable composer:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
wget -qO /usr/local/bin/composer https://getcomposer.org/download/latest-stable/composer.phar
|
|
|
|
chmod 500 /usr/local/bin/composer
|
|
|
|
```
|
|
|
|
|
|
|
|
## Install supervisord
|
|
|
|
|
|
|
|
[Supervisord](https://github.com/ochinchina/supervisord) will be used to manage both Nginx and PHP-FPM.
|
|
|
|
|
|
|
|
1. Install it with:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
VERSION=0.7.3
|
|
|
|
wget -qO- "https://github.com/ochinchina/supervisord/releases/download/v${VERSION}/supervisord_${VERSION}_Linux_64-bit.tar.gz" | \
|
|
|
|
tar -xz --strip-components=1 -C /tmp/ "supervisord_${VERSION}_Linux_64-bit/supervisord_static"
|
|
|
|
chmod 500 /tmp/supervisord_static
|
|
|
|
mv /tmp/supervisord_static /usr/local/bin/supervisord
|
|
|
|
```
|
|
|
|
|
2021-11-21 13:39:17 +01:00
|
|
|
1. Set its configuration in `/etc/supervisor/supervisord.conf` as:
|
2021-08-02 18:36:06 +02:00
|
|
|
|
|
|
|
```ini
|
|
|
|
[supervisord]
|
|
|
|
nodaemon=true
|
|
|
|
pidfile=/run/supervisord.pid
|
|
|
|
loglevel=info
|
|
|
|
|
|
|
|
[program-default]
|
|
|
|
stdout_logfile=/dev/stdout
|
|
|
|
stdout_logfile_maxbytes=0
|
|
|
|
stderr_logfile=/dev/stderr
|
|
|
|
stderr_logfile_maxbytes=0
|
|
|
|
autorestart=false
|
|
|
|
startretries=0
|
|
|
|
|
|
|
|
[program:php-fpm]
|
2021-11-11 21:32:16 +01:00
|
|
|
command=/usr/sbin/php-fpm7.4 -F
|
2021-08-02 18:36:06 +02:00
|
|
|
|
|
|
|
[program:nginx]
|
|
|
|
command=/usr/sbin/nginx -g 'daemon off;'
|
|
|
|
depends_on=php-fpm
|
|
|
|
```
|
|
|
|
|
|
|
|
## Fix ownership and permissions for `www-data`
|
|
|
|
|
|
|
|
1. Let's fix the ownership and permissions for existing files:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
chown -R www-data \
|
|
|
|
/var/lib/nginx/ \
|
|
|
|
/var/log/nginx \
|
|
|
|
/srv \
|
|
|
|
/usr/local/bin/composer \
|
|
|
|
/usr/local/bin/supervisord \
|
|
|
|
/etc/supervisor/supervisord.conf
|
|
|
|
chmod 700 /srv
|
|
|
|
```
|
|
|
|
|
|
|
|
1. Let's pre-create some directories and files with the right ownership and permissions:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
mkdir -p /run/php /www/data/.composer
|
2021-11-11 21:32:16 +01:00
|
|
|
touch /run/nginx.pid /var/log/php7.4-fpm.log
|
2021-08-02 18:36:06 +02:00
|
|
|
chown -R www-data \
|
2021-11-11 21:32:16 +01:00
|
|
|
/var/log/php7.4-fpm.log \
|
2021-08-02 18:36:06 +02:00
|
|
|
/run/nginx.pid \
|
|
|
|
/run/php \
|
|
|
|
/www/data/.composer
|
|
|
|
chmod 700 /run/php /www/data/.composer
|
2021-11-11 21:32:16 +01:00
|
|
|
chmod 600 /var/log/php7.4-fpm.log
|
2021-08-02 18:36:06 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
## Change user
|
|
|
|
|
|
|
|
Let's run the final commands as `www-data`:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
su -l www-data -s /bin/bash
|
|
|
|
```
|
|
|
|
|
|
|
|
## Install composer dependencies
|
|
|
|
|
|
|
|
```bash
|
|
|
|
cd /srv
|
|
|
|
composer install --prefer-dist --no-scripts --no-dev --no-autoloader
|
|
|
|
composer dump-autoload --no-scripts --no-dev --optimize
|
|
|
|
```
|
|
|
|
|
|
|
|
## Create an SQlite database
|
|
|
|
|
|
|
|
```bash
|
|
|
|
touch /srv/database/database.sqlite
|
|
|
|
chmod 700 /srv/database/database.sqlite
|
|
|
|
```
|
|
|
|
|
|
|
|
## Customize .env file
|
|
|
|
|
|
|
|
Use the `/srv/.env.example` file as a template and rename it to `.env`.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
mv /srv/.env.example /srv/.env
|
|
|
|
```
|
|
|
|
|
|
|
|
Make sure you modify:
|
|
|
|
|
|
|
|
- `DB_DATABASE` to be `/srv/database/database.sqlite`
|
|
|
|
|
|
|
|
## Run 2fauth installation steps
|
|
|
|
|
|
|
|
```bash
|
|
|
|
php artisan migrate:refresh
|
|
|
|
php artisan passport:install
|
|
|
|
php artisan storage:link
|
|
|
|
php artisan config:cache
|
|
|
|
```
|
|
|
|
|
|
|
|
## Run supervisord
|
|
|
|
|
|
|
|
```bash
|
|
|
|
supervisord
|
|
|
|
```
|
|
|
|
|
|
|
|
Now you can access your site at `http://localhost:8000`
|
|
|
|
|
|
|
|
You can also run `supervisord -d` to run it as a daemon.
|
|
|
|
|
|
|
|
## Upgrade
|
|
|
|
|
|
|
|
1. Stop `supervisord`
|
|
|
|
1. Update the source code in `/srv`. ⚠️ do not change the `/srv/storage` directory nor your `/srv/database/database.sqlite` file.
|
|
|
|
1. Run the following commands:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
php artisan migrate
|
|
|
|
php artisan config:clear
|
|
|
|
```
|
|
|
|
|
|
|
|
1. Run `supervisord` again
|