5.0 KiB
Debian Setup
This applies to Debian Buster, but similar instructions should apply for other Debian versions.
What we will do
- We will use PHP 7.4
- We will use version v3.0.0 of 2fauth
- We will setup to use an Sqlite database
- We will use Nginx and PHP-FPM to serve our site on port
8000
- We will run all this as user
www-data
without root
Install dependencies
-
Update your apt repository list:
apt-get update
-
Install the following packages:
apt-get install -y --no-install-recommends \ php7.4 \ php7.4-sqlite3 php7.4-mysql \ php-xml php7.4-gd php7.4-mbstring \ unzip wget ca-certificates \ php7.4-fpm nginx
Download the code
Let's place 2fauth's code in /srv
:
mkdir -p /srv
VERSION=v3.0.0
wget -qO- "https://github.com/Bubka/2FAuth/archive/refs/tags/${VERSION}.tar.gz" | \
tar -xz --strip-components=1 -C /srv
Nginx configuration
Set your Nginx configuration in /etc/nginx/nginx.conf
as:
events {}
http {
include mime.types;
access_log /dev/stdout;
error_log /dev/stderr;
server {
listen 8000;
server_name 2fAuth;
root /srv/public;
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
}
You can verify the Nginx configuration is valid with:
nginx -t
Install composer
Download the latest stable composer:
wget -qO /usr/local/bin/composer https://getcomposer.org/download/latest-stable/composer.phar
chmod 500 /usr/local/bin/composer
Install supervisord
Supervisord will be used to manage both Nginx and PHP-FPM.
-
Install it with:
VERSION=0.7.3 wget -qO- "https://github.com/ochinchina/supervisord/releases/download/v${VERSION}/supervisord_${VERSION}_Linux_64-bit.tar.gz" | \ tar -xz --strip-components=1 -C /tmp/ "supervisord_${VERSION}_Linux_64-bit/supervisord_static" chmod 500 /tmp/supervisord_static mv /tmp/supervisord_static /usr/local/bin/supervisord
-
Set its configuration in
/etc/supervisor/supervisord.conf
as:[supervisord] nodaemon=true pidfile=/run/supervisord.pid loglevel=info [program-default] stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 autorestart=false startretries=0 [program:php-fpm] command=/usr/sbin/php-fpm7.4 -F [program:nginx] command=/usr/sbin/nginx -g 'daemon off;' depends_on=php-fpm
Fix ownership and permissions for www-data
-
Let's fix the ownership and permissions for existing files:
chown -R www-data \ /var/lib/nginx/ \ /var/log/nginx \ /srv \ /usr/local/bin/composer \ /usr/local/bin/supervisord \ /etc/supervisor/supervisord.conf chmod 700 /srv
-
Let's pre-create some directories and files with the right ownership and permissions:
mkdir -p /run/php /www/data/.composer touch /run/nginx.pid /var/log/php7.4-fpm.log chown -R www-data \ /var/log/php7.4-fpm.log \ /run/nginx.pid \ /run/php \ /www/data/.composer chmod 700 /run/php /www/data/.composer chmod 600 /var/log/php7.4-fpm.log
Change user
Let's run the final commands as www-data
:
su -l www-data -s /bin/bash
Install composer dependencies
cd /srv
composer install --prefer-dist --no-scripts --no-dev --no-autoloader
composer dump-autoload --no-scripts --no-dev --optimize
Create an SQlite database
touch /srv/database/database.sqlite
chmod 700 /srv/database/database.sqlite
Customize .env file
Use the /srv/.env.example
file as a template and rename it to .env
.
mv /srv/.env.example /srv/.env
Make sure you modify:
DB_DATABASE
to be/srv/database/database.sqlite
Run 2fauth installation steps
php artisan migrate:refresh
php artisan passport:install
php artisan storage:link
php artisan config:cache
Run supervisord
supervisord
Now you can access your site at http://localhost:8000
You can also run supervisord -d
to run it as a daemon.
Upgrade
-
Stop
supervisord
-
Update the source code in
/srv
. ⚠️ do not change the/srv/storage
directory nor your/srv/database/database.sqlite
file. -
Run the following commands:
php artisan migrate php artisan config:clear
-
Run
supervisord
again