===== Security message ===== * This project is currently in **Beta** with many ongoing changes. * Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issues. Use your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc. * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]] * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law** ---- A Fantastic Free and Opensource Web Hosting Control Panel [[https://hestiacp.com]] ====== Admin Level ====== ===== Install HestiaCP ===== * Install on Debian 12 **without** Mail, DNS and Apache //(Nginx will be used instead)// This will provide the most ultimate performance for ITFlow ===== Install PHP Mods ===== //These modules are not installed as part of the default HestiaCP Install// * Login as root: * ''apt update'' * ''apt install php-intl php-imap php-mailparse php-curl -y'' ===== Create User ===== - Login to HestiaCP as admin https://host.yourdomain.ext:8083 - Create Normal user with bash shell access - //it defaults to no login// {{:hestia-install-8.png?direct&200|}} - Logout as admin ====== User Level ====== ===== Create Web Domain ===== - Login as newly created user - Click Create Web Domain {{:hestia-install-1.png?direct&200|}} - Enter your FQDN - //for example itflow.mycompany.com// {{:hestia-install-2.png?direct&200|}} - Click Save - Edit the newly created Web Domain - Click Enable SSL for this domain and the 3 options under it should be checked as well. {{:hestia-install-4.png?direct&200|}} - Use Let's Encrypt to obtain SSL certificate - Enable automatic HTTPS redirection - Enable HTTP Strict Transport Security (HSTS) - Click Save ===== Create Database ===== - Click DB {{:hestia-install-5.png?direct&200|}} - Click Add Database {{:hestia-install-6.png?direct&200|}} - Name the database - create username for database you can use the same name as the database name for simplicity - make a secure password {{:hestia-install-7.png?direct&200|}} - Click Save ===== Pull down ITFlow install files ===== - Login with your new user via ssh - ssh username@host.domain.ext - Change to Web root Directory ''cd /home/[USERNAME]/web/[HOST.DOMAIN.EXT]/public_html'' - Delete HestiaCP automatic created files ''rm *'' - //This will delete index.html and robots.txt// - Install ITFlow files via git - ''git clone https://github.com/itflow-org/itflow.git .'' - Do not forget the . at the end ===== Follow Web Install Process ===== * Visit https://yourdomain.com ===== Setup Cron Jobs ===== - Log back into HestiaCP - Click Cron - Add each of the Cron Jobs in the documentation [[cron|here]] {{:hestia-cron_add.png?direct|}} ===== Tweaks (Optional) ===== * Click Users > Packages > Edit Default Package * Set Backups to something other than the default 1 - **7 to 14** is a good practice * Set SSH Access from nologin to bash * PHP Settings Default to the following - Click gear icon top right > Click on php8.2-fpm {{:hestia-php_settings.png?direct|}} * MariaDB Settings - Click gear icon top right > Click on mariadb {{:hestia-mariadb_settings.png?direct|}} * NginX Settings - Click gear icon top right > Click on nginx {{:hestia-nginx_settings.png?direct|}} ===== Troubleshooting ===== * shell_exec and exec must be enabled in Server Settings > Configure > Web Server > php-fpm * If mailparse is listed as not installed in ITFlow - Debug and no feedback is returned when running ''php -m | grep mailparse'', you must install mailparse for your version of PHP. E.g., ''apt-get install php8.2-mailparse''