meta data for this page

Installation - Local via apt

Security message

  • This project is currently in Beta with many ongoing changes.
  • Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issues. Use your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc.
  • ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law

Install Overview

ITFlow runs on most “standard” Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is highly recommended over MySQL) and PHP.

  1. Install a LAMP stack (Linux, Apache, MariaDB & PHP)
  2. Create a SQL database, username & password
  3. Clone ITFlow (https://github.com/itflow-org/itflow.git) in your web directory root
  4. Point your browser to https://itflow.yourdomain.com
  5. Go!

There's also a script that automates this process for you and uses Let's Encrypt certificates.

Ubuntu Setup Guide

Update apt

  • sudo apt update

Install Apache

  • sudo apt install apache2 -y

Install MariaDB

  • sudo apt install mariadb-server -y

Install PHP

  • sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl libapache2-mod-php -y

Install Git & whois

  • sudo apt install git whois -y

Harden your Linux installation. As a starting point:

  • MariaDB: sudo mysql_secure_installation
  • UFW: sudo ufw allow ssh & sudo ufw allow “Apache Full” & sudo ufw enable
  • Consider setting up a web app firewall, like ModSecurity

Enable PHP (hint: hit tab after typing php to get a suggested version number)

  • sudo a2enmod php8.1

Enable SSL

  • sudo a2enmod ssl

Add public/private TLS keys. You could also use LetsEncrypt, but setting this up is beyond the scope of this guide.

  • Place public key at: /etc/ssl/certs/public.pem
  • Place private key at: /etc/ssl/private/private.key

Adjust Apache's default SSL config to reflect the location of your keys:

  • sudo nano /etc/apache2/sites-available/default-ssl.conf - Adjust:
    • SSLCertificateKeyFile /etc/ssl/certs/public.pem
    • SSLCertificateFile /etc/ssl/private/private.key

Check Apache config

  • sudo apachectl configtest

Enable the 00-default site

  • sudo a2ensite default-ssl

Reload Apache Service to apply the changes

  • sudo systemctl reload apache2

Test: HTTP & HTTPS

  • Check you can access the default Apache page using HTTP & HTTPS

Configure Apache to redirect HTTP to HTTPS

  • sudo nano /etc/apache2/sites-enabled/000-default.conf

Log in to the database

  • sudo mysql -u root

Create a new database for ITFlow

  • MariaDB> CREATE DATABASE itflow;
  • MariaDB> FLUSH PRIVILEGES;

Setup a user for the ITFlow app

  • MariaDB> CREATE USER 'itflow'@'localhost' IDENTIFIED BY 'supersecurepassword';
  • MariaDB> GRANT ALL PRIVILEGES on itflow.* to 'itflow'@'localhost';
  • exit

Clone ITFlow to the Apache web directory

Set the web folder to be owned by Apache

  • sudo chown -R www-data:www-data /var/www/html

Set web folder permissions (all, for now, we'll change this after setup)

  • sudo chmod -R 777 /var/www/html

Run through the initial setup by navigating to your web server using HTTPS

  • Provide the database name, username, and password you set up earlier when prompted

Once complete, tidy up the webserver permissions

  • sudo find /var/www/html -type d -exec chmod 775 {} \;
  • sudo find /var/www/html -type f -exec chmod 664 {} \;
  • sudo chmod 640 /var/www/html/config.php

Essential Housekeeping

  • Backups: Especially your master encryption key
  • Config.php: Check you don't need to add any specific variables (e.g. not using HTTPS)
  • Cron: For scheduled activities
  • Email Configuration: To send outbound emails (invoicing, tickets, etc)
  • Email to Ticket: To receive inbound ticketing emails

Done!