meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
installation [2023/04/29 02:36] – fix broken links due to updates wrongechoinstallation [2024/05/04 16:08] (current) – add picture wrongecho
Line 1: Line 1:
-====== Installation - Local via apt ======+====== Requirements ====== 
 +  * [[https://ubuntu.com|Ubuntu]] Server with root shell access (SSH) 
 +  * Some packages: [[https://httpd.apache.org|Apache]], [[https://mariadb.org|MariaDB]], [[https://php.net|PHP]], etc 
 +  * Familiarity with the Linux shell 
 +  * A little patience and willingness to troubleshoot when things go wrong
  
-===== Security message ===== 
  
-  * This project is currently in **Beta** with many ongoing changes+====== Choose your Installation Method ======
  
-  * The current fast pace of development/change may unintentionally introduce bugs/security issues+ITFlow is written in PHP and works best on Apache with MariaDB as the back-end database. We recommend running ITFlow on Ubuntu using the installation script.
  
-  * **Whilst we are confident the code is safe, nothing in life is 100% safe or risk-free**+  * **[[installation_script|Installation via Script]] -- Recommended method ([[https://www.youtube.com/watch?v=kKz9NOU_1XE|video]])** 
 +  * [[installation_apt|Manual Installation on Ubuntu]] 
 +  [[installation_hestiacp| HestiaCP Install]] 
 +  [[installation_docker|Installation via Docker Container]] //(unsupported)//
  
-  * Use your best judgment before storing confidential information in the app+//You're more than welcome to try other methods and ways of running ITFlow, but it will be bumpy & have very limited support. We assume that if you're comfortable enough to deviate from the methods above, you're comfortable to debug the entire stack on your own.//
  
-  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]]+{{:itflow-setup.png?600|}}
  
-  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law** 
  
-===== Install Overview ===== +====== Post-installation essential housekeeping ====== 
-ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is highly recommended over MySQL) and PHP.+
  
-  - Install a LAMP stack (Linux, Apache, MariaDB & PHP) +A few steps to ensure everything stays running smoothly:
-  - Create a SQL database, username & password +
-  - Clone ITFlow (https://github.com/itflow-org/itflow.git) in your web directory root +
-  - Point your browser to https://itflow.yourdomain.com +
-  - Go! +
- +
-There's also [[https://github.com/itflow-org/itflow_install_script/blob/main/itflow_install.sh|a script]] that automates this process for you and uses Let's Encrypt certificates. +
- +
-===== Ubuntu Setup Guide ===== +
-**Update apt** +
- +
-  * ''sudo apt update'' +
- +
-**Install Apache** +
- +
-  * ''sudo apt install apache2 -y'' +
- +
-**Install MariaDB** +
- +
-  * ''sudo apt install mariadb-server -y'' +
- +
-**Install PHP** +
- +
-  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl libapache2-mod-php -y'' +
- +
-**Install Git & whois** +
- +
-  * ''sudo apt install git whois -y'' +
- +
-**Harden your Linux installation**. //As a starting point:// +
- +
-  * MariaDB: ''sudo mysql_secure_installation'' +
-  * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable'' +
-  * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]] +
- +
-**Enable PHP** //(hint: hit tab after typing php to get a suggested version number)// +
- +
-  * ''sudo a2enmod php8.1'' +
- +
-**Enable SSL** +
- +
-  * ''sudo a2enmod ssl'' +
- +
-**Add public/private TLS keys.** //You could also use LetsEncrypt, but setting this up is beyond the scope of this guide.// +
-  * Place public key at: ''/etc/ssl/certs/public.pem'' +
-  * Place private key at: ''/etc/ssl/private/private.key'' +
- +
-**Adjust Apache's default SSL config** to reflect the location of your keys: +
- +
-  * ''sudo nano /etc/apache2/sites-available/default-ssl.conf'' - Adjust: +
-    * ''SSLCertificateKeyFile /etc/ssl/certs/public.pem'' +
-    * ''SSLCertificateFile /etc/ssl/private/private.key'' +
- +
-**Check Apache config** +
- +
-  * ''sudo apachectl configtest'' +
- +
-**Enable the 00-default site** +
- +
-  * ''sudo a2ensite default-ssl'' +
- +
-**Reload Apache Service** to apply the changes +
- +
-  * ''sudo systemctl reload apache2'' +
- +
-**Test: HTTP & HTTPS** +
- +
-  * Check you can access the default Apache page using HTTP & HTTPS +
- +
-**Configure Apache to redirect HTTP to HTTPS** +
- +
-  * ''sudo nano /etc/apache2/sites-enabled/000-default.conf'' +
-    * Add the line ''Redirect permanent / https://itflow.yourdomain.com/'' (or similar) under the VirtualHost for port 80 +
-  +
-**Log in to the database** +
-  * ''sudo mysql -u root'' +
- +
-**Create a new database for ITFlow** +
-  * ''MariaDB> CREATE DATABASE itflow;'' +
-  * ''MariaDB> FLUSH PRIVILEGES;'' +
-   +
-**Setup a user for the ITFlow app** +
-  * ''MariaDB> CREATE USER 'itflow'@'localhost' IDENTIFIED BY 'supersecurepassword';'' +
-  * ''MariaDB> GRANT ALL PRIVILEGES on itflow.* to 'itflow'@'localhost';'' +
-  * ''exit'' +
-   +
-**Clone ITFlow to the Apache web directory** +
-  * ''cd /var/www/html'' +
-  * ''rm index.html'' +
-  * ''git clone https://github.com/johnnyq/itflow.git .'' +
-   +
-**Set the web folder to be owned by Apache** +
-  * ''sudo chown -R www-data:www-data /var/www/html'' +
- +
-**Set web folder permissions** //(all, for now, we'll change this after setup)// +
-  * ''sudo chmod -R 777 /var/www/html'' +
- +
-**Run through the initial setup by navigating to your web server using HTTPS** +
-  * Provide the database name, username, and password you set up earlier when prompted +
-   +
-**Once complete, tidy up the webserver permissions** +
-  * ''sudo find /var/www/html -type d -exec chmod 775 {} \;'' +
-  * ''sudo find /var/www/html -type f -exec chmod 664 {} \;'' +
-  * ''sudo chmod 640 /var/www/html/config.php'' +
-   +
-==== Essential Housekeeping ====+
  
   * [[backups|Backups]]: Especially your master encryption key   * [[backups|Backups]]: Especially your master encryption key
   * [[config_php|Config.php]]: Check you don't need to add any specific variables (e.g. not using HTTPS)   * [[config_php|Config.php]]: Check you don't need to add any specific variables (e.g. not using HTTPS)
-  * [[cron|Cron]]: For scheduled activities+  * [[cron|Cron]]: For scheduled activities //(the install script adds these for you)//
   * [[email_config|Email Configuration]]: To send outbound emails (invoicing, tickets, etc)   * [[email_config|Email Configuration]]: To send outbound emails (invoicing, tickets, etc)
   * [[ticket_email_parse|Email to Ticket]]: To receive inbound ticketing emails   * [[ticket_email_parse|Email to Ticket]]: To receive inbound ticketing emails
  
-**Done!**