meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
installation_apt [2023/07/09 17:42] – created johnnyinstallation_apt [2025/01/18 12:23] (current) – reword security note wrongecho
Line 1: Line 1:
 ====== Installation - Local via apt ====== ====== Installation - Local via apt ======
  
-===== Security message =====+===== Security =====
  
-  * This project is currently in **Beta** with many ongoing changes.+  * Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
  
-  * Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issuesUse your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc.+  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]].
  
-  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]] +  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**.
- +
-  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**+
  
 ===== Install Overview ===== ===== Install Overview =====
-ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is highly recommended over MySQL) and PHP.+ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is **highly** recommended over MySQL) and PHP.
  
   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)
Line 20: Line 18:
   - Go!   - Go!
  
-There's also [[https://github.com/itflow-org/itflow_install_script/blob/main/itflow_install.sh|a script]] that automates this process for you and uses Let's Encrypt certificates.+There's also [[https://github.com/itflow-org/itflow_install_script/blob/main/itflow_install.sh|a script]] that automates this process for you and uses Let's Encrypt certificates. The script also takes care of setting up [[cron|cron]]. 
 + 
 +===== Debian Setup Guide ===== 
 + 
 +//This guide assumes you want to install ITFlow to the default ''/var/www/html/'' directory, adjust this as required if you're using vhosts.//
  
-===== Ubuntu Setup Guide ===== 
 **Update apt** **Update apt**
  
Line 34: Line 35:
  
   * ''sudo apt install mariadb-server -y''   * ''sudo apt install mariadb-server -y''
 +//NOTE: We **highly recommend MariaDB** over MySQL. They are very similar but some pages do not load properly when using MySQL.//
  
 **Install PHP** **Install PHP**
  
-  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl libapache2-mod-php -y''+  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl php-gd php-mbstring libapache2-mod-php -y''
  
 **Install Git & whois** **Install Git & whois**
Line 43: Line 45:
   * ''sudo apt install git whois -y''   * ''sudo apt install git whois -y''
  
-**Harden your Linux installation**//As a starting point://+**Harden your Linux installation** 
 + 
 +//As a starting point://
  
   * MariaDB: ''sudo mysql_secure_installation''   * MariaDB: ''sudo mysql_secure_installation''
   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''
 +  * Setup [[fail2ban|Fail2Ban]]
   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]
  
 **Enable PHP** //(hint: hit tab after typing php to get a suggested version number)// **Enable PHP** //(hint: hit tab after typing php to get a suggested version number)//
  
-  * ''sudo a2enmod php8.1''+  * ''sudo a2enmod php8.3'' 
 + 
 + 
 +**Adjust PHP File Upload Limits** 
 + 
 +  * ''sudo nano  /etc/php/{PHP VERSION}/apache2/php.ini'' - Adjust: 
 +    * ''upload_max_filesize = 500M'' 
 +    * ''post_max_size = 500M''
  
 **Enable SSL** **Enable SSL**
Line 105: Line 117:
   * ''git clone https://github.com/itflow-org/itflow.git .''   * ''git clone https://github.com/itflow-org/itflow.git .''
      
-**Set the web folder to be owned by Apache**+**Set the web folder to be owned by Apache's www-data user**
   * ''sudo chown -R www-data:www-data /var/www/html''   * ''sudo chown -R www-data:www-data /var/www/html''
  
-**Set web folder permissions** //(all, for now, we'll change this after setup)//+**Set web folder & git permissions**
   * ''sudo chmod -R 777 /var/www/html''   * ''sudo chmod -R 777 /var/www/html''
 +  * ''sudo git config --system --add safe.directory '*'''
  
 **Run through the initial setup by navigating to your web server using HTTPS** **Run through the initial setup by navigating to your web server using HTTPS**
   * Provide the database name, username, and password you set up earlier when prompted   * Provide the database name, username, and password you set up earlier when prompted
      
-**Once complete, tidy up the webserver permissions** +**Once complete, tidy up the webserver permissions** //(The Apache/www-data user needs access to edit files as it self-updates using Git)// 
-  * ''sudo find /var/www/html -type d -exec chmod 775 {} \;'' +  * ''sudo chmod -R 775 /var/www/html''
-  * ''sudo find /var/www/html -type f -exec chmod 664 {} \;''+
   * ''sudo chmod 640 /var/www/html/config.php''   * ''sudo chmod 640 /var/www/html/config.php''
      
-==== Essential Housekeeping ==== 
- 
-  * [[backups|Backups]]: Especially your master encryption key 
-  * [[config_php|Config.php]]: Check you don't need to add any specific variables (e.g. not using HTTPS) 
-  * [[cron|Cron]]: For scheduled activities 
-  * [[email_config|Email Configuration]]: To send outbound emails (invoicing, tickets, etc) 
-  * [[ticket_email_parse|Email to Ticket]]: To receive inbound ticketing emails 
  
 **Done!** **Done!**
 +
 +
 +----
 +
 +
 +==== ITFlow on Windows is unsupported ====
 +
 +Whilst it is //technically possible// to install ITFlow on Windows, we do not recommend this and cannot offer support for it. Many PHP functions simply do not work properly on Windows.