meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
installation_apt [2024/02/10 12:05] – specifically call out Windows as unsupported wrongechoinstallation_apt [2025/09/22 23:01] (current) johnny
Line 1: Line 1:
 ====== Installation - Local via apt ====== ====== Installation - Local via apt ======
  
-===== Security message =====+===== Security =====
  
-  * This project is currently in **Beta** with many ongoing changes.+  * Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
  
-  * Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issuesUse your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc.+  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]].
  
-  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]] +  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**.
- +
-  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**+
  
 ===== Install Overview ===== ===== Install Overview =====
-ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is highly recommended over MySQL) and PHP. +ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is **highly** recommended over MySQL) and PHP.
  
   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)
Line 20: Line 18:
   - Go!   - Go!
  
-There's also [[https://github.com/itflow-org/itflow_install_script/blob/main/itflow_install.sh|a script]] that automates this process for you and uses Let's Encrypt certificates.+There's also [[https://github.com/itflow-org/itflow_install_script/blob/main/itflow_install.sh|a script]] that automates this process for you and uses Let's Encrypt certificates. The script also takes care of setting up [[cron|cron]].
  
-===== Ubuntu Setup Guide =====+===== Debian Setup Guide =====
  
 //This guide assumes you want to install ITFlow to the default ''/var/www/html/'' directory, adjust this as required if you're using vhosts.// //This guide assumes you want to install ITFlow to the default ''/var/www/html/'' directory, adjust this as required if you're using vhosts.//
Line 37: Line 35:
  
   * ''sudo apt install mariadb-server -y''   * ''sudo apt install mariadb-server -y''
 +//NOTE: We **highly recommend MariaDB** over MySQL. They are very similar but some pages do not load properly when using MySQL.//
  
 **Install PHP** **Install PHP**
  
-  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl libapache2-mod-php -y''+  * ''sudo apt install php php-intl php-mysqli php-curl php-gd php-mbstring php-zip libapache2-mod-php -y''
  
 **Install Git & whois** **Install Git & whois**
Line 46: Line 45:
   * ''sudo apt install git whois -y''   * ''sudo apt install git whois -y''
  
-**Harden your Linux installation**//As a starting point://+**Harden your Linux installation** 
 + 
 +//As a starting point://
  
   * MariaDB: ''sudo mysql_secure_installation''   * MariaDB: ''sudo mysql_secure_installation''
   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''
 +  * Setup [[fail2ban|Fail2Ban]]
   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]
  
 **Enable PHP** //(hint: hit tab after typing php to get a suggested version number)// **Enable PHP** //(hint: hit tab after typing php to get a suggested version number)//
  
-  * ''sudo a2enmod php8.1''+  * ''sudo a2enmod php8.3''
  
  
Line 62: Line 64:
     * ''upload_max_filesize = 500M''     * ''upload_max_filesize = 500M''
     * ''post_max_size = 500M''     * ''post_max_size = 500M''
 +    * ''max_execution_time = 300''
  
 **Enable SSL** **Enable SSL**
Line 74: Line 77:
  
   * ''sudo nano /etc/apache2/sites-available/default-ssl.conf'' - Adjust:   * ''sudo nano /etc/apache2/sites-available/default-ssl.conf'' - Adjust:
-    * ''SSLCertificateKeyFile /etc/ssl/certs/public.pem'' +    * ''SSLCertificateFile /etc/ssl/certs/public.pem'' 
-    * ''SSLCertificateFile /etc/ssl/private/private.key''+    * ''SSLCertificateKeyFile /etc/ssl/private/private.key''
  
 **Check Apache config** **Check Apache config**
Line 117: Line 120:
 **Set the web folder to be owned by Apache's www-data user** **Set the web folder to be owned by Apache's www-data user**
   * ''sudo chown -R www-data:www-data /var/www/html''   * ''sudo chown -R www-data:www-data /var/www/html''
- 
-**Set web folder & git permissions** 
-  * ''sudo chmod -R 777 /var/www/html'' 
-  * ''sudo git config --system --add safe.directory '*''' 
  
 **Run through the initial setup by navigating to your web server using HTTPS** **Run through the initial setup by navigating to your web server using HTTPS**
Line 138: Line 137:
 ==== ITFlow on Windows is unsupported ==== ==== ITFlow on Windows is unsupported ====
  
-Whilst it is //technically possible// to install ITFlow on Windows, we do not recommend this and cannot offer support for it. Many PHP functions simply do not work on Windows.+Whilst it is //technically possible// to install ITFlow on Windows, we do not recommend this and cannot offer support for it. Many PHP functions simply do not work properly on Windows.