meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
installation_apt [2024/08/29 20:13] – external edit 127.0.0.1installation_apt [2025/05/07 20:13] (current) – [Debian Setup Guide] johnny
Line 1: Line 1:
 ====== Installation - Local via apt ====== ====== Installation - Local via apt ======
  
-===== Security message =====+===== Security =====
  
-  * This project is currently in **Beta** with many ongoing changes.+  * Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
  
-  * Whilst we're confident the majority of code is safe, nothing in life is 100% safe or risk-free. Writing functional, secure code is very difficult. The current fast pace of development/change may unintentionally introduce bugs/security issuesUse your best judgment before storing highly confidential information in the app. You may wish to consider running ITFlow on it's own server, using a web-app firewall, restricting access (except /portal) to trusted IP addresses, etc.+  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]].
  
-  * Need to report a security issue? Check the [[https://github.com/itflow-org/itflow/security/policy|security policy]] +  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**.
- +
-  * **ITFlow comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law**+
  
 ===== Install Overview ===== ===== Install Overview =====
-ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is highly recommended over MySQL) and PHP.+ITFlow runs on most "standard" Linux web servers. For the core functionality, you just need Apache, a database (MariaDB is **highly** recommended over MySQL) and PHP.
  
   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)   - Install a LAMP stack (Linux, Apache, MariaDB & PHP)
Line 41: Line 39:
 **Install PHP** **Install PHP**
  
-  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl php-gd libapache2-mod-php -y''+  * ''sudo apt install php php-intl php-imap php-mailparse php-mysqli php-curl php-gd php-mbstring php-zip libapache2-mod-php -y''
  
 **Install Git & whois** **Install Git & whois**
Line 47: Line 45:
   * ''sudo apt install git whois -y''   * ''sudo apt install git whois -y''
  
-**Harden your Linux installation**//As a starting point://+**Harden your Linux installation** 
 + 
 +//As a starting point://
  
   * MariaDB: ''sudo mysql_secure_installation''   * MariaDB: ''sudo mysql_secure_installation''
   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''   * UFW: ''sudo ufw allow ssh'' & ''sudo ufw allow "Apache Full"'' & ''sudo ufw enable''
 +  * Setup [[fail2ban|Fail2Ban]]
   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]   * Consider setting up a web app firewall, like [[https://github.com/SpiderLabs/ModSecurity|ModSecurity]]
  
Line 63: Line 64:
     * ''upload_max_filesize = 500M''     * ''upload_max_filesize = 500M''
     * ''post_max_size = 500M''     * ''post_max_size = 500M''
 +    * ''max_execution_time = 300''
  
 **Enable SSL** **Enable SSL**
Line 75: Line 77:
  
   * ''sudo nano /etc/apache2/sites-available/default-ssl.conf'' - Adjust:   * ''sudo nano /etc/apache2/sites-available/default-ssl.conf'' - Adjust:
-    * ''SSLCertificateKeyFile /etc/ssl/certs/public.pem'' +    * ''SSLCertificateFile /etc/ssl/certs/public.pem'' 
-    * ''SSLCertificateFile /etc/ssl/private/private.key''+    * ''SSLCertificateKeyFile /etc/ssl/private/private.key''
  
 **Check Apache config** **Check Apache config**
Line 118: Line 120:
 **Set the web folder to be owned by Apache's www-data user** **Set the web folder to be owned by Apache's www-data user**
   * ''sudo chown -R www-data:www-data /var/www/html''   * ''sudo chown -R www-data:www-data /var/www/html''
- 
-**Set web folder & git permissions** 
-  * ''sudo chmod -R 777 /var/www/html'' 
-  * ''sudo git config --system --add safe.directory '*''' 
  
 **Run through the initial setup by navigating to your web server using HTTPS** **Run through the initial setup by navigating to your web server using HTTPS**