# Server configuration
-
-
## Requirements
### Operating system and web server
Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver.
+### Screencast
+
+Here is a screencast of the installation procedure
+
+[![asciicast](https://asciinema.org/a/z3RXxcJIRgWk0jM2ws6EnUFgO.svg)](https://asciinema.org/a/z3RXxcJIRgWk0jM2ws6EnUFgO)
+
+--------------------------------------------------------------------------------
+
### PHP
Supported PHP versions:
The following examples assume a Debian-based operating system is installed. On other distributions you may have to adapt details such as package installation procedures, configuration file locations, and webserver username/group (`www-data` or `httpd` are common values). In these examples we assume the document root for your web server/virtualhost is at `/var/www/shaarli.mydomain.org/`:
```bash
-# create the document root
+# create the document root (replace with your own domain name)
sudo mkdir -p /var/www/shaarli.mydomain.org/
```
sudo apt update
sudo apt install apache2 libapache2-mod-php php-json php-mbstring php-gd php-intl php-curl php-gettext
-# Edit the virtualhost configuration file with your favorite editor
+# Edit the virtualhost configuration file with your favorite editor (replace the example domain name)
sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
```
ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/
- # Redirect HTTP requests to HTTPS
+ # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests
RewriteEngine on
RewriteRule ^.well-known/acme-challenge/ - [L]
- # except for Let's Encrypt ACME challenge requests
RewriteCond %{HTTP_HOST} =shaarli.mydomain.org
RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent]
+ # If you are using mod_md, use this instead
+ #MDCertificateAgreement accepted
+ #MDContactEmail admin@shaarli.mydomain.org
+ #MDPrivateKeys RSA 4096
</VirtualHost>
<VirtualHost *:443>
ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/
- # SSL/TLS configuration (for Let's Encrypt certificates)
- # If certificates were acquired from certbot standalone
+ # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem
SSLSessionTickets off
SSLOptions +StrictRequire
+ # SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md
+ #MDomain shaarli.mydomain.org
+
# SSL/TLS configuration (for self-signed certificates)
#SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
```bash
# Enable the virtualhost
-sudo a2ensite shaarli
+sudo a2ensite shaarli.mydomain.org
# mod_ssl must be enabled to use TLS/SSL certificates
# https://httpd.apache.org/docs/current/mod/mod_ssl.html
# https://httpd.apache.org/docs/current/mod/mod_rewrite.html
sudo a2enmod rewrite
+# mod_headers must be enabled to set custom headers from the server config
+sudo a2enmod headers
+
# mod_version must only be enabled if you use Apache 2.2 or lower
# https://httpd.apache.org/docs/current/mod/mod_version.html
# sudo a2enmod version
# restart the apache service
-systemctl restart apache
+sudo systemctl restart apache2
```
See [How to install the Apache web server](https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-debian-10) for a complete guide.
bantime = -1
```
+Then restart the service: `sudo systemctl restart fail2ban`
+
#### References
- [Apache/PHP - error log per VirtualHost - StackOverflow](http://stackoverflow.com/q/176)