X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=doc%2Fmd%2FServer-configuration.md;h=bb488ef0b2e5f678a884fba2baed24a330e1a87c;hb=d8847936d4fb3faa698bee1acabf99eb7f5268ed;hp=d32cc786cd852467ce83ee8087ded450e5a0ca03;hpb=38d66e1a40c20678e34408a069a615928d2c244c;p=github%2Fshaarli%2FShaarli.git diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index d32cc786..bb488ef0 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -1,7 +1,5 @@ # Server configuration - - ## Requirements ### Operating system and web server @@ -25,6 +23,14 @@ Setup a **firewall** (using `iptables`, [ufw](https://www.digitalocean.com/commu Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver. +### Screencast + +Here is a screencast of the installation procedure + +[![asciicast](https://asciinema.org/a/z3RXxcJIRgWk0jM2ws6EnUFgO.svg)](https://asciinema.org/a/z3RXxcJIRgWk0jM2ws6EnUFgO) + +-------------------------------------------------------------------------------- + ### PHP Supported PHP versions: @@ -105,7 +111,7 @@ If you don't want to rely on a certificate authority, or the server can only be The following examples assume a Debian-based operating system is installed. On other distributions you may have to adapt details such as package installation procedures, configuration file locations, and webserver username/group (`www-data` or `httpd` are common values). In these examples we assume the document root for your web server/virtualhost is at `/var/www/shaarli.mydomain.org/`: ```bash -# create the document root +# create the document root (replace with your own domain name) sudo mkdir -p /var/www/shaarli.mydomain.org/ ``` @@ -119,7 +125,7 @@ You can install Shaarli at the root of your virtualhost, or in a subdirectory as sudo apt update sudo apt install apache2 libapache2-mod-php php-json php-mbstring php-gd php-intl php-curl php-gettext -# Edit the virtualhost configuration file with your favorite editor +# Edit the virtualhost configuration file with your favorite editor (replace the example domain name) sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf ``` @@ -128,20 +134,22 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf ServerName shaarli.mydomain.org DocumentRoot /var/www/shaarli.mydomain.org/ - # Redirect HTTP requests to HTTPS + # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests RewriteEngine on RewriteRule ^.well-known/acme-challenge/ - [L] - # except for Let's Encrypt ACME challenge requests RewriteCond %{HTTP_HOST} =shaarli.mydomain.org RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] + # If you are using mod_md, use this instead + #MDCertificateAgreement accepted + #MDContactEmail admin@shaarli.mydomain.org + #MDPrivateKeys RSA 4096 ServerName shaarli.mydomain.org DocumentRoot /var/www/shaarli.mydomain.org/ - # SSL/TLS configuration (for Let's Encrypt certificates) - # If certificates were acquired from certbot standalone + # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone SSLEngine on SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem @@ -152,6 +160,9 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf SSLSessionTickets off SSLOptions +StrictRequire + # SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md + #MDomain shaarli.mydomain.org + # SSL/TLS configuration (for self-signed certificates) #SSLEngine on #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem @@ -397,6 +408,8 @@ maxretry = 3 bantime = -1 ``` +Then restart the service: `sudo systemctl restart fail2ban` + #### References - [Apache/PHP - error log per VirtualHost - StackOverflow](http://stackoverflow.com/q/176)