New Server Setup - CustodesTechnologia/System GitHub Wiki
To get the hardware ready for running the Invision software, they recommend running a PHP script to test the compatibility of the site.
Typically, most vendors of bare-metal servers will not have all of the packages pre-installed. Here is the list of the packages to install. If they are already installed, the tool will tell you and there is nothing to do for that package.
The Invision Software recommends a certain baseline of software to be setup on the host.
After some trial and error, this is the set of packages that must be installed:
# baseline the host reference to packages
apt update
# get apache
apt install apache
# in order to get the recommended version of 5.6 MySQL
add-apt-repository 'deb http://kr.archive.ubuntu.com/ubuntu xenial main' -y
add-apt-repository 'deb http://archive.ubuntu.com/ubuntu trusty universe' -y
apt-get update
apt-get install mysql-server-5.6
apt-get install mysql-client-5.6
# Useful tools for the system
apt install net-tools
# these are all required by Invision
apt install php
apt install php7.2-xml
apt install php-dom php-gd php-mysqli php-mbstring
apt install php-gd
apt install php-mbstring
apt install php7.2-mysql
apt install php-curl php-zip
# This package lets you run the apache2 process for the server
# under a specific username. Makes it easier to assign a new user
# to run the server as (not root!) and then allow maintainers to
# access files on the site. The default user is `www-data` for Apache2
# and we don't want to make that a login user. Nor do we want to
# open the file permissions up for `o+w`. There's no need for it.
# Just make a user, run the Apache2 instance (virtual host) under that
# user.
apt install libapache2-mpm-itk
Remember to enable the Apache mod_rewrite module and mpm_itk module if you use it.
# a2enmod rewrite
# a2enmod mpm_itk
Also pay attention to the php.ini
suppression advice (re: exec,system,passthru,popen,proc_open,shell_exec
)
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,popen,proc_open,shell_exec
Having done that and restart Apache
# systemctl restart apache2
Then you can retest the compatibility script.
Ignore the error that it cannot reach the MySQL server -- of course it can't -- we didn't instruct the script how to access any databases on the MySQL server. Don't worry about it. It'll work.
<VirtualHost *:80>
ServerName DOMAIN_NAME
ErrorLog ${APACHE_LOG_DIR}/DOMAIN-error.log
DocumentRoot /var/www/USER
CustomLog ${APACHE_LOG_DIR}/DOMAIN_access.log combined
ServerAdmin webmaster@localhost
<IfModule mpm_itk_module>
AssignUserID USER GROUP
</IfModule>
<Directory /var/www/USER>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
## These lines are used for password protecting the site
## during development. They can be removed once the site is
## ready for production
AuthType Basic
AuthName "Restricted Content"
AuthUserFile GLOBAL_APACHE_PASSWD_FILE
Require valid-user
</Directory>
</VirtualHost>
If you need to put a barrier between the users and the development that comes before whatever "door" Invision Software provides, use htaccess:
In the DocumentRoot
you'll need to put a .htaccess
file.
The contents will vary depending on how your site is configured, but to protect the site away from visitors while the development is done, it usually starts out like this:
(Add this to the .htacces
file. You may already have other
.htaccess
settings that are present -- like mod re-write rules, etc..)
ErrorDocument 401 /Not_Online_Yet.html
AuthType Basic
AuthName "Restricted Content"
AuthUserFile GLOBAL_APACHE_PASSWD_FILE
Require user USER
Make the page Not_Online_Yet.html
in DocumentRoot
(rename to suit your taste).
Now you can work with relative peace with the software/site.