-
Notifications
You must be signed in to change notification settings - Fork 42
Installation on Oracle free VPS (Preprod)
Auteur: Sylvain Martin Date: 22-dec-2022
- Introduction
- Instance creation
- Environment Installation
- DNS registrar
- Apache configuration
- Mailcatcher
- parameters.yml
To have a preprod server, it can be useful to have a dedicated machine with a similar environment that the one used on prod. Oracle cloud have a free tier offer to experiment with their cloud services. It allow to have up to 2 VPS with Linux on it for free... They are clearly for test purpose because they are kite weak : Virtual machine, 2GHz CPU, 1 core OCPU, 1 GB memory, 0.48 Gbps network bandwidth
The official documentation is quiet exhaustive :
- Free Tier: Install Apache and PHP on an Ubuntu Instance
- Free Tier: Install WordPress on an Ubuntu Instance (except the part on the WordPress it self).
[!note]- Words of caution from the Auteur I am no expert in that matter, it is merely a working solution developed after several sleepless nights to figure out a way to have a test server, but not an optimized one. In addition, some steps could be missing.
when register and connected (they ask for a credit card number, but do not charge). one can "create a VM Instance" (in the compute category).
Do not forget to upload or download a ssh key. It is need for the remote connection later.
To connect to this instance, a ssh toot is needed. for the Linux user no problems, for the windows user powershell can do it or some tool like MobzXterm.
to allow the external connection, routes has to be defined. once again the official documentation is clear enough. (one can allow also the ports 8080 ad 8000 to be able to use the dev server)
The Ubuntu firewall is disabled by default. However, you still need to update your iptables
configuration to allow HTTP traffic. Update iptables
with the following commands. The commands add a rule to allow HTTP traffic and saves the changes to the iptables
configuration files.
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo netfilter-persistent save
Warning
It is realy important that all the files used by the web site are owned by a user of the www-data
group with the possibility for the group to read and execute (and eventually write for the var
folder)
Here a user was created to not use the main root user (by default named ubuntu
):
dumbo
. This user were given the root rights through sudo and is in the www-data
group (the group used by apache and co).
To install PHP, one have to be careful to use php 7 (by default, it is PHP 8):
sudo apt update
sudo apt upgrade
adding the PHP repository :
sudo add-apt-repository ppa:ondrej/php
sudo apt update
Then installing:
sudo apt install apache2 php7.4 php7.4-cli php7.4-common php7.4-curl php7.4-mbstring php7.4-mysql php7.4-xmlp php7.4-gd libapache2-mod-php7.4 mariadb-server
sudo systemctl restart apache2
Then the MariaDB password should be changed :
sudo mariadb -u root
use mysql;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'secret_password';
FLUSH PRIVILEGES;
exit
sudo systemctl stop mariadb
sudo systemctl start mariadb
# to check everithing is ok
systemctl status mariadb
The web site can be installed in the /srv directory (it could also be install in /var/www, but let say, /srv is simpler...)
sudo apt install git
# downlod the code sour in the preprod-elefan directory
cd /srv
sudo mkdir preprod-elefan
sudo chown dumbo:www-data preprod-elefan
git clone https://github.com/elefan-grenoble/gestion-compte.git preprod-elefan
Then one need composer, The last version of composer seem not working with Symfony 3.4. one way to install the wanted version is to downlead the script directly from the web site. one can use php composer.phar self-update 2.2.17
to change the composer version.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
# download and install the 2.2.17 version
php composer-setup.php --version=2.2.17
Then use composer to install all the package. if no app/config/parameters.yml exist it will ask you some parameters
php composer.phar install --no-dev
then change the mod and owner of the all folder
# change the right to let www-data to have access
cd /srv
sudo chown -R dumbo:www-data preprod-elefan
sudo chmod -R 775 preprod-elefan
if the database already exist, one can drop it with (secret_password
as root password, be carful to the -p
flag before):
mariadb -uroot -psecret -e 'DROP DATABASE IF EXISTS symfony;'
If one want to create a fresh database :
cd /srv/preprod-elefan
# data base creation
php bin/console doctrine:database:create
# Migrer : creation du schema
php bin/console doctrine:migration:migrate
In this case a admin account has to be created later (wen the server is up and running) by going to the address: <website_adress>/user/install_admin
.
If one want to import an existing database (from an export named backup.sql
):
mariadb -uroot -psecret_password -e 'CREATE DATABASE IF NOT EXISTS symfony;'
mariadb -uroot -psecret_password symfony < backup.sql
A script helps to anonymizing the database by replacing the first and last name, the email, the physical address (street, zip code and city) and the phone number of each beneficiary. But it does not change the message text exchanged with the beneficiaries.
php bin/console app:anonymize
And finally the dumping of the asset
php bin/console assetic:dump
to be able to reach the web site a dns registrar is needed (that, or one have to remember the serve IP address). freedns.afraid.org offers free subdomain registration. For this tutorial the sub domain elefan.example.org will be used as recommended in the RFC 2606.
if only one web site is available in this server, one can directly modify the file /etc/apache2/sites-available/000-default.conf
. if not a new conf file should be created, see documentation here, here or here
<VirtualHost *:80>
ServerName elefan.example.org
ServerAlias www.elefan.example.org
ServerAdmin webmaster@localhost
DocumentRoot /srv/preprod-elefan/web
DirectoryIndex /app.php
<Directory /srv/preprod-elefan/web>
AllowOverride None
Order Allow,Deny
Allow from All
FallbackResource /app.php
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
and uncomment the Directory /srv/
section in /etc/apache2/apache2.conf
. The sections Directory /var/www/
and Directory /usr/share
can be commented.
<Directory /srv/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
And restart apache:
sudo systemctl reload apache2
to test the mail function, mailcatcher can be installed. The compilation can take a long (very long) time.
sudo apt install ruby ruby-dev gcc g++ make ibffi-dev libsqlite3-dev
sudo gem install mailcatcher
# add it to the iptable
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 1080 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 1025 -j ACCEPT
sudo netfilter-persistent save
In addition, the route needs to be created, to allow the external connection, see once again the official for the port 1080 in TCP
Then in the /etc/php/7.4/apache2/php.ini
sendmail_path = /usr/bin/env catchmail -f contact@elefan.example.com
to run it once
#the --ip flag to be visible from outside
mailcatcher --http-ip 0.0.0.0 --smtp-ip 0.0.0.0
or to run it as service, create the file /lib/systemd/system/mailcatcher.service
(for the service to work, no instance de mailcatcher should run)
# /lib/systemd/system/mailcatcher.service
[Unit]
Description=Mailcatcher Service
After=network.service vagrant.mount
[Service]
Type=simple
ExecStart=/usr/local/bin/mailcatcher --foreground --ip 0.0.0.0
Restart=always
[Install]
WantedBy=multi-user.target
then the service can be started
sudo systemctl enable mailcatcher
sudo systemctl daemon-reload
sudo systemctl start mailcatcher
And the last step is to configure the Symphony parameters app/config/parameters.yml
database_host: 127.0.0.1
database_port: 3306
database_name: symfony
database_user: root
database_password: secret_password
super_admin.username: admin
super_admin.initial_password: password
mailer_transport: smtp
mailer_host: 127.0.0.1
mailer_port: 1025
mailer_user: null
mailer_password: null
mailer_encryption: null
transactional_mailer_user: contact@elefan.example.org
transactional_mailer_user_name: 'espace membre'
emails.base_domain: elefan.example.org
emails.contact:
from_name: 'Contact Localcoop'
address: contact@elefan.example.org
emails.member:
from_name: 'Membres Localcoop'
address: membres@elefan.example.org
emails.shift:
from_name: 'Créneaux Localcoop'
address: creneaux@elefan.example.org
emails.formation:
from_name: 'Formation Localcoop'
address: formations@elefan.example.org
emails.admin:
from_name: 'Admin Localcoop'
address: admin@elefan.example.org
emails.noreply:
from_name: 'Ne pas répondre'
address: noreply@elefan.example.org
emails.sendable:
- '%emails.contact%'
- '%emails.member%'
- '%emails.shift%'
- '%emails.formation%'
- '%emails.admin%'
- '%emails.noreply%'
shift_mailer_user: null
secret: ThisTokenIsNotSoSecretChangeIt
router.request_context.host: elefan.mytest.gq
router.request_context.scheme: https
router.request_context.base_url: null
site_name: 'Espace membre @ MyLocalCoop'
project_name: 'My Local Coop'
project_url: 'http://elefan.example.org'
main_color: null
local_currency_name: 'monnaie locale'
place_local_ip_address: '127.0.0.1,192.168.0.x'
wiki_keys_url: null
registration_duration: '1 year'
registration_every_civil_year: false
helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
helloasso_campaign_id: null
helloasso_api_key: null
helloasso_api_password: null
helloasso_api_base_url: 'https://api.helloasso.com/v3/'
due_duration_by_cycle: 180
min_shift_duration: 90
cycle_duration: '28 days'
cycle_type: 'abcd'
maximum_nb_of_beneficiaries_in_membership: 2
new_users_start_as_beginner: true
allow_extra_shifts: true
max_time_in_advance_to_book_extra_shifts: '3 days'
display_gauge: true
use_fly_and_fixed: true
time_after_which_members_are_late_with_shifts: -9
reserve_new_shift_to_prior_shifter: true
forbid_shift_overlap_time: 30
display_name_shifters: false
use_card_reader_to_validate_shifts: true
max_time_at_end_of_shift: 0
logging.mattermost.enabled: false
logging.mattermost.level: critical
logging.mattermost.url: 'http://mattermost.yourcoop.local'
logging.mattermost.channel: null
logging.swiftmailer.enabled: false
logging.swiftmailer.level: critical
logging.swiftmailer.recipient: null
code_generation_enabled: true
display_freeze_account: true
display_keys_shop: true
display_freeze_account_false_message: 'Le gel de compte n''est pas autorisé.'
profile_display_task_list: true
profile_display_time_log: true
swipe_card_logging: true
swipe_card_logging_anonymous: true
display_swipe_cards_settings: true