Skip to content

Installation on Oracle free VPS (Preprod)

Sylvain Martin edited this page Sep 7, 2023 · 3 revisions

Auteur: Sylvain Martin Date: 22-dec-2022

Introduction

To have a preprod server, it can be useful to have a dedicated machine with a similar environment that the one used on prod. Oracle cloud have a free tier offer to experiment with their cloud services. It allow to have up to 2 VPS with Linux on it for free... They are clearly for test purpose because they are kite weak : Virtual machine, 2GHz CPU, 1 core OCPU, 1 GB memory, 0.48 Gbps network bandwidth

The official documentation is quiet exhaustive :

[!note]- Words of caution from the Auteur I am no expert in that matter, it is merely a working solution developed after several sleepless nights to figure out a way to have a test server, but not an optimized one. In addition, some steps could be missing.

Instance creation

when register and connected (they ask for a credit card number, but do not charge). one can "create a VM Instance" (in the compute category).

Creat_instance_oracle_cloud_1 Creat_instance_oracle_cloud_2

Do not forget to upload or download a ssh key. It is need for the remote connection later.

To connect to this instance, a ssh toot is needed. for the Linux user no problems, for the windows user powershell can do it or some tool like MobzXterm.

Route creation

to allow the external connection, routes has to be defined. once again the official documentation is clear enough. (one can allow also the ports 8080 ad 8000 to be able to use the dev server)

routes_for_oracle_cloud

The Ubuntu firewall is disabled by default. However, you still need to update your iptables configuration to allow HTTP traffic. Update iptables with the following commands. The commands add a rule to allow HTTP traffic and saves the changes to the iptables configuration files.

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo netfilter-persistent save

Environment Installation

User & group

Warning

It is realy important that all the files used by the web site are owned by a user of the www-data group with the possibility for the group to read and execute (and eventually write for the var folder)

Here a user was created to not use the main root user (by default named ubuntu): dumbo. This user were given the root rights through sudo and is in the www-data group (the group used by apache and co).

PHP, Apache, MariaDB

To install PHP, one have to be careful to use php 7 (by default, it is PHP 8):

sudo apt update
sudo apt upgrade

adding the PHP repository :

sudo add-apt-repository ppa:ondrej/php
sudo apt update

Then installing:

sudo apt install apache2 php7.4 php7.4-cli php7.4-common php7.4-curl php7.4-mbstring php7.4-mysql php7.4-xmlp php7.4-gd libapache2-mod-php7.4 mariadb-server

sudo systemctl restart apache2

Then the MariaDB password should be changed :

sudo mariadb -u root
use mysql;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'secret_password';
FLUSH PRIVILEGES;
exit
sudo systemctl stop mariadb
sudo systemctl start mariadb
# to check everithing is ok
systemctl status mariadb

Web site code source

Code source download

The web site can be installed in the /srv directory (it could also be install in /var/www, but let say, /srv is simpler...)

sudo apt install git
# downlod the code sour in the preprod-elefan directory
cd /srv
sudo mkdir preprod-elefan
sudo chown dumbo:www-data preprod-elefan
git clone https://github.com/elefan-grenoble/gestion-compte.git preprod-elefan

Then one need composer, The last version of composer seem not working with Symfony 3.4. one way to install the wanted version is to downlead the script directly from the web site. one can use php composer.phar self-update 2.2.17 to change the composer version.

Composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

# download and install the 2.2.17 version
php composer-setup.php --version=2.2.17

Then use composer to install all the package. if no app/config/parameters.yml exist it will ask you some parameters

php composer.phar install --no-dev

then change the mod and owner of the all folder

# change the right to let www-data to have access
cd /srv
sudo chown -R dumbo:www-data preprod-elefan
sudo chmod -R 775 preprod-elefan

Database and assets

if the database already exist, one can drop it with (secret_password as root password, be carful to the -p flag before):

mariadb -uroot -psecret -e 'DROP DATABASE IF EXISTS symfony;'

If one want to create a fresh database :

cd /srv/preprod-elefan
# data base creation
php bin/console doctrine:database:create
# Migrer : creation du schema
php bin/console doctrine:migration:migrate

In this case a admin account has to be created later (wen the server is up and running) by going to the address: <website_adress>/user/install_admin.

If one want to import an existing database (from an export named backup.sql):

mariadb -uroot -psecret_password -e 'CREATE DATABASE IF NOT EXISTS symfony;'
mariadb -uroot -psecret_password symfony < backup.sql

A script helps to anonymizing the database by replacing the first and last name, the email, the physical address (street, zip code and city) and the phone number of each beneficiary. But it does not change the message text exchanged with the beneficiaries.

php bin/console app:anonymize

And finally the dumping of the asset

php bin/console assetic:dump

DNS registrar

to be able to reach the web site a dns registrar is needed (that, or one have to remember the serve IP address). freedns.afraid.org offers free subdomain registration. For this tutorial the sub domain elefan.example.org will be used as recommended in the RFC 2606.

Apache configuration

if only one web site is available in this server, one can directly modify the file /etc/apache2/sites-available/000-default.conf. if not a new conf file should be created, see documentation here, here or here

<VirtualHost *:80>
    ServerName elefan.example.org
	ServerAlias www.elefan.example.org
	ServerAdmin webmaster@localhost
	DocumentRoot /srv/preprod-elefan/web
    DirectoryIndex /app.php
    
	 <Directory /srv/preprod-elefan/web>
		 AllowOverride None
		 Order Allow,Deny
		 Allow from All
		 FallbackResource /app.php
	 </Directory>
	 
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

and uncomment the Directory /srv/ section in /etc/apache2/apache2.conf. The sections Directory /var/www/ and Directory /usr/share can be commented.

<Directory /srv/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

And restart apache:

sudo systemctl reload apache2

Mailcatcher

to test the mail function, mailcatcher can be installed. The compilation can take a long (very long) time.

sudo apt install ruby ruby-dev gcc g++ make ibffi-dev  libsqlite3-dev
sudo gem install mailcatcher

# add it to the iptable
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 1080 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 1025 -j ACCEPT
sudo netfilter-persistent save

In addition, the route needs to be created, to allow the external connection, see once again the official for the port 1080 in TCP

Then in the /etc/php/7.4/apache2/php.ini

sendmail_path = /usr/bin/env catchmail -f contact@elefan.example.com

to run it once

#the --ip flag to be visible from outside
mailcatcher --http-ip 0.0.0.0 --smtp-ip 0.0.0.0

or to run it as service, create the file /lib/systemd/system/mailcatcher.service (for the service to work, no instance de mailcatcher should run)

# /lib/systemd/system/mailcatcher.service
[Unit]
Description=Mailcatcher Service
After=network.service vagrant.mount

[Service]
Type=simple
ExecStart=/usr/local/bin/mailcatcher --foreground --ip 0.0.0.0
Restart=always

[Install]
WantedBy=multi-user.target

then the service can be started

sudo systemctl enable mailcatcher
sudo systemctl daemon-reload
sudo systemctl start mailcatcher

parameters.yml

And the last step is to configure the Symphony parameters app/config/parameters.yml

    database_host: 127.0.0.1
    database_port: 3306
    database_name: symfony
    database_user: root
    database_password: secret_password
    super_admin.username: admin
    super_admin.initial_password: password
    mailer_transport: smtp
    mailer_host: 127.0.0.1
    mailer_port: 1025
    mailer_user: null
    mailer_password: null
    mailer_encryption: null
    transactional_mailer_user: contact@elefan.example.org
    transactional_mailer_user_name: 'espace membre'
    emails.base_domain: elefan.example.org
    emails.contact:
        from_name: 'Contact Localcoop'
        address: contact@elefan.example.org
    emails.member:
        from_name: 'Membres Localcoop'
        address: membres@elefan.example.org
    emails.shift:
        from_name: 'Créneaux Localcoop'
        address: creneaux@elefan.example.org
    emails.formation:
        from_name: 'Formation Localcoop'
        address: formations@elefan.example.org
    emails.admin:
        from_name: 'Admin Localcoop'
        address: admin@elefan.example.org
    emails.noreply:
        from_name: 'Ne pas répondre'
        address: noreply@elefan.example.org
    emails.sendable:
        - '%emails.contact%'
        - '%emails.member%'
        - '%emails.shift%'
        - '%emails.formation%'
        - '%emails.admin%'
        - '%emails.noreply%'
    shift_mailer_user: null
    secret: ThisTokenIsNotSoSecretChangeIt
    router.request_context.host: elefan.mytest.gq
    router.request_context.scheme: https
    router.request_context.base_url: null
    site_name: 'Espace membre @ MyLocalCoop'
    project_name: 'My Local Coop'
    project_url: 'http://elefan.example.org'
    main_color: null  
    local_currency_name: 'monnaie locale'  
    place_local_ip_address: '127.0.0.1,192.168.0.x'  
    wiki_keys_url: null  
    registration_duration: '1 year'  
    registration_every_civil_year: false  
    helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'  
    helloasso_campaign_id: null  
    helloasso_api_key: null  
    helloasso_api_password: null  
    helloasso_api_base_url: 'https://api.helloasso.com/v3/'  
    due_duration_by_cycle: 180  
    min_shift_duration: 90  
    cycle_duration: '28 days'  
    cycle_type: 'abcd'  
    maximum_nb_of_beneficiaries_in_membership: 2  
    new_users_start_as_beginner: true  
    allow_extra_shifts: true  
    max_time_in_advance_to_book_extra_shifts: '3 days'  
    display_gauge: true  
    use_fly_and_fixed: true  
    time_after_which_members_are_late_with_shifts: -9  
    reserve_new_shift_to_prior_shifter: true  
    forbid_shift_overlap_time: 30  
    display_name_shifters: false  
    use_card_reader_to_validate_shifts: true  
    max_time_at_end_of_shift: 0  
    logging.mattermost.enabled: false  
    logging.mattermost.level: critical  
    logging.mattermost.url: 'http://mattermost.yourcoop.local'  
    logging.mattermost.channel: null  
    logging.swiftmailer.enabled: false  
    logging.swiftmailer.level: critical  
    logging.swiftmailer.recipient: null  
    code_generation_enabled: true  
    display_freeze_account: true  
    display_keys_shop: true  
    display_freeze_account_false_message: 'Le gel de compte n''est pas autorisé.'  
    profile_display_task_list: true  
    profile_display_time_log: true  
    swipe_card_logging: true  
    swipe_card_logging_anonymous: true  
    display_swipe_cards_settings: true