remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bulletproof installation: Redis, build-essential, DB user creation, PHP tuning, SSL, firewall, verification

Browse Source
This commit is contained in:
root
2026-06-04 19:34:06 +02:00
parent b8a15c8412
commit 8ce3fcca85
1 changed files with 112 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+112 -21
View File
@@ -77,36 +77,91 @@ php artisan key:generate
## Installation (Ubuntu 26.04) ## Installation (Ubuntu 26.04)
```bash ```bash
# 1. System deps # ─────────────────────────────────────────────────
sudo apt update && sudo apt install -y git curl wget unzip nginx mariadb-server \ # 1. System dependencies
php8.5 php8.5-{cli,fpm,mysql,xml,mbstring,curl,zip,bcmath,gd,sockets,intl} # ─────────────────────────────────────────────────
sudo apt update
sudo apt install -y git curl wget unzip nginx mariadb-server redis-server \
php8.5 php8.5-{cli,fpm,mysql,xml,mbstring,curl,zip,bcmath,gd,sockets,intl} \
build-essential
# ─────────────────────────────────────────────────
# 2. Composer # 2. Composer
curl -sS https://getcomposer.org/installer | php && sudo mv composer.phar /usr/local/bin/composer # ─────────────────────────────────────────────────
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer
# ─────────────────────────────────────────────────
# 3. Node.js + Yarn # 3. Node.js + Yarn
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt install -y nodejs # ─────────────────────────────────────────────────
sudo corepack enable && corepack install -g yarn@latest curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs
sudo corepack enable
corepack install -g yarn@latest
# 4. Clone # ─────────────────────────────────────────────────
git clone ssh://git@your-gitea-server:8422/remco/Atomcms-edit.git /var/www/atomcms && cd /var/www/atomcms # 4. Secure MariaDB (set root password)
# ─────────────────────────────────────────────────
sudo mysql << EOF
ALTER USER 'root'@'localhost' IDENTIFIED BY 'your_root_password';
FLUSH PRIVILEGES;
EOF
# 5. Configure # ─────────────────────────────────────────────────
cp .env.example.linux .env && php artisan key:generate # 5. Clone the project
# ─────────────────────────────────────────────────
git clone https://your-gitea-server/remco/Atomcms-edit.git /var/www/atomcms
# Or via SSH: git clone ssh://git@your-gitea-server:8422/remco/Atomcms-edit.git /var/www/atomcms
cd /var/www/atomcms
# 6. Install deps # ─────────────────────────────────────────────────
composer install --no-dev --optimize-autoloader && yarn install # 6. Configure environment
# ─────────────────────────────────────────────────
cp .env.example.linux .env
# !! EDIT .env FIRST !! — set DB_PASSWORD, APP_URL, SESSION_DOMAIN, etc.
nano .env
php artisan key:generate
# 7. Database # ─────────────────────────────────────────────────
mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS habbo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" # 7. Create database & user
# ─────────────────────────────────────────────────
sudo mysql << EOF
CREATE DATABASE IF NOT EXISTS habbo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER IF NOT EXISTS 'cms'@'localhost' IDENTIFIED BY 'your_db_password';
GRANT ALL PRIVILEGES ON habbo.* TO 'cms'@'localhost';
FLUSH PRIVILEGES;
EOF
# ─────────────────────────────────────────────────
# 8. Install dependencies
# ─────────────────────────────────────────────────
composer install --no-dev --optimize-autoloader
yarn install
# ─────────────────────────────────────────────────
# 9. Migrate, seed & build
# ─────────────────────────────────────────────────
php artisan migrate --seed php artisan migrate --seed
# 8. Build
yarn build:all yarn build:all
# 9. Permissions # ─────────────────────────────────────────────────
# 10. Permissions
# ─────────────────────────────────────────────────
sudo chown -R www-data:www-data storage bootstrap/cache public/build sudo chown -R www-data:www-data storage bootstrap/cache public/build
sudo chmod -R 775 storage bootstrap/cache sudo chmod -R 775 storage bootstrap/cache
# ─────────────────────────────────────────────────
# 11. Start Redis
# ─────────────────────────────────────────────────
sudo systemctl enable --now redis-server
# ─────────────────────────────────────────────────
# 12. Configure PHP (tune for production)
# ─────────────────────────────────────────────────
sudo sed -i 's/upload_max_filesize = .*/upload_max_filesize = 64M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/post_max_size = .*/post_max_size = 64M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/memory_limit = .*/memory_limit = 256M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/max_execution_time = .*/max_execution_time = 300/' /etc/php/8.5/fpm/php.ini
``` ```
### Nginx config (`/etc/nginx/sites-available/atomcms`) ### Nginx config (`/etc/nginx/sites-available/atomcms`)
@@ -118,10 +173,20 @@ server {
root /var/www/atomcms/public; root /var/www/atomcms/public;
index index.php; index index.php;
charset utf-8; charset utf-8;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
location / { try_files $uri $uri/ /index.php?$query_string; } add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Gzip
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml image/svg+xml;
gzip_vary on;
gzip_min_length 1024;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ { location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.5-fpm.sock; fastcgi_pass unix:/var/run/php/php8.5-fpm.sock;
@@ -129,13 +194,39 @@ server {
include fastcgi_params; include fastcgi_params;
} }
# Block hidden files
location ~ /\.(?!well-known).* { deny all; } location ~ /\.(?!well-known).* { deny all; }
# Block sensitive files
location ~ /(\.env|\.git|composer\.(json|lock)|package\.json|yarn\.lock) { deny all; }
} }
``` ```
```bash ```bash
# Enable site & restart services
sudo ln -sf /etc/nginx/sites-available/atomcms /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/atomcms /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx && sudo systemctl restart php8.5-fpm sudo nginx -t && sudo systemctl reload nginx
sudo systemctl restart php8.5-fpm redis-server
# ─────────────────────────────────────────────────
# Optional: Firewall
# ─────────────────────────────────────────────────
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable
# ─────────────────────────────────────────────────
# Optional: SSL via Certbot
# ─────────────────────────────────────────────────
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.com
# ─────────────────────────────────────────────────
# Verify everything works
# ─────────────────────────────────────────────────
curl -I http://your-domain.com
# Expected: HTTP/2 200 or 302
# Visit https://your-domain.com in your browser
``` ```
--- ---