How to install YetiForce on Debian 10
This tutorial presents LEMP installation and configuration for YetiForce on Debian 10 with NGINX/PHP-FPM 7.4/MariaDB server.
W artykule zakładamy, że masz przynajmniej podstawową wiedzę o Linux i wiesz jak korzystać z powłoki shell.
Instalacja jest całkiem prosta i zakłada, że pracujesz na koncie root. Jeśli nie, może być konieczne dodanie sudo poleceń, aby uzyskać uprawnienia root.
Pełna lista wymagań dla systemu YetiForce jest na stronie: Wymagania systemu YetiForce
1. Aktualizacja wszystkich zainstalowanych pakietów do najnowszych dostępnych wersji
apt-get update -y
apt-get upgrade -y
2. Zainstaluj wymagane pakiety
apt-get install -y --no-install-recommends apt-utils curl openssl wget ca-certificates apt-transport-https lsb-release gnupg zip unzip cron mc htop p7zip-full
3. Dodaj wymagane repozytoria (źródła pakietów)
Domyślna wersja PHP używana w danej dystrybucji nie zawsze jest zgodna z wymaganiami, dlatego używamy dodatkowego źródła pakietów.
Zalecamy używanie https://deb.sury.org/, https://github.com/oerdnj/deb.sury.org zawiera najnowsze wersje oraz częste aktualizacje PHP.
wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
Jeśli chcesz mieć najnowszą wersję silnika bazy danych, to możesz dodać dodatkowe repozytorium pakietów od MariaDB.
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
echo "deb [arch=amd64,arm64,ppc64el] https://ftp.osuosl.org/pub/mariadb/repo/10.6/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list
4. Update newly added packages
apt-get update -y
5. Install MariaDB
apt-get install -y --no-install-recommends mariadb-server mariadb-client
6. Install PHP-FPM / NGINX
apt-get install -y --no-install-recommends nginx nginx-extras php7.4-fpm php7.4-mysql php7.4-curl php7.4-intl php7.4-gd php7.4-fpm php7.4-bcmath php7.4-soap php7.4-ldap php7.4-imap php7.4-xml php7.4-cli php7.4-zip php7.4-json php7.4-opcache php7.4-mbstring php7.4-imagick php7.4-apcu
apt-get -y autoclean
7. Create users, groups and configure the structure
For security reasons, create a separate user in the OS, which will limit the permissions for the application.
groupadd yfprod
useradd -g yfprod yfprod
usermod --shell /bin/bash yfprod
mkdir -p /home/yfprod/html/public_html
chown -R yfprod:yfprod /home/yfprod/
mkdir -p /var/log/php/
passwd yfprod
Utworzenie środowiska testowego
groupadd yftest
useradd -g yftest yftest
usermod --shell /bin/bash yftest
mkdir -p /home/yftest/html/public_html
chown -R yftest:yftest /home/yftest/
passwd yftest
8. Configure NGINX
rm /etc/nginx/sites-available/default
rm /etc/nginx/sites-enabled/default
rm /var/www/html/index.nginx-debian.html
wget -O /etc/nginx/yetiforce.conf "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/nginx/yetiforce.conf"
wget -O /etc/nginx/sites-available/yfprod.conf "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/nginx/www.conf"
ln -s /etc/nginx/sites-available/yfprod.conf /etc/nginx/sites-enabled/
rm /etc/nginx/nginx.conf
wget -O /etc/nginx/nginx.conf "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/nginx/nginx.conf"
The www.conf GitHub file contains example domain names that should be changed. The example is presented on the development version, we recommend downloading the files for the system version that will be installed.
Utworzenie środowiska testowego, wymaga zmiany nazwy domeny
cp /etc/nginx/sites-available/yfprod.conf /etc/nginx/sites-available/yftest.conf
ln -s /etc/nginx/sites-available/yftest.conf /etc/nginx/sites-enabled/
9. Configure PHP-FPM
rm /etc/php/7.4/fpm/pool.d/www.conf
wget -O /etc/php/7.4/fpm/pool.d/yfprod.conf "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/fpm/www.conf"
wget -O /etc/php/7.4/fpm/conf.d/yetiforce.ini "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/php/prod.ini"
cp /etc/php/7.4/fpm/conf.d/yetiforce.ini /etc/php/7.4/cli/conf.d/yetiforce.ini
sed -i 's/php_error/cli_error/g' /etc/php/7.4/cli/conf.d/yetiforce.ini
sed -i 's/html_errors = "On"/html_errors = "Off"/g' /etc/php/7.4/cli/conf.d/yetiforce.ini
sed -i 's/output_buffering = "On"/output_buffering = "Off"/g' /etc/php/7.4/cli/conf.d/yetiforce.ini
W przykładzie jest użyta wersja deweloperska, zalecamy aby pobrać pliki dla wersji systemu, która będzie instalowana np. https://github.com/YetiForceCompany/YetiForceCRM/blob/6.4.0/tests/setup/fpm/www.conf
Tworzenie środowiska testowego wymaga skopiowania pliku i zastąpienia yfprod yftest
cp /etc/php/7.4/fpm/pool.d/yfprod.conf /etc/php/7.4/fpm/pool.d/yftest.conf
sed -i 's/yfprod/yftest/g' /etc/php/7.4/fpm/pool.d/yftest.conf
10. Configure MariaDB
rm /etc/mysql/mariadb.conf.d/50-server.cnf
wget -O /etc/mysql/mariadb.conf.d/50-server.cnf "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/db/mysql.cnf"
MariaDB is not secure by default. You can secure it in two ways:
mysql_secure_installation
Enter current password for root (enter for none):OK, successfully used password, moving on...
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database... ... Success!
- Removing privileges on test database... ... Success!
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB installation should now be secure.
Thanks for using MariaDB!
Or secure it manually:
DB_ROOT_PASS=`openssl rand -base64 15`
DB_AND_USER1_NAME="yfprod"
DB_USER1_PASS=`openssl rand -base64 15`
echo "New root password: $DB_ROOT_PASS"
echo "New $DB_AND_USER1_NAME user password: $DB_USER1_PASS"
mysqladmin password "$DB_ROOT_PASS";
echo "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';" | mysql --user=root;
echo "DELETE FROM mysql.user WHERE User='';" | mysql --user=root -p$DB_ROOT_PASS;
echo "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql --user=root -p$DB_ROOT_PASS;
echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" | mysql --user=root -p$DB_ROOT_PASS;
echo "FLUSH PRIVILEGES;" | mysql --user=root -p$DB_ROOT_PASS
Create a new user and database for YetiForce:
echo "CREATE DATABASE $DB_AND_USER1_NAME CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql --user=root -p$DB_ROOT_PASS;
echo "CREATE USER '$DB_AND_USER1_NAME'@'localhost' IDENTIFIED BY '$DB_USER1_PASS';" | mysql --user=root -p$DB_ROOT_PASS;
echo "GRANT ALL PRIVILEGES ON $DB_AND_USER1_NAME.* TO '$DB_AND_USER1_NAME'@'localhost';" | mysql --user=root -p$DB_ROOT_PASS;
echo "FLUSH PRIVILEGES;" | mysql --user=root -p$DB_ROOT_PASS
11. Configure CRON-a
wget -O /etc/cron.d/yf_crm "https://raw.githubusercontent.com/YetiForceCompany/YetiForceCRM/developer/tests/setup/crons.conf"
12. Activate services
systemctl restart cron.service
systemctl restart mariadb.service
systemctl restart php7.4-fpm.service
systemctl restart nginx.service
13. Download YetiForce installer
cd /home/yfprod/html/
wget -O YetiForceCRM.zip https://github.com/YetiForceCompany/YetiForceCRM/releases/download/6.4.0/YetiForceCRM-6.4.0-complete.zip
unzip YetiForceCRM.zip
chown -R yfprod:yfprod /home/yfprod/html/
rm YetiForceCRM.zip
rm .user.ini
rm public_html/.user.ini
14. Install YetiForce
A complete description of the YetiForce installation can be found in the article: Installation manual
15. Final remarks
Po zakończeniu konfiguracji dostęp do SSH powinien zostać ograniczony tylko do zaufanych adresów IP lub VPN.
We also recommend disabling root login directly via SSH and installing and configuring a firewall.