Installation

Created: 2021-09-02 14:25:57 || Updated: 2023-02-01 05:08:17

---

This doc has been moved

---

• This project is currently in Beta with many ongoing changes
• Due to the fast pace of development, changes may unintentionally introduce security issues
• As such, storing confidential information is not recommended at this time! Please see this page.
  

---

• Install Apache, PHP, and MariaDB (LAMP stack)
  
• Change directory to your webroot
• Type: git clone https://github.com/itflow-org/itflow.git .
• Set web owner on public web directory usually: chown -R www-data:www-data /var/www
• Create a MySQL user & database for ITFlow to use
  
• Point your browser to your Web Server: https://itflow.yourdomain.com
• Go through the Setup Process
• Login
• Start inputting some data

There's also a script that automates this process for you, and uses Let's Encrypt certificates.

Uploading method

Only use this method if you don't have access to Git. This will make updates annoying.

• Download the zip file from here: https://github.com/itflow-org/itflow/archive/refs/heads/master.zip
• Using a  browser or SFTP client, upload and extract the archive to the preferred path: /var/www/ 
• Create a MySQL user & database through your web hosts portal (usually phpMyAdmin)
  
• Point your browser to your Web Server: https://itflow.yourdomain.com
• Go through the Setup Process
• Login
• Start inputting some data

---

Basic setup guide for Ubuntu

• Install Apache, PHP, and MariaDB

  • sudo apt update && sudo apt install apache2 php php-intl php-mysqli php-curl libapache2-mod-php mariadb-server git -y

• For a production system, do some hardening. As a starting point:
  

  • sudo mysql_secure_installation

  • Setup UFW / iptables to allow traffic inbound on ports 80/443 only
    
    
• Enable PHP

  • sudo a2enmod php7.4

    • Replace php7.4 with 8.0 if using PHP 8
      
      
• Enable the SSL module
  

  • sudo a2enmod ssl

• Add your public/private HTTPs keys. You could also use LetsEncrypt, but setting this up is beyond the scope of this doc.
  
  • Place public key at: /etc/ssl/certs/public.pem
    
  • Place private key at: /etc/ssl/private/private.key
    
    
• Update the default SSL config to reflect the key locations

  • sudo nano /etc/apache2/sites-available/default-ssl.conf

    • SSLCertificateKeyFile /etc/ssl/certs/public.pem

    • SSLCertificateFile /etc/ssl/private/private.key

• Test the config is correct

  • sudo apachectl configtest

    • Looking for "Syntax OK"
      
      
• Enable the 00-default site

  • sudo a2ensite default-ssl

• Reload Apache Service to apply the changes

  • sudo systemctl reload apache2

• Test that you can access the default Apache page using HTTP and HTTPS
  
  
• Configure Apache to automatically redirect to HTTPS

  • sudo nano /etc/apache2/sites-enabled/000-default.conf

  • Add the line "Redirect permanent / https://itflow.yourdomain.com/" (or similar) under the VirtualHost for port 80
    
    
• Log in to the database
  

  • sudo mysql -u root

• Create a new database for ITFlow
  • MariaDB>CREATE DATABASE itflow;
  • MariaDB>FLUSH PRIVILEGES;
    
    
• Add a user for ITFlow to use
  • MariaDB> CREATE USER 'itflow'@'localhost' IDENTIFIED BY 'supersecurepassword';
    
    
• Assign the user permissions on the database
  • MariaDB> GRANT ALL PRIVILEGES on itflow.* to 'itflow'@'localhost';

  • exit

• Clone the ITFlow repo to your web server

  • cd /var/www/html

  • git clone https://github.com/johnnyq/itflow.git .

• Set the web folder to be owned by Apache

  • sudo chown -R www-data:www-data /var/www/html

• Set web folder permissions (all, for now, we'll change this after setup)
  

  • sudo chmod -R 777 /var/www/html

• Run through the initial setup by navigating to your web server using HTTPS
  • Provide the database name, username, and password you set up earlier
    
    
• Once complete, tidy up the webserver permissions
  

  • sudo find /var/www/html -type d -exec chmod 775 {} \;

  • sudo find /var/www/html -type f -exec chmod 664 {} \;

  • sudo chmod 640 /var/www/html/config.php

• Backup your master encryption key at /settings-backup.php
• Check you don't need to add any specific config.php variables
  
• See the Alerts doc to learn how to setup cron
• If you are not using HTTPS, see here.
  
• Done!
  

As a general best practice, if your ITFlow instance is to be public-facing please consider adding additional protection with a Web Application Firewall (WAF).