Created: 2021-09-02 14:25:57 || Updated: 2023-02-01 05:08:17

This doc has been moved

  • This project is currently in Beta with many ongoing changes
  • Due to the fast pace of development, changes may unintentionally introduce security issues
  • As such, storing confidential information is not recommended at this time! Please see this page.

SSH Method
  • Install Apache, PHP, and MariaDB (LAMP stack)
  • Change directory to your webroot
  • Type: git clone .
  • Set web owner on public web directory usually: chown -R www-data:www-data /var/www
  • Create a MySQL user & database for ITFlow to use
  • Point your browser to your Web Server:
  • Go through the Setup Process
  • Login
  • Start inputting some data

There's also a script that automates this process for you, and uses Let's Encrypt certificates.

Uploading method

Only use this method if you don't have access to Git. This will make updates annoying.

  • Download the zip file from here:
  • Using a  browser or SFTP client, upload and extract the archive to the preferred path: /var/www/ 
  • Create a MySQL user & database through your web hosts portal (usually phpMyAdmin)
  • Point your browser to your Web Server:
  • Go through the Setup Process
  • Login
  • Start inputting some data

Basic setup guide for Ubuntu

  • Install Apache, PHP, and MariaDB
    • sudo apt update && sudo apt install apache2 php php-intl php-mysqli php-curl libapache2-mod-php mariadb-server git -y
  • For a production system, do some hardening. As a starting point:
    • sudo mysql_secure_installation
    • Setup UFW / iptables to allow traffic inbound on ports 80/443 only

  • Enable PHP
    • sudo a2enmod php7.4
      • Replace php7.4 with 8.0 if using PHP 8

  • Enable the SSL module
    • sudo a2enmod ssl
  • Add your public/private HTTPs keys. You could also use LetsEncrypt, but setting this up is beyond the scope of this doc.
    • Place public key at: /etc/ssl/certs/public.pem
    • Place private key at: /etc/ssl/private/private.key

  • Update the default SSL config to reflect the key locations
    • sudo nano /etc/apache2/sites-available/default-ssl.conf
      • SSLCertificateKeyFile /etc/ssl/certs/public.pem
      • SSLCertificateFile /etc/ssl/private/private.key
  • Test the config is correct
    • sudo apachectl configtest
      • Looking for "Syntax OK"

  • Enable the 00-default site
    • sudo a2ensite default-ssl
  • Reload Apache Service to apply the changes
    • sudo systemctl reload apache2
  • Test that you can access the default Apache page using HTTP and HTTPS

  • Configure Apache to automatically redirect to HTTPS
    • sudo nano /etc/apache2/sites-enabled/000-default.conf
    • Add the line "Redirect permanent /" (or similar) under the VirtualHost for port 80

  • Log in to the database
    • sudo mysql -u root
  • Create a new database for ITFlow
    • MariaDB>CREATE DATABASE itflow;

  • Add a user for ITFlow to use
    • MariaDB> CREATE USER 'itflow'@'localhost' IDENTIFIED BY 'supersecurepassword';

  • Assign the user permissions on the database
    • MariaDB> GRANT ALL PRIVILEGES on itflow.* to 'itflow'@'localhost';
    • exit
  • Clone the ITFlow repo to your web server
    • cd /var/www/html
    • git clone .
  • Set the web folder to be owned by Apache
    • sudo chown -R www-data:www-data /var/www/html
  • Set web folder permissions (all, for now, we'll change this after setup)
    • sudo chmod -R 777 /var/www/html
  • Run through the initial setup by navigating to your web server using HTTPS
    • Provide the database name, username, and password you set up earlier

  • Once complete, tidy up the webserver permissions
    • sudo find /var/www/html -type d -exec chmod 775 {} \;
    • sudo find /var/www/html -type f -exec chmod 664 {} \;
    • sudo chmod 640 /var/www/html/config.php

    As a general best practice, if your ITFlow instance is to be public-facing please consider adding additional protection with a Web Application Firewall (WAF).