Webapps

From Segfault
Jump to: navigation, search

Glype

Download Glype (web-based proxy script), unzip the package.

 mkdir -m 0770 tmp/logs tmp/cookies
 sudo chown :www-data tmp tmp/logs tmp/cookies/
 chmod 0666 includes/settings.php

Open glype in your web browser, glype/admin.php should open where you can configure Glype. After this is done, lock includes/settings.php again:

 chmod 0444 includes/settings.php

Mediawiki

Mediawiki

MyBB

Installation

To checkout trunk:

 svn co http://svn.mybboard.net/mybb/trunk/ mybb-svn        # Is trunk available?

To checkout the stable branch:

 svn co http://svn.mybboard.net/mybb/branches/1.6-stable mybb-1.6-svn

For now, we won't use symlinks to point to the repository but we'll just export it into our document root:

 cd mybb-1.6-svn
 svn export . /var/www/mybb

Prepare the directories for the installer:

 mv inc/config.default.php inc/config.php && cp inc/settings.php{,.orig}
 chown root:apache inc/config.php inc/settings.php cache/ uploads/ uploads/avatars/
 chmod g+rw inc/config.php inc/settings.php cache/ uploads/ uploads/avatars/

Note: we may have just setup our MySQL server, let's set a password for the root user. We also have to create the MyBB database or the installer will fail:

 mysql> update mysql.user set password=password('pAsSw0rd') where user='root';
 mysql> flush privileges;
 mysql> create database mybb;

Now we can point our browser to http://localhost/mybb/install/ to setup MyBB. After the installation completed, we lock the install/ directory and adjust a few permissions:

 touch install/lock
 chown root:apache inc/languages admin/backups/ cache/themes/
 chmod g+rwx inc/languages admin/backups/ cache/themes/

reCaptcha

There a few captcha plugins available, we went for reCAPTCHA II in this example:

 wget http://mods.mybb.com/uploads/downloads/1246-1281535641-reCAPTCHA.zip    # This URL might change...?
 mkdir r && cd r && unzip ../*reCAPTCHA.zip
 mkdir ../mybb-svn/inc/plugins/support
 mv reCAPTCHA.php ../mybb-svn/inc/plugins/
 mv recaptchalib.php recaptchalib_LICENSE.txt ../mybb-svn/inc/plugins/support/
 mv reCAPTCHA_plugin_admin.lang.php ../mybb-svn/inc/languages/english/admin/
 mv reCAPTCHA_plugin.lang.php ../mybb-svn/inc/languages/english/

For reCaptcha to work, we need a (free) API-key. Now we have to activate the plugin:

  1. Login to the Admin Control Panel
  2. Click on Configuration and choose Plugins in the left panel
  3. Activate the reCAPTCHA Plugin
  4. Click on ConfigurationreCAPTCHA Configuration
  5. Insert the API key pair
  6. Click on Save Settings

Note: the API-key sitename has to match the hostname where the API-key is used for. Otherwise the reCaptcha won't show up on the login page. For testing purposes, one can also sign up for a localhost API-key. While testing the plugin on a NAT'ed system, the plugin gave the following error:

 For security reasons, you must pass the remote ip to reCAPTCHA

As a (temporary) workaround, we just disabled the check in ../mybb-svn/inc/plugins/support/recaptchalib.php:

--- ../mybb-svn/inc/plugins/support/recaptchalib.php.bak        2011-11-17 05:44:14.017212039 -0800
+++ ../mybb-svn/inc/plugins/support/recaptchalib.php    2011-11-17 05:47:46.212692404 -0800
[...]
-       if ($remoteip == null || $remoteip == '') {
-               die ("For security reasons, you must pass the remote ip to reCAPTCHA");
-       }
-

Octopress

Installation

A bit of an experiment for now, but Octopress looks kinda cool. Deployment is done via Ruby, Git and Heroku. Let's see how far we get.

Install a few prerequisites, we will need Ruby v1.9.2 or higher:

sudo yum install ruby ruby-devel git gcc                       # Fedora
sudo apt-get install ruby1.9.1 ruby1.9.1-dev git-core gcc      # Debian
sudo ln -s /usr/bin/ruby1.9.1 /usr/bin/ruby                    # For some reason Debian does not install a symlink

Fetch the Octopress sources:

git clone git://github.com/imathis/octopress.git octopress-git
cd octopress-git

Install bundler as a dependency:

gem install bundler

Install the default Octopress theme:

rake install

The actual Octopress blog can be deployed via Github, Heroku or rsync. In this example, we'll deploy via Heroku.

Install the Heroku gem:

gem install heroku

Create a Heroku app. We'll need a Heroku account and an SSH keypair:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/heroku
heroku create                        # This will create a new Heroku app to deploy to and add
                                     # a git remote named "heroku".

Set heroku to be the default remote for push/fetch

git config branch.master.remote heroku

Edit the .gitignore in the root of your repository and remove public. This will let you add generated content for deploying it to Heroku:

rake generate
git add .
git commit -m 'initial commit'

git push heroku master

Now Octopress should be up & running as a Heroku app.

Usage

After configuring a few globals via _config.yml, the actual blogging is as nerdy as it gets:

rake new_post["My first post"]
vi source/_posts/2012-05-31-My-first-post.markdown       # Edit with your editor-of-choice :-)

rake generate
git add .
git commit -m 'site updated'
git push heroku master

And the new post should appear on the blog.

Piwik

Installation

Install from Git[1]:

git clone https://github.com/piwik/piwik.git piwik-git
cd piwik-git

DOCROOT=/var/www/
git archive --format=tar --prefix=piwik/ 2.11.2 | tar -C $DOCROOT/ -xf -

Setup composer libraries:

cd $DOCROOT/piwik
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev

Removing some cruft:

rm -f CHANGELOG.md CONTRIBUTING.md LEGALNOTICE README.md SECURITY.md .bowerrc .coveralls.yml .gitignore .gitmodules .scrutinizer.yml .travis.yml PRIVACY.md PULL_REQUEST_TEMPLATE robots.txt
rm -rf tests

Adjust ownerships:

sudo chown -cR www-data:www-data tmp/ config/ piwik.js

For some reason I needed to download PiwikTracker.php:

wget "http://demo.piwik.org/index.php?module=SitesManager&action=downloadPiwikTracker" -O libs/PiwikTracker/PiwikTracker.php

Point your browser to your Piwik installation and the installer should do the rest. Afterwards, be sure to lock the configuration file:

sudo chmod -c a-w config config/config.ini.php
sudo chown -c www-data:www-data config/config.ini.php

Optionally, create a manifest.inc.php with piwik_manifest.sh:

sh ~/bin/piwik_manifest.sh .
sudo mv -iv manifest.inc.php.13534 $DOCROOT/piwik/config/manifest.inc.php

Updating

The update process is similar to the Installation, but choose a different tag to export. After that, we'll have to update the database too:

cd $DOCROOT/piwik
sudo -u www-data sh -c "php ./console core:update"
sudo -u www-data sh -c "php index.php -- module=CoreUpdater"                 # ??

Bugs:

Auto-Archiving

How to Set up Auto-Archiving of Your Reports:

  1. Disable Piwik archiving in the GUI: SettingsGeneral Settings and set "Allow Piwik archiving..." to No and "Reports for today..." to 3600 seconds.
  2. Create a cronjob. Depending on how busy the sites are, the interval needs to be adjusted:
0  1 * * *   www-data /usr/bin/php /var/www/piwik/console core:archive --url=https://example.org/piwik/ >> /var/log/piwik-archive.log

Note: make sure tmp/cache/tracker is writable by the www-data user![2]

Roundcube

Installation

git clone https://github.com/roundcube/roundcubemail.git roundcubemail-git

Checking out a stable version or switching to another version:

export DOCROOT=/var/www
cd roundcubemail-git
git pull
git archive --format=tar --prefix=roundcube/ 1.1.4 | tar -C $DOCROOT/ -xvf -

Or, when pushing to a remote site:

git archive --format=tar --prefix=roundcube/ 1.1.4 | gzip -9c | ssh ssh.example.com "tar -C /var/www/ -xzf -"

Clean up:

cd $DOCROOT/roundcube
mkdir -p config logs temp
sudo chown -Rc www-data:www-data logs temp
sudo chmod -c 0770 temp/ logs/
cp config/db.inc.php{.dist,}
cp config/main.inc.php{.dist,}
rm -rf Dockerfile CHANGELOG INSTALL LICENSE README.md SQL UPGRADING bin composer.json-dist index-test.php tests robots.txt installer/

Create the database user:

$ mysql -u root -p
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'password';
> quit

Create the database:

mysql -u root -D roundcubemail -p < SQL/mysql.initial.sql

config/config.inc.php

$config['db_dsnw']      = 'mysql://roundcube:pass@localhost/roundcubemail';
$config['default_host'] = array('127.0.0.1', 'ssl://imap.example.com');
$config['des_key']      = 'random-24-characters-string';
$config['log_dir']      = 'logs/';
$config['temp_dir']     = 'temp/';
$config['force_https']  = true;

Upgrade

Upgrading can be done via command line or via a web browser.

Prepare our installation:

export DOCROOT=/var/www
sudo chown -R $USER $DOCROOT/roundcube

Checkout the new version:

cd ~/roundcubemail-git
git pull
git archive --format=tar --prefix=roundcube/ 1.1.4 | tar -C $DOCROOT/ -xvf -

Or, when pushing to a remote site:

git archive --format=tar 1.1.4 | gzip -9c | ssh ssh.example.com "tar -C /var/www/roundcube/ -xzf -"

Command line

cd $DOCROOT/roundcube
bin/update.sh
sudo chown -Rc www-data:www-data logs temp
sudo chmod -c 0770 temp/ logs/
rm -rf Dockerfile CHANGELOG INSTALL LICENSE README.md SQL UPGRADING bin composer.json-dist index-test.php tests robots.txt installer/

Web

Set enable_installer to true in config/config.inc.php:

$config['enable_installer'] = true;

Run the installer, start at step 3:

https://example.com/installer/index.php?_step=3

After the upgrade, set "enable_installer" to false again and/or remove the installer/ directory:

rm -rf Dockerfile CHANGELOG INSTALL LICENSE README.md SQL UPGRADING bin composer.json-dist index-test.php tests robots.txt installer/

Serendipity

Installation

export DOCROOT=/var/www
git clone git://github.com/s9y/Serendipity.git serendipity-git
cd serendipity-git

git archive --format=tar --prefix=s9y/ 2.0.1 | tar -C $DOCROOT -xvf -
cd $DOCROOT/s9y
rm -rf README.markdown deployment docs tests

Replace 2.0.1 with a version of your choice, or use master to export HEAD.

If necessary, create symlinks to the CSS files:

ln -s serendipity.css.php serendipity.css
ln -s serendipity.css.php serendipity_admin.css

Adjust configuration:

$ cat serendipity_config_local.inc.php
[...]
       $serendipity['dbName']            = 's9y';
       $serendipity['dbPrefix']          = 's9y_';
       $serendipity['dbHost']            = '10.0.0.1';
       $serendipity['dbUser']            = 's9yuser';
       $serendipity['dbPass']            = 's3cr3t';
       $serendipity['dbType']            = 'mysql';
       $serendipity['dbPersistent']      =  true;
       $serendipity['dbCharset']         = 'utf8';
       
       // End of Serendipity configuration file
       // You can place your own special variables after here:
       
       // Setting this to 'false' will enable debugging output.
       // All alpa/beta/cvs snapshot versions will emit debug 
       // information by default. To increase the debug level
       // (to enable Smarty debugging), set this flag to 'debug'.
       $serendipity['production']      = true;
       error_reporting(E_ERROR);

Generate checksums.inc.php, so the installation can be verified later on (via "Verify Installation Integrity"):

echo | php -B "define('IN_serendipity', true);" -F bundled-libs/serendipity_generateFTPChecksums.php

Update

Re-run the installation process above. Upon accessing the s9y installation with a web browser, an update prompt should be visible.

Otherwise try to start the update manually via http://example.com/s9y/serendipity_admin.php?serendipity[action]=upgrade

Links

PHP 4.4.9 / AddHandler x-mapp-php4 .php
PHP 5.2 / AddHandler x-mapp-php5 .php
PHP 5.4 / AddHandler x-mapp-php6 .php

Simplevault

SimpleVault has an SVN repo on SourceForge:

svn checkout svn://svn.code.sf.net/p/simplevault/code/ simplevault-svn
cd simplevault-svn
svn export . /var/www/simplevault

cd /var/www/simplevault
mv svconfig.php-dist > svconfig.php
rm -f doc makerelease.sh README vault

Edit svconfig.php and point $vaultfname to something that is not web readable! But make sure php is able to read it, if open_basedir is in effect.

Standalone

We can use the built-in webserver of PHP to fire up a Simplevault instance, but we'll need the (deprecated)[3] mcrypt extension too. Short of installing a whole new PHP environment, we'll just install only this single extension:

sudo port install libmcrypt

Get a somewhat recent PHP release and build and install php-mcrypt:

curl -LO https://github.com/php/php-src/archive/php-5.6.33.tar.gz
tar -xzf php*.tar.gz
cd php-src-php*/ext/mcrypt/
phpize
./configure --with-mcrypt=/opt/local                        # Where mcrypt.h is located
make && make test
sudo install -m0755 -o root -g wheel modules/mcrypt.so /usr/local/lib/

Now we can run Simplevault and it will be able to actually decrypt/encrypt entries too:

php -d extension=/usr/local/lib/mcrypt.so  -S localhost:8080 -t ~/simplevault/

Convert to Git

Generate an author mapping file:

cd simplevault-svn
svn log -q | awk -F '|' '/^r/ {sub("^ ", "", $2); sub(" $", "", $2); print $2" = "$2" <"$2">"}' | sort -u > ../sv_authors.txt

Convert the repository:

$ sudo apt-get install git-svn
$ git svn clone svn://svn.code.sf.net/p/simplevault/code --no-metadata --authors-file=sv_authors.txt --no-metadata simplevault-git
Initialized empty Git repository in /usr/local/src/simplevault-git/.git/
       A       sv.css
       A       doc/sv.css
       A       doc/logo.png
       A       doc/index.html
       A       vault/simplevault.txt
       A       img/logo.png
       A       img/logo-workplace.png
       A       index.php
       A       sv.css-back
r1 = 9a6b820b94f9cbcda2925ab86f628080137284b0 (refs/remotes/git-svn)
       M       sv.css
[...]

The SVN repository hasn't been updated in a while but the project released two new versions. Let's patch it manually:

cd simplevault-git
rsync --exclude="._*" -av ../simplevault-1.8/ .
git commit -a --author="Rolf Brugger <mail@rolfb.ch>" --date="2012-01-21T22:16:31"

rsync --exclude="._*" -av ../simplevault-1.9/ . 
git commit -a --author="Rolf Brugger <mail@rolfb.ch>" --date="2015-04-06T14:54:10"

Alternatives

Simplevault is not maintained any more and is using deprecated functions[4][5][6] and will most likely no longer work with future PHP versions. Alternatives would be:

Squirrelmail

Installation

 svn co http://squirrelmail.svn.sf.net/svnroot/squirrelmail/branches/SM-1_4-STABLE/squirrelmail squirrelmail-14-svn
 cd ~/htdocs/squirrelmail
 for i in /data/Scratch/scm/squirrelmail-svn/*; do ln -s "$i"; done
 rm config data
 mkdir attach config data
 touch {attach,data,config}/index.php
 cp ~/squirrelmail-14-svn/data/default_pref data/
 chmod 0750 attach data
 sudo chown www-data:www-data attach data
 
 cd config
 for i in ~/squirrelmail-14-svn/config/conf*; do ln -s "$i"; done
 cd ..

Since SM_PATH is defined over and over again all over the place, we're hardcoding our document root. Of course, this defeats the whole point of a shared program-directory:

 for i in `egrep -l "^define\('SM_PATH','../'\);$" src/*`; do 
     sed "s/define('SM_PATH','..\/');/define('SM_PATH','\/var\/www\/htdocs\/squirrelmail\/');/" -i.orig "$i"
 done  

To reverse the process, we do:

 for i in src/*.orig; do mv "$i" `echo "$i" | sed 's/.orig//'`; done

FIXME: We got these in our php.log:

[17-Feb-2011 03:33:34] PHP Strict Standards:  Declaration of Deliver_SMTP::initStream() should be compatible
 with that of Deliver::initStream() in /data/Scratch/scm/squirrelmail-14-svn/class/deliver
/Deliver_SMTP.class.php on line 21
[17-Feb-2011 03:33:34] PHP Strict Standards:  Declaration of Deliver_IMAP::send_mail() should be compatible
 with that of Deliver::send_mail() in /data/Scratch/scm/squirrelmail-14-svn/class/deliver
/Deliver_IMAP.class.php on line 22
[17-Feb-2011 03:34:12] PHP Strict Standards:  Declaration of Deliver_SMTP::initStream() should be compatible 
with that of Deliver::initStream() in /data/Scratch/scm/squirrelmail-14-svn/class/deliver
/Deliver_SMTP.class.php on line 21
[17-Feb-2011 03:34:12] PHP Strict Standards:  Declaration of Deliver_IMAP::send_mail() should be compatible
 with that of Deliver::send_mail() in /data/Scratch/scm/squirrelmail-14-svn/class/deliver
/Deliver_IMAP.class.php on line 22
[17-Feb-2011 03:34:15] PHP Strict Standards:  Non-static method Message::parseStructure() should not be called
 statically in /data/Scratch/scm/squirrelmail-14-svn/functions/mime.php on line 36
[17-Feb-2011 03:34:15] PHP Strict Standards:  Non-static method Message::parseBodyStructure() should not be
 called statically in /data/Scratch/scm/squirrelmail-14-svn/class/mime/Message.class.php on line 296
[17-Feb-2011 03:34:37] PHP Strict Standards:  Non-static method Message::parseStructure() should not be called
 statically in /data/Scratch/scm/squirrelmail-14-svn/functions/mime.php on line 36
[17-Feb-2011 03:34:37] PHP Strict Standards:  Non-static method Message::parseBodyStructure() should not be
 called statically in /data/Scratch/scm/squirrelmail-14-svn/class/mime/Message.class.php on line 296
[17-Feb-2011 03:34:57] PHP Strict Standards:  Non-static method Message::parseStructure() should not be called
 statically in /data/Scratch/scm/squirrelmail-14-svn/functions/mime.php on line 36
[17-Feb-2011 03:34:57] PHP Strict Standards:  Non-static method Message::parseBodyStructure() should not be 
called statically in /data/Scratch/scm/squirrelmail-14-svn/class/mime/Message.class.php on line 296
[17-Feb-2011 03:34:57] PHP Strict Standards:  Creating default object from empty value in 
/data/Scratch/scm/squirrelmail-14-svn/class/mime/Message.class.php on line 367

Torrentflux-b4rt

Installation

 svn co .... tfb4rt-svn
 cd ~/htdocs/tfb4rt
 for i in ~/tfb4rt-svn/*; do ln -s "$i"; done
 rm inc
 mkdir -p inc/config
 cd inc/config
 for i in  ~/tfb4rt-svn/inc/config/*; do ln -s "$i"; done
 rm config.db.php
 touch config.db.php

Now we can configure Torrentflux-b4rt:

 $ grep db_ config.db.php
 $cfg["db_type"] = "mysql";     // Database-Type : mysql/sqlite/postgres
 $cfg["db_host"] = "127.0.0.1"; // Database host computer name or IP
 $cfg["db_name"] = "user0";     // Name of the Database
 $cfg["db_user"] = "db0";       // Username for Database
 $cfg["db_pass"] = "xxxxxxxxx"; // Password for Database
 $cfg["db_pcon"] = false;       // Persistent Connection enabled : true/false

Typo3

Typo3

Wordpress

Installation

Checkout via Git:

git clone https://github.com/WordPress/WordPress.git wordpress-git
cd wordpress-git

Install into document root:

DOCROOT=/var/www/wordpress
git archive --format=tar origin/4.3-branch | tar -C $DOCROOT -xf -
cd $DOCROOT
rm -f README.txt readme.html license.txt
mv wp-config-sample.php wp-config.php

Edit wp-config.php, be sure to modify the authentication keys in there as well!

Plugins & Themes

FIXME - Do plugins still live in SVN?

Adding plugins and themes:

cd wp-content/plugins
ln -s ~/wordpress-svn/wp-content/plugins/akismet
cd ../themes
ln -s ~/wordpress-svn/wp-content/themes/twentyten

Or, via SVN externals:

$ svn propget svn:externals .
wp-content/plugins/akismet              https://plugins.svn.wordpress.org/akismet/trunk/
wp-content/plugins/piwiktracking        https://plugins.svn.wordpress.org/piwiktracking/trunk/
wp-content/plugins/wp-recaptcha         https://plugins.svn.wordpress.org/wp-recaptcha/trunk/
wp-content/themes/autofocus             https://themes.svn.wordpress.org/autofocus/2.0.9/

Upgrade

See the Install notes above, but be sure to call wp-admin/upgrade.php afterwards for the database upgrade. Doing this might actually fail, because the Wordpress database user is normally not allowed to ALTER, CREATE or DELETE. However, despite the fact that upgrade.php is complaining, at the end it says "Upgrade complete" and just increments db_version. Another call of upgrade.php will do nothing.

Long story short, this is the script you need for exactly this situation. We could also just decrement db_version again, this should work, no?

Backup

To backup the Wordpress database:

mysqldump --add-drop-table -h host -p -u user DATABASENAME | gzip -c > wp-backup.sql.gz

To restore the Wordpress database:

gzip -dc wp-backup.sql.gz | mysql -h host -p -u user DATABASENAME

References