-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathINSTALL-UBUNTU-LINUX.txt
82 lines (61 loc) · 3.34 KB
/
INSTALL-UBUNTU-LINUX.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Starchat
Starchat web MVC application
Install
Server
Make sure server timezone is set to preferred local timezone.
Ubuntu command is: "dpkg-reconfigure tzdata"
PostgreSQL
* Create postgres user "starchat".
* Create database "starchatdb" as UTF-8 encoding.
* Set user "starchat" as owner of database "starchatdb".
* Set database default timezone with SQL command: "ALTER DATABASE postgres SET timezone TO 'Australia/Sydney';".
* Ensure postgres is running on port 5432.
* (For Linux): Edit pg_hba.conf to allow connections from local user accounts and their passwords:
Change "md5" at end of both "host" lines to "trust".
* Edit postgresql.conf and set:
timezone = 'Australia/Sydney';
* Restart Postgres.
Apache2
* Enable "mod_rewrite" for Apache2 (in Ubuntu type root command "a2enmod rewrite" and restart apache).
* Enable "mod_headers" for Apache2 ("a2enmod headers").
* Point apache document root to CIT-starchat top level.
* Enable reading .htaccess files with:
<Directory /(app top level dir)>
Require all granted
AllowOverride All
</Directory>
* For all virtualhost entries add:
Header always append X-Frame-Options DENY
AND ONLY IF USING SSL: Header always set Strict-Transport-Security "max-age=63072000"
* Install and use Certbot to set up SSL certificate (OPTIONAL).
After certbot has finished, edit the /etc/letsencrypt/options-ssl-apache.conf and change
[Use https://mozilla.github.io/server-side-tls/ssl-config-generator/ to create the best cipher, ssl protocol and stapling lines...]
Change SSLProtocol to:
all -SSLv3 -TLSv1 -TLSv1.1
Change SSLCipherSuite to:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Add the following lines OUTSIDE the virtualhost tags (just after them) in /etc/apache2/sites-available/000-default-ssl.conf
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
* Restart Apache.
PHP
* Ensure PHP short open tags is enabled in php.ini.
* Install mbString for PHP - Run the command as root: "apt-get install php-mbstring".
* Install Postgresql connector for PHP - Run the command as root: "apt-get install php-pgsql".
* Edit php.ini for max security:
session.use_strict_mode = 1
session.use_only_cookies = 1
session.cookie_httponly = 1
session.cookie_secure = 1
* Restart Apache.
Google ReCAPTCHA (For hosted versions only - will not work for "localhost" versions of the site)
***IF NOT USING RECAPTCHA: Set "EnableCaptcha = false" in Starchat config.ini
Set up a Google ReCAPTCHA account for the test domain. See https://www.google.com/recaptcha/
Enter the public and private keys for the captcha into starchat application directory)/conf/config.ini.
YOU CAN NOW CREATE ACCOUNTS AND LOG IN AT http://localhost/
Set up Superuser Account in Starchat
* Create an account using the Signup page in Starchat.
* Go to (starchat application directory)/conf/config.ini and add the new account's name to the SuperUser list.