gabrielgio.me @ 34803deedc3bd982d868aadf151bfc50db0625c7

34803deeGabriel Arakaki Giovanini
tar.gz
2 years ago 
ref: Add more content

Add how to set up debug page and set up properlly the permission for the
process.

  1diff --git a/content/posts/2022-07-18-firefly-install.md b/content/posts/2022-07-18-firefly-install.md
  2index 4dfd008cb3afbed1f50049b9cd97e0b93f3cb2ed..6c7a649bac08db3ca19725e47fa156d62a1fdaa1 100644
  3--- a/content/posts/2022-07-18-firefly-install.md
  4+++ b/content/posts/2022-07-18-firefly-install.md
  5@@ -8,11 +8,11 @@ **Disclaimer:** before starting be aware that I'm not a sysadmin nor I have a
  6 deep knowledge in security. This is me reporting the steps I did as a learning
  7 experiment, so take this tutorial as your own risk.
  8 
  9-I have a pretty decent knowledge in container tecnology, I maintain several
 10-container on my local server for many applications. However I've decided to
 11-take a step back and learn a bit more how those applications are really
 12-deployed and kept without containers, and first candidate being firefly3[^1]. I
 13-have it currently running on container but let's install in a disctributions.
 14+I have a pretty decent knowledge in container technology, I maintain several
 15+container on my local server for many applications. However I've decided to take
 16+a step back and learn a bit more how those applications are really deployed and
 17+kept without containers, and first candidate being Firefly[^1]. I have it
 18+currently running on container but let's install in a distribution.
 19 
 20 For the distro of choice I'll pick alpine, for its small footprint and the use
 21 of OpenRC (nothing against systemd though).
 22@@ -71,9 +71,9 @@     php8-bcmath \
 23     php8-pgsql
 24 ```
 25 
 26-But that is not everything, I don't If I lack knowledge in the PHP stack but
 27-the applicatoin will later complain about a lot of missing dependencies, those
 28-being:
 29+But that is not everything, I don't know if I lack knowledge in the PHP stack
 30+but the application will later complain about a lot of missing dependencies,
 31+those being:
 32 
 33 ```shell
 34 apk add \
 35@@ -98,6 +98,7 @@
 36 ```shell
 37 apk add nginx php8-fpm
 38 ```
 39+
 40 Nginx will act as reverse proxy and php8-fpm will actually run the project. You
 41 can use lighttpd as well as some others.
 42 
 43@@ -171,6 +172,53 @@ ```
 44 
 45 To bootstrap the database.
 46 
 47+### Permission
 48+
 49+Now comes the part where we should be careful. So far we (or at least I) have
 50+been setting up everything as root but that is not ideal. We want to restrict as
 51+much as possibly permission to the processes, it should only see do what it
 52+meant to. So to minimize the effect of the process we will make it run as a user
 53+with almost no permission, and for purpose we will create a `www-data` user.
 54+Quite often that user is already create if not run the following command:
 55+
 56+```shell
 57+adduser www-data --disabled-password
 58+```
 59+
 60+Add `--ingroup www-data` if it complains if the groups exists.
 61+`--disabled-password` so we don't allow login with password, because it is not
 62+meant to be logged with.
 63+
 64+Once the user is created we need to change the which user the process runs one.
 65+By default it uses a `nobody` which is a user with no permission except those
 66+which every other user has. Update the user given in the
 67+`/etc/php8/php-fpm.d/www.conf` file.
 68+
 69+From:
 70+```shell
 71+user = nobody
 72+group = nobody
 73+```
 74+
 75+To:
 76+```shell
 77+user = www-data
 78+group = www-data
 79+```
 80+
 81+If the `php-fpm8` is running restart it:
 82+
 83+```shell
 84+rc-service php-fpm8 restart
 85+```
 86+
 87+At last we need to recursively update the permission of www folder because
 88+probably it is owned by root.
 89+
 90+```shell
 91+chown -R www-data:www-data /var/www/
 92+```
 93+
 94 ### Nginx
 95 
 96 We will need to edit the nginx config file to find and run the project, add
 97@@ -181,6 +229,7 @@ server.
 98 
 99 ```shell
100 # /etc/nginx/http.d/firefly.conf
101+
102 server {
103     listen 8080;
104     server_name localhost;
105@@ -214,6 +263,25 @@ rc-service nginx start
106 ```
107 
108 `http://localhot:8080/` (or your server's hostname) should be up and running.
109+
110+And to make autostart:
111+```shell
112+rc-update add php-fpm8 default
113+rc-update add nginx default
114+```
115+
116+## Debugging
117+
118+In case of error you can add debugging setting to your env file so it will
119+nicely return the error.
120+
121+```ini
122+# /var/wwww/firefly/.env
123+# ...
124+
125+APP_DEBUG=true
126+APP_LOG_LEVEL=debug
127+```
128 
129 [^1]: https://www.firefly-iii.org/
130 [^2]: https://docs.firefly-iii.org/firefly-iii/installation/self_hosted/?mtm_campaign=docu-internal&mtm_kwd=self_hosted