開源軟體安裝流程

專門記錄各種不一樣開源軟體安裝的流程

知識庫軟體

知識庫軟體

BookStack 上傳檔案時,時間不對

     BUBU 在使用上傳檔案時發現到時間不是正確,由於該軟體是由 Laravel 所開發出來的。

修改方式如下:

先進到 BookStack 裡面然後設定時區,在該目錄裡面有一個 config 資料夾,該資料夾裡面有一個app.php檔,將預設

'timezone' => 'UTC'

修改成

'timezone' => 'ROC' 或者 'timezone' => 'Asia/Taipei'

這樣子可以是正確的時間了。

補充說明:


以上的方式是在舊使用,現在新版有改版,只要在 .env 內容做修改

# Application timezone
# Used where dates are displayed such as on exported content.
# Valid timezone values can be found here: https://www.php.net/manual/en/timezones.php
APP_TIMEZONE=Asia/Taipei

只要修改這就可以了,如果有修改到 app.php 這此日後更新會有問題,官方已經區時修改在 .env 檔,設定了

 

 

參考相關網頁:
知識庫軟體

BookStack 版本更新

在做 BookStack 版本更新之會先建議先將現行的資料先備份起來,之後再進行版本更新動作。

109.03.16 官方從 0.28.3 版之不再使用 `作曲家開發安裝包`,那之前更新方式已刪掉修改成官方更新方式

109.05.02 官方從 0.29.2 版有嚴重漏洞問題,請盡速更新,此版已修復 BookStack v0.18 版中引入的 XSS 安全漏洞。

php artisan bookstack:regenerate-comment-content

只要下一行指令就可以更新了

git pull origin release && composer install --no-dev && php artisan migrate

看到此畫面只要輸入 yes 就好了

如果出現下面兩行的文件的話,請直接按 yes 清除暫存的資料檔,之後 BUBU 在更新的時候會在補上畫給各位看

php artisan cache:clear
php artisan view:clear

bs-1.png

更新失敗處理方式


如果更新出現如下畫面,表示你有修改到,官方預設的設定檔,處理方式有兩種一種是刪除已修改過的檔,另一種是將該檔移出來放到其他的地方,不過會建議不要去修改官方的設定檔,會建議統一設定在 .env 此設定檔裡面,這樣子更新時才不會出現問題。

例如:他會顯示你修改什麼檔,因為有修改到 config/database.php  此檔,所以只要處理此檔就可以正常更新。

bs-QA.jpg




參考相關文件


知識庫軟體

BookStack 知識庫安裝流程

這套由 Jason Cheng 大大所介紹的開源軟體, BookStack 這是一套免費又開源軟體可以拿來當成一書籍來使用,這套系統是由目前最熱門的 「 PHP MVC 」 裡的 Laravel 架構所寫出來的,可以記錄有關於技術及備忘錄

109.04.19 本篇重新修正並且改用 Markdowe 方式來編輯

運行環境


Proxmox VE 虛擬主機的,LXC 模式運行

WEB 服務安裝


可以參考本知識庫的 WBE 服務安裝流程,啟用Nginx 支援到 OpenSSL TLS1.3 安全協定

資料庫服務安裝


vim /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.4 CentOS repository list - created 2020-04-19 04:41 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install MariaDB-server MariaDB-client -y
systemctl enable mariadb ; systemctl start mariadb   # 啟動資料庫服
mysql_secure_installation   # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

# 以下的詢問就以預設為主直接按 Enter 即可

Switch to unix_socket authentication [Y/n]
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
# 登入資料庫裡設定資表及權限
mysql -u root -p   

# 在資料庫裡新增BookStack表單
CREATE DATABASE IF NOT EXISTS bookstackdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

# 密碼請自己輸入好記錄的密碼
GRANT ALL PRIVILEGES ON bookstackdb.* TO 'bookstackuser'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

# 重新載入設定值
FLUSH PRIVILEGES;

# 離開資料庫
quit

PHP 服務安裝


yum install -y epel-release yum-utils
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php74
yum install -y php php-mysqlnd php-pdo php-xml php-pear php-devel php-mbstring re2c gcc-c++ gcc \
php-fpm php-mysql php-gd php-cli php-json php-opcache php-curl php-ldap php-odbc php-xmlrpc php-soap \
curl curl-devel php-intl php-zip php-openssl php-tidy php-tokenizer php-xml
修改前
;cgi.fix_pathinfo=1
修改後
cgi.fix_pathinfo=0
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
修改資料上傳限制
; 上傳檔案大小上限(單一檔案大小)
upload_max_filesize = 50M 

; POST 大小上限(所有檔案大小加總)
post_max_size = 200M

; 記憶體用量上限
memory_limit = 512M

; Script執行時間上限(單位:秒)
max_execution_time = 600

; Script處理資料時間上限(單位:秒)
max_input_time = 600

; Socket無回應斷線時間(單位:秒)
default_socket_timeout = 600

存檔
:wq
由誰使用此服務
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group =nginx

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

php_value[session.save_path]    = /var/www/html/sessions

修改好存檔
:wq
systemctl restart php-fpm ; systemctl enable php-fpm

Nginx 服務設定檔


Nginx proxy 代理服務全域設定
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
    worker_connections 1024;
}
#
http {
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
#
    access_log /var/log/nginx/access.log  main;
#
    server_tokens off;
#CDN
#cfip4
        set_real_ip_from 173.245.48.0/20; #cfipv4
        set_real_ip_from 103.21.244.0/22; #cfipv4
        set_real_ip_from 103.22.200.0/22; #cfipv4
        set_real_ip_from 103.31.4.0/22; #cfipv4
        set_real_ip_from 141.101.64.0/18; #cfipv4
        set_real_ip_from 108.162.192.0/18; #cfipv4
        set_real_ip_from 190.93.240.0/20; #cfipv4
        set_real_ip_from 188.114.96.0/20; #cfipv4
        set_real_ip_from 197.234.240.0/22; #cfipv4
        set_real_ip_from 198.41.128.0/17; #cfipv4
        set_real_ip_from 162.158.0.0/15; #cfipv4
        set_real_ip_from 104.16.0.0/12; #cfipv4
        set_real_ip_from 172.64.0.0/13; #cfipv4
        set_real_ip_from 131.0.72.0/22; #cfipv4
#cfip6
        set_real_ip_from 2400:cb00::/32; #cfipv6
        set_real_ip_from 2606:4700::/32; #cfipv6
        set_real_ip_from 2803:f800::/32; #cfipv6
        set_real_ip_from 2405:b500::/32; #cfipv6
        set_real_ip_from 2405:8100::/32; #cfipv6
        set_real_ip_from 2a06:98c0::/29; #cfipv6
        set_real_ip_from 2c0f:f248::/32; #cfipv6
#lock
#使用以下任意一个即可
    real_ip_header CF-Connecting-IP;
#    real_ip_header X-Forwarded-For;
#
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Xss-Protection "1; mode=block";
    add_header X-Powered-By eiblog/1.3.0;
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Cache-Control no-cache;
#
    client_max_body_size 2048m;
    client_body_buffer_size 256k;
    client_body_timeout 1800s;
    client_header_timeout 1800s;
    fastcgi_intercept_errors on;
    fastcgi_buffers 4 64K;
#
    resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 168.95.1.1 168.95.192.1 valid=300s;
    resolver_timeout 5s;
#
# Default is 60, May need to be increased for very large uploads
#
    sendfile on;
#
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
#
    gzip on;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_disable "msie6";
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
#
#開啟Brotli壓縮
    brotli on;
#壓縮等級,0 到 11,默認值是 6,過大會額外消耗服務器CPU
    brotli_comp_level 6;
#設置需要進行壓縮的最小響應大小,單位為字節
    brotli_min_length 512;
#指定哪些MIME類型進行壓縮
    brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
#是否允許查找預處好的、以 .br 结尾的壓缩文件。可選值為 on、off、always
    brotli_static always;
#
    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
#
    default_type application/octet-stream;
}
Nginx Proxy 代理服務設定
server {
	listen                           80;
	server_name                      您的hostname或是IP;
	rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
	#                                使用 https 和 http/2 協定
	listen                           443 ssl http2;
	#                                上述的 IPv6 方式
	listen                           [::]:443 ssl http2;
	server_name                      您的hostname或是IP;
	#
	#                                certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	#
	#                                SSL 憑證證書路徑
	ssl_certificate                  /etc/nginx/ssl/fullchain.pem;
	#                                私鑰路徑
	ssl_certificate_key              /etc/nginx/ssl/privkey.pem;
	#                                緩存有效期
	ssl_session_timeout              1d;
	#                                緩存憑證類型和大小
	ssl_session_cache                shared:SSL:50m;
	#
	#                                intermediate configuration. tweak to your needs.
	#
	#                                使用的加密協定
	ssl_protocols                    TLSv1.1 TLSv1.2 TLSv1.3;
	#                                加密演算法,越前面的優先級越高
	ssl_ciphers                      'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
	#                                交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
	ssl_prefer_server_ciphers        on;
	#
	access_log                       /var/log/nginx/bookstack_access.log;
	error_log                        /var/log/nginx/bookstack_error.log;
	#
	location / {
		proxy_pass                      https://您的hostname或是IP;
		proxy_next_upstream             error timeout invalid_header http_500 http_502 http_503;
		proxy_set_header                Host $host;
		proxy_set_header                X-Real_IP $remote_addr;
		proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header                X-Forwarded-Proto https;
		proxy_headers_hash_max_size     1024;
		proxy_headers_hash_bucket_size  128;
		proxy_redirect                  off;
		proxy_pass_header               Authorization;
	}
	#
	location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
		proxy_pass                      https://您的hostname或是IP;
	}

}

本機全域設定
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig   # 備份原本預設的設定檔
vim /etc/nginx/nginx.conf   # 新增新的nginx設定檔
---
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
    worker_connections 1024;
}
#
http {
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
#
    access_log /var/log/nginx/access.log  main;
#
#
    client_max_body_size 2048m;
    client_body_buffer_size 256k;
    client_body_timeout 1800s;
    client_header_timeout 1800s;
    fastcgi_intercept_errors on;
    fastcgi_buffers 4 64K;
#
    server_tokens off;
#
# Default is 60, May need to be increased for very large uploads
#
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
#
    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type application/octet-stream;
# Restoring the original visitor IP for your web application
    set_real_ip_from 127.0.0.1;
# use any of the following two
# real_ip_header CF-Connecting-IP;
    real_ip_header X-Forwarded-For;
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Powered-By eiblog/1.3.0;
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Cache-Control no-cache;
#
    brotli on;
    brotli_comp_level 6;
    brotli_min_length 512;
    brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    brotli_static always;
}
本機服務器設定檔
vim /etc/nginx/conf.d/bookstack.conf   #網頁的設定檔

#
server {
    listen 80;
    server_name 您的hostname或是IP;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 您的hostname或是IP;
    root /var/www/html/BookStack/public;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets on;
#
# intermediate configuration. tweak to your needs.
#
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;
#
    access_log /var/log/nginx/bookstack_access.log;
    error_log /var/log/nginx/bookstack_error.log;
#
    client_max_body_size 1G;
    fastcgi_buffers 64 4K;
#
    index index.php;
#
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
#
#
    location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
        deny all;
    }
#
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;
    }
#
    location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        expires 30d;
        access_log off;
    }
}

BookStack 服務安裝


# 將dirs更改為我們希望將composer安裝到的位置
cd /usr/local/bin   

# 安裝 composer
curl -sS https://getcomposer.org/installer | php   

# 重新命名 composer
mv composer.phar composer   
# 希望將 BookStack 存放的位置   
cd /var/www/html   

# 新增from php sessions
mkdir /var/www/html/sessions   

# 從github上下載最新版本的BookStackApp資料
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch   

# 進入到 BookStack 目錄下用 composer 安裝服務
cd BookStack && composer install --no-dev 
# 複製範本設定文件
cp .env.example .env   

# 更新與數據庫中的新的配置,以及其他設置
vim .env   
---
DB_HOST=localhost
DB_DATABASE=bookstackdb
DB_USERNAME=bookstackuser
DB_PASSWORD=bookstackpass
---

All other settings are fine as default, but feel free to change any others as you see fit.

# 在.env中生成並更新APP_KEY
php artisan key:generate --force   

# 將所有權更改為Web服務器用戶
chown -R nginx:nginx /var/www/html/{BookStack,sessions}   

# 產生新的資料庫表及其他設定
php artisan migrate --force   



參考相關網頁


知識庫軟體

BookStack 備份與還原

BUBU 有時候會在更新系統的時候會先將現行的資料都先備一份起來之後再進行更新,或者會用排程方式定期備份系統的資料。

因 BUBU 會定時測試之前所備份出來的檔案是否都是完整正常的,那個人會建議先把 BookStack 這個服務安裝流程整個都跑完之後再開始進行資料還原,這樣子就可以正常運行了

備份


# Syntax
mysqldump -u {mysql_user} -p {database_name} > {output_file_name}
## Only specify the -p if the user provided has a password


# Example
mysqldump -u 使用者 -p 資料庫名稱 > 資料庫名稱.backup.sql
tar -czvf bookstack-files-backup.tar.gz .env public/uploads storage/uploads

還原


# Syntax
mysql -u {mysql_user} -p {database_name} < {backup_file_name}
## Only specify the -p if the user provided has a password

# Example
mysql -u 使用者 -p 還原的資料庫名稱 < bookstack.backup.sql
tar -xvzf bookstack-files-backup.tar.gz



參考相關網頁


知識庫軟體

BookStack 匯出成PDF檔

BUBU 在測試的時候發現到會出中文會出現亂碼還有可能匯出來會是空白的,後來去看官方文檔發現到官方有建議使用另一個方式來匯出成PDF檔。 建議的軟體是 wkhtmltopdf 來使用設定方式如下:

109.04.11 節省哥說這樣子的字型檔有可能會有版權的問題,建議改用開源的版本來使用,以免誤碰到版權的爭議

第一步:先設定中文字型

  1. 字型改採用開源式的字型,是 「 Google Noto Fonts 」 所提供的字型,下載路徑如下 Noto Sans CJK TC,或者從本站附件裡下載該字型

  2. 在 CentOS 下裡面的 /usr/share/fonts 這是在CentOS 存放字型檔的目錄,在此目錄下新增一個 chinese 目錄。

  3. 使用WinSCP將剛剛取出來的中文字型檔上傳到剛剛新建的目錄下面。

  4. 接下來需要安裝 ttmkfdir 來搜尋目錄中所有的字型資訊,並彙總生成 fonts.scale 文件。

yum install ttmkfdir -y
dnf install ttmkfdir -y

BS-PDF-02.png

ttmkfdir -e /usr/share/X11/fonts/encodings/encodings.dir
vim /etc/fonts/fonts.conf
mkdir /usr/share/fonts/chinese 
<dir>/usr/share/fonts/chinese</dir>

BS-PDF-03.png

fc-cache

bsfont-01.png

第二步:開始安裝 wkhtmltopdf 此套件

  1. 安裝完之後在去官方下載新最版本的套件來使用。由於BUBU的系統環境是 CentOS 的版本,看網友們是使用什麼版本的系統就下載那一個就可以了。

BS-PDF-05.png

  1. 下載之前要先將此套件必要套件先安裝,然後再下載此套件並且安裝,安裝時會出現錯無法安裝

109.09.22 官方已有更新套件,並且修改載點

yum install -y libpng libjpeg openssl icu libX11 libXext libXrender xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos7.x86_64.rpm
rpm -Uvh wkhtmltox-0.12.6-1.centos7.x86_64.rpm
dnf install -y libpng libjpeg openssl icu libX11 libXext libXrender xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm
rpm -Uvh wkhtmltox-0.12.6-1.centos8.x86_64.rpm
  1. 再來進到BookSack目裡下的 .env 新增加套件的服務。
# In .env file

WKHTMLTOPDF=/usr/local/bin/wkhtmltopdf #這是 BUBU 系統所安裝的路徑

#由於 wkhtmltopdf 該服務套件每個系統所安裝的路徑是不一樣的,所以在設定時要指定到對的位子服務會正常運行
  1. 安裝完之後,再到自己頁面就可以正常匯出使用了。



參考相關網頁

知識庫軟體

BookStack 與第三方帳號合併使用

因系統預設是使用帳號及密碼方式登入,那該 BookStack 也可以跟第三方帳號合併使用,這樣子以後就不用再輸入帳號及密碼了,可以使用第三方帳號登入即可。那 BUBU 是使用 Google 的帳號來使用,官方還是有提供其他登方的方式。

Google 設定方式


  1. 首先先到 Google Developers Console
  2. 建立一個新的專案
  3. 建立好一個專案選擇「OAuth同意畫面」

oauth-01.png

  1. 選擇「外部」

oauth-02.png

  1. 以照圖示上說明設定,並且儲存

oauth-03.png

  1. 再回到「憑證」頁面,建立憑證,選擇 「OAuth用戶端ID」

oauth-04.png

  1. 選擇應用類型為「網路應用程序」並在「已授權的重新導向 URI」 ,修改 https://example.com/ 將這一段修改為自己的當下所使用的網址

oauth-07.png

  1. .env 設定檔裡面新增或設定下面的項目
# Replace the below (including '{}' braces) with your Google API_KEY and API_SECRET
GOOGLE_APP_ID={google_app_id}          #輸入剛剛產生出來的 id
GOOGLE_APP_SECRET={google_app_secret}  #輸入剛剛產生出來的 密碼

# APP_URL Needs to be set to your BookStack base url
APP_URL=https://mybookstackurl.com

#app_url 這一段要注意,如果看你的網址是否有加上 http or https 不然連線時會出現畫面會跑版不是正常的畫面,正常來說都加上 https 才對。
連接方式

當建立好第三方設定,如何跟 google 連動,如果使用者的郵件帳號是 google 的,系統會自動顯示出目前可以連接方式,以下是連接方式

bs-google-01.png

bs-google-02.png

補充說明

oauth-05.png

oauth-06.png




參考相關網頁

知識庫軟體

BookStack 樣版設定

從 0.27 版本後,官方提供一台很方便的功能,就是在頁面新套用新的樣版到您所新增的頁面,由於 BUBU 還尚未改版之前的做法是在某個書本裡面新增一個頁面設定好內容之後,再將此頁面複製到新的頁面來都新文章,有了這個新功能會建議在建立一本書專門來放置各種不一樣的頁面建議樣版

我們只要在您想要做成樣版那個頁面,右邊有一個選項點項樣版圖示,會出現以下的畫面,只要在 「 Page is a templaste 」前面打勾,系統就會記著這個樣版。

我們可以試著新增一個頁面,點選右邊的樣版會看到剛剛所新增的樣版名稱,點選您想要的樣版就會該頁面會套上剛剛的樣版

BS-templates-01.png

 

官方 0.27 更新說明

知識庫軟體

BookStack 知識庫安裝流程 -CentOS 8

這套由 Jason Cheng 節省哥所介紹的開源軟體,BookStack 這是一套免費又開源軟體可以拿來當成一書籍來使用,這套系統是由目前最熱門的 PHP MVC 裡的 Laravel 架構所寫出來的,可以記錄有關於技術及備忘錄

運行環境


CentOS 8、Nginx 1.17、PHP 7.4、Mariadb 10.4

WEB 服務安裝


可以參考本知識庫的 WBE 服務安裝流程 CentOS 8 LNMP 安裝

BookStack 資料庫設定


mysql -u root -p   # 登入資料庫裡設定資表及權限

CREATE DATABASE IF NOT EXISTS bookstackdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; #在資料庫裡新增BookStack表單
GRANT ALL PRIVILEGES ON bookstackdb.* TO 'bookstackuser'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION; #密碼請自己輸入好記錄的密碼
FLUSH PRIVILEGES;

PHP 服務設定


dnf install -y php php-mysqlnd php-pdo php-xml php-pear php-devel php-mbstring re2c gcc-c++ gcc \
php-fpm php-mysql php-gd php-cli php-json php-opcache php-curl php-ldap php-odbc php-xmlrpc php-soap \
curl curl-devel php-intl php-zip php-openssl php-tidy php-tokenizer php-xml
修改前
;cgi.fix_pathinfo=1
修改後
cgi.fix_pathinfo=0
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
修改資料上傳限制
; 上傳檔案大小上限(單一檔案大小)
upload_max_filesize = 50M 

; POST 大小上限(所有檔案大小加總)
post_max_size = 200M

; 記憶體用量上限
memory_limit = 512M

; Script執行時間上限(單位:秒)
max_execution_time = 600

; Script處理資料時間上限(單位:秒)
max_input_time = 600

; Socket無回應斷線時間(單位:秒)
default_socket_timeout = 600

存檔
:wq
由誰使用此服務
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group =nginx

;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = /run/php-fpm/www.sock
listen = 127.0.0.1:9000

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

php_value[session.save_path]    = /var/www/html/sessions

修改好存檔
:wq
systemctl restart php-fpm

Nginx 設定檔


mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig   # 備份原本預設的設定檔
vim /etc/nginx/nginx.conf   # 新增新的nginx設定檔
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
    worker_connections 1024;
}
#
http {
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
#
    access_log /var/log/nginx/access.log  main;
#
#
    client_body_timeout 120s;
#
    server_tokens off;
#
# Default is 60, May need to be increased for very large uploads
#
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
#
    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type application/octet-stream;
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Powered-By eiblog/1.3.0;
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Cache-Control no-cache;
#
    brotli on;
    brotli_comp_level 6;
    brotli_min_length 512;
    brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    brotli_static always;
}
vim /etc/nginx/conf.d/bookstack.conf   #網頁的設定檔
#
server {
    listen 80;
    server_name 您的網域;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 您的網域;
    root /var/www/html/BookStack/public;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets on;
#
# intermediate configuration. tweak to your needs.
#
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;
#
    access_log /var/log/nginx/bookstack_access.log;
    error_log /var/log/nginx/bookstack_error.log;
#
    client_max_body_size 1G;
    fastcgi_buffers 64 4K;
#
    index index.php;
#
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
#
#
    location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
        deny all;
    }
#
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;
    }
#
    location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        expires 30d;
        access_log off;
    }
}

BookStack 服務安裝


cd /usr/local/bin   # 將dirs更改為我們希望將composer安裝到的位置
curl -sS https://getcomposer.org/installer | php   # 安裝 composer
mv composer.phar composer   # 重新命名 composer
cd /var/www/html   # 希望將 BookStack 存放的位置   
mkdir /var/www/html/sessions   # 新增from php sessions
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch   # 從github上下載最新版本的BookStackApp資料
cd BookStack && composer install --no-dev    # 進入到BookStack目錄下用composer安裝服務
cp .env.example .env   # 複製範本設定文件
vim .env   # 更新與數據庫中的新的配置,以及其他設置
---
DB_HOST=localhost
DB_DATABASE=bookstackdb
DB_USERNAME=bookstackuser
DB_PASSWORD=bookstackpass
---

All other settings are fine as default, but feel free to change any others as you see fit.

php artisan key:generate --force   # 在.env中生成並更新APP_KEY
chown -R nginx:nginx /var/www/html/{BookStack,sessions}   # 將所有權更改為Web服務器用戶
php artisan migrate --force   # 產生新的資料庫表及其他設定

備註


Problem 1
    - The requested PHP extension ext-tidy * is missing from your system. Install or enable PHP's tidy extension.
  Problem 2
    - Installation request for gathercontent/htmldiff 0.2.1 -> satisfiable by gathercontent/htmldiff[0.2.1].
    - gathercontent/htmldiff 0.2.1 requires ext-tidy * -> the requested PHP extension tidy is missing from your system.
dnf install php-tidy -y



參考相關網頁


知識庫軟體

BookStack SMTP 設定

BUBU 因該 BookStack 有提供郵件寄件服務,但是之前 BUBU 在設定的時候一直都是失敗,也不知道是那裡出問題,那就在今日官方有進行版本修改目前版本是 BookStack 0.28 版本,在設定變的比較簡單,設定方式如下

運行環境


BookStack 0.28

設定過程


# 使用什麼郵件服務方式,官方預設是 smtp
# Mail system to use
# Can be 'smtp', 'mail' or 'sendmail'
MAIL_DRIVER=smtp

# 郵件服務設定
# SMTP mail options
# 郵件主機
MAIL_HOST= smtp.example.com
# Port 號
MAIL_PORT=587
# 登入帳號
MAIL_USERNAME=aa@example.com
# 登入密碼
MAIL_PASSWORD=123456789
# 認證方式,看使用何種 port 號 例如:ssl or tls
MAIL_ENCRYPTION=tls
# 寄件者的帳號
MAIL_FROM=aa@example.com
# 寄件者名稱
MAIL_FROM_NAME="BookStack"



參考相關網頁


知識庫軟體

BookStack 上傳的限制

在上傳檔案時發現到無法正常上傳檔案,因此有去查詢一下官方的文檔有解說怎麼處此問題,結果照著官方設定狀況還是一樣沒有解決,因此啟用 Chrome 的開發者模式去查看錯誤原因,還真是感謝我家老大教我怎麼寫程式及怎麼看錯誤原因,以下是我遇到的原因請參考

bs-uploads-01.png

解決過程


為什麼會出現這樣子的訊息,是因為 BUBU 我有將網頁加入到 「 Cloudflare 」 CDN 服務造成的,因在免費只上傳只有限制 100 MB 造成,如果上傳的檔案大於 100 MB 的話,那就要付費或者關閉 CDN 服務就可以正常上傳資料,那我也將我修改那些資料都一並記錄下來提供給各位參考

這是我從 Cloudflare 服務上所截圖下來給各位參考