BookStack 知識庫安裝流程 -Debian\Ubuntu
這套由 Jason Cheng 節省哥所介紹的開源軟體,BookStack 這是一套免費又開源軟體可以拿來當成一書籍來使用,這套系統是由目前最熱門的 PHP MVC 裡的 Laravel 架構所寫出來的,可以記錄有關於技術及備忘錄
2024.12.11 修改環境資訊及相關服務更新到最新版本
運行環境
環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式
- 系統環境: Debian 10、11、12
- Web 服務: Nginx 1.26
- PHP 服務: PHP 8.4
- 資料庫服務: MariaDB 11.4
安裝過程
WEB 服務安裝
可以參考本知識庫的 WBE 服務安裝流程 Nginx 模組擴充 - Debain \ Ubuntu
MairaDB 安裝
- 請參考本知識庫另一篇文章來安裝 在 Linux 系統上安裝 MariaDB
BookStack 資料庫設定
mariadb -u root -p # 登入資料庫裡設定資表及權限
#在資料庫裡新增BookStack表單
CREATE DATABASE IF NOT EXISTS bookstackdb DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
#密碼請自己輸入好記錄的密碼
GRANT ALL PRIVILEGES ON bookstackdb.* TO 'bookstackuser'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
PHP 服務設定
- 下載 GPG 密鑰
sudo apt update
sudo apt install -y lsb-release ca-certificates apt-transport-https software-properties-common
- 導入金鑰
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
- 新增 PHP 來源庫
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list
- PHP 套件安裝
apt update && apt install curl php8.4 php8.4-{common,mbstring,fpm,mysql,gd,cli,opcache,curl,ldap,odbc,xmlrpc,soap,intl,zip,tidy,xml} -y
- 安裝好 PHP 要去修改 「
vim /etc/php/8.4/fpm/php.ini」 設定檔
修改前
;cgi.fix_pathinfo=1
修改後
cgi.fix_pathinfo=0
修改時區
[Date]
修改前
;date.timezone =
修改後
date.timezone = Asia/Taipei
修改資料上傳限制
; 上傳檔案大小上限(單一檔案大小)
upload_max_filesize = 50M
; POST 大小上限(所有檔案大小加總)
post_max_size = 200M
; 記憶體用量上限
memory_limit = 512M
; Script執行時間上限(單位:秒)
max_execution_time = 600
; Script處理資料時間上限(單位:秒)
max_input_time = 600
; Socket無回應斷線時間(單位:秒)
default_socket_timeout = 600
存檔
:wq
- 用指令方式做修改
# 指令方式修改
sed -i "s|^;cgi.fix_pathinfo=1.*$|cgi.fix_pathinfo=0|" /etc/php/8.4/fpm/php.ini
sed -i "s|^;cgi.fix_pathinfo=1.*$|cgi.fix_pathinfo=0|" /etc/php/8.4/cli/php.ini
sed -i "s|^;date.timezone =.*$|date.timezone = Asia/Taipei|" /etc/php/8.4/fpm/php.ini
sed -i "s|^;date.timezone =.*$|date.timezone = Asia/Taipei|" /etc/php/8.4/cli/php.ini
sed -i "s|^upload_max_filesize = 2M.*$|upload_max_filesize = 50M|" /etc/php/8.4/fpm/php.ini
sed -i "s|^upload_max_filesize = 2M.*$|upload_max_filesize = 50M|" /etc/php/8.4/cli/php.ini
sed -i "s|^post_max_size = 8M.*$|post_max_size = 200M|" /etc/php/8.4/fpm/php.ini
sed -i "s|^post_max_size = 8M.*$|post_max_size = 200M|" /etc/php/8.4/cli/php.ini
sed -i "s|^memory_limit = 128M.*$|memory_limit = 512M|" /etc/php/8.4/fpm/php.ini
sed -i "s|^memory_limit = -1.*$|memory_limit = 512M|" /etc/php/8.4/cli/php.ini
sed -i "s|^max_execution_time = 30.*$|max_execution_time = 600|" /etc/php/8.4/fpm/php.ini
sed -i "s|^max_execution_time = 30.*$|max_execution_time = 600|" /etc/php/8.4/cli/php.ini
sed -i "s|^max_input_time = 60.*$|max_input_time = 600|" /etc/php/8.4/fpm/php.ini
sed -i "s|^max_input_time = 60.*$|max_input_time = 600|" /etc/php/8.4/cli/php.ini
sed -i "s|^default_socket_timeout = 60.*$|default_socket_timeout = 600|" /etc/php/8.4/fpm/php.ini
sed -i "s|^default_socket_timeout = 60.*$|default_socket_timeout = 600|" /etc/php/8.4/cli/php.ini
- 設定「php-fpm」「
vim /etc/php/8.4/fpm/pool.d/www.conf」
; 由誰使用此服務
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = www-data
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = www-data
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; 最後一行增加此行
php_value[session.save_path] = /var/www/html/sessions
修改好存檔
:wq
- 重啟及開機自動啟動 php-fpm 服務
systemctl start php8.4-fpm && systemctl enable php8.4-fpm
or
systemctl enable --now php8.4-fpm
Nginx 設定檔
- 反向代理設定檔
server {
listen 80;
server_name 網域名稱;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
# 使用 https 和 http/2 協定
listen 443 ssl http2;
# 上述的 IPv6 方式
listen [::]:443 ssl http2;
server_name 網域名稱;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
# SSL 憑證證書路徑
ssl_certificate /etc/nginx/ssl/fullchain.pem;
# 私鑰路徑
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# 緩存有效期
ssl_session_timeout 1d;
# 緩存憑證類型和大小
ssl_session_cache shared:SSL:50m;
#
# intermediate configuration. tweak to your needs.
#
# 使用的加密協定
ssl_protocols TLSv1.3 TLSv1.2;
# 加密演算法,越前面的優先級越高
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
# 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
ssl_prefer_server_ciphers on;
#
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
#
location / {
# 這段是因為在 bookstack 某個改版後就設定成公開狀態,可以用這個方式把這個頁面轉回首頁。
if ($request_uri ~* "revisions") {
rewrite ^ / permanent;
}
proxy_pass https://站台位置;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_redirect off;
proxy_pass_header Authorization;
}
#
location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
# 這段是因為在 bookstack 某個改版後就設定成公開狀態,可以用這個方式把這個頁面轉回首頁。
if ($request_uri ~* "revisions") {
rewrite ^ / permanent;
}
proxy_pass https://站台位置;
}
}
- 設定檔位置
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig # 備份原本預設的設定檔
vim /etc/nginx/nginx.conf # 新增新的nginx設定檔
- 全域設定
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
worker_connections 1024;
}
#
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#
access_log /var/log/nginx/access.log main;
#
#
client_body_timeout 120s;
#
server_tokens off;
#
# Default is 60, May need to be increased for very large uploads
#
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Powered-By eiblog/1.3.0;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Cache-Control no-cache;
#
brotli on;
brotli_comp_level 6;
brotli_min_length 512;
brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
brotli_static always;
}
- 在 conf.d 目錄下新增設定檔
vim /etc/nginx/conf.d/bookstack.conf #網頁的設定檔
- 服務器設定檔
#
server {
listen 80;
server_name 您的網域;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
listen 443 ssl;
http2 on;
listen [::]:443 ssl;
server_name 您的網域;
root /var/www/html/BookStack/public;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;
#
# intermediate configuration. tweak to your needs.
#
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
#
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
#
client_max_body_size 1G;
fastcgi_buffers 64 4K;
#
index index.php;
#
location / {
try_files $uri $uri/ /index.php?$query_string;
}
#
#
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
#
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php8.4-fpm.sock;
}
#
location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires 30d;
access_log off;
}
}
BookStack 服務安裝
- 安裝 Composer 作曲家服務
# 將dirs更改為我們希望將composer安裝到的位置
cd /usr/local/bin
# 安裝 composer
curl -sS https://getcomposer.org/installer | php
# 重新命名 composer
mv composer.phar composer
- BookStack 放置位置,因 Debian 沒有此目錄需要手動增加此目錄
# 手動增加目錄
mkdir -p /var/www/html
# 希望將 BookStack 存放的位置
cd /var/www/html
# 新增from php sessions
mkdir /var/www/html/sessions
# 從github上下載最新版本的BookStackApp資料
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
# 進入到BookStack目錄下用composer安裝服務
cd BookStack && composer install --no-dev
- BookStack 設定
# 複製範本設定文件
cp .env.example .env
# 更新與數據庫中的新的配置,以及其他設置
vim .env
---
DB_HOST=localhost
DB_DATABASE=bookstackdb
DB_USERNAME=bookstackuser
DB_PASSWORD=bookstackpass
---
All other settings are fine as default, but feel free to change any others as you see fit.
php artisan key:generate --force # 在.env中生成並更新APP_KEY
chown -R www-data:www-data /var/www/html/{BookStack,sessions} # 將所有權更改為Web服務器用戶
php artisan migrate --force # 產生新的資料庫表及其他設定
- 開啟瀏灠器輸入
http://server_ip預設帳號為: [email protected]、密碼為:password