Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to install on Ubuntu 16.04 using Apache #357

Closed
iamdoubz opened this issue Sep 12, 2019 · 4 comments
Closed

How to install on Ubuntu 16.04 using Apache #357

iamdoubz opened this issue Sep 12, 2019 · 4 comments
Labels

Comments

@iamdoubz
Copy link

Hi. Took me a bit to get everything working so I wanted to post this.

Assumptions

  1. This guide assumes that you have already set up a website before
  2. Are using a subdomain

Feedback

Additions, subtractions, modifications, and suggestions are most certainly welcome.

Requirements

  1. Apache version > 2.4
  2. A bunch of mod's enabled (headers, proxy, proxy_balancer, proxy_http, proxy_wstunnel, rewrite, and there may be others but those are the ones I know off the top of my head)
  3. Protocols h2 http/1.1 needs apachectl -V 2.4.17 and higher...

First error:

[Thu Sep 12 15:05:27.822224 2019] [php7:error] [pid 24237] [client 0.0.0.0:30414] PHP Fatal error:  

Uncaught PDOException: could not find driver in /var/www/html/services/DatabaseService.php:17
Stack trace:
#0 /var/www/html/services/DatabaseService.php(17): PDO->__construct('sqlite:/var/www...')
#1 /var/www/html/services/DatabaseService.php(33): Grocy\\Services\\DatabaseService->GetDbConnectionRaw()
#2 /var/www/html/controllers/BaseController.php(14): Grocy\\Services\\DatabaseService->GetDbConnection()
#3 /var/www/html/controllers/LoginController.php(13): Grocy\\Controllers\\BaseController->__construct(Object(Slim\\Container))
#4 /var/www/html/app.php(64): Grocy\\Controllers\\LoginController->__construct(Object(Slim\\Container), 'grocy_session')
#5 /var/www/html/vendor/pimple/pimple/src/Pimple/Container.php(118): {closure}(Object(Slim\\Container))
#6 /var/www/html/vendor/slim/slim/Slim/Container.php(123): Pimple\\Container->offsetGet('LoginController...')
#7 /var/www/html/vendor/slim/slim/Slim/Container.php(172): Slim\\Container->get('LoginController...')
#8 /var/www/html/routes.php(112): Slim\\Container->__get in /var/www/html/services/DatabaseService.php on line 17

First error FIX:

sudo apt install php7.3-sqlite3

Second error:

# Not Found
The requested URL /stockoverview was not found on this server

Second error FIX:

sudo nano /etc/apache2/sites-enabled/grocy.conf

Add a <Directory> that looks like this:

<Directory /var/www/html/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

Contents of grocy.conf for your convenience:

    DEFINE base_url grocy.info
    DEFINE public_url demo.grocy.info
    DEFINE email admin@grocy.info
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
<VirtualHost *:80>
    ServerName ${public_url}
    DocumentRoot /var/www/html
    ServerAdmin ${email}
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =${public_url}
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    ServerName ${public_url}
    DocumentRoot /var/www/${public_url}/public
    ServerAdmin ${email}
    ErrorLog ${APACHE_LOG_DIR}/${public_url}.error.log
    CustomLog ${APACHE_LOG_DIR}/${public_url}.access.log combined
    SSLCertificateFile /etc/letsencrypt/live/${public_url}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${public_url}/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
### Forbid the http1.0 protocol ###
    Protocols h2 http/1.1
    Timeout 360
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    ProxyReceiveBufferSize 4096
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy-Report-Only "default-src 'self' https:; font-src 'self' data: ${base_url} ${public_url}; media-src 'self' ${base_url} ${public_url}; script-src 'self' 'unsafe-inline' 'unsafe-eval' ${base_url} ${public_url} wasm wasm-eval; style-src 'self' ${base_url} ${public_url} 'unsafe-inline'; img-src 'self' https: data: blob: ${base_url} ${public_url}; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${base_url} ${public_url};"
    Header always set Feature-Policy "geolocation 'self'; midi 'self'; sync-xhr 'self'; microphone 'self'; camera 'self'; magnetometer 'self'; gyroscope 'self'; speaker 'self'; fullscreen 'self'; payment 'self';"
    SSLHonorCipherOrder On
### Use next two for very secure connections ###
    #SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
### Use next two for secure connections and supports more endpoints ###
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
<Directory /var/www/${public_url}/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>
@berrnd
Copy link
Member

berrnd commented Sep 13, 2019

Thanks for sharing! :)

I think we should add/link this and #354 and maybe other issues about install problems for example on the subreddit sidebar/wiki and also add a hint to them on the website and README...

berrnd added a commit to grocy/grocy-website that referenced this issue Sep 16, 2019
@berrnd
Copy link
Member

berrnd commented Sep 16, 2019

Thanks again, I added this now as a link on https://grocy.info/links.

@berrnd berrnd closed this as completed Sep 16, 2019
@lepidas
Copy link

lepidas commented Sep 22, 2019

Hi. Took me a bit to get everything working so I wanted to post this.

Assumptions

1. This guide assumes that you have already set up a website before

2. Are using a subdomain

Feedback

Additions, subtractions, modifications, and suggestions are most certainly welcome.

Requirements

1. Apache version > 2.4

2. A bunch of mod's enabled (headers, proxy, proxy_balancer, proxy_http, proxy_wstunnel, rewrite, and there may be others but those are the ones I know off the top of my head)

3. Protocols h2 http/1.1 needs apachectl -V 2.4.17 and higher...

First error:

[Thu Sep 12 15:05:27.822224 2019] [php7:error] [pid 24237] [client 0.0.0.0:30414] PHP Fatal error:  

Uncaught PDOException: could not find driver in /var/www/html/services/DatabaseService.php:17
Stack trace:
#0 /var/www/html/services/DatabaseService.php(17): PDO->__construct('sqlite:/var/www...')
#1 /var/www/html/services/DatabaseService.php(33): Grocy\\Services\\DatabaseService->GetDbConnectionRaw()
#2 /var/www/html/controllers/BaseController.php(14): Grocy\\Services\\DatabaseService->GetDbConnection()
#3 /var/www/html/controllers/LoginController.php(13): Grocy\\Controllers\\BaseController->__construct(Object(Slim\\Container))
#4 /var/www/html/app.php(64): Grocy\\Controllers\\LoginController->__construct(Object(Slim\\Container), 'grocy_session')
#5 /var/www/html/vendor/pimple/pimple/src/Pimple/Container.php(118): {closure}(Object(Slim\\Container))
#6 /var/www/html/vendor/slim/slim/Slim/Container.php(123): Pimple\\Container->offsetGet('LoginController...')
#7 /var/www/html/vendor/slim/slim/Slim/Container.php(172): Slim\\Container->get('LoginController...')
#8 /var/www/html/routes.php(112): Slim\\Container->__get in /var/www/html/services/DatabaseService.php on line 17

First error FIX:

sudo apt install php7.3-sqlite3

Second error:

# Not Found
The requested URL /stockoverview was not found on this server

Second error FIX:

sudo nano /etc/apache2/sites-enabled/grocy.conf

Add a <Directory> that looks like this:

<Directory /var/www/html/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

Contents of grocy.conf for your convenience:

    DEFINE base_url grocy.info
    DEFINE public_url demo.grocy.info
    DEFINE email admin@grocy.info
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
<VirtualHost *:80>
    ServerName ${public_url}
    DocumentRoot /var/www/html
    ServerAdmin ${email}
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =${public_url}
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    ServerName ${public_url}
    DocumentRoot /var/www/${public_url}/public
    ServerAdmin ${email}
    ErrorLog ${APACHE_LOG_DIR}/${public_url}.error.log
    CustomLog ${APACHE_LOG_DIR}/${public_url}.access.log combined
    SSLCertificateFile /etc/letsencrypt/live/${public_url}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${public_url}/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
### Forbid the http1.0 protocol ###
    Protocols h2 http/1.1
    Timeout 360
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    ProxyReceiveBufferSize 4096
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy-Report-Only "default-src 'self' https:; font-src 'self' data: ${base_url} ${public_url}; media-src 'self' ${base_url} ${public_url}; script-src 'self' 'unsafe-inline' 'unsafe-eval' ${base_url} ${public_url} wasm wasm-eval; style-src 'self' ${base_url} ${public_url} 'unsafe-inline'; img-src 'self' https: data: blob: ${base_url} ${public_url}; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${base_url} ${public_url};"
    Header always set Feature-Policy "geolocation 'self'; midi 'self'; sync-xhr 'self'; microphone 'self'; camera 'self'; magnetometer 'self'; gyroscope 'self'; speaker 'self'; fullscreen 'self'; payment 'self';"
    SSLHonorCipherOrder On
### Use next two for very secure connections ###
    #SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
### Use next two for secure connections and supports more endpoints ###
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
<Directory /var/www/${public_url}/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

Hi to all.
It was a very bumpy installation without docker.
For the 2nd problem/fix to work, mode rewrite should be enabled, otherwise no joy :)
sudo a2enmod rewrite
and restart apache
sudo systemctl restart apache2
It took me like 4 cups of coffee and a lot of hair to make it working.

@michaelof
Copy link

Hi all,

1st: THANKS for grocy :)

Just a remark, as this issue is linked to https://grocy.info/links:

On https://diogoferreira.pt/how-to-install-grocy-with-apache-on-debian-10/ is a howto available with much easier, shorter and IMHO that's why more stable settings and directives for apache.
Worked completely fine for me when installing grocy yesterday on my VPS.
As this howto is from early 2020, I've replaced the deprecated

Order allow,deny
allow from all

by the newer

Require all granted

for my VHOST and that was all to get grocy running with an own subdomain (not sub directory)

Regards,
Michael

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants