Skip to content

Latest commit

 

History

History
executable file
·
108 lines (95 loc) · 3.46 KB

debian-buster-nginx.md

File metadata and controls

executable file
·
108 lines (95 loc) · 3.46 KB

Install on Debian buster

First, we'll need to add the sury repository to get up-to-date versions of php:

sudo apt install ca-certificates apt-transport-https
curl -Ls https://packages.sury.org/php/apt.gpg -o- | sudo apt-key add -
echo "deb https://packages.sury.org/php/ $(lsb_release -s -c) main" | sudo tee /etc/apt/sources.list.d/php.list
sudo apt update

We're going to use php8.1 here but Zusam is compatible with 8.1+

sudo apt install -y nginx unzip ffmpeg php8.1 php8.1-fpm php8.1-xml php8.1-curl php8.1-mbstring php8.1-sqlite3 php-imagick php8.1-intl curl

Download the latest release (here in /srv/zusam):

mkdir -p /srv/zusam && cd /srv/zusam
version="$(curl -Ls -o /dev/null -w '%{url_effective}' https://github.com/zusam/zusam/releases/latest | rev | cut -d'/' -f1 | rev)"
curl -Ls https://github.com/zusam/zusam/archive/refs/tags/$version.tar.gz | tar xz --strip 1

You can also instead download the latest version from the master branch but beware that it might be less tested:

mkdir -p /srv/zusam && cd /srv/zusam
curl -Ls https://github.com/zusam/zusam/archive/refs/heads/master.tar.gz | tar xz --strip 1

Let's copy the webapp in the public directory (you don't need to do this if you only want the api server running):

cp -R app/dist/* public/

Install the server dependencies:

cd api
php bin/composer install

Replace /etc/nginx/sites-available/default with the following:

server {
    listen 80;
    server_name _;
    port_in_redirect off;
    client_max_body_size 2048M;
    root /srv/zusam/public;
    location / {
        try_files $uri /index.html;
    }
    location ~ \.(js|png|css|woff2)$ {
        expires 1M;
        add_header Cache-Control "public";
    }
    location /files {
        expires 1M;
        add_header Content-Security-Policy "default-src 'none'; style-src 'unsafe-inline'; sandbox";
        try_files $uri =404;
    }
    location /api {
        try_files $uri /api/index.php$is_args$args;
    }
    location ~ ^/api/index\.php(/|$) {
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi.conf;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root/api;
        internal;
    }
    location ~ \.php$ {
        return 404;
    }
}

Reload nginx configuration with sudo nginx -s reload.

Set upload_max_filesize and post_max_size to 2048M in /etc/php/8.1/fpm/php.ini.
And then restart the service with sudo systemctl restart php8.1-fpm.

Initialiaze the database (replace values with yours):

php /srv/zusam/api/bin/console zusam:init usermail@example.com my_group_name my_password

Make sure that Zusam's files are readable by php-fpm:

chown -R www-data: /srv/zusam

Zusam needs to do stuff regularly (cleaning up files, converting videos...).
It will execute those recurrent tasks on each API request but if your instance is not visited often enough, you can add its worker to your cron:

echo "* * * * * /srv/zusam/api/bin/console zusam:cron >> /srv/zusam/api/var/log/cron.log" | sudo crontab -

Now we're going to add SSL/TLS certificates using certbot.
Install the certbot package:

sudo apt-get install certbot python-certbot-nginx

You'll need to change the server_name in /etc/nginx/sites-available/default to match your domain name.
After that, let certbot do its magic:

sudo certbot --nginx