Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: nginx

How to Install PmWiki on Debian 10 / Nginx / PHP-FPM

Posted on September 19, 2019 - September 20, 2019 by nxnjz

Introduction

PmWiki is an open-source wiki-based content management system built in PHP that was started in 2002, and is designed for collaborative creation and maintenance of websites. It allows quick editing as well as appearance changes using skins and templates. PmWiki also provides flexible password-based access control. This guide will explain the installation of PmWiki on a Debian 10 system with Nginx and PHP-FPM.

Prerequisites

  • A Debian 10 system.
  • Root user access to your server via SSH.
  • Optional: A registered domain name and valid SSL certificate.

NOTE: All occurences of example.com should be replaced with your IP address or with a domain name pointing to that IP.

Installation

Step 1: Update your system

Update your system packages:

apt update 
apt upgrade -y
reboot

Step 2: Install Nginx and PHP

apt install -y nginx php7.3-fpm

Verify that PHP-FPM and the Nginx server are enabled and running:

systemctl enable --now nginx.service php7.3-fpm.service

Step 3: Download and unpack PmWiki

You can download the latest stable release of PmWiki with the following command:

wget http://www.pmwiki.org/pub/pmwiki/pmwiki-latest.tgz

Then unpack the tar archive:

tar -xzf pmwiki-latest.tgz
rm pmwiki-latest.tgz

Now move the pmwiki directory to /var/www/html:

mv pmwiki*/ /var/www/html/pmwiki

Step 4: Nginx configuration:

Create a new virtual host file pmwiki80.conf under /etc/nginx/sites-available/ using a text editor of your choice, such as vim or nano, and paste the following configuration (replace example.com with the IP address of your server, or with your domain name if you’re using one):

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    root /var/www/html/pmwiki;
index index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }
}

Note that this is a very basic Nginx configuration file, further configuration may be necessary depending on your specific requirements.
Save and close the file, then create a symbolic link pointing to it in the sites-enabled directory:

ln -s /etc/nginx/sites-available/pmwiki80.conf /etc/nginx/sites-enabled/

You can now reload the Nginx service to apply those changes:

systemctl reload nginx.service

Step 5: PmWiki Installation

PmWiki needs to have write access in a wiki.d directory:

cd /var/www/html/pmwiki
mkdir wiki.d
chown www-data:www-data wiki.d

Since there is no index.php file by default, we will create it:

echo "<?php include_once('pmwiki.php');" > /var/www/html/pmwiki/index.php

Using a web browser, nagivate to http://example.com/. You should see the default PmWiki homepage if you followed the previous steps correctly. We’ll now customize the installation:

Make sure your current working directory is /var/www/html/pmwiki and copy the sample configuration file for editing:

cd /var/www/html/pmwiki
cp docs/sample-config.php local/config.php
vim local/config.php

We’ll now make the following changes:

  • $WikiTitle = 'Pmwiki'; to $WikiTitle = 'YourWikiTitle';
  • #$ScriptUrl = 'http://example.com/pmwiki/pmwiki.php'; to $ScriptUrl = 'http://example.com/';
  • #$PubDirUrl = 'http://example.com/pmwiki/pub'; to $PubDirUrl = 'http://example.com/pub';
  • Uncomment the following line: #$PageLogoUrl = "$PubDirUrl/skins/pmwiki/pmwiki-32.gif"; and optionally enter the path to a custom logo of your own.
  • # $DefaultPasswords['admin'] = pmcrypt('secret'); to $DefaultPasswords['admin'] = pmcrypt('StrongPasswordHere'); (This sets a site-wide default administrative password).
  • Optional: If you want to allow browser caching, uncomment the following line: # $EnableIMSCaching = 1;.

The other default parameters and values should be reviewed and modified according to your specific needs. Also, all URL schemas should be changed to https:// if you choose to use HTTPS.

Step 6: Nginx HTTPS config

Assuming you have a domain name and a corresponding SSL certificate, you can setup HTTPS:

First create a new configuration file with a text editor of your choice:

vim /etc/nginx/sites-available/pmwiki443.conf

Paste or type the following:

server {
    listen 443;
    listen [::]:443;
    server_name 192.168.2.28;
    root /var/www/html/pmwiki;
    index index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;

    }

    ssl on;
    ssl_certificate /path/to/your/cert.pem;
    ssl_certificate_key /path/to/your/key.pem;
}

Enable it and reload the nginx service to apply these changes:

ln -s /etc/nginx/sites-available/pmwiki443.conf /etc/nginx/sites-enabled/
systemctl reload nginx.service

The HTTPS version of your site is now ready. If you wish to permanently redirect all traffic to the secure version, open /etc/nginx/sites-available/pmwiki80.conf in a text editor and add the following line after the server_name directive:

return 301 https://example.com$request_uri

Save and exit, then reload Nginx again:

systemctl reload nginx.service

Finally, re-edit /var/www/html/pmwiki/local/config.php and change the URL schema in all applicable values from http to https.

You should now be able to access PmWiki at https://example.com/.

Further Reading

You can read PmWiki’s documentation on your own instance once you complete the installation. Access it at https://example.com/?n=PmWiki.DocumentationIndex.

PmWiki’s official website is located at www.pmwiki.org.

Posted in LinuxTagged cms, debian, linux, nginx, php1 Comment

How to Install Postmill on Ubuntu 18.04 LTS with Apache or Nginx

Posted on September 16, 2019 - September 19, 2019 by nxnjz

postmill banner

Introduction

Postmill is a free and open-source web-based social link aggregator with voting and nested comments, similar to the popular Reddit platform. This article will explain the full installation process on a Vultr Ubuntu 18.04 LTS system, including the setup of Nginx and Apache as replacements for the Symfony web server.

Requirements

  • A Ubuntu 18.04 instance (2GB+ of physical memory recommended)
  • Access to a user with sudo privileges, we’ll assume this user is user1 in the rest of this guide.

Swap file

If your system has less than 2 gigabytes of memory, you may run into memory allocation errors during the installation process. We’ll create a 4GB swap file to avoid such issues, but keep in mind that swap space performs very poorly in comparison to physical memory.

 sudo dd if=/dev/zero of=/swap bs=1k count=4M
sudo chmod 0600 /swap
sudo mkswap /swap
sudo swapon /swap
echo "/swap swap swap defaults 0 0" | sudo tee -a /etc/fstab

Installation

Preparing the system

First, we’ll update the system and install a few needed packages.

sudo apt update && sudo apt upgrade -y
sudo apt install -y curl apt-transport-https

Then we’ll install package repositories for Node.js and yarn, in order to get the needed package versions.

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -

And install the needed packages (which consists of php libraries, the PostgreSQL database server and client, Node.js and other tools.)

sudo apt update
sudo apt install -y nodejs yarn php php-curl php-gd php-common php-intl php-mbstring php-xml php-json php-pgsql postgresql postgresql-client php-zip unzip php-symfony-polyfill-intl-icu

Downloading Postmill and building its components

Clone the postmill gitlab repository to /var/www/, and give yourself ownership of the resulting directory:

sudo mkdir /var/www
cd /var/www
sudo git clone https://gitlab.com/postmill/Postmill.git
sudo chown -R user1:user1 Postmill/
cd Postmill

Keep in mind that the rest of this guide assumes your working directory is /var/www/Postmill/.
Then, install composer (a tool for managing PHP dependencies) in the current directory:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php

And build the frontend assets with the following commands:

yarn install
yarn run build-prod

Using composer, we will now download and setup the PHP dependencies of Postmill.

php composer.phar install

Database Setup

Postmill requires access to a postgresql database. Create a new PostgreSQL user:

sudo -u postgres createuser --pwprompt postmill

You will be asked to enter a password for the new user, make sure you choose a secure and unique password. We’ll now create a database named ‘postmill’, owned by the user ‘postmill’.

sudo -u postgres createdb -O postmill postmill

Postmill Configuration

Copy the default configuration file .env to .env.local(cp .env .env.local). Changes will be made in the latter to override default values. Open .env.local in a text editor of your choice, and find the following line:

DATABASE_URL=pgsql://db_user:db_password@localhost:5432/db_name?serverVersion=9.6

Replace db_user and db_name with postmill; db_password with the password chosen during user creation in the previous step; and 9.6 with your currently installed version. You can run the following PostgreSQL query to determine which version is installed on your system:

sudo -u postgres psql postgres -c 'SELECT version()' | grep PostgreSQL | cut -d' ' -f3

The database URL should now look like the following:

DATABASE_URL=pgsql://postmill:thisisastrongpassword@localhost:5432/postmill?serverVersion=10.9

You’ll also need to provide a secret string (on line 23 of the same file) such as:

 APP_SECRET="Df4wgdwrt4PQv9AUMmLkempHTMmULG6a3kwa5nQj"

Do Not use the value provided in this article. You can use the following command to generate a random 40-character string instead:

 cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 40 | head -1

We can now close that file, and we’ll make sure that the environment meets the necessary requirements:

vendor/bin/requirements-checker

You should fix any issues that arise from this check before proceeding with the installation.

Now run bin/console doctrine:migrations:migrate to load the database schema, followed by bin/console app:user:add admin1 --admin to create a default administrator account named ‘admin1’. You can choose any other username for this account, you can also create more than one administrator.

At this point, the postmill installation is complete. Further instructions are provided separately for develeopment and production instances.

Development Instances (Symfony web server)

For developing and testing Postmill, the symfony local web server is sufficient. It can be started by running bin/console server:run. By default, symfony will listen on localhost, port 8000/tcp. To access it, SSH port forwarding is recommended. You can read more about SSH port forwarding here.

Production Deployment

When running Postmill in a production environment, you’ll need to use either Apache or Nginx, trying to install both web servers on the same system will not work. Software-specific instructions are provided in subsequent sections.

Open the file we previously created (.env.local) in a text editor and change APP_ENV=dev to APP_ENV=prod. Or use sed to make that change: sed -i "s/APP_ENV=dev/APP_ENV=prod/" .env.local

Apache with mod_php

First, install Apache and make sure it is enabled and running:

sudo apt update
sudo apt install -y apache2
sudo systemctl enable --now apache2.service

Then install the symfony pack for Apache support:

php composer.phar require symfony/apache-pack

Create a new Apache configuration file under /etc/apache2/sites-available/ with a text editor of your choice. For example:

 sudo vim /etc/apache2/sites-available/postmill80.conf

And populate it with the following basic configuration (replace example.com with your domain name or IP address):

<VirtualHost *:80>

ServerName example.com
DocumentRoot /var/www/Postmill/public

<Directory /var/www/Postmill/public>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>

<Directory /var/www/Postmill>
Options FollowSymlinks
</Directory>

ErrorLog /var/log/apache2/postmill_error.log
CustomLog /var/log/apache2/postmill_access.log combined

</VirtualHost>

Then enable this configuration: sudo a2ensite postmill80.conf
Some apache modules need to be enabled/disabled:

sudo a2dismod mpm_event
sudo a2enmod rewrite
sudo a2enmod php7.2

Finally, restart the apache service to apply the changes: sudo systemctl restart apache2.service

You should now be able to access your postmill installation by browsing to the domain name or IP address of your Vultr server.

Nginx with PHP-FPM

Start by installing the PHP FastCGI process manager and Nginx, and make sure both services are enabled and running:

sudo apt update
sudo apt install -y nginx php-fpm
sudo systemctl enable --now nginx.service php7.2-fpm.service

Create a new configuration file in /etc/nginx/sites-available/ with a text editor of your choice. For example:

 sudo vim /etc/nginx/sites-available/postmill80.conf

And enter the following minimal configuration (replace example.com with your domain name or IP address):

server {
server_name example.com;
root /var/www/Postmill/public;

location / {
try_files $uri /index.php$is_args$args;
}

location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}

location ~ \.php$ {
return 404;
}

error_log /var/log/nginx/postmill_error.log;
access_log /var/log/nginx/postmill_access.log;
}

We now need to enable it by creating a link in the ‘sites-enabled’ directory, and reload the Nginx service to apply the new configuration:

sudo ln -s /etc/nginx/sites-available/postmill80.conf /etc/nginx/sites-enabled/
sudo systemctl reload nginx.service

You should now be able to access your postmill installation by browsing to the domain name or IP address of your Vultr server.

Common problems

PostgreSQL errors such as [An exception occurred in driver: SQLSTATE[08006] [7] FATAL: password authentication failed for user "postmill"] are often caused by an incorrect database URL in the postmill configuration file (.env.local). Make sure you created a database and its respective user as shown in the postmill configuration section of this guide.

Posted in LinuxTagged apache, linux, nginx, ubuntu1 Comment

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.