Site
System Administration
Networking
Miscellaneous
Site
System Administration
Networking
Miscellaneous
This applies to debian jessie, for the deploiement of https://github.com/nilsteampassnet/TeamPass. Since teampass development happens in separate branches cleanly I am following the github repo directly.
apt install postfix nginx php5-fpm php5-mcrypt php5-ldap php5-gd
apt install mysql-server mysql_secure_installation echo "CREATE DATABASE teampass CHARACTER SET utf8; CREATE USER 'teampass'@'localhost' IDENTIFIED BY 'my_password'; GRANT ALL PRIVILEGES ON teampass.* TO 'teampass'@'localhost';" | mysql -p
apt install nginx
The configuration in /etc/nginx/nginx.conf
is as follows :
user www-data; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log ; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /var/www/html/TeamPass/; index index.php; location ~ ^/(favicon.ico|robots.txt)$ { access_log off; expires max; } location ~ ^/(backups|files|install|sources|upload|apache-default.conf|changelog.md|composer.json|docker-compose.yml|Dockerfile|license.md|readme.md|start.sh|.git|.github)$ { deny all; access_log off; log_not_found off; } location ~ ^/(includes) { allow all; } # deny access to all .dot-files location ~ /\. { deny all; access_log off; log_not_found off; } location / { try_files $uri /index.php$is_args$args; } location ~ \.php { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS off; } } }
cd /var/www/html git clone https://github.com/nilsteampassnet/TeamPass sed 's/max_execution_time = 30/max_execution_time = 60/' -i /etc/php5/fpm/php.ini chown -R www-data install/ includes/ files/ upload/
We also create a directory for the saltkey, which should be outside of /var/www :
mkdir /var/lib/teampass chown www-data /var/lib/teampass
chown -R root install/ includes/