Install without Docker¶
This method is deprecated. Only use it if you cannot install Docker!
Please refer to your distribution’s documentation to install :
- A webserver (like nginx, Apache, lighttpd, cherokee or caddy)
- PHP version > 7.1.3
- MySQL version > 5.5 (5.7 recommended)
- Git (optional but recommended)
I wouldn’t recommend HHVM because Gettext support is not here yet (see this issue). Also, PHP 7 is here and is fast.
Getting the files¶
The first part is to get the eLabFTW files on your server.
Connect to your server with SSH:
$ ssh firstname.lastname@example.org
cd to the public directory where you want eLabFTW to be installed (can be /var/www/html, ~/public_html, or any folder you’d like, as long as the webserver is configured properly, in doubt use /var/www/html)
$ cd /var/www/html
Get latest stable version via git:
$ git clone -b 2.0.7 --depth 1 https://github.com/elabftw/elabftw.git
The –depth 1 option is to avoid downloading the whole history.
If you cannot connect, it’s probably the proxy setting missing; try one of these two commands:
$ export https_proxy="proxy.example.com:3128" $ git config --global http.proxy http://proxy.example.com:8080
Install php dependencies with composer:
$ cd elabftw # step not described: install composer # see https://getcomposer.org/download/ $ ./composer.phar install --no-dev
This will populate the vendor directory and also complain about missing php extensions that you should install.
$ yarn install $ yarn buildall
Now create the cache and uploads directory with restrictive permissions:
$ mkdir cache uploads $ chown www-data:www-data cache uploads $ chmod 700 cache uploads
The second part is putting the database in place.
Option 1: Command line way¶
# first we connect to mysql $ mysql -uroot -p # we create the database (note the ; at the end!) mysql> create database elabftw; # we create the user that will connect to the database. mysql> grant usage on *.* to elabftw@localhost identified by 'YOUR_PASSWORD'; # we give all rights to this user on this database mysql> grant all privileges on elabftw.* to elabftw@localhost; mysql> exit
You will be asked for the password you put after identified by three lines above.
Option 2: Graphical way with phpmyadmin¶
You need to install the package phpmyadmin if it’s not already done.
It is not recommended to have phpmyadmin installed on a production server (for security reasons).
$ sudo apt-get install phpmyadmin
Now you will connect to the phpmyadmin panel from your browser on your computer. Type the IP address of the server followed by /phpmyadmin.
Login with the root user on PhpMyAdmin panel (use the password you setup for mysql root user).
Create a user elabftw with all rights on the database elabftw.
Now click the Users tab and click:
Do like this:
Configuring the webserver correctly¶
The Docker image of eLabFTW contains a lot of little configuration tweaks to improve the security of the web application. Here are some of them that you can apply to your web server configuration.
Nginx or Apache config¶
Example config files are provided in the config_examples directory.
- Add security headers (IMPORTANT). See the end of this file.
- Use a proper TLS certificate, not a self-signed one
- Use DH params of 2048 bits
- Disable session tickets
- Only use TLS version > 1.2
- Use a modern cipher list
- Configure API redirect
See the phpfpmConf() and phpConf() functions from run.sh.
- Hide PHP version (expose_php in php.ini)
- Set cookies httponly and secure
- Use strict mode for sessions
- Store sessions in a separate directory with restrictive permissions
- disable url_fopen
- enable opcache
- configure open_basedir
- use longer session id length (session.sid_lenght)
- disable unused functions (see the list in the run.sh script)
Note: these configuration changes will affect all the PHP apps on the server, so you can really only do that if the server is only serving eLabFTW (do you see now why Docker is great? :p).
- Put restrictive permissions on the uploads and cache folders (and config.php file).
Finally, point your browser to your server and read onscreen instructions.
For example: https://220.127.116.11/elabftw
Please report bugs on github.
It’s a good idea to subscribe to the newsletter, to know when new releases are out (you can also see that from the Sysadmin panel).
~Thank you for using eLabFTW :)