dans Blog

Self-hosted FOSS cloud step 2.1: Install Nginx, PHP5, MySQL, Pydio (with Let’sEncrypt SSL certificate)

This is the step 2.1 of: http://julien.coubronne.net/a-self-hosted-free-opensource-cloud. This will allow to share files located on your local server over the internet.

In this article, we will:

  • Install Nginx & php5, create a MySQL database
  • Install Pydio
  • Use Letsencrypt to create an https certificate
  • Tweak Nginx

Install Nginx & php5

So I started with this command found on a tutorial to install Pydio.

sudo aptitude install nginx php5 php5-fm php5-gd php5-cli php5-mcrypt

The probem with this command is that it pulls some dependencies such as Apache…

This is where the command « apt-cache depends » is usefull

apt-cache depends php5
 |Depends: libapache2-mod-php5
 |Depends: libapache2-mod-php5filter
 |Depends: php5-cgi
 Depends: php5-fpm
 Depends: php5-common

I recommend these useful articles on understanding the output of apt-cache depends. So it shows that php5 depends either on libapache2-mod-php5, or libapache2-mod-php5filter, or php5-cgi, or php5-fpm. The problem here is that the preferred option (the first) is libapache2, which itself pulls apache2 from its dependencies.

So you need to fulfill first the php5-fpm dependance before installing php5.

sudo aptitude install php5-fpm php5

You need to change the permissions of the /var/www directory to allow the web server user (www-data) to access it:

sudo chown -R www-data:www-data /var/www/

Then you need to dive into the different configuration files:

  • /etc/php5/fpm/php.ini
  • /etc/nginx/nginx.conf
  • /etc/nginx/sites-available/

You can copy the default profile in the sites-available directory to a new name, then modify it.

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/lan

Restart the processes:

sudo service php5-fpm restart
sudo service nginx restart

Create a MySQL database

I did not fully document this step, except for the dump from my command line:

sudo mysql --defaults-file=/etc/mysql/debian.cnf

CREATE USER pydio@localhost IDENTIFIED BY 'secretpassword';
GRANT ALL PRIVILEGES ON pydio.* TO pydio@localhost;
flush privileges;

Install Pydio

Pydio install

I followed the very well written tutorial on Pydio’s website: https://pydio.com/en/docs/kb/system/installing-debiannginx

Please note that this tutorial is more recent than my notes (which were written in September 2016).

Explanation on some parameters:

  • Application Title = which is what’s seen in the browser’s title bar
  • Welcome Message = which is seen on the login screen
  • Administrator Login = the admin username
  • Admin Display Name = the name that will be displayed for the admin account
  • Adminstrator Password = the admin password

Pydio diagnostic page

I had some missing dependencies that I resolved with the following command:

sudo aptitude install php5-mcrypt php5-gd php5-intl php5-apcu

You should disable php output_buffering parameter for better performances with Pydio.

Edit /etc/php5/fpm/php.ini

At this point, I had the following error message: PHP mysql extension not loaded

I resolved this error with:

sudo aptitude install php5-mysql

Install a Letsencrypt certificate

There are different ways to create an SSL certificate with Let’s Encrypt, which are detailled on their website. I used the recommended approach of using Certbot.

Detailled tutorial here: https://certbot.eff.org/#debianjessie-nginx

Prepare Nginx

sudo nano /etc/nginx/sites-available/pydio
# Allow access to the ACME Challenge for Let’s Encrypt
 location ~ /\.well-known\/acme-challenge {
 allow all;
sudo mkdir /var/www/pydio/.well-known/acme-challenge
sudo nano /var/www/pydio/.well-known/acme-challenge/test.txt
sudo chown www-data:www-data -R /var/www/pydio/.well-known/
sudo service nginx restart

The above commands do:

  • Create a directory for the ACME challenge
  • Create an empty txt file to check that I can access it
  • Change the rights on the directory
  • Restart nginx

Get the certificate

sudo aptitude install certbot
sudo certbot certonly --webroot -w /var/www/pydio -d my.domain.com
IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/my.domain.com/fullchain.pem.

Install the certificate

  • Your private key is: /etc/letsencrypt/live/example.com/privkey.pem
  • Your certificate is: /etc/letsencrypt/live/example.com/cert.pem
  • The intermediate certificates are: /etc/letsencrypt/live/example.com/chain.pem
  • Your certificate and intermediate certificates concatenated in the correct order are: /etc/letsencrypt/live/example.com/fullchain.pem

Faster Nginx

https://varvy.com/pagespeed/ can be a great ressource to analyse the speed of your web server. It also provide interesting ressources to address some bottlenecks.

After running a test, I had a look at enabling gzip compression and « browser caching ».

Ressources for this article:

  • https://www.howtoforge.com/install-pydio-6-on-ubuntu-14.10-utopic-unicorn
  • https://www.digitalocean.com/community/tutorials/how-to-host-a-file-sharing-server-with-pydio-on-ubuntu-14-04
  • https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  • bjornjohansen.no/lets-encrypt-for-nginx
  • https://loune.net/2016/01/https-with-lets-encrypt-ssl-and-nginx/

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.