「InvoicePlane」の版間の差分
ナビゲーションに移動
検索に移動
Kusanaginoturugi (トーク | 投稿記録) (→インストールウィザード: 英語版から追加) |
Kusanaginoturugi (トーク | 投稿記録) (→Nginx: 英語版に差し替え) |
||
| 44行目: | 44行目: | ||
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。 |
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。 |
||
| − | ==== |
+ | ==== nginx ==== |
| + | Here is an example config to include in nginx.conf for a subdomain with php-fpm: |
||
| − | [[nginx]] で invoiceplane を使用するには、まず使用したいサーバーのルートディレクトリを確認してください。ルートディレクトリが {{ic|/srv/http}} の場合、以下のようにシンボリックリンクを作成: |
||
| − | + | {{hc|/etc/nginx/sites-available/invoiceplane.conf|<nowiki> |
|
| − | |||
| − | [[nginx]] の設定ファイルを作成します: |
||
| − | {{hc|/etc/nginx/invoiceplane.conf|<nowiki> |
||
server { |
server { |
||
| + | |||
| − | listen 80; |
||
| + | listen 443 ssl http2; |
||
| − | root /srv/http/invoiceplane; |
||
| + | listen [::]:443 ssl http2; |
||
| − | index index.php index.html index.htm; |
||
| + | #HTTPS Configuration |
||
| − | server_name invoiceplane.example.com; |
||
| + | ssl_certificate /etc/ssl/certs/cert.pem; |
||
| + | ssl_certificate_key /etc/ssl/private/key.pem; |
||
| + | ssl_stapling on; |
||
| + | ssl_stapling_verify on; |
||
| + | ssl_session_cache shared:SSL:10m; |
||
| + | ssl_session_timeout 10m; |
||
| + | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||
| + | ssl_dhparam /etc/nginx/conf/dhparams.pem; |
||
| + | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; |
||
| + | ssl_prefer_server_ciphers on; |
||
| + | keepalive_timeout 70; |
||
| + | add_header Strict-Transport-Security "max-age=15552000; includeSubdomains"; |
||
| + | add_header X-XSS-Protection "1; mode=block"; |
||
| + | add_header X-Content-Type-Options "nosniff"; |
||
| + | add_header X-Frame-Options "SAMEORIGIN"; |
||
| + | |||
| + | root /usr/share/webapps/invoiceplane; |
||
| + | index index.php; |
||
| + | |||
| + | access_log /var/log/nginx/invoice.access.log; |
||
| + | error_log /var/log/nginx/invoice.error.log; |
||
| + | |||
| + | server_name invoice.example.com; |
||
| + | |||
| + | client_body_timeout 60; |
||
location / { |
location / { |
||
| − | try_files $uri $uri/ /index.php?q=$uri&$args; |
+ | try_files $uri $uri/ /index.php?q=$uri&$args; |
| − | } |
||
| − | location ~ .php$ { |
||
| − | try_files $uri = 404; |
||
| − | fastcgi_pass unix:/run/php-fpm/php-fpm.sock; |
||
| − | fastcgi_index index.php; |
||
| − | include fastcgi.conf; |
||
} |
} |
||
| − | location |
+ | location ~ \.php$ { |
| + | fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php; |
||
| − | log_not_found off; |
||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||
| − | access_log off; |
||
| + | include fastcgi_params; |
||
| + | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; |
||
| + | fastcgi_param DOCUMENT_ROOT $realpath_root; |
||
| + | fastcgi_param PATH_INFO $fastcgi_path_info; |
||
| + | fastcgi_pass unix:/run/php-fpm/php-fpm.sock; |
||
| + | client_max_body_size 100M; |
||
} |
} |
||
| − | |||
| − | access_log /var/log/nginx/invoiceplane_access.log main; |
||
| − | error_log /var/log/nginx/invoiceplane_error.log; |
||
} |
} |
||
</nowiki>}} |
</nowiki>}} |
||
| − | |||
| − | そして {{ic|/etc/nginx/nginx.conf}} に {{ic|invoiceplane.conf}} ファイルを記述: |
||
| − | # InvoicePlane configuration |
||
| − | include invoiceplane.conf; |
||
=== Explicitly permit InvoicePlane directories for php-fpm === |
=== Explicitly permit InvoicePlane directories for php-fpm === |
||
2021年8月28日 (土) 09:42時点における版
InvoicePlane は見積書・請求書・顧客・入金を管理するセルフホスト型のオープンソースアプリケーションです。
目次
インストール
invoiceplaneAUR パッケージをインストールしてください。
設定
データベース
以下は MariaDB を使って Invoiceplane のデータベースをセットアップする例です。データベースの名前は invoiceplane、ユーザー名は invoiceplane、パスワードは password としています:
CREATE DATABASE invoiceplane; GRANT ALL PRIVILEGES ON invoiceplane.* TO invoiceplane@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
ウェブサーバー
Apache
Apache の設定ファイルを作成:
/etc/httpd/conf/extra/invoiceplane.conf
Alias /invoiceplane "/usr/share/webapps/invoiceplane"
<Directory "/usr/share/webapps/invoiceplane">
DirectoryIndex index.php
AllowOverride All
Options FollowSymlinks
Require all granted
</Directory>
そして /etc/httpd/conf/httpd.conf にファイルを記述:
# InvoicePlane configuration Include conf/extra/invoiceplane.conf
Lighttpd
Lighttpd の設定に invoiceplane のエイリアスを作成:
alias.url = ( "/invoiceplane" => "/usr/share/webapps/invoiceplane/")
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。
nginx
Here is an example config to include in nginx.conf for a subdomain with php-fpm:
/etc/nginx/sites-available/invoiceplane.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
#HTTPS Configuration
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/nginx/conf/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
root /usr/share/webapps/invoiceplane;
index index.php;
access_log /var/log/nginx/invoice.access.log;
error_log /var/log/nginx/invoice.error.log;
server_name invoice.example.com;
client_body_timeout 60;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
client_max_body_size 100M;
}
}
Explicitly permit InvoicePlane directories for php-fpm
Since version 7.4 php-fpm is hardened per default and revokes read/write access on /usr (and sub-directories). Therefore it is also necessary to explicitly give permissions on /usr/share/webapps/invoiceplane directories.
Create an override.conf for php-fpm:
# systemctl edit php-fpm.service
Add and save following content.
/etc/systemd/system/php-fpm.service.d/override.conf
[Service] ReadWritePaths = /usr/share/webapps/invoiceplane/ipconfig.php ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/ ReadWritePaths = /usr/share/webapps/invoiceplane/application/logs ReadWritePaths = /usr/share/webapps/invoiceplane/vendor/mpdf/mpdf/tmp
Afterwards restart the php-fpm service and assign write permissions to the http user.
インストールウィザード
データベースとウェブサーバーを設定したら、http://your-invoiceplane-domain.com/index.php/setup からインストールウィザードのページを開いて指示に従ってください。
ローカリゼーション
英語以外の言語を使いたい場合は Translation / Localization を参照してください。