「InvoicePlane」の版間の差分
Kusanaginoturugi (トーク | 投稿記録) (→インストールウィザード: 英語版から追加) |
Kusanaginoturugi (トーク | 投稿記録) (→Nginx: 英語版に差し替え) |
||
44行目: | 44行目: | ||
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。 |
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。 |
||
− | ==== |
+ | ==== nginx ==== |
+ | Here is an example config to include in nginx.conf for a subdomain with php-fpm: |
||
− | [[nginx]] で invoiceplane を使用するには、まず使用したいサーバーのルートディレクトリを確認してください。ルートディレクトリが {{ic|/srv/http}} の場合、以下のようにシンボリックリンクを作成: |
||
− | + | {{hc|/etc/nginx/sites-available/invoiceplane.conf|<nowiki> |
|
− | |||
− | [[nginx]] の設定ファイルを作成します: |
||
− | {{hc|/etc/nginx/invoiceplane.conf|<nowiki> |
||
server { |
server { |
||
+ | |||
− | listen 80; |
||
+ | listen 443 ssl http2; |
||
− | root /srv/http/invoiceplane; |
||
+ | listen [::]:443 ssl http2; |
||
− | index index.php index.html index.htm; |
||
+ | #HTTPS Configuration |
||
− | server_name invoiceplane.example.com; |
||
+ | ssl_certificate /etc/ssl/certs/cert.pem; |
||
+ | ssl_certificate_key /etc/ssl/private/key.pem; |
||
+ | ssl_stapling on; |
||
+ | ssl_stapling_verify on; |
||
+ | ssl_session_cache shared:SSL:10m; |
||
+ | ssl_session_timeout 10m; |
||
+ | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||
+ | ssl_dhparam /etc/nginx/conf/dhparams.pem; |
||
+ | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; |
||
+ | ssl_prefer_server_ciphers on; |
||
+ | keepalive_timeout 70; |
||
+ | add_header Strict-Transport-Security "max-age=15552000; includeSubdomains"; |
||
+ | add_header X-XSS-Protection "1; mode=block"; |
||
+ | add_header X-Content-Type-Options "nosniff"; |
||
+ | add_header X-Frame-Options "SAMEORIGIN"; |
||
+ | |||
+ | root /usr/share/webapps/invoiceplane; |
||
+ | index index.php; |
||
+ | |||
+ | access_log /var/log/nginx/invoice.access.log; |
||
+ | error_log /var/log/nginx/invoice.error.log; |
||
+ | |||
+ | server_name invoice.example.com; |
||
+ | |||
+ | client_body_timeout 60; |
||
location / { |
location / { |
||
− | try_files $uri $uri/ /index.php?q=$uri&$args; |
+ | try_files $uri $uri/ /index.php?q=$uri&$args; |
− | } |
||
− | location ~ .php$ { |
||
− | try_files $uri = 404; |
||
− | fastcgi_pass unix:/run/php-fpm/php-fpm.sock; |
||
− | fastcgi_index index.php; |
||
− | include fastcgi.conf; |
||
} |
} |
||
− | location |
+ | location ~ \.php$ { |
+ | fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php; |
||
− | log_not_found off; |
||
+ | fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||
− | access_log off; |
||
+ | include fastcgi_params; |
||
+ | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; |
||
+ | fastcgi_param DOCUMENT_ROOT $realpath_root; |
||
+ | fastcgi_param PATH_INFO $fastcgi_path_info; |
||
+ | fastcgi_pass unix:/run/php-fpm/php-fpm.sock; |
||
+ | client_max_body_size 100M; |
||
} |
} |
||
− | |||
− | access_log /var/log/nginx/invoiceplane_access.log main; |
||
− | error_log /var/log/nginx/invoiceplane_error.log; |
||
} |
} |
||
</nowiki>}} |
</nowiki>}} |
||
− | |||
− | そして {{ic|/etc/nginx/nginx.conf}} に {{ic|invoiceplane.conf}} ファイルを記述: |
||
− | # InvoicePlane configuration |
||
− | include invoiceplane.conf; |
||
=== Explicitly permit InvoicePlane directories for php-fpm === |
=== Explicitly permit InvoicePlane directories for php-fpm === |
2021年8月28日 (土) 09:42時点における版
InvoicePlane は見積書・請求書・顧客・入金を管理するセルフホスト型のオープンソースアプリケーションです。
目次
インストール
invoiceplaneAUR パッケージをインストールしてください。
設定
データベース
以下は MariaDB を使って Invoiceplane のデータベースをセットアップする例です。データベースの名前は invoiceplane
、ユーザー名は invoiceplane
、パスワードは password
としています:
CREATE DATABASE invoiceplane; GRANT ALL PRIVILEGES ON invoiceplane.* TO invoiceplane@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
ウェブサーバー
Apache
Apache の設定ファイルを作成:
/etc/httpd/conf/extra/invoiceplane.conf
Alias /invoiceplane "/usr/share/webapps/invoiceplane" <Directory "/usr/share/webapps/invoiceplane"> DirectoryIndex index.php AllowOverride All Options FollowSymlinks Require all granted </Directory>
そして /etc/httpd/conf/httpd.conf
にファイルを記述:
# InvoicePlane configuration Include conf/extra/invoiceplane.conf
Lighttpd
Lighttpd の設定に invoiceplane のエイリアスを作成:
alias.url = ( "/invoiceplane" => "/usr/share/webapps/invoiceplane/")
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。
nginx
Here is an example config to include in nginx.conf for a subdomain with php-fpm:
/etc/nginx/sites-available/invoiceplane.conf
server { listen 443 ssl http2; listen [::]:443 ssl http2; #HTTPS Configuration ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; ssl_stapling on; ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_dhparam /etc/nginx/conf/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; keepalive_timeout 70; add_header Strict-Transport-Security "max-age=15552000; includeSubdomains"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "SAMEORIGIN"; root /usr/share/webapps/invoiceplane; index index.php; access_log /var/log/nginx/invoice.access.log; error_log /var/log/nginx/invoice.error.log; server_name invoice.example.com; client_body_timeout 60; location / { try_files $uri $uri/ /index.php?q=$uri&$args; } location ~ \.php$ { fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; client_max_body_size 100M; } }
Explicitly permit InvoicePlane directories for php-fpm
Since version 7.4 php-fpm is hardened per default and revokes read/write access on /usr
(and sub-directories). Therefore it is also necessary to explicitly give permissions on /usr/share/webapps/invoiceplane
directories.
Create an override.conf
for php-fpm
:
# systemctl edit php-fpm.service
Add and save following content.
/etc/systemd/system/php-fpm.service.d/override.conf
[Service] ReadWritePaths = /usr/share/webapps/invoiceplane/ipconfig.php ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/ ReadWritePaths = /usr/share/webapps/invoiceplane/application/logs ReadWritePaths = /usr/share/webapps/invoiceplane/vendor/mpdf/mpdf/tmp
Afterwards restart the php-fpm
service and assign write permissions to the http
user.
インストールウィザード
データベースとウェブサーバーを設定したら、http://your-invoiceplane-domain.com/index.php/setup からインストールウィザードのページを開いて指示に従ってください。
ローカリゼーション
英語以外の言語を使いたい場合は Translation / Localization を参照してください。