「InvoicePlane」の版間の差分

提供: ArchWiki
ナビゲーションに移動 検索に移動
(→‎インストールウィザード: 英語版から追加)
(→‎Nginx: 英語版に差し替え)
44行目: 44行目:
 
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。
 
それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。
   
==== Nginx ====
+
==== nginx ====
   
  +
Here is an example config to include in nginx.conf for a subdomain with php-fpm:
[[nginx]] で invoiceplane を使用するには、まず使用したいサーバーのルートディレクトリを確認してください。ルートディレクトリが {{ic|/srv/http}} の場合、以下のようにシンボリックリンクを作成:
 
   
# ln -s /usr/share/webapps/invoiceplane/ /srv/http/invoiceplane
+
{{hc|/etc/nginx/sites-available/invoiceplane.conf|<nowiki>
 
[[nginx]] の設定ファイルを作成します:
 
{{hc|/etc/nginx/invoiceplane.conf|<nowiki>
 
 
server {
 
server {
  +
listen 80;
 
  +
listen 443 ssl http2;
root /srv/http/invoiceplane;
 
  +
listen [::]:443 ssl http2;
index index.php index.html index.htm;
 
  +
#HTTPS Configuration
server_name invoiceplane.example.com;
 
  +
ssl_certificate /etc/ssl/certs/cert.pem;
  +
ssl_certificate_key /etc/ssl/private/key.pem;
  +
ssl_stapling on;
  +
ssl_stapling_verify on;
  +
ssl_session_cache shared:SSL:10m;
  +
ssl_session_timeout 10m;
  +
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  +
ssl_dhparam /etc/nginx/conf/dhparams.pem;
  +
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  +
ssl_prefer_server_ciphers on;
  +
keepalive_timeout 70;
  +
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains";
  +
add_header X-XSS-Protection "1; mode=block";
  +
add_header X-Content-Type-Options "nosniff";
  +
add_header X-Frame-Options "SAMEORIGIN";
  +
  +
root /usr/share/webapps/invoiceplane;
  +
index index.php;
  +
  +
access_log /var/log/nginx/invoice.access.log;
  +
error_log /var/log/nginx/invoice.error.log;
  +
  +
server_name invoice.example.com;
  +
  +
client_body_timeout 60;
   
 
location / {
 
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
+
try_files $uri $uri/ /index.php?q=$uri&$args;
}
 
location ~ .php$ {
 
try_files $uri = 404;
 
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
 
fastcgi_index index.php;
 
include fastcgi.conf;
 
 
}
 
}
   
location = /favicon.ico {
+
location ~ \.php$ {
  +
fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php;
log_not_found off;
 
  +
fastcgi_split_path_info ^(.+\.php)(/.+)$;
access_log off;
 
  +
include fastcgi_params;
  +
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  +
fastcgi_param DOCUMENT_ROOT $realpath_root;
  +
fastcgi_param PATH_INFO $fastcgi_path_info;
  +
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
  +
client_max_body_size 100M;
 
}
 
}
 
access_log /var/log/nginx/invoiceplane_access.log main;
 
error_log /var/log/nginx/invoiceplane_error.log;
 
 
}
 
}
 
</nowiki>}}
 
</nowiki>}}
 
そして {{ic|/etc/nginx/nginx.conf}} に {{ic|invoiceplane.conf}} ファイルを記述:
 
# InvoicePlane configuration
 
include invoiceplane.conf;
 
   
 
=== Explicitly permit InvoicePlane directories for php-fpm ===
 
=== Explicitly permit InvoicePlane directories for php-fpm ===

2021年8月28日 (土) 09:42時点における版

InvoicePlane は見積書・請求書・顧客・入金を管理するセルフホスト型のオープンソースアプリケーションです。

インストール

invoiceplaneAUR パッケージをインストールしてください。

設定

データベース

以下は MariaDB を使って Invoiceplane のデータベースをセットアップする例です。データベースの名前は invoiceplane、ユーザー名は invoiceplane、パスワードは password としています:

CREATE DATABASE invoiceplane;
GRANT ALL PRIVILEGES ON invoiceplane.* TO invoiceplane@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

ウェブサーバー

Apache

Apache の設定ファイルを作成:

/etc/httpd/conf/extra/invoiceplane.conf
Alias /invoiceplane "/usr/share/webapps/invoiceplane"
<Directory "/usr/share/webapps/invoiceplane">
    DirectoryIndex index.php
    AllowOverride All
    Options FollowSymlinks
    Require all granted
</Directory>

そして /etc/httpd/conf/httpd.conf にファイルを記述:

# InvoicePlane configuration
Include conf/extra/invoiceplane.conf

Lighttpd

Lighttpd の設定に invoiceplane のエイリアスを作成:

alias.url = ( "/invoiceplane" => "/usr/share/webapps/invoiceplane/")

それから設定で mod_alias, mod_fastcgi, mod_cgi を有効にしてください (server.modules セクション)。

nginx

Here is an example config to include in nginx.conf for a subdomain with php-fpm:

/etc/nginx/sites-available/invoiceplane.conf
server {

listen 443 ssl http2;
listen [::]:443 ssl http2;
      #HTTPS Configuration
        ssl_certificate /etc/ssl/certs/cert.pem;
        ssl_certificate_key /etc/ssl/private/key.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_dhparam /etc/nginx/conf/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        keepalive_timeout 70;
        add_header Strict-Transport-Security "max-age=15552000; includeSubdomains";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";
        add_header X-Frame-Options "SAMEORIGIN";

        root /usr/share/webapps/invoiceplane;
        index index.php;

        access_log /var/log/nginx/invoice.access.log;
        error_log /var/log/nginx/invoice.error.log;
                                                                                                       
        server_name invoice.example.com;

        client_body_timeout   60;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;       
    }

    location ~ \.php$ {
        fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        client_max_body_size 100M;
    }
}

Explicitly permit InvoicePlane directories for php-fpm

Since version 7.4 php-fpm is hardened per default and revokes read/write access on /usr (and sub-directories). Therefore it is also necessary to explicitly give permissions on /usr/share/webapps/invoiceplane directories.

Create an override.conf for php-fpm:

# systemctl edit php-fpm.service

Add and save following content.

/etc/systemd/system/php-fpm.service.d/override.conf
[Service]
ReadWritePaths = /usr/share/webapps/invoiceplane/ipconfig.php
ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/
ReadWritePaths = /usr/share/webapps/invoiceplane/application/logs
ReadWritePaths = /usr/share/webapps/invoiceplane/vendor/mpdf/mpdf/tmp

Afterwards restart the php-fpm service and assign write permissions to the http user.

インストールウィザード

データベースとウェブサーバーを設定したら、http://your-invoiceplane-domain.com/index.php/setup からインストールウィザードのページを開いて指示に従ってください。

ローカリゼーション

英語以外の言語を使いたい場合は Translation / Localization を参照してください。

参照