FoolFuuka/Install/EL8
Installing FoolFuuka (Pleebe fork)[edit]
- Create a non-root service user, such as
asagi. For the benefit of SELinux, it is best to use /var/lib/asagi for daemon users so that systemd will be allowed to access that directory (it cannot access /home directory by default with SELinux).
useradd -m -s /bin/bash -d /var/lib/asagi asagi
1.Install nginx supported appstreams rather than EPEL
dnf --disablerepo=epel-modular module enable nginx:1.22 dnf install nginx
2.Install MariaDB (Warning: 10.5 and up do not support TokuDB, see the TokuDB guide regarding how to use it)
3.Install PHP7.4
Enable latest php appstream:
sudo dnf module enable php:7.4 sudo dnf install php dnf install php-cli php-fpm php-bcmath php-json php-opcache php-readline php-curl php-mysqli php-mbstring php-gd php-zip php-xml
Start nginx:
systemctl restart php-fpm.service sudo nginx -s reload systemctl restart nginx
4.Edit /etc/php.ini
upload_max_filesize = 32M post_max_size = 32M max_execution_time = 240 max_file_uploads = 82
Also set /etc/php-fpm.d/www.conf to set asagi user and asagi group (easier to deal with than a separate group)
; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache user chosen to provide access to the same directories as httpd ; NOTE: we configure it to have the same permissions as asagi user to simplify user = asagi group = asagi ;user = apache ; RPM: Keep a group allowed to write in log dir. ;group = apache
Make sure that if you have run php-fpm at least once, then the contents of /var/lib/php are owned by asagi group.
Finally, start and enable php-fpm.
systemctl start php-fpm systemctl enable php-fpm
If you’re using SELinux, make sure to enable the following policy (found by grep /var/log/audit/audit.log | audit2why):
setsebool -P httpd_unified 1
5.Edit /etc/nginx/nginx.conf
Add client_max_body_size 32M;
to the http{} block
6.Install ImageMagick without the rest of X11 dependencies
dnf --setopt=install_weak_deps=False install imagemagick
7.Install composer using root user ( composer itself should not be used by root)
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
test composer as a normal user
composer
8.MySQL entries
sudo nano /etc/my.cnf.d/client.cnf
Add the following so the mysql client creates utf8mb4 by default
[client] default-character-set = utf8mb4
Create the asagi mariadb user used by the scraper, and the foolfuuka database and separate asagi databases. Replace YOUR_PASSWORD_HERE with the password to use, and keep that password in a safe place (if this is a shared server, place it in /root/pws.txt for only root users to read).
mysql -u root -pPassword CREATE USER 'asagi'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE'; CREATE DATABASE foolfuuka DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci; GRANT ALL PRIVILEGES ON `foolfuuka`. * TO 'asagi'@'localhost'; CREATE DATABASE asagi DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci; GRANT ALL PRIVILEGES ON `asagi`. * TO 'asagi'@'localhost'; CREATE USER 'backup'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE'; GRANT ALL PRIVILEGES ON `foolfuuka`. * TO 'backup'@'localhost'; GRANT ALL PRIVILEGES ON `asagi`. * TO 'backup'@'localhost'; FLUSH PRIVILEGES; EXIT;
6.Git clone and install FoolFuuka
Create a directory for this foolfuuka instance, we will call it /var/www/foolfuuka :
cd /var/www/ git clone https://github.com/pleebe/FoolFuuka chown asagi:asagi -R /var/www/foolfuuka
> Warning: All steps below MUST be run as the asagi user by becoming sudo su - asagi . Do not run composer as root anymore.
Become the service user, and then navigate to your public directory (/var/www/foolfuuka)
sudo su - asagi cd /var/www/foolfuuka
Edit composer.json (lowercase error, should really ask pleebe about this)
replace "forxer/Gravatar": "2.1.*",
with "forxer/gravatar": "2.1.*",
As the service user, add the github oauth token to ~/.config/composer/auth.json (or you can do it when prompted by composer):
{
"github-oauth": {
"github.com": "YOUR_TOKEN_HERE"
}
}
Follow this guide to obtain the Github Oauth token.
https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
composer dump-autoload --optimize composer install (with sudoer user, not root, this is required so you can overwrite the github token in the event that you need to)
(generate your token on github and insert it if needed)
cd /var/www/foolfuuka/app/foolz/foolframe/plugins git clone https://github.com/pleebe/foolfuuka-plugin-board-statistics.git git clone https://github.com/FoolCode/foolfuuka-plugin-dice-roll.git git clone https://github.com/pleebe/foolfuuka-plugin-intel-share.git git clone https://github.com/pleebe/foolfuuka-plugin-popup-report.git git clone https://github.com/FoolCode/foolfuuka-plugin-quests.git git clone https://github.com/pleebe/foolfuuka-plugin-spam-guard.git git clone https://github.com/pleebe/foolfuuka-plugin-thread-chunk.git git clone https://github.com/pleebe/foolfuuka-plugin-adverts.git git clone https://github.com/pleebe/foolfuuka-plugin-external-links.git git clone https://github.com/pleebe/foolfuuka-plugin-fortune.git git clone https://github.com/pleebe/foolfuuka-plugin-cloudflare-cache-purge.git git clone https://github.com/pleebe/foolfuuka-plugin-table.git git clone https://github.com/pleebe/foolframe-plugin-articles
9.Set Permissions and Group for FoolFuuka Directory. Also set up the /var/www/foolfuuka/public/foolfuuka/boards/ directory where full images are stored, you can symlink this to a different directory for storage on a RAID or NFS mount or something (can be set to 770 instead if giving global permissions). (or you can choose a different group for both nginx and asagi to be in.)
chown -Rf asagi:asagi /var/www/foolfuuka mkdir /var/www/foolfuuka/public/foolfuuka/boards/ chown -Rf asagi:nginx /var/www/foolfuuka/public/foolfuuka/boards chmod 775 /var/www/foolfuuka/public/foolfuuka/boards/
We do some even more stringent configurations too:
chmod 770 /var/www/foolfuuka/app/foolz/foolframe/logs/
10.Create nginx configuration in sites-enabled
sudo nano /etc/nginx/conf.d/foolfuuka.conf
Edit with the following (replace WEB_SITE_NAME with the name of the website):
server {
listen 80;
listen [::]:80;
server_name www.WEB_SITE_NAME.com WEB_SITE_NAME.com;
#if ($server_protocol ~* "HTTP/1.0") {
# return 400;
#}
root /var/www/foolfuuka/public;
index "index.php" "index.html";
location ~* \.(?:cur|gz|js|css|ico)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
location "/" {
location ~ "\.php$" {
fastcgi_pass "unix:/run/php-fpm/www.sock";
fastcgi_param "SCRIPT_FILENAME" "$document_root$fastcgi_script_name";
fastcgi_keep_conn on;
fastcgi_index "index.php";
include "fastcgi_params";
fastcgi_buffering on;
fastcgi_buffer_size 64k;
fastcgi_buffers 128 64k;
limit_req zone=limit_req__foolfuuka_php burst=5;
}
if (!-e "${request_filename}") {
rewrite "^" "/index.php";
}
}
# Certbot stuff
# listen [::]:443 ssl ipv6only=on; # managed by Certbot
# listen 443 ssl; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/www.WEB_SITE_NAME.net/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/www.WEB_SITE_NAME.net/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Start nginx:
nginx -s reload systemctl enable nginx systemctl status nginx
Go to your admin panel, it should prompt you with the requirement check, and enter your database/user/password (asagi/asagi/toor in this example case).
After the installation is finished and you have access to the panel go to
your_site.net/admin/preferences/general/
In the database information, enter localhost as the database IP (unless for some reason your database is on another server). enter the asagi SQL database user and password, and keep that password in a safe place (if this is a shared server, place it in /root/pws.txt for only root users to read).
Do not change the table prefix: this is used in cases where multiple foolfuuka instances use the same database, which is strongly discouraged.
and set Imagemagick Convert path to /usr/bin/convert or wherever whereis convert is
Create an admin account that will be shared by all root users and put the password into /root/pws.txt . This admin account can be used to create more accounts later.
Also make sure to enable the articles page.
- That’s it, that installs the FoolFuuka frontend on RHEL8
