Skip to content

v4 Installation

Jump to bottom Edit New page
David Bomba edited this page Mar 20, 2022 · 4 revisions

v4 installation guides

Host Invoice Ninja on FreeNAS with a self signed cert

First lets create the iocage jail, you can do this through the new UI but its waaay faster to use CLI. ssh into freenas and lets get going.

Create the iocage jail (Replace the ip and router ip with what works for you):

iocage create -n InvoiceNinja -r 11.2-RELEASE ip4_addr="vnet0|192.168.1.23/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"

Lets log into the jail:

iocage console InvoiceNinja

Install all the dependencies:

pkg install -y nginx nano git curl openssl mariadb103-server php71 php71-ctype php71-pdo php71-pdo_mysql php71-session php71-iconv php71-filter php71-openssl php71-phar php71-mysqli aws-sdk-php php71-simplexml php72-xmlreader php72-xmlwriter php72-fileinfo php72-pear-PHP_Parser php72-tokenizer php72-gd php72-curl php72-gmp php72-json php72-zip php72-xml php72-readline php72-opcache php72-mbstring php72-iconv-7.2.31 php72-simplexml-7.2.31

AutoStart php, mysql and nginx:

sysrc mysql_enable=YES
sysrc nginx_enable=YES
sysrc php_fpm_enable=YES
service nginx start
service mysql-server start
service php-fpm start

Modify php files to host the web server using user www:

sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf

sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf

sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf

sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini

Create the MySQL database for invoice ninja:

mysql -u root -e "CREATE DATABASE ninja;"
mysql -u root -e "CREATE USER 'ninja'@'localhost' IDENTIFIED BY 'ninja';"
mysql -u root -e "GRANT ALL PRIVILEGES ON ninja.* TO 'ninja'@'localhost';"
mysql -u root -e "FLUSH PRIVILEGES;"

Secure the database:

Answer most of the questions with yes. Read them.

mysql_secure_installation

Install Invoice Ninja (Installed to /usr/local/ninja):

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
mkdir /usr/local/ninja
git clone https://github.com/hillelcoren/invoice-ninja.git /usr/local/ninja
cd /usr/local/ninja && composer install --no-dev -o

Generate a self signed cert named "ininja":

mkdir -p /etc/nginx/ssl
openssl genrsa -des3 -passout pass:x -out /etc/nginx/ssl/ininja.pass.key 2048
openssl rsa -passin pass:x -in /etc/nginx/ssl/ininja.pass.key -out /etc/nginx/ssl/ininja.key
rm /etc/nginx/ssl/ininja.pass.key
openssl req -new -key /etc/nginx/ssl/ininja.key -out /etc/nginx/ssl/ininja.csr

openssl x509 -req -days 365 -in /etc/nginx/ssl/ininja.csr -signkey /etc/nginx/ssl/ininja.key -out /etc/nginx/ssl/ininja.crt

Set correct permissions for invoice ninja:

touch /usr/local/ninja/.env
chown www:www /usr/local/ninja/.env
chmod -R 755 /usr/local/ninja/storage
cd /usr/local/ninja && chown -R www:www storage bootstrap public/logo

Now lets create the nginx config. Replace the server_name with your IP or domain name:

rm /usr/local/etc/nginx/nginx.conf
nano /usr/local/etc/nginx/nginx.conf

Copy the contents below and replace ip the wiki formatted it weird, copy everything after nginx.conf till the next heading:

nginx.conf

events { worker_connections 1024; }

http { include mime.types; default_type application/octet-stream;

sendfile        on;

keepalive_timeout  65;


server {
	listen      443 default;
	server_name 192.168.1.23;
	ssl on;
	ssl_certificate     /etc/nginx/ssl/ininja.crt;
	ssl_certificate_key /etc/nginx/ssl/ininja.key;
	ssl_session_timeout 5m;
	ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
	ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	root /usr/local/ninja/public;
	index index.html index.htm index.php;
	charset utf-8;
	location / {
		try_files $uri $uri/ /index.php?$query_string;
	}
	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt  { access_log off; log_not_found off; }
	access_log  /var/log/nginx/ininja.access.log;
	error_log   /var/log/nginx/ininja.error.log;
	sendfile off;
	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/var/run/php-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_intercept_errors off;
		fastcgi_buffer_size 16k;
		fastcgi_buffers 4 16k;
	}
	location ~ /\.ht {
		deny all;
	}
}
server {
	listen      80;
	server_name 192.168.1.23;
	add_header Strict-Transport-Security max-age=2592000;
	rewrite ^ https://$server_name$request_uri? permanent;
}

}

Ok lets restart all the services you should be able to access the GUI setup on https://yourip

HTTPS!

service mysql-server restart
service php-fpm restart
service nginx restart

InvoiceNinja Self Hosted on Debian 8

InvoiceNinja Self Hosted on Debian 8 Deploy Invoice Ninja On Debian 8 Securely:

Login as root then Update and install dependencies:

apt-get update && apt-get -y upgrade

apt-get install python-software-properties git curl openssl mariadb-server

Now lets secure the database, read the questions asked and reply Y to all of them in most cases. Remember the password you set.

mysql_secure_installation

Lets create the database for Invoice Ninja:

mysql -uroot -p

CREATE DATABASE invoiceNinja;

CREATE USER 'ninja'@'localhost' IDENTIFIED BY 'n1njaNinj@R0ck';

GRANT ALL PRIVILEGES ON invoiceNinja.* TO 'ninja'@'localhost';

FLUSH PRIVILEGES;

exit

Now lets install php and nginx our webserver. I have choosen PHP version 7.1

apt-get install nginx php7.1 php7.1-fpm php7.1-cli php7.1-mcrypt php7.1-gd php7.1-curl php7.1-common php7.1-gmp php7.1-json php7.1-zip php7.1-xml php7.1-readline php7.1-opcache php7.1-mysql php7.1-mbstring

Install composer which manages the install of Invoice Ninja :

curl -sS https://getcomposer.org/installer | php

sudo mv composer.phar /usr/local/bin/composer

Installing Invoice Ninja:

Choose a location for your invoice ninja install. I choose to install it in my user's home folder.

cd to your install location then

git clone https://github.com/hillelcoren/invoice-ninja.git ninja && cd ninja

composer install --no-dev -o

Lets setup FAMP stack. Edit your user file for php-fpm

nano /etc/php/7.1/fpm/pool.d/

In that file find

listen = /var/run/php-....

and change it to this, if it already the same, continue.

listen = /var/run/php-fpm.sock

Next edit the Invoice Ninja config of your site.

cd /etc/nginx/sites-available

touch **yoursitename**

Example: touch ninja.com or ninja.home

nano yoursitename

Copy the contents below. We will make the certificates in the next step just edit the name or path if you want.

MAKE SURE TO EDIT THE FOLLOWING

Replace yoursite with yourstie. Example ninja.myface.home

Replace the root path with your install folder /public

Copy the whole thing!!

server {

listen 443 default;

server_name yoursite;

ssl on;

ssl_certificate /etc/nginx/ssl/ininja.crt;

ssl_certificate_key /etc/nginx/ssl/ininja.key;

ssl_session_timeout 5m;

ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

root /home/user/invoice-ninja/public;

index index.html index.htm index.php;

charset utf-8;

location / {

try_files $uri $uri/ /index.php?$query_string;

} location = /favicon.ico { access_log off; log_not_found off; }

location = /robots.txt { access_log off; log_not_found off; }

access_log /var/log/nginx/ininja.access.log;

error_log /var/log/nginx/ininja.error.log;

sendfile off;

location ~ .php$ {

fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass ;

fastcgi_index index.php;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_intercept_errors off;

fastcgi_buffer_size 16k;

fastcgi_buffers 4 16k;

} location ~ /.ht {

deny all;

} }

server {

listen 80;

server_name yoursite;

add_header Strict-Transport-Security max-age=2592000;

rewrite ^ ? permanent; }




If you notice, this file is created in the sites-available folder. But there is a sites-enabled folder, so we will link this file to that folder.

sudo ln -s /etc/nginx/sites-available/**your_ininja_site** /etc/nginx/sites-enabled/**your_ininja_site**

Now Invoice Ninja and the WebServer are configured to only allow https. In the file above under listen 443 we made references to certificates.

Let us create those certificates now.

mkdir -p /etc/nginx/ssl

cd /etc/nginx/ssl

openssl genrsa -des3 -passout pass:x -out ininja.pass.key 2048

openssl rsa -passin pass:x -in ininja.pass.key -out ininja.key

rm ininja.pass.key

openssl req -new -key ininja.key -out ininja.csr

openssl x509 -req -days 365 -in ininja.csr -signkey ininja.key -out ininja.crt

Set correct permissions for Invoice Ninja:

cd /path/to/ninja/install

touch .env

sudo chown www-data:www-data .env

sudo chmod -R 755 storage

sudo chown -R www-data:www-data storage bootstrap public/logo

Ok lets see if this all works:

service php7.1-fpm restart

service nginx restart

If you can restart those services then you are up and running securely!! Go to your ip or FQDN and hope for the best. If you see the Invoice Ninja setup GUI you are all done :) Follow the on screen instructions to complete the setup.

Need more information? Please see our full documentation here

Add a custom sidebar
Clone this wiki locally