Alpine newbie developer: full stack web

gitea is a management interface.. this guide will install locally for local management of git, for better installation please refers to Alpine_newbie_developer: gitea wiki page.

Git is the version control system (VCS) software behind gitea perse, so must be installed first. But repositories on server are not same as in clients.. server repositories are bare repositories.

This guide does work either if are or not in main or edge the gitea package:, take note, do not install any more from edge.. so in fact all gitea dependencies must be listed and installed before gitea and edge brand are activated, so the following process will guide and show you how to do that; first gain root privileges and then:

1. added and update normal repositories
2. install direct dependences: git, gnupg, make, bash, coreutils and from normal stable repositories
3. install indirect dependences: manpages, grep, lsof, less, curl, binutils, attr, dialog
4. alternate edge repositories
5. install gitea from edge repository
6. restore normal repository
7. Start gitea init script!
8. Make enabled the init script!

cat > /etc/apk/repositories << EOF; $(echo)
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
EOF

apk update

apk add git git-lfs git-doc gnupg gnupg1 make bash bash-doc coreutils

apk add man man-pages grep grep-doc lsof lsof-doc less less-doc curl curl-doc binutils dialog dialog-doc attr

export PAGER=less

cat >> /etc/apk/repositories << EOF; $(echo)
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
http://dl-cdn.alpinelinux.org/alpine/edge/main
http://dl-cdn.alpinelinux.org/alpine/edge/community
EOF

apk update

apk add gitea

cat > /etc/apk/repositories << EOF; $(echo)
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
EOF

apk update

rc-update add gitea default

rc-service gitea restart

Take in consideration that the user gitea was configure during installation.

Gitea runs as gitea user, and www-data group, so are compatible with any web deploy in system webservers packages of alpine repositories, but not with any other external installation if does not are same as.

Gitea has two configuration files, the system defaults at /var/lib/gitea/conf/app.ini and modifiable package defaults, at /etc/gitea/app.ini. Original files are in /usr/share/webapps/gitea and are defaults non-modifiable. For specific and better configurations visit Alpine_newbie_developer: gitea wiki page.

Gitea for data database backend for storing configurations.. SQLite are the default. But for others database backends alpine packages of MySQL/MariaDB or PostgreSQL are like normal tarball of each one, admins must know what they want.. there's no automatic window-like installation here. So first go to MariaDB or PostgreSQL wiki pages and with a user database configure in the /etc/gitea/app.ini and modify the DB_TYPE change from sqlite to postgres or mysql, NAME as the database access where gitea will store the data, USER as the user that will access the database, PASSWORD with the password of the user to access to the database defined. HOST must be with "localhost" value since this wiki assumes local installation. For specific and better configurations visit Alpine_newbie_developer: gitea wiki page.

Gitea can be customized: just take same path from /usr/share/webapps/gitea/ and put in same manner at /var/lib/gitea/custom/ place, by example to customize default landing page, just take a copy of the /usr/share/webapps/gitea/templates/home.tmpl and put modified one as /var/lib/gitea/custom/templates/home.tmpl as well.

After install and initialized the daemon, you now can just go to http://localhost:3000 and start the post-installation process, if you dont want to change any configuration.. if not check next sections. A starting page will be show.

The post install page, only are show when try to use the system, away of the starting page, by example if browse the repositories or try to login. You must not forget to setup that installation.

Administrator account must be configured before push "install gitea", the button at the end of the post-configuration page when you first visit the installation. Provide and username for admin user, take note "admin" are a reserved word so choose another name. after provide passowrd you will continue the installation.

Alpine is minimalist so not all PHP packages are needed in most cases, in development environment we used most, but for PHP at production LAMP please take a look at the Production LAMP system: Lighttpd + PHP + MySQL wiki page.

Since version v3.5, PHP 7 is available along with PHP 5.6 coexisting together, until version v3.9 where the latter was removed. So for Alpine 3.5+m we will assume PHP7, if you need PHP5.6 still could use it, that will be cover in the special Production LAMP system: Lighttpd + PHP5 + MySQL wiki page for older Alpine systems and some PHP specific software.

1. Install core packages of PHP
2. Install databases access packages of PHP, take into consideration the previous ODBC configurations
3. Install extra packages of PHP

apk add php7 php7-bcmath php7-bz2 php7-ctype php7-curl php7-dom php7-enchant php7-exif php7-fpm php7-gd php7-gettext php7-gmp php7-iconv php7-imap php7-intl php7-json php7-mbstring php7-opcache php7-openssl php7-phar php7-posix php7-pspell php7-recode php7-session php7-simplexml php7-sockets php7-sysvmsg php7-sysvsem php7-sysvshm php7-tidy php7-xml php7-xmlreader php7-xmlrpc php7-xmlwriter php7-xsl php7-zip php7-sqlite3

apk add php7-dba php7-sqlite3 php7-mysqli php7-mysqlnd php7-pgsql php7-pdo_dblib php7-pdo_odbc php7-pdo_pgsql php7-pdo_sqlite 

apk add php7-snmp php7-soap php7-ldap php7-pcntl php7-pear php7-shmop php7-wddx php7-cgi php7-pdo php7-snmp php7-tokenizer 

1. Use fix.pathinfo
2. Set safe mode to be off
3. Don't expose PHP code if something fails
4. Set memory limit for execution to 256Mb (most servers are minimal of 1Gb of RAM)
5. So then set upload size to 56Mb as maximum.
6. Set then POST max size to 128Mb based on the upload max size limit.
7. Turn on the URL open method
8. Set default charset to UTF-8 for more compatibility
9. Increase the execution time and the input time for.

sed -i -r 's|.*cgi.fix_pathinfo=.*|cgi.fix_pathinfo=1|g' /etc/php*/php.ini
sed -i -r 's#.*safe_mode =.*#safe_mode = Off#g' /etc/php*/php.ini
sed -i -r 's#.*expose_php =.*#expose_php = Off#g' /etc/php*/php.ini
sed -i -r 's#memory_limit =.*#memory_limit = 256M#g' /etc/php*/php.ini
sed -i -r 's#upload_max_filesize =.*#upload_max_filesize = 56M#g' /etc/php*/php.ini
sed -i -r 's#post_max_size =.*#post_max_size = 128M#g' /etc/php*/php.ini
sed -i -r 's#^file_uploads =.*#file_uploads = On#g' /etc/php*/php.ini
sed -i -r 's#^max_file_uploads =.*#max_file_uploads = 12#g' /etc/php*/php.ini
sed -i -r 's#^allow_url_fopen = .*#allow_url_fopen = On#g' /etc/php*/php.ini
sed -i -r 's#^.default_charset =.*#default_charset = "UTF-8"#g' /etc/php*/php.ini
sed -i -r 's#^.max_execution_time =.*#max_execution_time = 150#g' /etc/php*/php.ini
sed -i -r 's#^max_input_time =.*#max_input_time = 90#g' /etc/php*/php.ini

The PHP-FPM defined a master process with some pool of process for each service resuests, by default there's only one pool of processes, the www pool process.

1. Create directory for php socket and pid files, MUST BE EQUAL to openrc init script defined!
2. Set into configuration file the socket path, MUST BE EQUAL to openrc init script defined!
3. Set into configuration file the pid file path, MUST BE EQUAL to openrc nit script defined!
4. enable the mod_alias at the config file, due need of a specific path for cgi files into security
5. be sure and disable the fastcgi-php module by cgi only
6. and then enable the fastcgi-php-fpm specific module then
7. write a much much better approach of the php handler in the local server using the socket
8. configure the php to use also the socket too for direct connection locally
9. restart the service to see changes at the browser

mkdir -p /var/run/php-fpm7/

chown lighttpd:root /var/run/php-fpm7

sed -i -r 's|^.*listen =.*|listen = /run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^pid =.*|pid = /run/php-fpm7/php7-fpm.pid|g' /etc/php*/php-fpm.conf

sed -i -r 's|^.*listen.mode =.*|listen.mode = 0640|g' /etc/php*/php-fpm.d/www.conf

rc-update add php-fpm7 default

service php-fpm7 restart

mkdir -p /var/www/localhost/cgi-bin

sed -i -r 's#\#.*mod_alias.*,.*#    "mod_alias",#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_cgi.conf".*#   include "mod_cgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi.conf".*#\#   include "mod_fastcgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi_fpm.conf".*#   include "mod_fastcgi_fpm.conf"#g' /etc/lighttpd/lighttpd.conf

cat > /etc/lighttpd/mod_fastcgi_fpm.conf << EOF
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = (
    ".php" => (
      "localhost" => (
        "socket"                => "/var/run/php-fpm7/php7-fpm.sock",
        "broken-scriptfilename" => "enable"
      ))
)
EOF

sed -i -r 's|^.*listen =.*|listen = /var/run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 'php-fpm7 restart

rc-service lighttpd restart

echo "<?php echo phpinfo(); ?>" > /var/www/localhost/htdocs/info.php

For testing open a browser and go to http://<webserveripaddres>/info.php and you will see only the minimal info due in production there's no need for too much information to crackers. The "webserveripaddres" are the ip address of your setup/server machine.

After that, all the files with php will be proceses faster than used a host based, also under the /var/www/localhost/cgi-bin directory will be showed as http://localhost/cgi-bin/ path.

apk add nodejs

Alpine Linux has dummy counterparts packages for those that are not close to that change from mysql to mariadb naming packages.

Take in consideration that the user mysql was created during instalation of packages, in the initialization section two users will be created in database init: root and mysql, and in that point only if are in their respective system accounts, will be able to connect to the database service.

apk add mysql mysql-client mariadb-doc mariadb-connector-c-dev 

That will install the most used ones.. mariadb-cient and mariadb-server with respective documents and manpages for developing, rest of packages are brief described in the MariaDB Alpine wiki page.

The datadir are located to /var/lib/mysql must be owned by the mysql user and group. You can modify this behavior but must edit the service file at /etc/init.d directory. Also, you need to set datadir=<YOUR_DATADIR> under section [mysqld] at the config file.

1. Initialize the main mysql database, and the data dir as standardized to /var/lib/mysql by the rc script
2. Then initialize the service, root account and socket connection are enabled without password at this point
3. Setup the root account by asignes a proper password, this are purely paranoid. due next step already do that!
4. Setup and init the installation by running the mysql_secure_installation
5. Setup permissions for manage others users and databases
6. Run the mysql_secure_installation script and answer the questions (see section below)

mysql_install_db --user=mysql --datadir=/var/lib/mysql

rc-service mariadb start

mysqladmin -u root password toor

mysql_secure_installation

1. Enter current password for root (enter for none): must be provided due we already set previously. correct respond are OK, successfully used password, moving on...
2. Switch to unix_socket authentication [Y/n] this are not the case and must be disabled, so answer NO, and response will be ... skipping.
3. Change the root password? [Y/n] Just press "n" only if you provided a good password, otherwise just change it!
4. Remove anonymous users? [Y/n] In any case, production system must remove it, so answer Y and proper respond mus be ... Success!.
5. Disallow root login remotely? [Y/n] For sure answer Y and proper respond mus be ... Success!.
6. Remove test database and access to it? [Y/n] Should be removed, so answer Y and proper respond mus be ... Success!.
7. Reload privilege tables now? [Y/n] Answer Y and proper respond mus be ... Success!.

After aswered all the questions.. restart the service with rc-service mariadb restart

Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output, for more info about that watch the MariaDB Configuration files section of the MariaDB wiki page.

• On older Alpine system must set config files for MAX ALLOWED PACKETS to minimun proper amount
• Set default charset to UTF8MB4
• Added the service to start process but not at boot process due needs networking started.
• Restart the service to apply changes.

sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/mysql/my.cnf
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/my.cnf.d/mariadb-server.cnf

cat > /etc/my.cnf.d/mariadb-server-default-charset.cnf << EOF
[client]
default-character-set = utf8mb4

[mysqld]
collation_server = utf8mb4_unicode_ci
character_set_server = utf8mb4

[mysql]
default-character-set = utf8mb4
EOF

rc-service mariadb restart

rc-update add mariadb default

On upgrade cases: If are unable to run any mysql command after an upgrade, it's because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script. For more information watch the MariaDB upgrading section of the MariaDB wiki page.

1. keep the old database (mysql sheme) structure of the engine daemon, currently this are not more the case, today this not make sense anymore
2. upgrade the MariaDB/MySQL packages, of course with must be done if the upgrade process to mayor alpine version does not!
3. run the mysql_upgrade -u root -p script, providing the password or root, (from the new package version) against the old still-running database (mysql sheme). This will produce some error messages; however, the upgrade will succeed.
4. Restart the service

If are unable to run mysql_upgrade because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script.