這一段是目前小弟我一直都在使用的知識庫管理，小弟所架設的知識庫是由這一套服務來使用的，也感謝 Jason Cheng 大大所介紹的開源軟體，這一套是可以像是線上式的圖書館方式來規劃管理，如果沒有要求特別的功能的話這一套服務是滿適合使用的，那我們開始來教導如何安裝此服務。

運行環境

• 系統環境：CentOS 7
• Web服務：Nginx 1.17
• 網頁服務：PHP 7.4
• 資料庫服務：Mariadb 10.4

WEB 服務安裝

• 首先增加 Nginx.repo 服務

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

• 安裝服務

先安裝可以選擇指定的 yum 的套件
yum install yum-utils -y

指定要安裝的套件，這樣子就不會去選擇內鍵的路徑
yum-config-manager --enable nginx-mainline

接下來就可以開始安裝 Nginx 服務
yum install nginx -y

啟動及自動啟動服務
systemctl start nginx ; systemctl enable nginx

資料庫服務安裝

• 首先新增加 MariaDB.repo 官方載點

• 手動新增 Mariadb 來源庫

vim /etc/yum.repos.d/MariaDB.repo

• 填入以下的內容

# MariaDB 10.4 CentOS repository list - created 2020-04-19 04:41 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

• 安裝 MaridDB 服務

yum install MariaDB-server MariaDB-client -y

• 資料庫安裝及設定

systemctl enable mariadb ; systemctl start mariadb   # 啟動資料庫服
mysql_secure_installation   # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

# 以下的詢問就以預設為主直接按 Enter 即可

Switch to unix_socket authentication [Y/n]
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

• 登入資料庫設定資料表及權限

# 登入資料庫裡設定資表及權限
mysql -u root -p   

# 在資料庫裡新增BookStack表單
CREATE DATABASE IF NOT EXISTS bookstackdb DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

# 密碼請自己輸入好記錄的密碼
GRANT ALL PRIVILEGES ON bookstackdb.* TO 'bookstackuser'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

# 重新載入設定值
FLUSH PRIVILEGES;

# 離開資料庫
quit

PHP 服務安裝

• 先安裝額外的套件及載點

yum install -y epel-release yum-utils

• 因內鍵預設版本是 PHP 5.4 因此本版官方已不在維護，建議直接安裝當時官方所提供主要版本，現在安裝版本是 PHP 7.4

rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php74

• 安裝 PHP 套件

yum install -y php php-mysqlnd php-pdo php-xml php-pear php-devel php-mbstring re2c gcc-c++ gcc \
php-fpm php-mysql php-gd php-cli php-json php-opcache php-curl php-ldap php-odbc php-xmlrpc php-soap \
curl curl-devel php-intl php-zip php-openssl php-tidy php-tokenizer php-xml

• 安裝好 PHP 要去修改 vim /etc/php.ini 設定檔

修改前
;cgi.fix_pathinfo=1
修改後
cgi.fix_pathinfo=0
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
修改資料上傳限制
; 上傳檔案大小上限（單一檔案大小）
upload_max_filesize = 50M 

; POST 大小上限（所有檔案大小加總）
post_max_size = 200M

; 記憶體用量上限
memory_limit = 512M

; Script執行時間上限(單位：秒)
max_execution_time = 600

; Script處理資料時間上限(單位：秒)
max_input_time = 600

; Socket無回應斷線時間(單位：秒)
default_socket_timeout = 600

存檔
:wq

• 設定 PHP-FPM vim /etc/php-fpm.d/www.conf

由誰使用此服務
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group =nginx

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

php_value[session.save_path]    = /var/www/html/sessions

修改好存檔
:wq

• 重啟及開機自動啟動 PHP-FPM 服務

systemctl restart php-fpm ; systemctl enable php-fpm

Nginx 服務設定檔

本機全域設定

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig   # 備份原本預設的設定檔
vim /etc/nginx/nginx.conf   # 新增新的nginx設定檔
---
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
    worker_connections 1024;
}
#
http {
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
#
    access_log /var/log/nginx/access.log  main;
#
#
    client_max_body_size 2048m;
    client_body_buffer_size 256k;
    client_body_timeout 1800s;
    client_header_timeout 1800s;
    fastcgi_intercept_errors on;
    fastcgi_buffers 4 64K;
#
    server_tokens off;
#
# Default is 60, May need to be increased for very large uploads
#
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
#
    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type application/octet-stream;
# Restoring the original visitor IP for your web application
    set_real_ip_from 127.0.0.1;
# use any of the following two
# real_ip_header CF-Connecting-IP;
    real_ip_header X-Forwarded-For;
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Powered-By eiblog/1.3.0;
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Cache-Control no-cache;
}

本機服務器設定檔

vim /etc/nginx/conf.d/bookstack.conf   #網頁的設定檔

#
server {
    listen 80;
    server_name 您的hostname或是IP;
#
    access_log /var/log/nginx/bookstack_access.log;
    error_log /var/log/nginx/bookstack_error.log;
#
    fastcgi_buffers 64 4K;
#
    index index.php;
#
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
#
#
    location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
        deny all;
    }
#
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;
    }
#
    location ~* \.(?:ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        expires 30d;
        access_log off;
    }
}

BookStack 服務安裝

• 安裝 Composer 作曲家服務

# 將dirs更改為我們希望將composer安裝到的位置
cd /usr/local/bin   

# 安裝 composer
curl -sS https://getcomposer.org/installer | php   

# 重新命名 composer
mv composer.phar composer   

• BookStack 放置位置

# 希望將 BookStack 存放的位置   
cd /var/www/html   

# 新增from php sessions
mkdir /var/www/html/sessions   

# 從github上下載最新版本的BookStackApp資料
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch   

# 進入到 BookStack 目錄下用 composer 安裝服務
cd BookStack && composer install --no-dev 

• BookStack 設定

# 複製範本設定文件
cp .env.example .env   

# 更新與數據庫中的新的配置，以及其他設置
vim .env   
---
DB_HOST=localhost
DB_DATABASE=bookstackdb
DB_USERNAME=bookstackuser
DB_PASSWORD=bookstackpass
---

All other settings are fine as default, but feel free to change any others as you see fit.

# 在.env中生成並更新APP_KEY
php artisan key:generate --force   

# 將所有權更改為Web服務器用戶
chown -R nginx:nginx /var/www/html/{BookStack,sessions}   

# 產生新的資料庫表及其他設定
php artisan migrate --force   

• 開啟瀏灠器輸入 http://server_ip  預設帳號為：admin@admin.com 密碼為： password

參考相關網頁

• BookStackApp官方網站
• BookStackApp官方文件
• CentOS 7安裝參考網站
• BookStackApp Jason Cheng 大大介紹網站