Let’s try and install eLabFTW a free and open source electronic lab notebook (PHP/MySQL) on an OpenBSD VPS from Vultr.

We will install the nginx webserver for HTTP/HTTPS with PHP and MySQL.

Init

  • Go to Vultr.com and create an account.
  • Add some funds
  • Deploy a new VC2 server
  • Select a region and OpenBSD 6
  • Add your SSH key
  • Create the server and copy the IP address
  • Go to your domain name config panel and add a subdomain pointing to this IP. We will use elabftw.example.org.

Connect

# ssh to the server
ssh root@<IP OF THE SERVER>
# let's setup a variable so you can copy paste without editing:
export DOMAIN=<YOUR DOMAIN NAME>
# setup pkg source
echo "https://ftp.fr.openbsd.org/pub/OpenBSD/" > /etc/installurl
# install essentials
pkg_add git zsh vim
# setup dotfiles
git clone https://github.com/NicolasCARPi/.dotfiles && sh ~/.dotfiles/install.sh
# start tmux
tmux

Nginx

# install it
pkg_add nginx
# enable it on boot
rcctl enable nginx

Now we want TLS certificates. So add a file /etc/nginx/acme.conf:

location ^~ /.well-known/acme-challenge {
    alias /var/www/acme;
    try_files $uri =404;
}

Now add include acme.conf; in the main config file (/etc/nginx/nginx.conf):

server {
    listen       80;
    listen       [::]:80;
    server_name  localhost;
    root         /var/www/htdocs;

    # this is the line you add
    include acme.conf;
    

Get a certificate

Edit /etc/acme-client.conf and add a domain like so:

domain elabftw.example.org {
	domain key "/etc/ssl/private/elabftw.example.org.key"
	domain certificate "/etc/ssl/elabftw.example.org.crt"
	domain full chain certificate "/etc/ssl/elabftw.example.org.fullchain.pem"
	sign with letsencrypt
}
# start nginx
rcctl start nginx
# get a certificate
acme-client -vAD $DOMAIN

Now we add the real HTTPS config for elabftw in /etc/nginx/nginx.conf:

# redirect all to https
server {
    listen       80;
    listen       [::]:80;
    server_name  elabftw.example.org;
    return 301 https://$server_name$request_uri;
}
# the elabftw server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

index index.php index.html
server_name elabftw.example.org;
root         /var/www/elabftw.example.org;

access_log  logs/host.access.log  main;

include acme.conf;
# pass the PHP scripts to FastCGI server listening on unix socket
location ~ \.php$ {
    try_files      $uri $uri/ =404;
    fastcgi_pass   unix:run/php-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/ssl/elabftw.example.org.crt;
ssl_certificate_key /etc/ssl/private/elabftw.example.org.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
} 

Don’t forget to replace elabftw.example.org by your own domain name:

sed -ie 's/elabftw.example.org/'"$DOMAIN"'/g' /etc/nginx/nginx.conf

Also make sure to uncomment the three lines defining the “main” log format.

Generate the dhparam.pem file:

openssl dhparam -out /etc/nginx/dhparam.pem 2048

PHP-FPM

# install php + extensions
pkg_add php php-curl php-zip php-mcrypt php-gd php-pdo_mysql
rcctl enable php70_fpm
# enable php extensions
find /etc/php-7.0.sample -type f -execdir cp {} /etc/php-7.0/{} \;
# yeah you can use cp also directly but the star character messes up the
# syntax highlighting…

MySQL (MariaDB)

# install it
pkg_add mariadb-server
# enable it on boot
rcctl enable mysqld
# init
/usr/local/bin/mysql_install_db
# start
rcctl start mysqld
# remove crap and setup a root password
/usr/local/bin/mysql_secure_installation

Now to create a database and a user:

mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE elabftw;
MariaDB [(none)]> CREATE USER 'elabftw'@'localhost' IDENTIFIED BY 'password';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON elabftw. * TO 'elabftw'@'localhost';
MariaDB [(none)]> exit;

eLabFTW

cd /var/www
git clone --depth 1 https://github.com/elabftw/elabftw $DOMAIN
cd $DOMAIN
# create an alias for the composer commands
ln -s /usr/local/bin/php-7.0 /usr/local/bin/php
# allow url fopen
sed -ie 's/allow_url_fopen = Off/allow_url_fopen = On/' /etc/php-7.0.ini
# install composer
# see https://getcomposer.org/download/
mv composer.phar /usr/local/bin/composer
composer install --no-dev

Finishing up

rcctl start php70_fpm
rcctl restart nginx
mkdir -p /var/www/$DOMAIN/uploads/tmp
chown -R www:www /var/www/$DOMAIN/uploads

Now go to your domain name and you should see the install page.

Replace “localhost” by “127.0.0.1” in the first field.

Test the connection and save the config.php file and copy it to the server:

scp config.php root@$DOMAIN:/var/www/$DOMAIN

Now reload the install page and you should see the account creation page.

ENJOY :D