[Linux] Canary + Nginx + MariaDB + MyAAC

This tutorial was created with /home/user. If you are using root user change for a normal user.

Create the user:

  • sudo adduser NAME

Give privileges to the created user:

  • sudo usermod -aG sudo NAME

Change in the Linux Terminal from root to the created user:

  • sudo su - NAME

1 - Download Bitvise:

https://www.bitvise.com/ssh-client-download

1.1 - Bitvise Tutorial:

https://www.bitvise.com/getting-started-install-ssh-client

2 - Installation Canary:

Debian
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

- Edit repository file: 
sudo nano /etc/apt/sources.list

- Append these lines to the end:
deb http://deb.debian.org/debian testing main contrib non-free
deb-src http://deb.debian.org/debian testing main contrib non-free
- Save the file.

sudo apt update
sudo apt install gcc-14 -t testing && sudo apt install g++-14 -t testing
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14 
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-14 14
gcc-14 --version
g++-14 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 20.04
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
sudo apt update
sudo apt install gcc-11 g++-11 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11
sudo update-alternatives --set gcc /usr/bin/gcc-11
gcc-11 --version
g++-11 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 20.04 ARM
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
sudo apt update
sudo apt install gcc-11 g++-11 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11 --slave /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-11  --slave /usr/bin/aarch64-linux-gnu-g++ aarch64-linux-gnu-g++ /usr/bin/aarch64-linux-gnu-g++-11 /usr/bin/gcov-11
sudo update-alternatives --set gcc /usr/bin/gcc-11
gcc-11 --version
g++-11 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
export VCPKG_FORCE_SYSTEM_BINARIES=1
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
export VCPKG_FORCE_SYSTEM_BINARIES=1

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 22.04
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

sudo apt update
sudo apt install gcc-12 g++-12 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 100 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12
sudo update-alternatives --set gcc /usr/bin/gcc-12
gcc-12 --version
g++-12 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 22.04 ARM
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

sudo apt update
sudo apt install gcc-12 g++-12 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 100 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12 --slave /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-12  --slave /usr/bin/aarch64-linux-gnu-g++ aarch64-linux-gnu-g++ /usr/bin/aarch64-linux-gnu-g++-12 /usr/bin/gcov-12
sudo update-alternatives --set gcc /usr/bin/gcc-12
gcc-12 --version
g++-12 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
export VCPKG_FORCE_SYSTEM_BINARIES=1
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
export VCPKG_FORCE_SYSTEM_BINARIES=1

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 24.04
sudo apt update && sudo apt upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-$(uname -r) -y

Update cmake:

sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version

Update gcc:

sudo apt update
sudo apt install gcc-14 g++-14 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 100 --slave /usr/bin/g++ g++ /usr/bin/g++-14 --slave /usr/bin/gcov gcov /usr/bin/gcov-14
sudo update-alternatives --set gcc /usr/bin/gcc-14
gcc-14 --version
g++-14 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary

Observations:

-- Running vcpkg install

This step will take a long time on the first run, as it needs to download and install all the dependencies, so be patient!

• How to update vcpkg:

If you already have vcpkg installed

To update vcpkg installation, run the commands below:

  • git pull

  • .\vcpkg upgrade

  • .\vcpkg upgrade --no-dry-run

  • .\bootstrap-vcpkg.sh

3 - Installation - Nginx:

sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

• How to test: http://server-ip

4 - Installation - MariaDB:

sudo apt install -y mariadb-server mariadb-client
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl status mariadb

sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

When you're done, test if you can log into the MariaDB console by typing: 

sudo mariadb
 
This will connect to the MariaDB server as the database root administrative user, which is assumed by using sudo when running this command.

You should see a result like this: 

"Output
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.6.12-MariaDB-0Ubuntu0.22.04.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDb Corporation and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

To exit the MariaDB console, type:  exit

MariaDB [(none)]> exit

5 - Configuration - MariaDB User:

  • If you have root user-enabled password authentication, you will need to run the following command and enter your password when prompted to be able to connect:

sudo mariadb -u root -p
  • From there, create a new user and give them a strong password:

CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password';
  • Then grant your new user the appropriate privileges. For example, you can grant user privileges to all tables within the database, in addition to the power to add, change, and remove user privileges, with this command:

GRANT ALL PRIVILEGES ON *.* TO 'your_user'@'localhost' WITH GRANT OPTION; 
  • After that, exit the MariaDB shell:

exit

6 - Installation - PHP:

sudo apt remove php*
sudo apt update && sudo apt upgrade -y
sudo apt install python3-launchpadlib
sudo apt install software-properties-common apt-transport-https -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
sudo apt install php8.2 php8.2-cli php8.2-curl php8.2-fpm php8.2-gd php8.2-mysql php8.2-xml php8.2-zip php8.2-bcmath php8.2-mbstring php8.2-calendar -y
php8.2 -v
sudo systemctl start php8.2-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl status php8.2-fpm

sudo apt purge apache2*
sudo apt autoremove -y
cd /
cd etc
sudo rm -r apache2

7 - Installation - phpMyAdmin:

cd /var/www
sudo rm -r html && sudo mkdir html
cd ~
sudo apt install -y wget 
sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip -O phpmyadmin.zip 
sudo unzip phpmyadmin.zip 
sudo mv phpMyAdmin-*-all-languages /var/www/html/phpmyadmin 
sudo rm phpmyadmin.zip 
sudo chown -R www-data:www-data /var/www/html/phpmyadmin 
sudo chmod -R 755 /var/www/html/phpmyadmin 

blowfish_secret=$(openssl rand -base64 24 | sed 's/[\/&]/\\&/g')
sudo cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
sudo sed -i "s#\$cfg\['blowfish_secret'\] = '';#\$cfg\['blowfish_secret'\] = '$blowfish_secret';#" /var/www/html/phpmyadmin/config.inc.php

8 - Configuration - Nginx:

  • In the terminal type the following command:

sudo apt install nano
  • Once installed we will configure Nginx, then in the terminal enter the following command:

sudo rm /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/conf.d/default.conf
  • Configure leaving it this way:

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/html;

	index index.html index.php index.htm index.nginx-debian.html;

	server_name _;

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
	}

	location ~ /\.ht {
		deny all;
	}
}

-

sudo nginx -t
sudo systemctl reload nginx
  • How to test: http://server-ip/phpmyadmin

  • How to restrict phpMyAdmin access:

sudo mv /var/www/html/phpmyadmin /var/www/html/any_combination_youwant

• Change any_combination_youwant for a word that only you know.

• Then you will access phpMyAdmin by: http://server-ip/any_combination_youwant

9 - Database:

  • Go to phpMyAdmin.

  • On the left side click +New and create a database (e.g. canary)

  • Import the schema.sql that is in the server folder.

10 - Config.lua:

• For data-canary:

-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-canary"
-- Don't change this unless you know what you're doing
coreDirectory = "data"

-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = false
mapName = "canary"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"

-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = false

-- Connection Config
ip = "your-ip-or-domain"
serverName = "Canary"

-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"                      
mysqlPass = "your-password"                       
mysqlDatabase = "your-database-name"        
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"

For data-otservbr-global:

-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-otservbr-global"
-- Don't change this unless you know what you're doing
coreDirectory = "data"

-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = true
mapName = "otservbr"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"

-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = true

-- Connection Config
ip = "your-ip-or-domain"
serverName = "OTServBR-Global"

-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"                      
mysqlPass = "your-password"                       
mysqlDatabase = "your-database-name"        
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"

11 - Installation - MyAAC:

cd ~
sudo git clone https://github.com/opentibiabr/myaac.git
sudo mv myaac/* /var/www/html
sudo rm -rf myaac
sudo chown -R www-data.www-data /var/www/html
cd /var/www/html
sudo chmod 755 -R . && sudo chmod 755 -R system/ images/ plugins/ tools/
  • Install MyAAC: http://domain-or-ip/install;

  • Follow the installation steps;

12 - Firewall:

sudo apt install ufw
sudo ufw app list
sudo ufw allow in "Nginx Full"

sudo ufw status
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 7171/tcp
sudo ufw allow 7172/tcp
sudo ufw allow 8245/tcp
sudo ufw reload

13 - Releasing Ports - Google Cloud / Oracle:

sudo cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.bak
sudo truncate -s 0 /etc/iptables/rules.v4

iptables -A INPUT -p tcp --dport 7171 -j ACCEPT
iptables -A INPUT -p tcp --dport 7172 -j ACCEPT
iptables -A INPUT -p tcp --dport 8245 -j ACCEPT

gcloud compute firewall-rules create allow-sete --description "Incoming seteum allowed." \
         --allow tcp:7171 --format json     
   
gcloud compute firewall-rules create allow-dois --description "Incoming setedois allowed." \
         --allow tcp:7172 --format json 

gcloud compute firewall-rules create allow-dois --description "Incoming quatrocinco allowed." \
         --allow tcp:8245 --format json 

14 - Starting the Server:

You will need the installed screen:

sudo apt install screen

14.1 - Basic screen commands:

  • Open a screen:

screen
  • Exit a screen:

CTRL + A, D
  • Back to the last open screen:

screen -r
  • Close a screen:

CTRL + K, Y/N
  • Info:

With the screen open use ./canary in the project root directory to start the server.

15 - Connecting to the Server:

  • Download Client:

  • Note: If the port is changed, it must be added to client.

  • Examples:

  • http://127.0.0.1:8080/login.php

  • http://127.0.0.1:8090/login.php

  • How to edit the client:

16 - Useful Tips:

  • Use this example nginx file with security checks to protect your configurations.

Nginx
server {
    listen       80;
    listen       [::]:80;
#   listen       443 ssl http2;
#   listen       [::]:443 ssl http2;

    server_name _;
#   server_name example.com  www.example.com;
    
    root   /var/www/html/;
    index index.php index.html index.htm;

#   if ($host !~ ^(exemple.com|www.example.com)$){
#       return 400;
#   }

    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }
    
    location ~ /system {
        deny all;
        return 404;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~ /\.git {
        return 403;
    }

    location ~* \.(pl|cgi|py|sh|lua)\$ {
        return 403;
    }

    location ~* ^/wp-content/uploads/.*.(asp|cgi|htm|html|js|jsp|php|pl|py|sh|shtml|swf)$ {
        return 403;
    }

    location ~* ^/(readme|license|schema|password|passwords).*.(txt|html)$ {
        return 403;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
#       try_files $uri $uri/ /index.php;
    }

    location ~ ^/(conf|doc|sql|setup)/ {
        deny all;
        return 403;
    }

#   Pass PHP Scripts To FastCGI Server
    location ~ \.php$ {
#       root /var/www/html/;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

17 - Credits:

Last updated