[WSL] Canary + Nginx + MariaDB + MyAAC
1 - Install WSL:
2 - Install a Linux Distribution:
3 - Installation - Canary:
Debian
sudo apt update && sudo apt dist-upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic -y
Update cmake:
sudo nano /etc/wsl.conf
- Append these lines:
[boot]
systemd=true
- Save the file.
- Close your WSL distro and run the command below from PowerShell to restart your WSL instances:
wsl.exe --shutdown
- After the restart, open WSL distro again.
sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
- Close your WSL distro and run the command below from PowerShell to restart your WSL instances:
wsl.exe --shutdown
- After the restart, open WSL distro again.
cmake --version
Update gcc:
- Edit repository file:
sudo nano /etc/apt/sources.list
- Append these lines to the end:
deb http://deb.debian.org/debian testing main contrib non-free
deb-src http://deb.debian.org/debian testing main contrib non-free
- Save the file.
sudo apt update
sudo apt install gcc-14 -t testing && sudo apt install g++-14 -t testing
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-14 14
gcc-14 --version
g++-14 --version
-
sudo apt install acl
cd ~
git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~
git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 775 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4
cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 20.04
sudo apt update && sudo apt dist-upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic -y
Update cmake:
sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version
Update gcc:
sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
sudo apt update
sudo apt install gcc-11 g++-11 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11
sudo update-alternatives --set gcc /usr/bin/gcc-11
gcc-11 --version
g++-11 --version
-
sudo apt install acl
cd ~
git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~
git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 775 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4
cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 22.04
sudo apt update && sudo apt dist-upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic -y
Update cmake:
sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version
Update gcc:
sudo apt update
sudo apt install gcc-12 g++-12 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 100 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12
sudo update-alternatives --set gcc /usr/bin/gcc-12
gcc-12 --version
g++-12 --version
-
sudo apt install acl
cd ~
git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~
git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 775 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4
cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 24.04
sudo apt update && sudo apt dist-upgrade -y
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic -y
Update cmake:
sudo apt remove --purge cmake -y
hash -r
sudo apt install snapd -y
sudo snap install cmake --classic
cmake --version
Update gcc:
sudo apt update
sudo apt install gcc-14 g++-14 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 100 --slave /usr/bin/g++ g++ /usr/bin/g++-14 --slave /usr/bin/gcov gcov /usr/bin/gcov-14
sudo update-alternatives --set gcc /usr/bin/gcc-14
gcc-14 --version
g++-14 --version
-
sudo apt install acl
cd ~
git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~
git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 775 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build
cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4
cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Observations:
-- Running vcpkg install
This step will take a long time on the first run, as it needs to download and install all the dependencies, so be patient!
• How to update vcpkg:
If you already have vcpkg installed
To update vcpkg installation, run the commands below:
cd vcpkg
git pull
./vcpkg upgrade
./vcpkg upgrade --no-dry-run
./bootstrap-vcpkg.sh
4 - Installation - Nginx:
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
• How to test: http://server-ip
5 - Installation - MariaDB:
sudo apt install -y mariadb-server mariadb-client
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl status mariadb
sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
When you're done, test if you can log into the MariaDB console by typing:
sudo mariadb
This will connect to the MariaDB server as the database root administrative user, which is assumed by using sudo when running this command.
You should see a result like this:
"Output
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.6.12-MariaDB-0Ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDb Corporation and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
To exit the MariaDB console, type: exit
MariaDB [(none)]> exit
6 - Configuration - MariaDB User:
If you have root user-enabled password authentication, you will need to run the following command and enter your password when prompted to be able to connect:
sudo mariadb -u root -p
From there, create a new user and give them a strong password:
CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password';
Then grant your new user the appropriate privileges. For example, you can grant user privileges to all tables within the database, in addition to the power to add, change, and remove user privileges, with this command:
GRANT ALL PRIVILEGES ON *.* TO 'your_user'@'localhost' WITH GRANT OPTION;
After that, exit the MariaDB shell:
exit
7 - Installation - PHP:
sudo apt remove php*
sudo apt update && sudo apt upgrade -y
sudo apt install python3-launchpadlib
sudo apt install software-properties-common apt-transport-https -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
sudo apt install php8.2 php8.2-cli php8.2-curl php8.2-fpm php8.2-gd php8.2-mysql php8.2-xml php8.2-zip php8.2-bcmath php8.2-mbstring php8.2-calendar -y
php8.2 -v
sudo systemctl start php8.2-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl status php8.2-fpm
sudo apt purge apache2*
sudo apt autoremove -y
cd /
cd etc
sudo rm -r apache2
8 - Installation - phpMyAdmin:
cd /var/www
sudo rm -r html && sudo mkdir html
cd ~
sudo apt install -y wget
sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip -O phpmyadmin.zip
sudo unzip phpmyadmin.zip
sudo mv phpMyAdmin-*-all-languages /var/www/html/phpmyadmin
sudo rm phpmyadmin.zip
sudo chown -R www-data:www-data /var/www/html/phpmyadmin
sudo chmod -R 775 /var/www/html/phpmyadmin
blowfish_secret=$(openssl rand -base64 24 | sed 's/[\/&]/\\&/g')
sudo cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
sudo sed -i "s#\$cfg\['blowfish_secret'\] = '';#\$cfg\['blowfish_secret'\] = '$blowfish_secret';#" /var/www/html/phpmyadmin/config.inc.php
9 - Configuration - Nginx:
In the terminal type the following command:
sudo apt install nano
Once installed we will configure Nginx, then in the terminal enter the following command:
sudo rm /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/conf.d/default.conf
Configure leaving it this way:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.php index.htm index.nginx-debian.html;
server_name _;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
-
sudo nginx -t
sudo systemctl reload nginx
How to test: http://server-ip/phpmyadmin
How to restrict phpMyAdmin access:
sudo mv /var/www/html/phpmyadmin /var/www/html/any_combination_youwant
• Change any_combination_youwant for a word that only you know.
• Then you will access phpMyAdmin by: http://server-ip/any_combination_youwant
10 - Database:
Go to phpMyAdmin.
On the left side click +New and create a database (e.g. canary)
Import the schema.sql that is in the server folder.
11 - Config.lua:
• For data-canary:
-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-canary"
-- Don't change this unless you know what you're doing
coreDirectory = "data"
-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = false
mapName = "canary"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"
-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = false
-- Connection Config
ip = "your-ip-or-domain"
serverName = "Canary"
-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"
mysqlPass = "your-password"
mysqlDatabase = "your-database-name"
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"
• For data-otservbr-global:
-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-otservbr-global"
-- Don't change this unless you know what you're doing
coreDirectory = "data"
-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = true
mapName = "otservbr"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"
-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = true
-- Connection Config
ip = "your-ip-or-domain"
serverName = "OTServBR-Global"
-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"
mysqlPass = "your-password"
mysqlDatabase = "your-database-name"
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"
12 - Installation - MyAAC:
cd ~
sudo git clone https://github.com/opentibiabr/myaac.git
sudo mv myaac/* /var/www/html
sudo rm -rf myaac
sudo chown -R www-data:www-data /var/www/html
sudo usermod -aG www-data $(whoami)
cd /var/www/html
sudo chmod -R 775 . && sudo chmod -R 775 system/ images/ plugins/ tools/
Install MyAAC: http://domain-or-ip/install;
Follow the installation steps;
13 - Firewall:
sudo apt install ufw
sudo ufw app list
sudo ufw allow in "Nginx Full"
sudo ufw status
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 7171/tcp
sudo ufw allow 7172/tcp
sudo ufw allow 8245/tcp
sudo ufw reload
14 - Releasing Ports - Google Cloud / Oracle:
sudo cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.bak
sudo truncate -s 0 /etc/iptables/rules.v4
iptables -A INPUT -p tcp --dport 7171 -j ACCEPT
iptables -A INPUT -p tcp --dport 7172 -j ACCEPT
iptables -A INPUT -p tcp --dport 8245 -j ACCEPT
gcloud compute firewall-rules create allow-sete --description "Incoming seteum allowed." \
--allow tcp:7171 --format json
gcloud compute firewall-rules create allow-dois --description "Incoming setedois allowed." \
--allow tcp:7172 --format json
gcloud compute firewall-rules create allow-dois --description "Incoming quatrocinco allowed." \
--allow tcp:8245 --format json
15 - Starting the Server:
• You will need the installed screen:
sudo apt install screen
15.1 - Basic screen commands:
Open a screen:
screen
Exit a screen:
CTRL + A, D
Back to the last open screen:
screen -r
Close a screen:
CTRL + K, Y/N
Info:
With the screen open use ./canary in the project root directory to start the server.
16 - Connecting to the Server:
Download Client:
Note: If the port is changed, it must be added to client.
Examples:
http://127.0.0.1:8080/login.php
http://127.0.0.1:8090/login.php
How to edit the client:
17 - Useful Tips:
Use this example nginx file with security checks to protect your configurations.
Nginx
server {
listen 80;
listen [::]:80;
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name _;
# server_name example.com www.example.com;
root /var/www/html/;
index index.php index.html index.htm;
# if ($host !~ ^(exemple.com|www.example.com)$){
# return 400;
# }
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 444;
}
location ~ /system {
deny all;
return 404;
}
location ~ /\.ht {
deny all;
}
location ~ /\.git {
return 403;
}
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 403;
}
location ~* ^/wp-content/uploads/.*.(asp|cgi|htm|html|js|jsp|php|pl|py|sh|shtml|swf)$ {
return 403;
}
location ~* ^/(readme|license|schema|password|passwords).*.(txt|html)$ {
return 403;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
# try_files $uri $uri/ /index.php;
}
location ~ ^/(conf|doc|sql|setup)/ {
deny all;
return 403;
}
# Pass PHP Scripts To FastCGI Server
location ~ \.php$ {
# root /var/www/html/;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
18 - Credits:
Beats, Majesty (Tutorial)
OpenTibiaBR (https://github.com/opentibiabr/canary)
Slawkens, Lucas Giovanni and OpenTibiaBR Contributors (https://github.com/opentibiabr/myaac)
Last updated