Home Github Discord Sponsor

[WSL] Canary + Nginx + MariaDB + MyAAC

1 - Install WSL:

2 - Install a Linux Distribution:

3 - Installation - Canary:

Debian
sudo apt update 
sudo apt dist-upgrade
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 20.04
sudo apt update 
sudo apt dist-upgrade
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic

Update cmake:

1 - Uninstall the default version provided by Ubuntu's package manager and configuration:
sudo apt purge --auto-remove cmake
hash -r

2 - Prepare for installation:
sudo apt update && sudo apt install -y software-properties-common lsb-release && sudo apt clean all

3 - Obtain a copy of kitware's signing key:
wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | gpg --dearmor - | sudo tee /etc/apt/trusted.gpg.d/kitware.gpg >/dev/null

4 - Add kitware's repository to your sources list:
sudo apt-add-repository "deb https://apt.kitware.com/ubuntu/ $(lsb_release -cs) main"

5 - Install the kitware-archive-keyring package:
sudo apt update && sudo apt install kitware-archive-keyring && sudo rm /etc/apt/trusted.gpg.d/kitware.gpg

6 - Verify key signature:
sudo apt update
Note: If running sudo apt update gets the following error:
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 42D5A192B819C5DA
Copy the public key 42D5A192B819C5DA and run this command:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 42D5A192B819C5DA

7 - Install CMake:
sudo apt update
sudo apt install cmake
cmake --version

Update gcc:

sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
sudo apt update
sudo apt install gcc-11 g++-11
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11 --slave /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-11  --slave /usr/bin/aarch64-linux-gnu-g++ aarch64-linux-gnu-g++ /usr/bin/aarch64-linux-gnu-g++-11
sudo update-alternatives --set gcc /usr/bin/gcc-11
gcc-11 --version
g++-11 --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary
Ubuntu 22.04
sudo apt update 
sudo apt dist-upgrade
sudo apt install git cmake build-essential autoconf libtool ca-certificates curl zip unzip tar pkg-config ninja-build ccache linux-headers-generic

Update cmake:

1 - Uninstall the default version provided by Ubuntu's package manager and configuration:
sudo apt purge --auto-remove cmake
hash -r

2 - Prepare for installation:
sudo apt update && sudo apt install -y software-properties-common lsb-release && sudo apt clean all

3 - Obtain a copy of kitware's signing key:
wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | gpg --dearmor - | sudo tee /etc/apt/trusted.gpg.d/kitware.gpg >/dev/null

4 - Add kitware's repository to your sources list:
sudo apt-add-repository "deb https://apt.kitware.com/ubuntu/ $(lsb_release -cs) main"

5 - Install the kitware-archive-keyring package:
sudo apt update && sudo apt install kitware-archive-keyring && sudo rm /etc/apt/trusted.gpg.d/kitware.gpg

6 - Verify key signature:
sudo apt update
Note: If running sudo apt update gets the following error:
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 42D5A192B819C5DA
Copy the public key 42D5A192B819C5DA and run this command:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 42D5A192B819C5DA

7 - Install CMake:
sudo apt update
sudo apt install cmake
cmake --version

-

sudo apt install acl
cd ~

git clone https://github.com/microsoft/vcpkg
cd vcpkg
./bootstrap-vcpkg.sh
cd ~

git clone --depth 1 https://github.com/opentibiabr/canary.git
sudo setfacl -R -m g:www-data:rx /home/$USER/
sudo setfacl -R -m g:www-data:rx /home/$USER/canary
sudo chmod -R 755 canary
cd canary
mv config.lua.dist config.lua
mkdir build && cd build

cmake -DCMAKE_TOOLCHAIN_FILE=~/vcpkg/scripts/buildsystems/vcpkg.cmake .. --preset linux-release
cmake --build linux-release -j4

cd ~
cd canary
cp -r build/linux-release/bin/canary .
sudo chmod +x canary

Observations:

-- Running vcpkg install

This step will take a long time on the first run, as it needs to download and install all the dependencies, so be patient!

• How to update vcpkg:

If you already have vcpkg installed

To update vcpkg installation, run the commands below:

  • git pull

  • .\vcpkg upgrade

  • .\vcpkg upgrade --no-dry-run

  • .\bootstrap-vcpkg.sh

4 - Installation - Nginx:

sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

• How to test: http://server-ip

5 - Installation - MariaDB:

sudo apt install -y mariadb-server mariadb-client
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl status mariadb

sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

When you're done, test if you can log into the MariaDB console by typing: 

sudo mariadb
 
This will connect to the MariaDB server as the database root administrative user, which is assumed by using sudo when running this command.

You should see a result like this: 

"Output
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.6.12-MariaDB-0Ubuntu0.22.04.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDb Corporation and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

To exit the MariaDB console, type:  exit

MariaDB [(none)]> exit

6 - Configuration - MariaDB User:

  • If you have root user-enabled password authentication, you will need to run the following command and enter your password when prompted to be able to connect:

sudo mariadb -u root -p

  • From there, create a new user and give them a strong password:

CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password';

  • Then grant your new user the appropriate privileges. For example, you can grant user privileges to all tables within the database, in addition to the power to add, change, and remove user privileges, with this command: 

GRANT ALL PRIVILEGES ON *.* TO 'your_user'@'localhost' WITH GRANT OPTION; 

  • After that, exit the MariaDB shell:

exit

7 - Installation - PHP:

sudo apt remove php*
sudo apt update && sudo apt upgrade -y
sudo apt install python3-launchpadlib
sudo apt install software-properties-common apt-transport-https -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
sudo apt install php8.2 php8.2-cli php8.2-curl php8.2-fpm php8.2-gd php8.2-mysql php8.2-xml php8.2-zip php8.2-bcmath php8.2-mbstring php8.2-calendar -y
php8.2 -v
sudo systemctl start php8.2-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl status php8.2-fpm

sudo apt purge apache2*
sudo apt autoremove -y
cd /
cd etc
sudo rm -r apache2

8 - Installation - phpMyAdmin:

cd /var/www
sudo rm -r html && sudo mkdir html
cd ~
sudo apt install -y wget 
sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip -O phpmyadmin.zip 
sudo unzip phpmyadmin.zip 
sudo mv phpMyAdmin-*-all-languages /var/www/html/phpmyadmin 
sudo rm phpmyadmin.zip 
sudo chown -R www-data:www-data /var/www/html/phpmyadmin 
sudo chmod -R 755 /var/www/html/phpmyadmin 

blowfish_secret=$(openssl rand -base64 24 | sed 's/[\/&]/\\&/g')
sudo cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
sudo sed -i "s#\$cfg\['blowfish_secret'\] = '';#\$cfg\['blowfish_secret'\] = '$blowfish_secret';#" /var/www/html/phpmyadmin/config.inc.php

9 - Configuration - Nginx:

  • In the terminal type the following command:

sudo apt install nano

  • Once installed we will configure Nginx, then in the terminal enter the following command:

sudo rm /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/conf.d/default.conf

  • Configure leaving it this way:

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/html;

	index index.html index.php index.htm index.nginx-debian.html;

	server_name _;

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
	}

	location ~ /\.ht {
		deny all;
	}
}

-

sudo nginx -t
sudo systemctl reload nginx

  • How to test: http://server-ip/phpmyadmin

  • How to restrict phpMyAdmin access:

sudo mv /var/www/html/phpmyadmin /var/www/html/any_combination_youwant

• Change any_combination_youwant for a word that only you know.

• Then you will access phpMyAdmin by: http://server-ip/any_combination_youwant

10 - Database:

  • Go to phpMyAdmin.

  • On the left side click +New and create a database (e.g. canary)

  • Import the schema.sql that is in the server folder.

11 - Config.lua:

• For data-canary:

-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-canary"
-- Don't change this unless you know what you're doing
coreDirectory = "data"

-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = false
mapName = "canary"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"

-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = false

-- Connection Config
ip = "your-ip-or-domain"
serverName = "Canary"

-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"                      
mysqlPass = "your-password"                       
mysqlDatabase = "your-database-name"        
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"

For data-otservbr-global:

-- Core settings
-- Note: If you want to use datapack folder canary (custom), put only "data-canary"
-- If you want to use the global datapack folder, put "data-otservbr-global"
-- If "useAnyDatapackFolder" is set to true then you can choose any datapack folder for your server
useAnyDatapackFolder = false
dataPackDirectory = "data-otservbr-global"
-- Don't change this unless you know what you're doing
coreDirectory = "data"

-- Map
-- NOTE: set mapName WITHOUT .otbm at the end
-- NOTE: If toggleDownloadMap if false, then the mapDownloadUrl will not be used
-- NOTE: If a map with the name already exists in the world folder, the map will not be downloaded even if the toggleDownloadMap is true
toggleDownloadMap = true
mapName = "otservbr"
mapDownloadUrl = "https://github.com/opentibiabr/canary/releases/download/v3.0.0/otservbr.otbm"
mapAuthor = "OpenTibiaBR"

-- Custom Map
-- NOTE: toggleMapCustom set to true will load all maps in custom map folder
toggleMapCustom = true

-- Connection Config
ip = "your-ip-or-domain"
serverName = "OTServBR-Global"

-- MySQL
mysqlHost = "127.0.0.1"
mysqlUser = "your-user"                      
mysqlPass = "your-password"                       
mysqlDatabase = "your-database-name"        
mysqlPort = 3306
mysqlSock = "/var/run/mysqld/mysqld.sock"
passwordType = "sha1"

12 - Installation - MyAAC:

cd ~
sudo git clone https://github.com/opentibiabr/myaac.git
sudo mv myaac/* /var/www/html
sudo rm -rf myaac
sudo chown -R www-data.www-data /var/www/html
cd /var/www/html
sudo chmod 755 -R . && sudo chmod 755 -R system/ images/ plugins/ tools/

  • Install MyAAC: http://domain-or-ip/install;

  • Follow the installation steps;

13 - Firewall:

sudo apt install ufw
sudo ufw app list
sudo ufw allow in "Nginx Full"

sudo ufw status
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 7171/tcp
sudo ufw allow 7172/tcp
sudo ufw allow 8245/tcp
sudo ufw reload

14 - Releasing Ports - Google Cloud / Oracle:

sudo cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.bak
sudo truncate -s 0 /etc/iptables/rules.v4

iptables -A INPUT -p tcp --dport 7171 -j ACCEPT
iptables -A INPUT -p tcp --dport 7172 -j ACCEPT
iptables -A INPUT -p tcp --dport 8245 -j ACCEPT

gcloud compute firewall-rules create allow-sete --description "Incoming seteum allowed." \
         --allow tcp:7171 --format json     
   
gcloud compute firewall-rules create allow-dois --description "Incoming setedois allowed." \
         --allow tcp:7172 --format json 

gcloud compute firewall-rules create allow-dois --description "Incoming quatrocinco allowed." \
         --allow tcp:8245 --format json

15 - Starting the Server:

You will need the installed screen:

sudo apt install screen

15.1 - Basic screen commands:

  • Open a screen:

screen

  • Exit a screen:

CTRL + A, D

  • Back to the last open screen:

screen -r

  • Close a screen:

CTRL + K, Y/N

  • Info:

With the screen open use ./canary in the project root directory to start the server.

16 - Connecting to the Server:

  • Download Client:

Client 13

  • Note: If the port is changed, it must be added to client.

  • Examples:

  • http://127.0.0.1:8080/login.php

  • http://127.0.0.1:8090/login.php

  • How to edit the client:

Client Editor

17 - Useful Tips:

  • Use this example nginx file with security checks to protect your configurations.

Nginx
server {
    listen       80;
    listen       [::]:80;
#   listen       443 ssl http2;
#   listen       [::]:443 ssl http2;

    server_name _;
#   server_name example.com  www.example.com;
    
    root   /var/www/html/;
    index index.php index.html index.htm;

#   if ($host !~ ^(exemple.com|www.example.com)$){
#       return 400;
#   }

    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }
    
    location ~ /system {
        deny all;
        return 404;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~ /\.git {
        return 403;
    }

    location ~* \.(pl|cgi|py|sh|lua)\$ {
        return 403;
    }

    location ~* ^/wp-content/uploads/.*.(asp|cgi|htm|html|js|jsp|php|pl|py|sh|shtml|swf)$ {
        return 403;
    }

    location ~* ^/(readme|license|schema|password|passwords).*.(txt|html)$ {
        return 403;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
#       try_files $uri $uri/ /index.php;
    }

    location ~ ^/(conf|doc|sql|setup)/ {
        deny all;
        return 403;
    }

#   Pass PHP Scripts To FastCGI Server
    location ~ \.php$ {
#       root /var/www/html/;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

18 - Credits:

Last updated