如何在Debian 10上安装i-doit资产管理工具
如何在Debian 10上安装i-doit资产管理工具
i-doit是基于配置管理数据库的免费,开源和IT文档解决方案。它是一个基于Web的工具,可用于根据ITIL最佳实践来管理整个IT系统。使用此工具,您可以跟踪软件和硬件资产,它们之间的关系,并可视化这些组件之间的关系。您可以在一个地方存储,维护和组织所有IT文档信息。它可以轻松连接到Nagios和Request Tracker之类的其他应用程序,该应用程序仅允许您在ITSM环境中输入一次数据。
i-doit使您能够为各种资产(包括服务器,SAN,图形机架视图,集群和刀片/机箱系统)创建整个IT基础架构的详细概述。它具有丰富的功能集,包括IT文档,股票,基础结构规划,资产管理,虚拟系统,IP地址管理,存储区域网络,电缆管理,票务系统等等。
在本教程中,我们将向您展示如何在Debian 10上安装和配置i-doit资产管理工具。
先决条件
- 运行Debian 10且最小RAM为2GB的服务器。
- 有效的域名指向您的服务器IP地址。在本教程中,我们将使用idoit.linuxbuz.com。
- 在每台服务器上配置了root密码。
入门
在开始之前,最好将系统更新为最新版本。您可以使用以下命令更新系统:
apt-get update -y
apt-get upgrade -y更新系统后,重新启动它以实施更改。
安装LAMP服务器
首先,您需要将Apache,MariaDB,PHP和其他必需的PHP扩展安装到系统中。您可以使用以下命令安装所有组件:
apt-get install apache2 mariadb-server libapache2-mod-php php php-common php-curl php-bcmath php-gd php-json php-ldap php-mbstring php-mysql php-opcache php-pgsql php-soap php-xml php-soap php-zip php-memcached php-imagick unzip memcached moreutils -y安装完所有软件包后,您将需要使用所需设置创建一个单独的i-doit.ini PHP文件。
您可以使用以下命令创建它:
nano /etc/php/7.3/mods-available/i-doit.ini添加以下行:
allow_url_fopen = Yes file_uploads = On magic_quotes_gpc = Off max_execution_time = 300 max_file_uploads = 42 max_input_time = 60 max_input_vars = 10000 memory_limit = 256M post_max_size = 128M register_argc_argv = On register_globals = Off short_open_tag = On upload_max_filesize = 128M display_errors = Off display_startup_errors = Off error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT log_errors = On default_charset = "UTF-8" default_socket_timeout = 60 date.timezone = Asia/Kolkata session.gc_maxlifetime = 604800 session.cookie_lifetime = 0 mysqli.default_socket = /var/run/mysqld/mysqld.sock
完成后保存并关闭文件。然后,使用以下命令启用所需的PHP模块:
phpenmod i-doit
phpenmod memcached最后,重新启动Apache服务以实现更改:
systemctl restart apache2为i-doit配置MariaDB
接下来,您需要设置一个MariaDB根密码,因为在Debian 10中没有设置该密码。
为此,请使用以下命令登录到MariaDB shell:
mysql登录后,使用以下命令设置MariaDB根密码:
MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");接下来,使用以下命令将MariaDB身份验证插件设置为mysql_native_password:
MariaDB [(none)]> SET GLOBAL innodb_fast_shutdown = 0;
MariaDB [(none)]> UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE User = 'root';接下来,刷新特权并使用以下命令从MariaDB shell退出:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;接下来,创建一个单独的MariaDB配置文件以获得最佳性能:
nano /etc/mysql/mariadb.conf.d/99-i-doit.cnf添加以下行:
[mysqld] innodb_buffer_pool_size = 1G innodb_buffer_pool_instances = 1 innodb_log_file_size = 512M innodb_sort_buffer_size = 64M sort_buffer_size = 262144 # default join_buffer_size = 262144 # default max_allowed_packet = 128M max_heap_table_size = 32M query_cache_min_res_unit = 4096 query_cache_type = 1 query_cache_limit = 5M query_cache_size = 80M tmp_table_size = 32M max_connections = 200 innodb_file_per_table = 1 innodb_thread_concurrency = 0 innodb_flush_log_at_trx_commit = 1 innodb_flush_method = O_DIRECT innodb_lru_scan_depth = 2048 table_definition_cache = 1024 table_open_cache = 2048 innodb_stats_on_metadata = 0 sql-mode = ""
最后,重新启动MariaDB服务以应用更改:
systemctl restart mariadb下载i-doit
在撰写本文时,i-doit的最新版本是1.14。您可以使用以下命令下载它:
wget https://excellmedia.dl.sourceforge.net/project/i-doit/i-doit/1.14/idoit-open-1.14.zip下载完成后,将下载的文件解压缩到Apache根目录:
unzip idoit-open-1.14.zip -d /var/www/html/idoit接下来,为i-doit目录赋予适当的权限:
chown -R www-data:www-data /var/www/html/idoit/
chmod -R 775 /var/www/html/idoit/完成后,您可以继续下一步。
为i-doit配置Apache
接下来,您将需要为i-doit配置一个Apache虚拟主机配置文件。您可以使用以下命令创建它:
nano /etc/apache2/sites-available/idoit.conf添加以下行:
ServerAdmin [email protected] ServerName idoit.linuxbuz.com DirectoryIndex index.php DocumentRoot /var/www/html/idoit AllowOverride All Require all granted LogLevel warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
完成后保存并关闭文件。然后,使用以下命令启用i-doit虚拟主机文件和Apache重写模块:
a2ensite i-doit
a2enmod rewrite最后,重新启动Apache服务以实现更改:
systemctl restart apache2访问i-doit Web界面
打开您的Web浏览器,然后输入URL http://idoit.linuxbuz.com。您将被重定向到以下页面:
确保已安装所有必需的PHP扩展,然后单击“下一步”按钮。您应该看到以下页面:
检查建议的目录,然后单击下一步按钮。您应该看到以下页面:
提供MariaDB根用户名,密码,新的数据库用户名,密码,系统数据库名称,然后单击下一步按钮。您应该看到以下页面:
提供您的管理员用户名,密码,然后单击下一步按钮。您应该看到以下页面:
接下来,验证所有配置,然后单击“下一步”按钮。您应该看到以下页面:
单击下一步按钮开始安装。安装完成后,您应该看到以下页面:
提供您的管理员用户名,密码,然后单击“登录”按钮。您应该在以下页面中看到i-doit仪表板:
让我们加密货币免费SSL来保护i-doit
安装i-doit后,建议使用Let’s Encrypt free SSL对其进行保护。您可以使用Certbot客户端保护它。
默认情况下,Certbot客户端软件包在Debian 10默认存储库中不可用。您可以使用以下命令添加它:
echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list接下来,更新存储库并使用以下命令安装Certbot客户端:
apt-get update -y
apt-get install python-certbot-apache -t buster-backports安装后,运行以下命令以获取并安装您域的SSL证书:
certbot --apache -d idoit.linuxbuz.com系统将提示您接受服务条款并提供有效的电子邮件地址,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for idoit.linuxbuz.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/idoit-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/idoit-le-ssl.conf Enabling available site: /etc/apache2/sites-available/idoit-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
接下来,您将需要选择是否将HTTP流量重定向到HTTPS,如下所示:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
输入2,然后按Enter键继续。安装完成后,您将获得以下输出:
Redirecting vhost in /etc/apache2/sites-enabled/idoit.conf to ssl vhost in /etc/apache2/sites-available/idoit-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://idoit.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=idoit.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/idoit.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/idoit.linuxbuz.com/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
恭喜你您的i-doit网站现在已由“让我们加密货币SSL”保护。您现在可以使用URL https://idoit.linuxbuz.com安全地访问它。
结论
在上面的教程中,我们学习了如何在Debian 10上安装i-doit资产管理工具。我们还学习了如何使用Let’s Encrypt free SSL保护它的安全。现在,您可以使用i-doit Web界面管理整个IT文档。