Installing Invoice Ninja on CentOS 7 w/ NGINX & MariaDB – Part 2

Invoice Ninja Logo

Introduction

In the first part of this tutorial, we configured a CentOS 7 server with all the prerequisites required by Invoice Ninja. Now, let’s look at the process for installing, configuring and testing this invoicing software.

Install Composer

Invoice Ninja requires Composer in order to function. So, let’s install it:

# curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
All settings correct for using Composer
Downloading...

Composer (version 1.4.1) successfully installed to: /usr/local/bin/composer
Use it: php /usr/local/bin/composer

Download Invoice Ninja

In /var/www, download the latest release of the software, which, at the moment, is version 3.1.0:

# cd /var/www
# wget https://download.invoiceninja.com/ninja-v3.1.0.zip

Unzip the archive:

# unzip ninja-v3.1.0.zip
# cd ninja/

Install with Composer:

# composer install --no-dev -o

In the ninja directory, after this installation a file named .env.example will appear. Rename and edit:

# mv .env.example .env
# $EDITOR .env

Change lines 7-12 as follow:

DB_TYPE=mysql
DB_STRICT=false
DB_HOST=localhost
DB_DATABASE=ininjadb
DB_USERNAME=ininjausr
DB_PASSWORD=usr_strong_password

Those are the values configured in MariaDB.

Save, exit, and make the same modifications in config/database.php:

       'mysql' => [
            'driver'    => 'mysql',
            'host'      => env('DB_HOST', 'localhost'),
            'database'  => env('DB_DATABASE', 'ininjadb'),
            'username'  => env('DB_USERNAME', 'ininjausr'),
            'password'  => env('DB_PASSWORD', 'usr_strong_password'),
            'charset'   => 'utf8',
            'collation' => 'utf8_unicode_ci',
            'prefix'    => '',
            'strict'    => env('DB_STRICT', false),
        ],

Save, exit and migrate:

# php artisan migrate

Next:

# php artisan db:seed
# php artisan key:generate

The last function will print out an application key. Copy it.

For example:

Application key [base64:PS4zpjJgREp2INBr+hHHTLotLvBxnPk3IxmwvfIZtmc=] set successfully.

Next, edit the config/app.php file:

# $EDITOR config/app.php

In the Encryption Key section edit the line as follows:

'key' => env('APP_KEY', 'base64:PS4zpjJgREp2INBr+hHHTLotLvBxnPk3IxmwvfIZtmc='),

Save, exit and change the owner of /var/www/ninja:

chown -R nginx:nginx /var/www/ninja/

Configure Virtual Host

To configure the Virtual Host, first generate an SSL certificate (if a company already has one, this step is not necessary) :

# mkdir -p /etc/nginx/certs
# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/certs/ininja.crt -keyout /etc/nginx/certs/ininja.key
# chmod 600 /etc/nginx/certs/*

Create a new Virtual Host file for Invoice Ninja:

# $EDITOR /etc/nginx/conf.d/ininja.conf

There, paste the following configuration:

server {
    listen      443 default;
    server_name mydomain.com www.mydomain.com;

    ssl on;
    ssl_certificate     /etc/nginx/certs/ininja.crt;
    ssl_certificate_key /etc/nginx/certs/ininja.key;
    ssl_session_timeout 5m;

    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    root /var/www/ninja/public;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log  /var/log/nginx/ininja.access.log;
    error_log   /var/log/nginx/ininja.error.log;

    sendfile off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm-ninja.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /\.ht {
        deny all;
    }
}

server {
    listen      80;
    server_name mydomain.com www.mydomain.com;

    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^ https://$server_name$request_uri? permanent;
}

Save, exit and test configuration using this code:

# nginx -t

Then, restart NGINX:

# systemctl restart nginx

Configure SELinux

First of all, check the SELinux status with:

# getenforce

If the output is Enforcing or Permissive, it means that SELinux is enabled.

Install its management tools, available in repositories:

# yum install policycoreutils-python

Next, to allow Invoice Ninja to run in Enforcing mode, execute the following commands:

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/public(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/storage(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/app(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/bootstrap(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/config(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/database(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/resources(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/vendor(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/ninja/tests(/.*)?'
# restorecon -Rv '/var/www/ninja/'

Now, configure a firewall. To do this, use firewalld:

# yum install firewalld
# systemctl start firewalld
# systemctl enable firewalld

Now, use it to open ports for Invoice Ninja:

# firewall-cmd --permanent --add-service=https
# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

With this, SELinux and firewalld are correctly configured.

Conclusion

The last step is to go to https://mydomain.com (change it with your domain) and “graphically” finish the Invoice Ninja configuration. Enter the database, email and others user information. At the end, the Invoice Ninja will appear, and it will be possible to start managing your invoicing system!