InvoicePlane

From ArchWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

InvoicePlane is a self-hosted open source application for managing your quotes, invoices, clients and payments.

Installation

Install the invoiceplaneAUR package.

Configuration

Database

Here is an example on how you could setup a database for Invoiceplane with MariaDB called invoiceplane for the user invoiceplane identified by the password password: 

CREATE DATABASE invoiceplane;
GRANT ALL PRIVILEGES ON invoiceplane.* TO invoiceplane@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Web Server

Apache

Create the Apache HTTP Server configuration file: 

/etc/httpd/conf/extra/invoiceplane.conf
Alias /invoiceplane "/usr/share/webapps/invoiceplane"
<Directory "/usr/share/webapps/invoiceplane">
    DirectoryIndex index.php
    AllowOverride All
    Options FollowSymlinks
    Require all granted
</Directory>

And include it in /etc/httpd/conf/httpd.conf: 

# InvoicePlane configuration
Include conf/extra/invoiceplane.conf

Lighttpd

Make an alias for invoiceplane in your Lighttpd configuration. 

 alias.url = ( "/invoiceplane" => "/usr/share/webapps/invoiceplane/")

Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )

nginx

Here is an example config to include in nginx.conf for a subdomain with php-fpm: 

/etc/nginx/sites-available/invoiceplane.conf
server {

listen 443 ssl http2;
listen [::]:443 ssl http2;
      #HTTPS Configuration
        ssl_certificate /etc/ssl/certs/cert.pem;
        ssl_certificate_key /etc/ssl/private/key.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_dhparam /etc/nginx/conf/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        keepalive_timeout 70;
        add_header Strict-Transport-Security "max-age=15552000; includeSubdomains";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";
        add_header X-Frame-Options "SAMEORIGIN";

        root /usr/share/webapps/invoiceplane;
        index index.php;

        access_log /var/log/nginx/invoice.access.log;
        error_log /var/log/nginx/invoice.error.log;
                                                                                                       
        server_name invoice.example.com;

        client_body_timeout   60;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;       
    }

    location ~ \.php$ {
        fastcgi_param PHP_ADMIN_VALUE open_basedir=/tmp:/usr/share/webapps/invoiceplane:/dev/urandom:/usr/share/php;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        client_max_body_size 100M;
    }
}

Explicitly permit InvoicePlane directories for php-fpm

Since version 7.4 php-fpm is hardened per default and revokes read/write access on /usr (and sub-directories). Therefore it is also necessary to explicitly give permissions on /usr/share/webapps/invoiceplane directories.

Create an override.conf for php-fpm: 

# systemctl edit php-fpm.service

Add and save following content. 

/etc/systemd/system/php-fpm.service.d/override.conf
[Service]
ReadWritePaths = /usr/share/webapps/invoiceplane/ipconfig.php
ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/
ReadWritePaths = /usr/share/webapps/invoiceplane/application/logs
ReadWritePaths = /usr/share/webapps/invoiceplane/vendor/mpdf/mpdf/tmp

Afterwards restart the php-fpm service and assign write permissions to the http user.

Installation wizard

Once database and webserver have been setup, visit the installation wizard page at http://your-invoiceplane-domain.com/index.php/setup[dead link 2021-11-12 ⓘ] and follow the instructions.

Localization

If you want to choose a different language than English visit Translation / Localization.

See also