WSWallet | Andreas Wälchli

Intro

Some text.

Creating a user

I want the Apache child process run by a special user, in order to clearly separate files the web server can see and my personal files. A new user is set up like this:

adduser wswallet

We will come back to this as we want to restrict the possibilities of this user.

MariaDB

We need to store our data somewhere. I use MariaDB. As root:

apt install mariadb-server

Verify that the database service is active and running. Run the following command:

systemctl status mariadb

You should see a green dot and “active (running)” somewhere in the output. Now make the system (more) secure with the command:

mariadb-secure-installation

and answer the different questions.

Python

Install the necessary packages:

sudo apt install python3 libexpat1 python3-pip python3.12-venv python3-dev default-libmysqlclient-dev build-essential

In the home folder of wswallet create a new directory and then create a new virtual environment:

sudo su
mkdir /home/wswallet/venv
cd /home/wswallet/venv
python3 -m venv wswallet-venv

Into this virtual environment, install the necessary python packages (assuming you are in the directory /home/wswallet/venv):

wswallet-venv/bin/pip install mysqlclient
wswallet-venv/bin/pip install requests
wswallet-venv/bin/pip install pdfplumber

Setting up Apache2

Install apache2 and necessary modules

sudo apt install apache2 apache2-utils ssl-cert libapache2-mod-wsgi-py3

Make sure module wsgi is loaded.

Apache knows mods, confs and sites, everything stored under /etc/apache2/. As far as I understood, you can place your custom configurations either in conf or sites. There is a distinction between *-available and *-enabled (where * may be conf, mods or sites). The *-available directories contain all configurations, which can be enabled by:

sudo a2enmod <name_of_mods>
sudo a2enconf <name_of_conf>
sudo a2ensite <name_of_site>

Similarly, you can disable mods, conf or sites with:

sudo a2dismod <name_of_mods>
sudo a2disconf <name_of_conf>
sudo a2dissite <name_of_site>

Whenever you change the content of a conf-available or sites-available file, you have to restart (or reload) the apache2 service:

sudo systemctl reload apache2

I have put all my custom configurations in wswallet.conf and placed it in sites-available. I have not touched the default conf files.

Very important: It is possible to have multiple sites enabled, but you can only have one VirtualHost per port. It is therefore paramount to disable the 000-default.conf after enabling your own site:

sudo a2ensite wswallet
sudo a2dissite 000-default
sudo systemctl reload apache2

Sites-available, enable it, and make sure you disable all other enabled sites!!!

PHP

I want to access the database not only through command line, but all these tools require PHP:

sudo apt install php libapache2-mod-php
sudo apt install php-mysql

Adminer

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. I use the “Adminer for MySQL English only” version, which I have placed as-is in the folder /home/wswallet/public_wsw/adminer/. To use Adminer some changes are required in the Apache configuration.