Hedge of Dolibarr
To use Dolibarr in a secure (at least more secure) environment, please continue with the server-side setup
Server update and upgrade and delete unnecessary
apt update && apt upgrade -V && apt dist-upgrade -y && apt autoremove -y
and log on to the server with the privileged user rights
sudo -s
Now that the installation has worked, you can reduce the read and write times again
sed -i “s/fastcgi_read_timeout.*/fastcgi_read_timeout 360;/” /etc/nginx/conf.d/dolibarr.conf
sed -i “s/fastcgi_send_timeout.*/fastcgi_send_timeout 360;/” /etc/nginx/conf.d/dolibarr.conf
Now create the install.lock to prevent a new installation from taking place
replace the one written in bold with your data
nano /mnt/document/install.lock
just enter and exit again
Leave the text editor - with nano CTRL+x (STRG+x) - confirm save with y
How could it be otherwise, you also have to adapt the php.ini
replace the one written in bold with your data
sed -i “s/session.use_strict_mode =.*/session.use_strict_mode = 1/” /etc/php/7.4/fpm/php.ini
sed -i “s/session.use_only_cookies =.*/session.use_only_cookies = 1/” /etc/php/7.4/fpm/php.ini
sed -i “s/session.cookie_httponly =.*/session.cookie_httponly = 1/” /etc/php/7.4/fpm/php.ini
sed -i “s/session.cookie_samesite =.*/session.cookie_samesite = Lax/” /etc/php/7.4/fpm/php.ini
sed -i “s/;allow_url_fopen =.*/allow_url_fopen = Off/” /etc/php/7.4/fpm/php.ini
sed -i “s/allow_url_include =.*/allow_url_include = Off/” /etc/php/7.4/fpm/php.ini
You can disable these PHP functions if you don’t run system commands in custom code
replace the one written in bold with your data
sed -i “s/disable_functions =.*/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcnt l_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait ,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,shell_exec,system,proc_open,popen/” /etc/php/7.4/fpm/php.ini
in case you change your mind and still run custom code
replace the one written in bold with your data
sed -i “s/disable_functions =.*/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcnt l_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait ,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals/” /etc/php/7.4/fpm/php.ini
Now restart both services, Nginx and PHP
replace the one written in bold with your data
service php7.4-fpm restart
servicenginx restart
Open Dolibarr, go to Settings → Security → click on the Passwords tab → scroll all the way down, here click on → Save database password encrypted in the configuration file conf.php (recommended setting) → Activate
go back to the server page
replace the one written in bold with your data
nano /var/www/dolibarr/htdocs/conf/conf.php
find below and adjust, save and close
$dolibarr_main_prod=‘0’; → change to → $dolibarr_main_prod=‘1’;
Now assign read-only rights to /conf.php
replace the one written in bold with your data
chmod -R 400 /var/www/dolibarr/htdocs/conf/conf.php