Deploying Mantis Bug Tracker on Google Cloud Platform

Utilising CentOS 7, Caddy, Cloud SQL and the gcloud CLI

rsclarke
rsclarke
Oct 11, 2017 · 11 min read

Overview

Use Case

Buzzword Summary

Part 1: Instance Setup

Google Cloud SDK

gcloud config list
gcloud projects create PROJECT_ID
gcloud config set core/project PROJECT_ID

Compute Instance

gcloud compute firewall-rules list
gcloud compute firewall-rules create default-allow-http \ 
--allow=tcp:80 --target-tags http-server
gcloud compute firewall-rules create default-allow-https \
--allow=tcp:443 --target-tags https-server
gcloud compute addresses create ADDRESS_NAME
gcloud compute addresses list
gcloud compute instances create INSTANCE_NAME               \
--image-family centos-7 --image-project centos-cloud \
--machine-type=f1-micro --tags=http-server,https-server \
--address=ADDRESS_NAME \
--scopes=default,cloud-platform,sql-admin
gcloud compute ssh INSTANCE_NAME

Google Cloud SQL

gcloud sql instances create SQL_INSTANCE_NAME --tier=db-f1-micro  \
--database-version=POSTGRES_9_6 --storage-type=HDD \
--storage-size=10 --storage-auto-increase \
--activation-policy=ALWAYS --backup --backup-start-time=00:00 \
--maintenance-release-channel=production \
--maintenance-window-day=FRI --maintenance-window-hour=12 \
--gce-zone=GCE_ZONE --region=REGION
gcloud sql users set-password postgres no-host \
--instance=SQL_INSTANCE_NAME --prompt-for-password

Section Recap

Part 2: Application Install Process

Connect to the Instance

gcloud compute ssh INSTANCE_NAME

Cloud SQL Proxy

curl https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 \
-o cloud_sql_proxy
chmod +x cloud_sql_proxy
sudo mv cloud_sql_proxy /usr/local/bin
[Unit]
Description=Google Cloud Compute Engine SQL Proxy
After=networking.service
Before=google-shutdown-scripts.service
[Service]
Type=simple
WorkingDirectory=/run/cloudsql
ExecStart=/usr/local/bin/cloud_sql_proxy -dir=/run/cloudsql -instances=CONNECTION_NAME=tcp:127.0.0.1:5432
Restart=always
StandardOutput=journal
User=root
[Install]
WantedBy=multi-user.target
sudo chmod 0644 /etc/systemd/system/cloud-sql-proxy.service
sudo mkdir /run/cloudsql
sudo systemctl daemon-reload
sudo systemctl enable cloud-sql-proxy
sudo systemctl start cloud-sql-proxy
journalctl -u cloud-sql-proxy

MantisBT and PHP-FPM

sudo yum install php php-pgsql php-mbstring php-fpm php-soap \ 
policycoreutils-python
sudo mkdir /srv/www
sudo groupadd -g 33 www-data
sudo useradd -g www-data --no-user-group --home-dir /srv/www \
--no-create-home --shell /usr/sbin/nologin --system \
--uid 33 www-data
sudo chown www-data:www-data /srv/www
user = apache
group = apache
user = www-data
group = www-data
sudo chown root:www-data /var/lib/php/session
sudo systemctl enable php-fpm
sudo systemctl start php-fpm
sudo semanage fcontext -a -t httpd_sys_content_t "/srv/www(/.*)?"
cd /srv/wwwsudo -u www-data curl -O "https://kent.dl.sourceforge.net/project/mantisbt/mantis-stable/2.6.0/mantisbt-2.6.0.tar.gz"sudo -u www-data tar xf mantisbt-2.6.0.tar.gz
sudo -u www-data mv mantisbt-2.6.0 mantisbt
sudo -u www-data rm -rf .pki mantisbt-2.6.0.tar.gz

Caddy

sudo yum install golang git
go get github.com/mholt/caddy/caddy
sudo cp `go env GOPATH`/bin/caddy /usr/local/bin
sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy
sudo semanage fcontext -a -t httpd_exec_t /usr/local/bin/caddy
sudo restorecon /usr/local/bin/caddy
sudo setsebool -P httpd_can_network_connect_db on
sudo mkdir /etc/caddy
sudo chown -R root:www-data /etc/caddy
sudo mkdir /etc/ssl/caddy
sudo chown -R www-data:root /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy
sudo semanage fcontext -a -t httpd_sys_rw_content_t /etc/ssl/caddy
sudo restorecon /etc/ssl/caddy
DOMAIN_NAME
tls EMAIL_ADDRESS
root /srv/www/mantisbt
gzip
status 404 {
/composer
/config
/core
/doc
/lang
/library
/plugins
/scripts
/vendor
}
fastcgi / 127.0.0.1:9000 php
log stdout
errors stderr
sudo chown www-data:www-data /etc/caddy/Caddyfile
sudo chmod 444 /etc/caddy/Caddyfile
cd ~/
curl -O https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service
sudo mv caddy.service /etc/systemd/system/
sudo chown root:root /etc/systemd/system/caddy.service
sudo chmod 644 /etc/systemd/system/caddy.service
sudo systemctl daemon-reload
sudo systemctl enable caddy.service
sudo systemctl start caddy.service
journalctl -u caddy

MantisBT Configuration

MantisBT Pre-Install Checklist
MantisBT Installation Options
sudo -u www-data vim /srv/www/mantisbt/config/config_inc.php
$g_allow_signup = OFF;
sudo -u www-data rm -rf /srv/www/mantisbt/admin

Section Recap

Closing Remarks

Google Cloud - Community

Google Cloud community articles and blogs

Google Cloud - Community

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

rsclarke

Written by

rsclarke

Security researcher and digital exploration enthusiast. https://rsclarke.io

Google Cloud - Community

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store