Dashboard > CiviCRM Documentation > ... > Install 2.0 for Standalone > Secure Standalone Installation
Secure Standalone Installation Log In | Sign Up   View a printable version of the current page.

 Contents
  Documentation Home
Table of Contents

This page describes a method for securing a standalone installation of CiviCRM for production servers. It does not guarantee perfect security, it just applies a general best practice of limiting the amount of potentially exploitable PHP code that you put under your web server's docroot.

1. First things first

If you haven't yet setup your standalone CiviCRM installation according to these instructions, start there first.

2. Secure your installation

Overview

The basic idea here is that we want only the civicrm/standalone directory in the docroot of your web server, and then we'll symlink to the other directories that we need outside that. That will remove a lot of PHP code from your docroot. That's a Good Thing.

Assumptions

This guide assumes that your CiviCRM standalone installation lives in /var/www/civicrm on Ubuntu / Debian and /var/www/html/civicrm on Red Hat / CentOS. Please adjust the example commands accordingly if yours lives elsewhere.

It also assumes you're working with a Linux, UNIX, or UNIX-like system (Mac OS X is a type of UNIX). These instructions won't work on Windows. Running a production server (meaning lots of people can access it remotely) on Windows is not recommended.

Tell me how to do it already!

  1. Move your CiviCRM directory out of your docroot
    • Ubuntu 7.10 or 8.04 (and probably Debian too)
      • /var/www is the docroot, so we shouldn't keep the civicrm directory there. Let's move it to /var/local/civicrm (or somewhere else if you don't like that choice, just so long as it's not in your docroot path). 
        sudo mv /var/www/civicrm /var/local/
    • Red Hat / CentOS 5
      • /var/www is not the docroot, /var/www/html is, so we can just move the civicrm dir from /var/www/html to /var/www 
        sudo mv /var/www/html/civicrm /var/www/
  2. Symlink the standalone directory back into the docroot
    • Ubuntu / Debian 
      sudo ln -s /var/local/civicrm/standalone /var/www/civicrm
    • Red Hat / CentOS 
      sudo ln -s /var/www/civicrm/standalone /var/www/html/civicrm
  3. Create other needed symlinks in the standalone directory (these may already exist, so check first)
    • Ubuntu / Debian 
      cd /var/local/civicrm/standalone
    • Red Hat / CentOS 
      cd /var/www/civicrm/standalone
    • All distros 
      ls (see if they exist already, if not proceed)
sudo ln -s ../css
sudo ln -s ../extern
sudo ln -s ../i
sudo ln -s ../js
sudo ln -s ../packages
  4. Update your civicrm.settings.php file (it will backup the existing one to civicrm.settings.php.old)
    • Ubuntu / Debian 
      sudo perl -p -i.old -e 's#/var/www/civicrm#/var/local/civicrm#' civicrm.settings.php
    • Red Hat / CentOS 
      sudo perl -p -i.old -e 's#/var/www/html/civicrm#/var/www/civicrm#' civicrm.settings.php

That's it!

You should now be able to access your CiviCRM installation by going to the same url but without the /standalone on the end.

Known issues

Hopefully at some point in the near future we can get rid of the need to link the packages directory into the docroot, as that exposes a lot of PHP code to the web.


Added by Wes Morgan , last edited by Wes Morgan on Mar 26, 2008  (view change) show comment
Labels: 
(None)

Recently Updated  |  Documentation Credits
Creative Commons License
All work on the CiviCRM wiki is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.
Powered by a free Atlassian Confluence Open Source Project License granted to CiviCRM . Evaluate Confluence today.
Powered by Atlassian Confluence 2.7.1, the Enterprise Wiki. Bug/feature request - Atlassian news - Contact administrators