Introduction
InvoicePlane is an open source application built to offer free client management, invoicing and payment tracking that can be used by a freelancer or small to medium sized business.
This project is the official sucessor and owner of the codebase of FusionInvoice 1.x written by Jesse Terry. When FusionInvoice transformed into a commercial product with the release of version 2.x, it was restarted as new project with new name InvoicePlane.
You can learn more on the InvoicePlane official website. If you want to try it first you can go to InvoicePlane Demo.
Goals
In this tutorial we will learn how-to install InvoicePlane on Ubuntu 14.04 (Trusty Tahr) with Nginx, MySQL and PHP, known as LEMP stack.
We will go step by step installing InvoicePlane prerequisites before installing InvoicePlane.
Prerequisites
We need to install these applications before installing InvoicePlane:
- A fresh install of Ubuntu Server 14.04. You can use any ubuntu flavors but using ubuntu server will make sure your server have minimalist ubuntu installation so your system will not be loaded by unnecessary softwares.
- Nginx. We use Nginx as reverse proxy for InvoicePlane. We will setup SSL certificate and http to https redirection on Nginx. SSL connections will be terminated on Nginx. We will also serve static assets like images, css, js from Nginx so only PHP files will be forwarded to
php5-fpm. - MySQL Server 5.6. We use MySQL as a database. InvoicePlane requirement is actually only MySQL Server 5.x. If you have shared database that being used by multiple application and use older or newer version of MySQL 5.x, it should be fine.
- PHP 5. We will use PHP 5 from
php-fpmpackage. PHP 5 is needed because InvoicePlane is written in PHP. We also need these PHP libraries to be installed. Some of the libraries is
- php-gd
- php-hash
- php-json
- php-mbstring
- php-mcrypt
- php-mysqli
- php-openssl
- php-recode
- php-xmlrpc
- php-zlib
Update Base System
Before we install InvoicePlane and its prerequisites let’s update the system to the latest update.
$ sudo apt-get update
$ sudo apt-get -y upgrade
Install Nginx
We will install Nginx from the nginx.org repository instead of from ubuntu repository. The reason is that the nginx.org repository provides a newer version of nginx.
First let’s add the Nginx.org package signing key. We add this key so apt can verify that the packages that we download from nginx repository is not tampered with on the way to our server.
$ wget -c -O- http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
Add nginx.org Repository
$ echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" | sudo tee -a /etc/apt/sources.list.d/nginx.list > /dev/null
Update apt metadata so that it knows the contents of Nginx.org repository and install Nginx.
$ sudo apt-get update
$ sudo apt-get -y install nginx
Now we have nginx installed, we can check it by checking the status of nginx service :
$ sudo service nginx status
* nginx is running
We can also check whether Nginx is already listening on specific port or not:
$ sudo netstat -naptu | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24965/nginx.conf
The output above show Nginx already listens on port 80.
Configure Nginx Directory for Sites
The configuration directory structure created by nginx package from the nginx.org repository is a little bit different with configuration of Nginx package from Ubuntu repository.
We will reconfigure the Nginx configuration directory to make it easier to enable and disable site configuration.
Create two new directories named sites-available and sites-enabled with commands below:
$ sudo mkdir /etc/nginx/sites-available
$ sudo mkdir /etc/nginx/sites-enabled
open /etc/nginx/nginx.conf and find the line:
include /etc/nginx/conf.d/*.conf;
replace with
include /etc/nginx/sites-enabled/*.conf;
Remove the contents of /etc/nginx/conf.d
$ sudo rm -f /etc/nginx/conf.d/*
Reload the Nginx configuration
$ sudo service nginx reload
We will configure Nginx for http only and https only site on InvoicePlane installation section.
Install MySQL Server 5.6
We will install and use MySQL 5.6 to power the database for InvoicePlane. We will use MySQL Server 5.6
$ sudo apt-get -y install mysql-server-5.6
We need to setup the MySQL root password. Please use secure password consist of upper case, lower case, number and special characters.
HP_NO_IMG/data/uploads/users/70fed463-d441-452e-bb7e-e0e3fa684498/960832776.png” alt=”Setting MySQL root password” />
Verify root password.
HP_NO_IMG/data/uploads/users/70fed463-d441-452e-bb7e-e0e3fa684498/1856530910.png” alt=”Verify MySQL root password” />
MySQL Server 5.6 installed. Let’s check mysql service status:
$ sudo service mysql status
mysql start/running, process 3844
We can also check whether mysql process already listen on specific port (MySQL default port is 3306) or not using netstat.
$ sudo netstat -naptu | grep mysql
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3844/mysqld
Securing the MySQL Installation
We will secure MySQL installation by running mysql_secure_installation.
Enter root password that we set on installation
$ mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Since we already have root password set, answer this part with n
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
Remove anonymous user to improve security, answer with Y.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
We also want remove root login from remote machine, answer with Y.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
Previously the test database created automatically by MySQL installation, but MySQL 5.6 does not create test database. We can still choose Y, it will throw error but that’s fine.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
... Failed! Not critical, keep moving...
- Removing privileges on test database...
... Success!
The last step is to reload MySQL privilege table, answer with Y
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Cleaning up...
Create a Database for InvoicePlane
Now we have a secure MySQL installation, it#s time to create database and user for InvoicePlane itself.
Login to MySQL using root credentials
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 58
Server version: 5.6.30-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
Create a new database named invoiceplane using the command below:
mysql> CREATE DATABASE invoiceplane;
Query OK, 1 row affected (0.00 sec)
Create a User for InvoicePlane
Now the database for InvoicePlane is ready, let’s create username and password and grant privileges to InvoicePlane database.
Don’t forget to FLUSH PRIVILEGES so that the privileges table will be reloaded by MySQL and we can use new credential.
Don’t forget to change the password verysecret below with better password.
mysql> GRANT ALL PRIVILEGES ON `invoiceplane`.* TO 'invoiceplane'@'localhost' IDENTIFIED BY 'verysecret';
Query OK, 0 rows affected (0.00 sec)
Flush MySQL privileges to let MySQL reload the MySQL credentials so we can use the new credential that we just created.
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
Exit from MySQL console by typing q
mysql> q
Install php5-fpm
We will install php5-fpm and all the required PHP 5 libraries.
$ sudo apt-get -y install php5-fpm
Now let’s check php5-fpm service status
$ sudo service php5-fpm status
php5-fpm start/running, process 6049
Install PHP Libraries Required by InvoicePlane
After installing php5-fpm. Let’s install PHP 5 libraries required by InvoicePlane
$ sudo apt-get install -y php5-gd php5-json php5-mcrypt php5-recode php5-xmlrpc php5-mysql
Most libraries are activated by default, but we need to activate the mcrypt library manually. We can activate the module by creating symlink with command below.
$ cd /etc/php5/fpm/conf.d
$ sudo ln -sf /etc/php5/mods-available/mcrypt.ini 20-mcrypt.ini
Restart php5-fpm service.
$ sudo service php5-fpm restart
Install InvoicePlane
Now we’re ready to install InvoicePlane. We can download the latest version of InvoicePlane from InvoicePlane download page. At the time of this writing, the latest version of InvoicePlane is 1.4.9.
$ wget -c -O v1.4.9.zip https://invoiceplane.com/download/v1.4.9
Extract the downloaded file using unzip. If you don’t have unzip installed, you can install it using command below:
$ sudo apt-get install unzip
To extract InvoicePlane downloaded file we can use the command below:
$ unzip -d invoiceplane v1.4.9.zip
Move extracted directory to /usr/share/nginx:
$ sudo mv invoiceplane /usr/share/nginx
Change directory ownership to www-data user:
$ sudo chown -R www-data:www-data /usr/share/nginx/invoiceplane
Before we run the installation wizard, we need to change one configuration line for base_url of InvoicePlane.
Open /usr/share/nginx/invoiceplane/application/config/config.php.
Find the line
$config['base_url'] = IP_URL;
Replace IP_URL with the domain name that you use for InvoicePlane.
$config['base_url'] = http://invoiceplane.exampleserver.xyz;
Configure Nginx HTTP Only
We also need to configure Nginx sites so it can serve InvoicePlane. Create the file /etc/nginx/sites-available/invoice-plane-http.conf with contents below.
You need to change server_name line below with the domain name that you plan to use for InvoicePlane.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name invoiceplane.exampleserver.xyz;
root /usr/share/nginx/invoiceplane;
index index.php;
location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000; #unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Enable configuration by creating a symbolic link:
$ sudo ln -sf /etc/nginx/sites-available/invoice-plane-http.conf /etc/nginx/sites-enabled/invoice-plane-http.conf
Now reload Nginx to get the new config
$ sudo service nginx reload
Setup InvoicePlane
InvoicePlane is ready. Open your browser and point to InvoicePlane URL.
We will get InvoicePlane setup page. Click Setup.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/1269115087.png” alt=”” />
Choose language. I choose English for this tutorial.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/956710922.png” alt=”” />
The next page will check for prerequisites. This page show that we already pass most of the prerequisites but one, the date.timezone setting on php configuration, if not configured, UTC will be used.
Let’s configure PHP timezone first before we proceed. Open /etc/php5/fpm/php.ini, find line date.timezone and set your local timezone.
In this tutorial I will use Asia/Jakarta as my timezone. You can see a List of supported timeozone. I add the line :
date.timezone = Asia/Jakarta
Now restart php5-fpm service to apply the timezone configuration changes
$ sudo service php5-fpm restart
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/1197762411.png” alt=”” />
Back to the web browser, refresh the browser. Now we pass all the prerequisites.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/2052236010.png” alt=”” />
Configure the database with the database name and credential that we created earlier. If you follow the steps above you can fill in
- Hostname : localhost
- Username : invoiceplane
- Database : invoiceplane
and use the password of user invoiceplane that you set earlier. Click Continue. If one of the item that we fill in is not correct the button will changed to Try Again.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/536768278.png” alt=”” />
If the database configuration is correct we can continue to the next page that show database is successfully configured. Click Continue
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/2143552357.png” alt=”” />
This steps will install tables on the database.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/2105004536.png” alt=”” />
Now let’s create the email address and password that we will use to login to InvoicePlane. We can also configure company name or our name that will show on the InvoicePlane itself.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/35282171.png” alt=”” />
Configure our address.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/601786455.png” alt=”” />
Configure our contact.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/1174720702.png” alt=”” />
Installation is complete.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/1936842969.png” alt=”” />
Now when we go to InvoicePlane URL we will get login page. Login using email addres and password pair that we enter on the setup wizard.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/1588691454.png” alt=”” />
InvoicePlane is ready, now we can create and manage invoices for our clients using invoiceplane.
HP_NO_IMG/data/uploads/users/00f6c067-4df1-42f4-86cb-7a45af31c344/866754598.png” alt=”” />
HTTPS Only Configuration
Up to this point InvoicePlane is ready to be used. This section is optional but recommended since serving InvoicePlane using https will increase security for data transmitted from your computer to server that host InvoicePlane.
The configuration below will make Nginx serve both on http port and https port. When a request come to http port it will be redirected to https port.
We assume that you already get ssl certificate and the private key pair.
When using this configuration you need to change server_name ssl_certificate and ssl_certificate_key lines below.
Before creating the configuration file. Let’s create new directory to put ssl certificate.
$ sudo mkdir /etc/nginx/ssl
Put the ssl certificate and private key on /etc/nginx/ssl directory.
Disable previous configuration that serves the http only site.
$ sudo rm -f /etc/nginx/sites-enabled/invoice-plane-http.conf
create new configuration file /etc/nginx/sites-available/invoice-plane-ssl.conf with contents below:
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name invoiceplane.exampleserver.xyz;
root /usr/share/nginx/invoiceplane;
index index.php;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
ssl_certificate /etc/nginx/ssl/invoiceplane.exampleserver.xyz.crt;
ssl_certificate_key /etc/nginx/ssl/invoiceplane.exampleserver.xyz.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000; #unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Enable the site by creating symbolic link using command below:
$ sudo ln -sf /etc/nginx/sites-available/invoice-plane-ssl.conf /etc/nginx-sites-enabled/invoice-plane-ssl.conf
Test the Nginx configuration using comand below:
$ sudo service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
If the output is different than the above, Nginx will show an error message and show which file and line of the configuration still not correct.
Reload Nginx using command below:
$ sudo service nginx reload
To serve InvoicePlane on https we need to change base_url config of InvoicePlane.
Open /usr/share/nginx/invoiceplane/application/config/config.php.
Find the line
$config['base_url'] = http://invoiceplane.exampleserver.xyz;
Replace http with https, no need to restart php5-fpm or nginx since this is application config.
$config['base_url'] = https://invoiceplane.exampleserver.xyz;
Now when we open InvoicePlane URL using https it will serve the application properly.
Secure Cookies
This is optional but recommended when using https. This setting will make sure cookies only served via secure channel / https.
Open /usr/share/nginx/invoiceplane/application/config/config.php. Find line:
$config['cookie_secure'] = false;
Replace with
$config['cookie_secure'] = true;
To verify the secure cookie settings we can use curl to print headers
$ curl -I https://invoiceplane.exampleserver.xyz/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.10.2
Date: Fri, 11 Nov 2016 03:46:28 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.5.9-1ubuntu4.20
Set-Cookie: ip_session=HuIoFGNMIFoBcfKqgZcWM6oCAHDRv%2Bo%2B1pwmrL%2Fs2Wytz5DOeugtjAOY51SKpzEkvp4n6IjWArJvNYnq2PDoudz27oPhYky57B6c0VLP748S2FLxAxssgNkqJb5NCUa2awb5o2AtzLM9fUcDLbuITr8pu0lmKimFDHWIBnpVgFIqF1XXO1bNV1EnBTTXrlTYAJDubp3DXpH1RNDpF7H%2F6lHZHWFUB6Ivrud%2B0eJguUmlyg%2BktpnZ2A%2BKfl8yIIHzNDBsvOO1zuQNZtrT6EFQO9d1Z4AGP3bjFAAKeKpEA8Spm2CR78wc5za1r%2Bo6J89faJJTzFxfgJMVqxfV3GU%2FHg%3D%3Dc7b8563ade78acc6ba1efa4c2fcd8c6c47206735; expires=Mon, 21-Nov-2016 03:46:28 GMT; Max-Age=864000; path=/; secure
Location: https://invoiceplane.exampleserver.xyz/index.php/sessions/login
Strict-Transport-Security: max-age=15768000
As we can see above the Set-Cookie line contain secure at the end of the line.
Summary
In this tutorial we learned how-to install InvoicePlane on top of a LEMP Stack. We also learned how-to configure nginx and InvoicePlane on http only sites and https only sites.
We hope this tutorial will help you setup InvoicePlane and enable you to easily create and manage invoices for your freelance firm or small business.
Share this Article!
