- Apache 2 (with mod_rewrite)
- PHP 7.3 or above (with PDO, gettext, CURL, GD, ZIP. Recommended to turn display_errors off.)
- MySQL 5.6 (collation set to utf8_general_ci)
After download and unzipping:
- Copy all files to your server, choosing either the root directory or a sub-folder within it.
- Navigate your browser to the folder on your server where Gibbon has been located.
- Follow the on-screen instructions in Gibbon’s new installer.
- Check out the Getting Started With Gibbon page for more information.
Note: If you want to help test and develop Gibbon, you can select the Cutting Edge Code option in the installer. This allows you to run the latest code from our GitHub repo. This is not recommended for production environments.
The video below gives an overview of the installation process:
Looking for a quick install? Download Gibbon via Softaculous.
Installing from scratch on an Apache server? Check out the How to Install Gibbon thread by @dardiv on the forums.
If you are using a web hosting company that provides Softaculous via CPanel, you can follow the instructions in the video below to install Gibbon:
Post-Install & Server Config
- Set permissions of all Gibbon files so they are not publicly writeable (e.g.
chmod -Rv 755).
- Set file permissions for the
/uploadsfolder (created by the installer) to allow writing by web server (avoid chmod 777 for security reasons).
- Turn PHP
register_globalsoff. On shared host, use .htaccess
php_flag register_globals offto do this.
- Turn folder browsing off. On shared host, use .htaccess
- Set PHP’s
max_file_uploadsto at least the number of students in a class.
- Set PHP’s
max_input_varssetting to 5,000 (otherwise Manage Permissions breaks).
- Set PHP’s error to be
error_reporting = E_ALL & ~E_NOTICEor less aggressive.
- Set PHP to allow URLs as files with
allow_url_fopen=On(otherwise Calendar overlay in TT will not work).
- On systems that use selinux make sure to run
setsebool -P httpd_can_sendmail 1to enable Gibbon to send mail.
Securing your Uploads Folder
Files uploaded to Gibbon are stored in the uploads folder. It’s essential for your school’s security to ensure that this folder cannot be browsed and accessed by random people. The steps to do this depend on your server setup. Some instructions for Apache servers is included below.
- Edit your apache2 config file, often located at /etc/apache2/apache2.conf
- Look for the directory config, which often looks like
- Inside the config, if you see
Options Indexes FollowSymLinkschange this to
Options FollowSymLinksremoving the Indexes config
- Reload your updated config, on Ubuntu use the command
sudo service apache2 reload
- Check to see that your /uploads folder returns a 403 Forbidden or 404 Not Found result
MySQL Database Privileges
For additional security, it’s recommended to setup a MySQL user that has the minimum required database privileges. This is a common practice for web-based apps, to ensure that, should the credentials be compromised, the MySQL user cannot escalate their access in the system.
The minimum GRANTS required for Gibbon are:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES
You can view your current grants with the command:
SHOW GRANTS FOR yourusername
You can reset the grants for a user with the following commands. See the MySQL docs for more info.
REVOKE ALL PRIVILEGES ON *.* FROM 'yourusername'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES ON `yourdatabase`.* TO 'yourusername'@'%';
Cutting Edge Code
Installing Gibbon on Ubuntu/Debian
Install Xampp for Testing on Windows