Installing Gibbon
Server Requirements
- Apache 2 (with mod_rewrite)
- PHP 7.3 or above (with PDO, gettext, CURL, GD, ZIP. Recommended to turn display_errors off.)
- MySQL 5.6 (collation set to utf8_general_ci)
Manual Installation
After download and unzipping:
- Copy all files to your server, choosing either the root directory or a sub-folder within it.
- Navigate your browser to the folder on your server where Gibbon has been located.
- Follow the on-screen instructions in Gibbon’s new installer.
- Check out the Getting Started With Gibbon page for more information.
Note: If you want to help test and develop Gibbon, you can select the Cutting Edge Code option in the installer. This allows you to run the latest code from our GitHub repo. This is not recommended for production environments.
The video below gives an overview of the installation process:
Looking for a quick install? Download Gibbon via Softaculous.
Installing from scratch on an Apache server? Check out the How to Install Gibbon thread by @dardiv on the forums.
Softaculous Installation
If you are using a web hosting company that provides Softaculous via CPanel, you can follow the instructions in the video below to install Gibbon:
Post-Install & Server Config
- Set permissions of all Gibbon files so they are not publicly writeable (e.g.
chmod -Rv 755
). - Set file permissions for the
/uploads
folder (created by the installer) to allow writing by web server (avoid chmod 777 for security reasons). - Turn PHP
register_globals
off. On shared host, use .htaccessphp_flag register_globals off
to do this. - Turn folder browsing off. On shared host, use .htaccess
Options -Indexes
- Set PHP’s
max_file_uploads
to at least the number of students in a class. - Set PHP’s
max_input_vars
setting to 5,000 (otherwise Manage Permissions breaks). - Set PHP’s error to be
error_reporting = E_ALL & ~E_NOTICE
or less aggressive. - Set PHP to allow URLs as files with
allow_url_fopen=On
(otherwise Calendar overlay in TT will not work). - On systems that use selinux make sure to run
setsebool -P httpd_can_sendmail 1
to enable Gibbon to send mail.
Securing your Uploads Folder
Files uploaded to Gibbon are stored in the uploads folder. It’s essential for your school’s security to ensure that this folder cannot be browsed and accessed by random people. The steps to do this depend on your server setup. Some instructions for Apache servers is included below.
Apache:
- Edit your apache2 config file, often located at /etc/apache2/apache2.conf
- Look for the directory config, which often looks like
<Directory /var/www/>
…</Directory>
- Inside the config, if you see
Options Indexes FollowSymLinks
change this toOptions FollowSymLinks
removing the Indexes config - Reload your updated config, on Ubuntu use the command
sudo service apache2 reload
- Check to see that your /uploads folder returns a 403 Forbidden or 404 Not Found result
MySQL Database Privileges
For additional security, it’s recommended to setup a MySQL user that has the minimum required database privileges. This is a common practice for web-based apps, to ensure that, should the credentials be compromised, the MySQL user cannot escalate their access in the system.
The minimum GRANTS required for Gibbon are:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES
You can view your current grants with the command:
SHOW GRANTS FOR yourusername
You can reset the grants for a user with the following commands. See the MySQL docs for more info.
REVOKE ALL PRIVILEGES ON *.* FROM 'yourusername'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES ON `yourdatabase`.* TO 'yourusername'@'%';
Pages:
-
Cutting Edge Code
-
Installing Gibbon on Ubuntu/Debian
-
Installing on Windows
-
Google Integration
-
Microsoft Integration
-
Install Xampp for Testing on Windows