QuincyKit

From HerzbubeWiki
Jump to navigation Jump to search

This page has the details how to set up the QuincyKit crash reporting service that allows iOS apps to submit crash reports for developer analysis.

The submission URLs to use in a client app, if all the steps on this page are followed, is this:


References


Installation and configuration

Filesystem

Download the QuincyKit .zip package from GitHub and extract its content. Then do the following: 

mv server /var/www/herzbube.ch/quincykit3
rm -r /var/www/herzbube.ch/quincykit3/local

Note: More filesystem-related operations are required to secure the installation. See the corresponding section further down.


Database

  • Create new database "quincykit3"
  • Create new user "quincykit" and grant all privileges to database
grant all privileges on quincykit3.* to quincykit@localhost;
  • Populate the database with this command
mysql -u quincykit -p quincykit3 </var/www/herzbube.ch/quincykit3/database_schema.sql


Web server

Add the following snippet to both the plain HTTP and the SSL vhost in /etc/apache2/sites-available/herzbube.ch.conf: 

<Directory /var/www/herzbube.ch/quincykit3/>
  <IfModule mod_php5.c>
    php_admin_flag engine on
  </IfModule>
</Directory>

Note: More web server related configuration is required to secure the installation. See the corresponding section further down.


PHP configuration

Edit /var/www/herzbube.ch/quincykit3/config.php with the following settings:

  • $server = localhost
  • $loginsql = 'quincykit';
  • $passsql = 'secret';
  • $base = 'quincykit3';
  • $mail_addresses = 'herzbube@herzbube.ch';
  • $mail_from = 'quincykit@herzbube.ch';
  • $crash_url = 'http://www.herzbube.ch/quincykit3/';


Test the setup

After everything has been installed and configured, point your web browser to this URL: http://www.herzbube.ch/quincykit3/test_setup.php. If no errors occur, everything should be set up correctly.


Secure the installation

Filesystem level protection

Protect the database password: 

cd /var/www/herzbube.ch/quincykit3
chown root:www-data config.php
chmod 640 config.php

Remove unnecessary files: 

cd /var/www/herzbube.ch/quincykit3
rm config.php.sample
rm test_setup.php
rm database_schema.sql
rm quincykit_importer.php  # only present in QuincyKit 2
rm ProwlPHP.php


Only authorized access to admin web interface

We want to protect the admin web interface against anonymous/unauthorized access from the Internet. We can achieve this by using HTTP authentication/authorization. However, if we allow this to happen via plain HTTP the browser will send the password over the network in plain text. To prevent this, we configure the web server to completely disable plain HTTP access to the admin web interface. HTTP authentication over an SSL connection (i.e. HTTPS) is fine, though, since the password sent by the browser will not be visible in plain text to network sniffers.


To disable plain HTTP access to the admin web interface, add the following snippet to the plain HTTP vhost in /etc/apache2/sites-available/herzbube.ch.conf. 

# Do not allow access to admin interface via plain HTTP
<Directory /var/www/herzbube.ch/quincykit3/admin/>
  Require all denied
</Directory>

To enable HTTP authentication/authorization via LDAP, add the following snippet to the SSL vhost in /etc/apache2/sites-available/herzbube.ch.conf. More information about the content of pelargir-ldap.conf is available on the Apache page on this wiki. 

# Allow access to admin interface only to authenticated user admin
<Directory /var/www/herzbube.ch/quincykit3/admin/>
  Include pelargir-ldap.conf
  AuthName "QuincyKit 3 @ herzbube.ch"
  AuthType Basic
  AuthBasicProvider ldap
  Require ldap-user admin
</Directory>


Add application

  • Point web browser to this URL: http://www.herzbube.ch/quincykit3/admin/
  • Add a new application by providing the following two pieces of information
    • Bundle identifier as it appears in Xcode (e.g. ch.herzbube.littlego)
    • Application name = Little Go
Retrieved from "https://wiki.herzbube.ch/index.php?title=QuincyKit&oldid=5997"