Install and configure the Flarum CMS Forum on Nginx CentOS 8

Flarum is a free, open source forum software that makes it easy for you to start an online community. It is a simple, light, fast PHP program that is compatible with mobile devices.

It comes with a rich set of features including elegant user interface, two-part interface, infinite scrolling, floating composer, full response, and more.

In this tutorial, we will explain how to install Flarum Forum on CentOS 8 Server.

Tutorial requirements

  • CentOS 8 server.
  • A valid domain name is indicated by the server’s IP address
  • Log in as root or a user with sudo privileges

Preparation

Before getting started, you’ll need to have the EPEL and Remi repositories installed on your system. First, install the EPEL repository with the following command:

dnf install epel-release -y

After that, download and install Remi repository with the following command:

wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm
 rpm -Uvh remi-release-8.rpm

Install Nginx, MariaDB, and PHP

First, install the Nginx web server and MariaDB server with the following commands:

dnf install nginx mariadb-server -y

After installing both packages, you will need to activate the php: remi-7.3 module to install PHP 7.3. You can activate it with the following command:

dnf module enable php:remi-7.3

After that, install PHP along with the other required dependencies using the following command:

dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y

After installing all packages, start the Nginx, MariaDB and PHP-FPM services and enable them to start after restarting the system with the following command:

systemctl start nginx
 systemctl start mariadb
 systemctl start php-fpm
 systemctl enable nginx
 systemctl enable mariadb
 systemctl enable php-fpm

Once done, you can move on to the next step.

Create MariaDB Database

By default, MariaDB is not locked. You can secure it with the following script:

mysql_secure_installation

This command will change the root password, delete anonymous users, block remote root logins, and delete the test database.

Answer the questions as shown below and make sure to choose a secure root user password:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once MariaDB is secured, log into the MariaDB shell with the following command:

mysql -u root -p

Enter the root password, then create a database and database user for Flarum with the following command:

MariaDB [(none)]> CREATE DATABASE flarumdb;
 MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'g4nt!_d3n9an_p4$$w0rd';

After that, clear the privileges and exit MariaDB with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> EXIT;

Once done, you can move on to the next step.

Configure PHP-FPM for Nginx

Next, you need to configure PHP-FPM to work with Nginx. You can do this by editing a file www.conf:

nano /etc/php-fpm.d/www.conf

Change username and group from apache To nginx as shown below:

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

Next, find the next line:

;listen = /run/php-fpm/www.sock

And replace it with the following line:

listen = 127.0.0.1:9000

Save and close the file when done. Then restart PHP-FPM service to apply the changes:

systemctl restart php-fpm

Install Flarum

Before installing Flarum, you must have Composer installed on your system.

You can install it via command curl next:

curl -sS https://getcomposer.org/installer | php

Once installed, you will get the following output:

All settings correct for using Composer
Downloading...

Composer (version 1.9.2) successfully installed to: /root/composer.phar
Use it: php composer.phar

Next, move the Composer binary file to the directory /usr/local/bin And grant appropriate permissions:

mv composer.phar /usr/local/bin/composer
 chmod 755 /usr/local/bin/composer

Next, change directory to Nginx document root and create Flarum project with the following command:

cd /var/www/html
 composer create-project flarum/flarum . --stability=beta

Next, grant the appropriate permissions to the Nginx web root folder with the following command:

chown -R nginx:nginx /var/www/html
 chmod -R 755 /var/www/html
 chown -R nginx:nginx /var/lib/php

Once done, you can move on to the next step.

Form Nginx for Flarum

Next, we need to create an Nginx virtual host configuration file for Nginx. You can create it with the following command:

nano /etc/nginx/conf.d/flarum.conf

Add the following line:

server {
    listen   80;
    server_name  flarum.example.com;

# lokasi untuk root document
root   /var/www/html/public;
index index.php index.html index.htm;

location / { try_files $uri $uri/ /index.php?$query_string; }
location /api { try_files $uri $uri/ /api.php?$query_string; }
location /admin { try_files $uri $uri/ /admin.php?$query_string; }

location /flarum {
    deny all;
    return 404;
}

location ~ .php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~* .html$ {
    expires -1;
}

location ~* .(css|js|gif|jpe?g|png)$ {
    expires 1M;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
           application/javascript
           application/json
           application/vnd.ms-fontobject
           application/x-font-ttf
           application/x-web-app-manifest+json
           application/xhtml+xml
           application/xml
           font/opentype
           image/svg+xml
           image/x-icon
           text/css
           #text/html -- text/html is gzipped by default by nginx
           text/plain
           text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
   }

Save and close the file when done. Next, you need to increase the size hash_bucket in the file nginx.conf.

You can do this by editing a file /etc/nginx/nginx.conf:

nano /etc/nginx/nginx.conf

Add the following line directly above the last line:

server_names_hash_bucket_size 64;

Save and close the file. Next, check Nginx for any syntax errors with the following command:

nginx -t

You will see the following result:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart Nginx and PHP-FPM services to apply the changes:

systemctl restart php-fpm
 systemctl restart nginx

Configure SELinux and Firewall

First, you’ll need to create firewall rules to allow HTTP and HTTPS services from external networks. You can allow it with the following command:

firewall-cmd --permanent --add-service=http 
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

By default, SELinux is enabled in CentOS 8. So you need to configure SELinux for Flarum to work properly. You can configure SELinux with the following command:

setsebool httpd_can_network_connect on -P

Once done, you can move on to the next step.

Access the Flarum web user interface

Now, open your web browser and type the URL http://flarum.example.com. You will be directed to the following page:

Flarum Forum Installer

Enter forum name, database details, admin username and password and click the button Installations Flarum. After the installation has finished successfully, you will see the Flarum dashboard on the following page:

Flarum Forum

Secure Flarum with Let’s Encrypt SSL

Flarum is now installed and configured. Time to secure it with Let’s Encrypt SSL.

To do this, you’ll need to download the certbot client to your server. You can download and set the correct permissions by running the following command:

wget https://dl.eff.org/certbot-auto
 mv certbot-auto /usr/local/bin/certbot-auto
 chown root /usr/local/bin/certbot-auto
 chmod 0755 /usr/local/bin/certbot-auto

Now, run the following commands to get and install SSL certificate for your flarum site.

certbot-auto --nginx -d flarum.example.com

The above command will install all required dependencies on your server. Once installed, you will be required to provide an email address and accept the Terms of Service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for flarum.example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf

Next, you have to choose whether or not to redirect HTTP traffic to HTTPS, as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to continue. After the installation is complete, you will see the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://flarum.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/flarum.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/flarum.example.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point, the Let’s Encrypt installation for your website has completed and you can now access the Flarum website using the secure URL https://flarum.example.com.

.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *