How to Install Flarum Forum with Nginx and LE SSL on CentOS 8

Flarum is a free, open-source and next-generation forum software that makes it easier for you to start and grow a successful online community. It is simple, lightweight, fast and mobile-friendly software based on PHP. It comes with a rich set of features including, Elegant UI, Two-Pane Interface, Infinite Scrolling, Floating Composer, Fully responsive and many more.

In this tutorial, we will explain how to install the Flarum forum on CentOS 8 server.

Requirements

  • A server running CentOS 8.
  • A valid domain name pointed with your server IP
  • A root password is configured on the server.

Getting Started

Before starting, you will need to install EPEL and Remi repository in your system. First, install the EPEL repository with the following command:

dnf install epel-release -y

Next, download and install the Remi repository with the following command:

wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm
rpm -Uvh remi-release-8.rpm

Install Nginx, MariaDB and PHP

First, install the Nginx webserver and MariaDB server with the following command:

dnf install nginx mariadb-server -y

Once both packages are installed, you will need to enable php:remi-7.3 module to install PHP 7.3. You can enable it with the following command:

dnf module enable php:remi-7.3

Next, install PHP with other required dependencies with the following command:

dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y

Once all the packages are installed, start the Nginx, MariaDB and PHP-FPM service and enable them to start after system reboot with the following command:

systemctl start nginx
systemctl start mariadb
systemctl start php-fpm
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm

Once you are finished, you can proceed to the next step.

Configure MariaDB Database

By default, MariaDB is not secured. You can secure it with the following script:

mysql_secure_installation

Answer all the questions as shown below:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once you are done, log in to MariaDB shell with the following command:

mysql -u root -p

Provide your root password when prompt then create a database and user for Flarum with the following command:

MariaDB [(none)]> CREATE DATABASE flarumdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'password';

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you are finished, you can proceed to the next step.

Configure PHP-FPM for Nginx

Next, you will need to configure PHP-FPM to work with Nginx. You can do it by editing the file www.conf:

nano /etc/php-fpm.d/www.conf

Change the user and group name from apache to nginx as shown below:

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

Next, find the following line:

;listen = /run/php-fpm/www.sock

And replace it with the following line:

listen = 127.0.0.1:9000

Save and close the file when you are finished. Then, restart PHP-FPM service to apply the changes:

systemctl restart php-fpm

Install Flarum

Before installing the Flarum, you will need to install Composer in your system.

You can install it with the following command:

curl -sS https://getcomposer.org/installer | php

Once installed, you should get the following output:

All settings correct for using Composer
Downloading...

Composer (version 1.9.2) successfully installed to: /root/composer.phar
Use it: php composer.phar

Next, move the Composer binary file to the /usr/local/bin directory and give proper permission:

mv composer.phar /usr/local/bin/composer
chmod 755 /usr/local/bin/composer

Next, change the directory to the Nginx document root and create a Flarum project with the following command:

cd /var/www/html
composer create-project flarum/flarum . --stability=beta

Next, give proper permissions on Nginx web root directory with the following command:

chown -R nginx:nginx /var/www/html
chmod -R 755 /var/www/html
chown -R nginx:nginx /var/lib/php

Once you are finished, you can proceed to the next step.

Configure Nginx for Flarum

Next, you will need to create an Nginx virtual host configuration file for Nginx. You can create it with the following command:

nano /etc/nginx/conf.d/flarum.conf

Add the following lines:

server {
    listen   80;
    server_name  flarum.example.com;

# note that these lines are originally from the "location /" block
root   /var/www/html/public;
index index.php index.html index.htm;

location / { try_files $uri $uri/ /index.php?$query_string; }
location /api { try_files $uri $uri/ /api.php?$query_string; }
location /admin { try_files $uri $uri/ /admin.php?$query_string; }

location /flarum {
    deny all;
    return 404;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~* \.html$ {
    expires -1;
}

location ~* \.(css|js|gif|jpe?g|png)$ {
    expires 1M;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
           application/javascript
           application/json
           application/vnd.ms-fontobject
           application/x-font-ttf
           application/x-web-app-manifest+json
           application/xhtml+xml
           application/xml
           font/opentype
           image/svg+xml
           image/x-icon
           text/css
           #text/html -- text/html is gzipped by default by nginx
           text/plain
           text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
   }

Save and close the file when you are finsihed. Next, you will need to increase the hash_bucket size in nginx.conf file.

You can do it by editing the file /etc/nginx/nginx.conf:

nano /etc/nginx/nginx.conf

Add the following line exact above the last line:

server_names_hash_bucket_size 64;

Save and close the file. Then, check Nginx for any syntax error with the following command:

nginx -t

You should see the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx and PHP-FPM service to apply the changes:

systemctl restart php-fpm
systemctl restart nginx

Configure SELinux and Firewall

First, you will need to create a firewall rule to allow HTTP and HTTPS service from external networks. You can allow it with the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

By default, SELinux is enabled in CentOS 8. So you will need to configure SELinux for Flarum to work correctly. You can configure SELinux using the following command:

setsebool httpd_can_network_connect on -P

Once you are finished, you can proceed to the next step.

Access Flarum Web UI

Now, open your web browser and type the URL http://flarum.example.com. You will be redirected to the following page:

Flarum Forum installer

Provide your forum name, database details, admin username, password and click on the Install Flarum button. Once the installation has been completed successfully, you should see the Flarum dashboard in the following page:

Flarum Forum

Secure Flarum with Let's Encrypt SSL

Flarum is now installed and configured. It's time to secure it with Let's Encrypt free SSL.

To do so, you will need to download the certbot client on your server. You can download and set correct permission by running the following command:

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

Now, run the following command to obtain and install an SSL certificate for your flarum website.

certbot-auto --nginx -d flarum.example.com

The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for flarum.example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf

Next, you will need to choose whether or not to redirect HTTP traffic to HTTPS as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to continue. Once the installation has been finished, you should see the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://flarum.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/flarum.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/flarum.example.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Thats it! You can now access your Flarum website using the secure URL https://flarum.example.com.

Share this page:

0 Comment(s)