How to Install Vanila Forum and Secure it with Let's Encrypt on CentOS 8
Vanilla is a free, open-source and flexible community forum software that can be used to build your own forum site. It is a lightweight and multi-lingual forum solution that helps you to set up an online community within a minutes. It is written in PHP and comes with lots of add-ons and themes. It is packed with premium features and used by top brands to engage customers, drive loyalty and reduce support costs.
In this tutorial, we will learn how to install Vanilla forum on CentOS 8 and secure it with Let's Encrypt SSL.
Prerequisites
- A server running CentOS 8.
- A root password is setup on your server.
Install LEMP Server
First, you will need to install the Nginx web server, MariaDB database server, PHP and other required PHP extensions in your system. You can run the following command to install all of them:
dnf install nginx mariadb-server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php-pear php-openssl php-intl unzip -y
After installing all the packages, start Nginx, PHP-FPM and MariaDB service and enable them to start after system reboot with the following command:
systemctl start nginx
systemctl start php-fpm
systemctl start mariadb
systemctl enable nginx
systemctl enable php-fpm
systemctl enable mariadb
Configure MariaDB Database
Before starting, it is a good idea to secure your MariaDB. You can secure it with the following script:
mysql_secure_installation
Answer all the questions as shown below:
Enter current password for root (enter for none): Set root password? [Y/n] Y New password: Re-enter new password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
After securing the MariaDB, log in to the MariaDB shell with the following command:
mysql -u root -p
Provide your MariaDB root password and create a database and user for Vanilla with the following command:
MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> CREATE USER 'vanilla'@'localhost' IDENTIFIED BY 'password';
Next, grant all the privileges to the Vanilla database with the following command:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON vanilladb.* TO 'vanilla'@'localhost';
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Download Vanilla Forum
You can download the latest stable version of the Vanilla forum from its official website with the following command:
wget https://open.vanillaforums.com/get/vanilla-core-3.3.zip
Once downloaded, unzip the downloaded file with the following command:
unzip vanilla-core-3.3.zip
Next, move the extracted directory to the Nginx web root directory with the following command:
mv package /var/www/html/vanilla
Next, change the ownership of vanilla directory to Nginx:
chown -R nginx:nginx /var/www/html/vanilla
Once you are done, you can proceed to the next step.
Configure PHP-FPM Pool
By default, PHP-FPM is configured for Apache. Here, we will use Nginx as a webserver. So you will need to configure PHP-FPM for Nginx. You can do it by editing the file /etc/php-fpm.d/www.conf:
nano /etc/php-fpm.d/www.conf
Change the following lines:
user = nginx group = nginx
Save and close the file when you are finished. Then, create a session directory for PHP and change its ownership:
mkdir -p /var/lib/php/session
chown -R nginx:nginx /var/lib/php/session
Next, restart the PHP-FPM service to apply the changes:
systemctl restart php-fpm
Configure Nginx for Vanilla
Next, create a new Nginx virtual host file to serve Vanilla forum.
nano /etc/nginx/conf.d/vanilla.conf
Add the following lines:
server {
listen 80;
server_name vanilla.linuxbuz.com;
root /var/www/html/vanilla;
index index.php;
location ~* /\.git { deny all; return 403; }
location /build/ { deny all; return 403; }
location /cache/ { deny all; return 403; }
location /cgi-bin/ { deny all; return 403; }
location /uploads/import/ { deny all; return 403; }
location /conf/ { deny all; return 403; }
location /tests/ { deny all; return 403; }
location /vendor/ { deny all; return 403; }
location ~* ^/index\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
fastcgi_param X_REWRITE 1;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
}
location ~* \.php(/|$) {
rewrite ^ /index.php$uri last;
}
location / {
try_files $uri $uri/ @vanilla;
}
location @vanilla {
rewrite ^ /index.php$uri last;
}
}
Save and close the file when you are finished. Then, restart the Nginx service to apply the changes:
systemctl restart nginx
Secure Vanilla with Let's Encrypt SSL
Next, you will need to install the Certbot utility in your system to download and install Let's Encrypt SSL for your Vanilla website.
You can install the Certbot client with the following command:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
Next, obtain and install an SSL certificate for your Vanilla website with the following command:
certbot-auto --nginx -d vanilla.linuxbuz.com
The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for vanilla.linuxbuz.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/vanilla.conf
Select whether you want to redirect HTTP traffic to HTTPS or not as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to continue. Once the installation has been completed successfully, you should get the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://vanilla.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem Your cert will expire on 2020-06-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Configure SELinux and Firewall
By default, SELinux is enabled in CentOS 8. So you will need to configure it for your Vanilla forum website.
You can configure the SELinux with the following command:
setsebool httpd_can_network_connect on -P
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/vanilla
Next, allow port 80 and 443 through the firewall with the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Once you are done, you can proceed to the next step.
Access Vanilla Forum
Open your web browser and visit the URL https://vanilla.linuxbuz.com. You will be redirected to the following page:
Provide your Database details, Application title, Email, Admin username, Password and click on the Continue button. Once the installation has been finished, you should see the Vanilla dashboard in the following page:
Conclusion
Congratulations! you have successfully installed Vanilla forum on CentOS 8 with Let's Encrypt SSL. You can now host your own community forum website easily. Feel free to ask me if you have any questions.
