How to Install PyroCMS with Nginx an Let's Encrypt SSL on CentOS 8

PyroCMS is a powerful modular CMS and development platform built with Laravel 5, which allows you to build better Laravel websites and applications faster.

In this tutorial, we will walk you through the PyroCMS installation process on a CentOS 8 operating system by using NGINX as a web server, MariaDB as a database server, and optionally you can secure the transport layer by using acme.sh client and Let's Encrypt certificate authority to add SSL support.

Requirements

To install PyroCMS, make sure your system meets the following requirements:

  • At least 1GB of RAM or Swap configured.
  • PHP version 7.0 or greater with PDO, cURL, SQLite, OpenSSL, Mbstring, Fileinfo, Tokenizer, GD PHP extensions.
  • MariaDB
  • NGINX

Prerequisites

  • A system running CentOS 8 system.
  • A non-root user with sudo privileges.

Initial steps

Check your CentOS version:

cat /etc/centos-release
# CentOS Linux release 8.1.1810 (Core)

Set up the timezone:

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system's default software packages:

sudo dnf update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo dnf install -y curl wget vim git unzip socat bash-completion epel-release

Step 1 - Install PHP and necessary PHP extensions

Download and install PHP and required PHP extensions:

sudo dnf install -y php php-cli php-fpm php-mysqlnd php-curl php-sqlite3 php-mbstring php-gd php-xml

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .

Check the PHP version:

php --version
# PHP 7.2.11 (cli) (built: Oct  9 2018 15:09:36) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Start and enable PHP-FPM service:

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

Step 2 - Install MariaDB and create a database for PyroCMS

Install MariaDB:

sudo dnf install -y mariadb-server mariadb-client

Check the MariaDB version:

mysql --version
# mysql  Ver 15.1 Distrib 10.3.17-MariaDB, for Linux (x86_64) using readline 5.1

Start and enable MariaDB service:

sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Run mysql_secure installation script to improve MariaDB security and set the password for MariaDB root user:

sudo mysql_secure_installation

Answer each of the questions:

Enter current password for root (enter for none): Press Enter
Set root password? [Y/n] Y
New password: your_secure_password
Re-enter new password: your_secure_password
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Log into MariaDB as the root user:

sudo mysql -u root -p
# Enter password

Create a MariaDB database and user that you will use for your installation of PyroCMS, and remember the credentials:

CREATE DATABASE dbname;
GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Replace dbname and username with appropriate names for your setup. Replace password with a strong password.

Exit from MariaDB shell:

quit

Step 3 - Install Acme.sh client and obtain Let's Encrypt certificate (optional)

Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain an SSL certificate from Let's Encrypt we will use Acme.sh client. Acme.sh is a pure UNIX shell software for obtaining SSL certificates from Let's Encrypt with zero dependencies. 

Download and install acme.sh:

sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~

Check acme.sh version:

acme.sh --version
# v2.8.6

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256

If you want fake certificates for testing you can add --staging flag to the above commands.

To list your issued certs you can run:

acme.sh --list

Create a directory to store your certs. We will use /etc/letsencrypt directory.

mkdir -p /etc/letsencrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc

Install/copy certificates to /etc/letsencrypt directory.

# RSA
acme.sh --install-cert -d example.com \
--cert-file /etc/letsencrypt/example.com/cert.pem \
--key-file /etc/letsencrypt/example.com/private.key \
--fullchain-file /etc/letsencrypt/example.com/fullchain.pem \
--reloadcmd "sudo systemctl reload nginx.service"

# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc \
--cert-file /etc/letsencrypt/example.com_ecc/cert.pem \
--key-file /etc/letsencrypt/example.com_ecc/private.key \
--fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem \
--reloadcmd "sudo systemctl reload nginx.service"

After running the above commands, your certificates and keys will be in:

  • For RSA: /etc/letsencrypt/example.com directory.
  • For ECC/ECDSA: /etc/letsencrypt/example.com_ecc directory.

All the certificates will be automatically renewed every 60 days.

After obtaining certs, exit from root user and return back to normal sudo user:

exit

Step 4 - Install NGINX and configure NGINX for PyroCMS

Install the NGINX web server:

sudo dnf install -y nginx

Check the NGINX version:

nginx -v
# nginx version: nginx/1.14.1

Start and enable Nginx service:

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure NGINX for PyroCMS by running:

sudo vim /etc/nginx/conf.d/pyro.conf

And populate the file with the following configuration:

server {
  listen 80;
  listen 443 ssl;
server_name example.com;
index index.php index.html;
root /var/www/pyro/public;

ssl_certificate /etc/letsencrypt/status.example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/status.example.com/status.example.com.key;
ssl_certificate /etc/letsencrypt/status.example.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/status.example.com_ecc/status.example.com.key;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm/www.sock;;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}
}

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 5 - Install Composer

Install Composer, the PHP dependency manager globally:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php

php -r "unlink('composer-setup.php');"

sudo mv composer.phar /usr/local/bin/composer

Check Composer version:

composer --version
# Composer version 1.10.5 2012-04-02 10:52:10

Step 6 - Install PyroCMS

Create a document root directory where PyroCMS should reside in:

sudo mkdir -p /var/www/pyro

Change ownership of the /var/www/pyro directory to your_username that you should have created before and you should be logged in as this user. 

sudo chown -R your_username:your_username /var/www/pyro

NOTE: Don't forget to replace your_username with the name that you have chosen.

Navigate to document root:

cd /var/www/pyro

Download the latest stable release of PyroCMS via composer:

composer create-project pyrocms/pyrocms .

Change ownership of the /var/www/pyro directory to www-data.

sudo chown -R nginx:nginx /var/www/pyro

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx. Initially, they will be set to apache. Run:

sudo vim /etc/php-fpm.d/www.conf

And set user and group to nginx, like below:

user = nginx
group = nginx

And finally, restart PHP-FPM service for these changes to take effect:

sudo systemctl restart php-fpm.service

Step 7 - Complete the PyroCMS setup

Access your site in a web browser via domain name or IP address and follow the PyroCMS web installation wizard.

Accept PyroCMS license

After you have filled all the required information, your PyroCMS installation is complete.

Links

Share this page:

0 Comment(s)