How to install ElkArte forum with Apache and encrypt SSL on CentOS 8
How to install ElkArte forum with Apache and encrypt SSL on CentOS 8
ElkArte is a free and open source forum software based on Simple Machine Forum. It is written in PHP and uses MariaDB as the database backend. It provides all the functions needed to build a fully functional community forum. It is simple, lightweight, and uses a responsive theme suitable for any modern browser, smartphone or tablet.
feature
- Simple and easy to use interface
- Customizable built-in plugin manager
- Improved anti-spam features
- Drag and drop file attachments
- Integrated video embedding for youtube, vimeo and dailymotion
In this tutorial, we will show you how to install ElkArte on CentOS 8 using “Let’s Encrypt SSL”.
prerequisites
- Server running CentOS 8.
- A valid domain name pointing to the server IP.
- The root password is configured for the server.
Install LAMP server
First, you need to install Apache, MariaDB, PHP and other extensions in your system. You can install all of them by running the following command:
dnf install httpd mariadb-server php php-common php-json php-curl php-intl php-mbstring php-xmlrpc php-mysqlnd php-gd php-pgsql php-xml php-cli php-bcmath php-gmp php-zip unzip -yAfter installing all the packages, edit the php.ini file and make some required changes:
nano /etc/php.iniChange the following values:
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = America/Chicago
Save and close the file, then start the Apache and MariaDB services and use the following commands to start them when the system restarts:
systemctl start httpdsystemctl start mariadbsystemctl enable httpdsystemctl enable mariadbOnce completed, you can proceed to the next step.
Configure MariaDB
By default, the MariaDB root password is not set. Therefore, you need to set it up in the system. You can do this by running the following script:
mysql_secure_installationAnswer all the questions shown below to set the root password:
Enter current password for root (enter for none): OK, successfully used password, moving on... Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Once MariaDB is secure, log in to the MariaDB shell with the following command:
mysql -u root -pProvide your root password when prompted, and then use the following commands to create the database and user:
MariaDB [(none)]> CREATE DATABASE elkarte;MariaDB [(none)]> CREATE USER 'elkarte'@'localhost' IDENTIFIED BY 'password';Next, use the following command to grant all privileges to the ElkArte database:
MariaDB [(none)]> GRANT ALL ON elkarte.* TO 'elkarte'@'localhost' WITH GRANT OPTION;Next, use the following command to clear the privileges and exit from the MariaDB shell:
MariaDB [(none)]> FLUSH PRIVILEGES;MariaDB [(none)]> EXIT;Once completed, you can proceed to the next step.
Download ElkArte
First, you need to download the latest version of ElkArte from the Git repository. You can download it with the following command:
wget https://github.com/elkarte/Elkarte/archive/master.zipAfter downloading, use the following command to unzip the downloaded file:
unzip master.zipNext, use the following command to move the extracted directory to the Apache root directory:
mv Elkarte-master /var/www/html/elkarteNext, use the following commands to change ownership and permissions:
chown -R apache:apache /var/www/html/elkartechmod -R 775 /var/www/html/elkarteOnce completed, you can proceed to the next step.
Configure Apache for ElkArte
Next, you will need to create an apache virtual host configuration file for ElkArte. You can create it with the following command:
nano /etc/httpd/conf.d/elkarte.confAdd the following line:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/elkarte
ServerName elk.example.com
<Directory /var/www/html/elkarte/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd//access.log combined
</VirtualHost>
systemctl restart httpdAt this point, the Apache web server has been configured to serve ElkArte. Now you can proceed to the next step.
Configure Selinux and firewall
By default, SELinux is enabled in CentOS 8. Therefore, you need to configure the ElkArte website.
You can configure SELinux with the following command: advertising
setsebool httpd_can_network_connect on -Pchcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/elkarteNext, use the following command to allow ports 80 and 443 through the firewall:
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=httpsfirewall-cmd --reloadOnce completed, you can proceed to the next step.
Visit ElkArte
Now, open your web browser and use the URL to visit ElkArte. http://elk.example.com. You will be redirected to the following page:
Click on carry on Button to start the installation. You should see the following page:
Provide your database details and click carry on Button. You should see the following page:
Provide your forum name, URL, and click carry on Button. You should see the following page:
advertising
Now, click carry on Button to populate the database. You should see the following page:
Provide your administrator username, password, email, and click carry on Button. You should see the following page:
Click on Your newly installed forum Button. You should see the following page:
Provide your administrator username and password, and click Logging in Button. You should see the ElkArte dashboard in the following page:
Let’s encrypt SSL to protect Elkarte
At this point, ElkArte has been installed and configured. Next, it is recommended to use “Let’s Encrypt SSL” to protect the ElkArte website. First, you need to install the Certbot client on the system. Certbot is a Let’s Encrypt client that can be used to download SSL from the Let’s Encrypt website and configure the Apache web server to use the downloaded SSL.
You can install Certbot with the following command:
wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-autoNow, run the following command to obtain and install the SSL certificate of the ElkArte website.
certbot-auto --apache -d elk.example.comThe above command will first install all the necessary dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as shown below:
Note: If you encounter any SSL-related errors, please restart the httpd service, and then run the above command again.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for elk.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/httpd/conf.d/elkarte-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf.d/elkarte-le-ssl.conf
Next, choose whether to redirect HTTP communication to HTTPS, thereby deleting HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and press Enter to start the installation process. After successfully completing the installation, you will get the following output:
Redirecting vhost in /etc/httpd/conf.d/elkarte.conf to ssl vhost in /etc/httpd/conf.d/elkarte-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://elk.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=elk.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/elk.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/elk.example.com/privkey.pem Your cert will expire on 2020-05-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
You can now safely access ElkArte using URL https://elk.example.com.
in conclusion
Congratulations! You have successfully installed ElkArte, Apache and Let’s Encrypt SSL on Apache CentOS 8. Now you can start to build your own online forum. If you have any questions, please feel free to ask me.