How to install ElkArte forum with Apache and encrypt SSL on CentOS 8

How to install ElkArte forum with Apache and encrypt SSL on CentOS 8

ElkArte is a free and open source forum software based on Simple Machine Forum. It is written in PHP and uses MariaDB as the database backend. It provides all the functions needed to build a fully functional community forum. It is simple, lightweight, and uses a responsive theme suitable for any modern browser, smartphone or tablet.

feature

  • Simple and easy to use interface
  • Customizable built-in plugin manager
  • Improved anti-spam features
  • Drag and drop file attachments
  • Integrated video embedding for youtube, vimeo and dailymotion

In this tutorial, we will show you how to install ElkArte on CentOS 8 using “Let’s Encrypt SSL”.

prerequisites

  • Server running CentOS 8.
  • A valid domain name pointing to the server IP.
  • The root password is configured for the server.

Install LAMP server

First, you need to install Apache, MariaDB, PHP and other extensions in your system. You can install all of them by running the following command:

dnf install httpd mariadb-server php php-common php-json php-curl php-intl php-mbstring php-xmlrpc php-mysqlnd php-gd php-pgsql php-xml php-cli php-bcmath php-gmp php-zip unzip -y

After installing all the packages, edit the php.ini file and make some required changes:

nano /etc/php.ini

Change the following values:

memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

Save and close the file, then start the Apache and MariaDB services and use the following commands to start them when the system restarts:

systemctl start httpdsystemctl start mariadbsystemctl enable httpdsystemctl enable mariadb

Once completed, you can proceed to the next step.

Configure MariaDB

By default, the MariaDB root password is not set. Therefore, you need to set it up in the system. You can do this by running the following script:

mysql_secure_installation

Answer all the questions shown below to set the root password:

Enter current password for root (enter for none):
OK, successfully used password, moving on...
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once MariaDB is secure, log in to the MariaDB shell with the following command:

mysql -u root -p

Provide your root password when prompted, and then use the following commands to create the database and user:

MariaDB [(none)]> CREATE DATABASE elkarte;MariaDB [(none)]> CREATE USER 'elkarte'@'localhost' IDENTIFIED BY 'password';

Next, use the following command to grant all privileges to the ElkArte database:

MariaDB [(none)]> GRANT ALL ON elkarte.* TO 'elkarte'@'localhost' WITH GRANT OPTION;

Next, use the following command to clear the privileges and exit from the MariaDB shell:

MariaDB [(none)]> FLUSH PRIVILEGES;MariaDB [(none)]> EXIT;

Once completed, you can proceed to the next step.

Download ElkArte

First, you need to download the latest version of ElkArte from the Git repository. You can download it with the following command:

wget https://github.com/elkarte/Elkarte/archive/master.zip

After downloading, use the following command to unzip the downloaded file:

unzip master.zip

Next, use the following command to move the extracted directory to the Apache root directory:

mv Elkarte-master /var/www/html/elkarte

Next, use the following commands to change ownership and permissions:

chown -R apache:apache /var/www/html/elkartechmod -R 775 /var/www/html/elkarte

Once completed, you can proceed to the next step.

Configure Apache for ElkArte

Next, you will need to create an apache virtual host configuration file for ElkArte. You can create it with the following command:

nano /etc/httpd/conf.d/elkarte.conf

Add the following line:

<VirtualHost *:80>
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/elkarte
     ServerName elk.example.com

     <Directory /var/www/html/elkarte/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>

     ErrorLog /var/log/httpd/error.log
     CustomLog /var/log/httpd//access.log combined

</VirtualHost>
systemctl restart httpd

At this point, the Apache web server has been configured to serve ElkArte. Now you can proceed to the next step.

Configure Selinux and firewall

By default, SELinux is enabled in CentOS 8. Therefore, you need to configure the ElkArte website.

You can configure SELinux with the following command: advertising

setsebool httpd_can_network_connect on -Pchcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/elkarte

Next, use the following command to allow ports 80 and 443 through the firewall:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=httpsfirewall-cmd --reload

Once completed, you can proceed to the next step.

Visit ElkArte

Now, open your web browser and use the URL to visit ElkArte. http://elk.example.com. You will be redirected to the following page:

Click on carry on Button to start the installation. You should see the following page:

Database settings

Provide your database details and click carry on Button. You should see the following page:

Forum settings

Provide your forum name, URL, and click carry on Button. You should see the following page:

Populate the databaseadvertising

Now, click carry on Button to populate the database. You should see the following page:

Create an administrator account

Provide your administrator username, password, email, and click carry on Button. You should see the following page:

finish installation

Click on Your newly installed forum Button. You should see the following page:

Go to the front end of the forum

Provide your administrator username and password, and click Logging in Button. You should see the ElkArte dashboard in the following page:

ElkArte Forum

Let’s encrypt SSL to protect Elkarte

At this point, ElkArte has been installed and configured. Next, it is recommended to use “Let’s Encrypt SSL” to protect the ElkArte website. First, you need to install the Certbot client on the system. Certbot is a Let’s Encrypt client that can be used to download SSL from the Let’s Encrypt website and configure the Apache web server to use the downloaded SSL.

You can install Certbot with the following command:

wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-auto

Now, run the following command to obtain and install the SSL certificate of the ElkArte website.

certbot-auto --apache -d elk.example.com

The above command will first install all the necessary dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as shown below:

Note: If you encounter any SSL-related errors, please restart the httpd service, and then run the above command again.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/elkarte-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/elkarte-le-ssl.conf

Next, choose whether to redirect HTTP communication to HTTPS, thereby deleting HTTP access.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and press Enter to start the installation process. After successfully completing the installation, you will get the following output:

Redirecting vhost in /etc/httpd/conf.d/elkarte.conf to ssl vhost in /etc/httpd/conf.d/elkarte-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://elk.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=elk.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/elk.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/elk.example.com/privkey.pem
   Your cert will expire on 2020-05-10. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can now safely access ElkArte using URL https://elk.example.com.

in conclusion

Congratulations! You have successfully installed ElkArte, Apache and Let’s Encrypt SSL on Apache CentOS 8. Now you can start to build your own online forum. If you have any questions, please feel free to ask me.

Sidebar