How to Install Flarum Forum with Nginx and LE SSL on CentOS 8

How to Install Flarum Forum with Nginx and LE SSL on CentOS 8

Flarum is a free open source and next-generation forum software that makes it easy for you to build and grow successful online communities. It is simple, lightweight, fast and easy to move software based on PHP. It has a rich feature set, including elegant user interface, two-pane interface, infinite scrolling, floating editor, fully responsive, and more.

In this tutorial, we will explain how to install the Flarum Forum on a CentOS 8 server.

Claim

  • Server 8 running CentOS.
  • A valid domain name pointing to your server IP
  • A root password is configured on the server.

getting Started

Before you begin, you need to install EPEL and Remi repositories in your system. First, install the EPEL repository using the following command:

dnf install epel-release -y

Next, download and install the Remi repository using the following command:

wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm rpm -Uvh remi-release-8.rpm

Install Nginx, MariaDB and PHP

First, install the Nginx web server and MariaDB server using the following command:

dnf install nginx mariadb-server -y

Once two packages are installed, you need to enable php: remi-7.3 module to install PHP 7.3. You can enable it with the following command:

dnf module enable php:remi-7.3

Next, install PHP with other required dependencies using:

dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y

After installing all packages, start Nginx, MariaDB and PHP-FPM services and use the following command to make them start after the system reboots:

systemctl start nginx systemctl start mariadb systemctl start php-fpm systemctl enable nginx systemctl enable mariadb systemctl enable php-fpm

When you are done, you can proceed to the next step.

Configure MariaDB database

MariaDB is not secure by default. You can protect it with the following script:

mysql_secure_installation

Answer all questions as follows:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once done, log in to the MariaDB shell using the following command:

mysql -u root -p

Provide your root password when prompted, then use the following command to create a database and user for Flarum:

MariaDB [(none)]> CREATE DATABASE flarumdb; MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'password';

Next, refresh the privileges and exit from the MariaDB shell using the following command:

MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> EXIT;

When you are done, you can proceed to the next step.

Configure PHP-FPM for Nginx

Next, you will need to configure PHP-FPM to work with Nginx. You can do this by editing the file www.conf:

nano /etc/php-fpm.d/www.conf

Change the username and group name from apache to nginx as follows:

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

Next, find the following line:

;listen = /run/php-fpm/www.sock

And replace it with the following line:

listen = 127.0.0.1:9000

Save and close the file when you are finished. Then, restart the PHP-FPM service to apply the changes:

systemctl restart php-fpm

Install Flarum

Before installing Flarum, you need to install Composer in your system.

You can use the following command to install:

curl -sS https://getcomposer.org/installer | php

After the installation is complete, you should get the following output:

All settings correct for using Composer
Downloading...

Composer (version 1.9.2) successfully installed to: /root/composer.phar
Use it: php composer.phar

Next, move the Composer binary to the / usr / local / bin directory and give appropriate permissions:

mv composer.phar /usr/local/bin/composer chmod 755 /usr/local/bin/composer

Next, change the directory to the Nginx document root directory and create a Flarum project using the following command:

cd /var/www/html composer create-project flarum/flarum . --stability=beta

Next, grant the appropriate permissions to the Nginx web root directory using the following command:

chown -R nginx:nginx /var/www/html chmod -R 755 /var/www/html chown -R nginx:nginx /var/lib/php

When you are done, you can proceed to the next step.

Configure Nginx for Flarum

Next, you will need to create an Nginx virtual host configuration file for Nginx. You can create it using:

nano /etc/nginx/conf.d/flarum.conf

Add the following lines:

server {
    listen   80;
    server_name  flarum.example.com;

# note that these lines are originally from the "location /" block
root   /var/www/html/public;
index index.php index.html index.htm;

location / { try_files $uri $uri/ /index.php?$query_string; }
location /api { try_files $uri $uri/ /api.php?$query_string; }
location /admin { try_files $uri $uri/ /admin.php?$query_string; }

location /flarum {
    deny all;
    return 404;
}

location ~ .php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~* .html$ {
    expires -1;
}

location ~* .(css|js|gif|jpe?g|png)$ {
    expires 1M;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
           application/javascript
           application/json
           application/vnd.ms-fontobject
           application/x-font-ttf
           application/x-web-app-manifest+json
           application/xhtml+xml
           application/xml
           font/opentype
           image/svg+xml
           image/x-icon
           text/css
           #text/html -- text/html is gzipped by default by nginx
           text/plain
           text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
   }

When done, save and close the file. Next, you need to increase the size of the hash_bucket in the nginx.conf file.

You can do this by editing the file /etc/nginx/nginx.conf:

nano /etc/nginx/nginx.conf

Add the following line above the last line:

server_names_hash_bucket_size 64;

Save and close the file. Then, check for Nginx syntax errors using:

nginx -t

You should see the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx and PHP-FPM services to apply the changes:

systemctl restart php-fpm systemctl restart nginx

Configure SELinux and firewall

First, you will need to create firewall rules to allow HTTP and HTTPS services from external networks. You can allow it using:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --reload

SELinux is enabled by default in CentOS 8. Therefore, you need to configure SELinux for Flarum to work properly. You can configure SELinux with the following command:

setsebool httpd_can_network_connect on -P

When you are done, you can proceed to the next step.

Access the Flarum Web UI

Now, open your web browser and enter the URL http://flarum.example.com. You will be redirected to the following page:

Provide your forum name, database details, administrator username, password, and click installation Flarum Button. After successfully completing the installation, you should see the Flarum dashboard on the following pages:

Flarum Forum

Let’s Encrypt SSL to Protect Flarum

Flarum is now installed and configured. It’s time to secure it with “free encrypted SSL”.

To do this, you need to download the certbot client on the server. You can download and set the correct permissions by running:

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

Now, run the following command to obtain and install an SSL certificate for the flarum website.

certbot-auto --nginx -d flarum.example.com

The above command will first install all required dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for flarum.example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf

Next, you will need to choose whether to redirect HTTP traffic to HTTPS as follows:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and press Enter to continue. After the installation is complete, you should see the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://flarum.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/flarum.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/flarum.example.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

That’s it! You can now access the Flarum website using the secure URL https://flarum.example.com.

Sidebar