How to install Shopware 6 with NGINX and encrypt it on CentOS 8
How to install Shopware 6 with NGINX and encrypt it on CentOS 8
Shopware is a free and open source platform that can help you start your own e-commerce website to promote online business development. It provides many useful tools that can help you build and customize a fully responsive online store. It is very similar to Magento. Compared with Magento, Shopware is a powerful, easy-to-use and flexible application. With its modern user interface, it can help you easily create and manage content and products from any device.
In this tutorial, we will show you how to install Shopware using Nginx and let us encrypt SSL on CentOS 8.
prerequisites
- Server running CentOS 8.
- A valid domain name pointing to the server IP.
- A root password is configured on your server.
Install LEMP server
Shopware runs on a web server and is built on PHP with Symfony and Zend components, and uses MySQL or MariaDB as the database backend. Therefore, you will need to install Nginx, MariaDB, PHP and other extensions on the server. You can install all components with the following command:
dnf install nginx mariadb-server php php-cli php-intl php-fpm php-common php-mysqli php-curl php-json php-zip php-gd php-xml php-mbstring php-opcache unzip -yAfter installing all the packages, please start Nginx, MariaDB and PHP-FPM services and use the following commands to start them when the system reboots:
systemctl start mariadbsystemctl enable mariadbsystemctl start nginxsystemctl start php-fpmsystemctl enable nginxsystemctl enable php-fpmOnce completed, you can proceed to the next step.
Configure PHP-FPM
By default, PHP-FPM is configured to run as the apache user and group. Therefore, you need to configure it to run as an Nginx user and group. You can do this by editing the file /etc/php-fpm.d/www.conf:
nano /etc/php-fpm.d/www.confChange the following line:
user = nginx group = nginx
Save and close the file, then create the session directory and use the following command to set proper ownership:
mkdir -p /var/lib/php/session chown -R nginx:nginx /var/lib/php/sessionNext, edit the php.ini file and adjust some recommended settings:
nano /etc/php.iniChange the following line:
memory_limit = 512M upload_max_filesize = 20M date.timezone = Asia/Kolkata
Save and close the file, then restart the PHP-FPM service to apply the changes:
systemctl restart php-fpmCreate Shopware database
Next, you will need to create a database and users for Shopware. First, connect to MariaDB using the following command:
mysqlAfter connecting, use the following commands to create the database and user:
MariaDB [(none)]> CREATE DATABASE shopware;MariaDB [(none)]> GRANT ALL ON shopware.* TO 'shopware' IDENTIFIED BY 'password';Next, refresh the privileges and exit from MariaDB using the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;MariaDB [(none)]> EXIT;Once completed, you can proceed to the next step.
Download store
Next, you need to download the latest version of Shopware for its official website. First, create a directory for Shopware in the Nginx root directory:
mkdir /var/www/html/shopwareNext, use the following command to download Shopware:
wget https://www.shopware.com/en/Download/redirect/version/sw6/file/install_v6.3.5.0_ba08dbfc07784b5cefe7837f2abbda69dbf5b8b7.zip -O shopware.zipAfter the download is complete, unzip the downloaded file to the shopware directory:
unzip shopware.zip -d /var/www/html/shopwareNext, use the following commands to set the appropriate permissions and ownership:
chown -R nginx:nginx /var/www/html/shopwarechmod -R 775 /var/www/html/shopwareOnce completed, you can proceed to the next step.
Configure Nginx for Shopware
Next, use the following command to create an Nginx virtual host configuration file for Shopware:
nano /etc/nginx/conf.d/shopware.confAdd the following line:
server {
listen 80;
# Handle / to index.php
index index.php;
# Our server name
server_name shopware.example.com;
# Where the code is located
root /var/www/html/shopware/public;
# Needed for Shopware install / update
location /recovery/install {
index index.php;
try_files $uri /recovery/install/index.php$is_args$args;
}
location /recovery/update/ {
if (!-e $request_filename){
rewrite . /recovery/update/index.php last;
}
}
# Forward any not found file to index.php. Also allows to have beautiful urls like /homemade-products/
location / {
try_files $uri /index.php$is_args$args;
}
# Let php-fpm handle .php files
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
include fastcgi.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 300s;
client_body_buffer_size 128k;
fastcgi_pass unix:/run/php-fpm/www.sock;
http2_push_preload on;
}
}
Save and close the file, and then use the following command to verify if there is a syntax error in Nginx:
nginx -tYou should get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, restart the Nginx service to apply the changes:
systemctl restart nginxYou can also verify the status of Nginx with the following command:
systemctl status nginxYou should get the following output:
? nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/nginx.service.d
??php-fpm.conf
Active: active (running) since Tue 2021-02-02 00:40:04 EST; 19s ago
Process: 76059 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 76057 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 76054 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 76060 (nginx)
Tasks: 3 (limit: 12523)
Memory: 5.5M
CGroup: /system.slice/nginx.service
??76060 nginx: master process /usr/sbin/nginx
??76061 nginx: worker process
??76062 nginx: worker process
Feb 02 00:40:04 centos8 systemd[1]: Stopped The nginx HTTP and reverse proxy server.
Feb 02 00:40:04 centos8 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Feb 02 00:40:04 centos8 nginx[76057]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Feb 02 00:40:04 centos8 nginx[76057]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Feb 02 00:40:04 centos8 systemd[1]: Started The nginx HTTP and reverse proxy server.
Configure SELinux and firewall
By default, SELinux is enabled in CentOS 8. Therefore, you will need to configure the SELinux context for Shopware. You can configure it with the following command:
setsebool httpd_can_network_connect on -Pchcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/shopwareNext, use the following command to allow ports 80 and 443 through firewalld:
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=httpsfirewall-cmd --reloadOnce completed, you can proceed to the next step.
Visit the Shopware web interface
Now, open your web browser and enter the URL http://shopware.example.com.
Choose your language and click Next Button.Make sure all requirements are met, then click Next Button. You should see the following page:
Agree to GTC, then click Next Button. You should see the following page:
Provide your database, username, password, and click Start installation Button. After the installation is complete, you will see the following page:
Click Next page.The system will ask you to provide store name, email address, currency, country/region, administrator username, password, and then click Next Button. You will be redirected to the Shopware dashboard:
Provide all the information and click the Next button. You should see the following page:
Install the required language plug-ins and click Next Button. You should see the following page:
Install demo data or skip this operation and click Next Button. You should see the following page:
Click on Configuration after that. You should see the following page:
Click on jump over Button. You should see the following page:
Click on Next Button. You should see the following page:
Click on jump over Button. You should see the following page:
Click on end Button. You should see the Shopware welcome page:
Let’s encrypt SSL to protect Shopware
Next, you will need to install the Certbot utility in your system to download and install “Let’s Encrypt SSL for Let’s Chat Domain”.
You can install the Certbot client using the following command:
wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-autoNext, use the following command to obtain and install an SSL certificate for your let domain:
certbot-auto --nginx -d shopware.example.comThe above command will first install all the necessary dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for shopware.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/shopware.conf
Next, choose whether to redirect HTTP traffic to HTTPS, as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and press Enter to continue. After the installation is complete, you should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/shopware.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://shopware.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=shopware.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/shopware.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/shopware.example.com/privkey.pem Your cert will expire on 2021-04-2. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
You can now use the URL https://shopware.example.com to safely access Shopware.
in conclusion
Congratulations! You have successfully installed and configured Shopware using Nginx, and enabled SSL encryption on CentOS 8. You can now easily use Shopware to host your own online store. If you have any questions, please feel free to ask me.