How to install Vanila Forum and protect it with Let’s Encrypt on CentOS 8

How to install Vanila Forum and protect it with Let’s Encrypt on CentOS 8

Vanilla is a free, open source and flexible community forum software that can be used to build your own forum site. This is a lightweight multilingual forum solution that helps you build an online community in minutes. It is written in PHP and comes with many add-ons and themes. It packs advanced features and is used by top brands to attract customers, increase loyalty and reduce support costs.

In this tutorial, we will learn how to install the Vanilla forum on CentOS 8 and secure it with Let’s Encrypt SSL.

prerequisites

  • Server 8 running CentOS.
  • A root password is set on your server.

Install LEMP server

First, you need to install Nginx web server, MariaDB database server, PHP and other required PHP extensions in your system. You can run all of them by running:

dnf install nginx mariadb-server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php-pear php-openssl php-intl unzip -y

After installing all packages, start Nginx, PHP-FPM and MariaDB services and use the following command to make them start after system restart:

systemctl start nginx systemctl start php-fpm systemctl start mariadb systemctl enable nginx systemctl enable php-fpm systemctl enable mariadb

Configure MariaDB database

Before you start, it’s best to protect your MariaDB. You can protect it with the following script:

mysql_secure_installation

Answer all questions as follows:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

After securing MariaDB, log in to the MariaDB shell using the following command:

mysql -u root -p

Provide your MariaDB root password and use the following command to create a database and user for Vanilla:

MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci; MariaDB [(none)]> CREATE USER 'vanilla'@'localhost' IDENTIFIED BY 'password';

Next, grant all privileges to the Vanilla database using the following command:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON vanilladb.* TO 'vanilla'@'localhost';

Next, refresh the privileges and exit from the MariaDB shell using the following command:

MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> EXIT;

Download Vanilla Forum

You can download the latest stable version of the Vanilla forum from its official website using the following command:

wget https://open.vanillaforums.com/get/vanilla-core-3.3.zip

After downloading, use the following command to unzip the downloaded file:

unzip vanilla-core-3.3.zip

Next, use the following command to move the extracted directory to the Nginx web root directory:

mv package /var/www/html/vanilla

Next, change the ownership of the vanilla directory to Nginx:

chown -R nginx:nginx /var/www/html/vanilla

When you are done, you can proceed to the next step.

Configure PHP-FPM pool

By default, PHP-FPM is configured for Apache. Here we will use Nginx as the web server. Therefore, you will need to configure PHP-FPM for Nginx. You can do this by editing the file /etc/php-fpm.d/www.conf:

nano /etc/php-fpm.d/www.conf

Change the following lines:

user = nginx
group = nginx

Save and close the file when you are finished. Then, create a session directory for PHP and change its ownership:

mkdir -p /var/lib/php/session chown -R nginx:nginx /var/lib/php/session

Next, restart the PHP-FPM service to apply the changes:

systemctl restart php-fpm

Configure Nginx for Vanilla

Next, create a new Nginx virtual host file to serve the Vanilla forum.

nano /etc/nginx/conf.d/vanilla.conf

Add the following lines:

server {

  listen 80;
  server_name vanilla.linuxbuz.com;
  root /var/www/html/vanilla;
  index index.php;

  location ~* /.git { deny all; return 403; }
  location /build/ { deny all; return 403; }
  location /cache/ { deny all; return 403; }
  location /cgi-bin/ { deny all; return 403; }
  location /uploads/import/ { deny all; return 403; }
  location /conf/ { deny all; return 403; }
  location /tests/ { deny all; return 403; }
  location /vendor/ { deny all; return 403; }

  location ~* ^/index.php(/|$) {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    try_files $fastcgi_script_name =404;
    set $path_info $fastcgi_path_info;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_index index.php;
    include fastcgi.conf;
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
    fastcgi_param X_REWRITE 1;
    fastcgi_pass unix:/var/run/php-fpm/www.sock;
  }

  location ~* .php(/|$) {
    rewrite ^ /index.php$uri last;
  }
  location / {
    try_files $uri $uri/ @vanilla;
  }

  location @vanilla {
    rewrite ^ /index.php$uri last;
  }

}

Save and close the file when you are finished. Then, restart the Nginx service to apply the changes:

systemctl restart nginx

Let’s Encrypt SSL Protected Vanilla

Next, you will need to install the Certbot utility in your system to download and install Let’s Encrypt SSL from the Vanilla website.

You can install the Certbot client using the following command:

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

Next, get and install an SSL certificate for your Vanilla website using the following command:

certbot-auto --nginx -d vanilla.linuxbuz.com

The above command will first install all required dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vanilla.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/vanilla.conf

Choose whether you want to redirect HTTP traffic to HTTPS as follows:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Types of 2 And hit Enter Then go on. Upon successful completion of the installation, you will get the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://vanilla.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Configure SELinux and firewall

SELinux is enabled by default in CentOS 8. Therefore, you need to configure for the Vanilla forum website.

You can configure SELinux with the following command:

setsebool httpd_can_network_connect on -P chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/vanilla

Next, allow ports 80 and 443 to pass through the firewall using the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --reload

When you are done, you can proceed to the next step.

Visit Vanilla Forum

Open your web browser and visit the URL https://vanilla.linuxbuz.com. You will be redirected to the following page:

Application settingsad

Provide your database details, application title, email, admin username, password, and click carry on Button. After the installation is complete, you should see the Vanilla dashboard on the following pages:

Vanilla Forum on CentOS

in conclusion

Congratulations! You have successfully installed the Vanilla Forum on CentOS 8 using “Let’s Encrypt SSL”. You can now easily host your own community forum website. If you have any questions, feel free to ask me.

Related Posts