How to Install AbanteCart with Nginx and SSL on Debian 11

Abantecart is a free, open-source and feature-rich e-commerce application. It is written in PHP and is powered by the latest technologies like HTML5, Bootstrap, MVC and more. It can create multiple online stores using a single installation with support for digital and physical products, integration with multiple payment gateways and currencies, multiple languages, coupons, store credits and a customer dashboard. You can run an email marketing campaign through it or create banners to increase user engagement. Moreover, it is SEO optimized with support for friendly URLs, integrates with multiple analytics platforms and supports plugins.

In this tutorial, you will learn how to install Abantecart on a Debian 11 based server.

Prerequisites

  • A server running Debian 11.

  • A non-root user with sudo privileges.

  • Everything is updated.

    $ sudo apt update && sudo apt upgrade
    
  • Few packages that your system needs.

    $ sudo apt install wget curl nano ufw software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release unzip debian-archive-keyring -y
    

    Some of these packages may already be installed on your system.

Step 1 - Configure Firewall

The first step is to configure the firewall. Debian comes with ufw (Uncomplicated Firewall).

Check if the firewall is running.

$ sudo ufw status

You should get the following output.

Status: inactive

Allow SSH port so that the firewall doesn't break the current connection on enabling it.

$ sudo ufw allow OpenSSH

Allow HTTP and HTTPS ports as well.

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp

Enable the Firewall

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Check the status of the firewall again.

$ sudo ufw status

You should see a similar output.

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

Step 2 - Install PHP

Abantecart supports PHP 8.0. To install it, we will use Ondrej's PHP repository. Run the following command to add the repository.

$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list

Add the GPG key associated with the repository.

$ wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -

Update the Debian repositories.

$ sudo apt update

Install PHP 8.0 and the required extensions.

$ sudo apt install php8.0-cli php8.0-fpm php8.0-mysql php8.0-gd php8.0-common php8.0-curl php8.0-xml php8.0-mbstring

Step 3 - Install MySQL

To install the MySQL server, the first step is to add the GPG key for the package

There is a bug in Debian where you need to run the GPG command separately to set up the .gpg directory.

$ sudo gpg

Press Ctrl + C to exit the above command. Import the GPG key and save it in the /usr/share/keyrings directory.

$ sudo gpg --no-default-keyring --keyring /usr/share/keyrings/mysql8.0-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --brecv-keys 3A79BD29

Add the official MySQL repository.

$ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mysql8.0-archive-keyring.gpg] http://repo.mysql.com/apt/debian/ `lsb_release -cs` mysql-8.0" \
    | sudo tee /etc/apt/sources.list.d/mysql-8.list

Update the Debian repositories.

$ sudo apt update

Install MySQL.

$ sudo apt install mysql-server

You will be greeted with a configuration screen asking you to set up a root password. Choose a strong password.

MySQL Root Password Setup

You will be asked to confirm the password. Next, you will be presented with a screen describing the new authentication system. Select OK to proceed.

MySQL Authentication Information

Finally, you will be asked to select the authentication method. Choose the Strong Password Encryption and select Ok to finish the setup.

MySQL Password Authentication Prompt

Step 4 - Install Nginx

Debian ships with an older version of Nginx. You need to download the official Nginx repository to install the latest version.

Import the official Nginx signing key.

$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
	 | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Add the repository for Nginx's stable version.

$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
    http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

Update the Debian repositories.

$ sudo apt update

Install Nginx.

$ sudo apt install nginx

Verify the installation. Make sure you use sudo every time you run the Nginx command on Debian. Otherwise, it won't work.

$ sudo nginx -v
nginx version: nginx/1.20.2

Enable the Nginx service.

$ sudo systemctl enable nginx

Step 5 - Configure MySQL for AbanteCart

Secure MySQL installation.

$ sudo mysql_secure_installation

For the first step, you will be asked for your root password. Next, you will be asked if you want to set up the Validate Password Plugin, which you can use to test the strength of your MySQL password. Choose Y to proceed. You will be asked to choose the password validation level in the next step. Choose 2 which is the strongest level and will require your password to be at least eight characters long and include a mix of uppercase, lowercase, numeric and special characters.

Securing the MySQL server deployment.

Enter password for user root:

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2

In the next step, you will be asked whether or not to change the root password. Press N to continue.

Using existing password for root.
Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N

Press Y and then ENTER key for all the following prompts to remove anonymous users and the test database, disable root logins and load the newly set rules.

...
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.
...
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.
...
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.
 - Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
...
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.
All done!

Enter the MySQL shell. Enter your root password to continue.

$ mysql -u root -p

Create abcart user. Make sure the password meets the requirements set before.

mysql> CREATE USER 'abcart'@'localhost' IDENTIFIED BY 'Your_password2';

Create abantecart database.

mysql> CREATE DATABASE abantecart;

Grant the user privileges on the abantecart database.

mysql> GRANT ALL PRIVILEGES ON abantecart.* TO 'abcart'@'localhost';

Exit the Shell.

mysql> exit

Step 6 - Install AbanteCart

Download the latest version of AbanteCart from Github.

$ wget https://github.com/abantecart/abantecart-src/archive/master.zip

Extract the file.

$ unzip master.zip

Create the public web root directory for Abantecart.

$ sudo mkdir /var/www/html/abantecart -p

Copy the extracted abantecart-src-master/public_html directory to the webroot directory. Note the forward-slash (/) at the end of the following command.

$ sudo cp -r abantecart-src-master/public_html /var/www/html/abantecart/

Set proper permissions to the webroot directory.

$ sudo chown -R nginx:nginx /var/www/html/abantecart

For now, the basic installation is finished. Next, we need to set up SSL and Nginx before finishing the installation.

Step 7 - Install SSL

To install an SSL certificate using Let's Encrypt, we need to install the Certbot tool.

We will use the Snapd package installer for that. Since most Debian servers don't ship with it, install Snap.

$ sudo apt install snapd

Ensure that your version of Snapd is up to date.

$ sudo snap install core && sudo snap refresh core

Install Certbot.

$ sudo snap install --classic certbot

Use the following command to ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin directory.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Verify the installation.

$ certbot --version
certbot 1.22.0

Generate the SSL certificate.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d abantecart.example.com

The above command will download a certificate to the /etc/letsencrypt/live/abantecart.example.com directory on your server.

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Create a challenge webroot directory for Let's Encrypt auto-renewal.

$ sudo mkdir -p /var/lib/letsencrypt

Create a Cron Job to renew the SSL. It will run every day to check the certificate and renew if needed. For that, first, create the file /etc/cron.daily/certbot-renew and open it for editing.

$ sudo nano /etc/cron.daily/certbot-renew

Paste the following code.

#!/bin/sh
certbot renew --cert-name abantecart.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"

Save the file by pressing Ctrl + X and entering Y when prompted.

Change the permissions on the task file to make it executable.

$ sudo chmod +x /etc/cron.daily/certbot-renew

Step 8 - Configure Nginx and PHP

Configure PHP-FPM

Open the file /etc/php/8.0/fpm/pool.d/www.conf.

$ sudo nano /etc/php/8.0/fpm/pool.d/www.conf

We need to set the Unix user/group of PHP processes to nginx. Find the user=www-data and group=www-data lines in the file and change them to nginx.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = nginx
group = nginx
...

Also, find the lines listen.owner=www-data and listen.group=www-data in the file and change them to nginx.

listen.owner = nginx
listen.group = nginx

Save the file by pressing Ctrl + X and entering Y when prompted.

The next step is to disable PHP opcache extension.

Open the file /etc/php/8.0/fpm/conf.d/10-opcache.ini for editing.

$ sudo nano /etc/php/8.0/fpm/conf.d/10-opcache.ini

Paste the following line at the end.

opcache.enable=0

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the PHP-fpm process.

$ sudo systemctl restart php8.0-fpm

Configure Nginx

Create and open the file /etc/nginx/conf.d/abantecart.conf for editing.

$ sudo nano /etc/nginx/conf.d/abantecart.conf

Paste the following code in it.

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  abantecart.example.com;

    access_log  /var/log/nginx/abantecart.access.log;
    error_log   /var/log/nginx/abantecart.error.log;
    
    # SSL
    ssl_certificate      /etc/letsencrypt/live/abantecart.example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/abantecart.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/abantecart.example.com/chain.pem;
    ssl_session_timeout  5m;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    resolver 8.8.8.8;
    
    root /var/www/html/abantecart;
    index index.php;
    
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    
    # Pass PHP Scripts To FastCGI Server
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock; # Depends On The PHP Version
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
        try_files $uri =404;
    }
    
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    
    # Make sure files with the following extensions do not get loaded by nginx because nginx would
    # display the source code, and these files can contain PASSWORDS!
    location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
        deny all;
    }
    
    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
    
    ### Retina images handler. Check cookie and looking for file with @2x at the end of name
    location ~* ^(.*)\.(jpg|jpeg|png|gif|webp)$ {
        set $hidpi_uri [email protected]$2;
        if ($http_cookie !~ 'HTTP_IS_RETINA=1') {
          break;
        }
        try_files $hidpi_uri $uri =404;
    }

    location ~*  \.(jpg|jpeg|png|gif|css|js|ico|webp)$ {
        expires max;
        log_not_found off;
    }
    
    location ~ /(system/logs|resources/download) {
      deny all;
      return 403;
    }
    
    location /admin/ {
        location ~ .*\.(php)?$ {
          deny all;
          return 403;
        }
    }
    
    #rewrite for images for retina-displays
    location ~ / {
        if (!-e $request_filename){
            rewrite ^/(.*)\?*$ /index.php?_route_=$1 last;
        }
    }
}
# enforce HTTPS
server {
    listen       80;
    listen       [::]:80;
    server_name  abantecart.example.com;
    return 301   https://$host$request_uri;
}

Save the file by pressing Ctrl + X and entering Y when prompted once finished.

Open the file /etc/nginx/nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify the Nginx configuration file syntax.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Start the Nginx service to enable the new configuration.

$ sudo systemctl start nginx

Step 9 - Finish Installation

Launch https://abantecart.example.com in your browser, and you will be presented with the following screen.

AbanteCart License Screen

Check the box to agree with the license and press Continue to proceed. Next, the installer will check if all the requirements are being met or not.

AbanteCart System requirements check

If everything is okay, press Continue to proceed to the next page.

You will be asked to fill in the database credentials. Here you can create an administrator account and a security key to access the control panel. If you want demo data, keep the box checked otherwise, leave it unchecked if you want to start from scratch.

AbanteCart Database Configuration

Press Continue to proceed when finished. The installer will then proceed with setting up everything and, once finished, will present you with the following screen.

AbanteCart Installation Completion Screen

Bookmark the link to your control panel because you will need it. Run the following command to delete the installer files because they are not needed and pose a security risk.

$ sudo rm -rf /var/www/html/abantecart/install

AbanteCart Control Panel

Log in to the Control panel, and you will be asked to finish setting up your shop.

AbanteCart Shop Setup Wizard

You can either close the quick wizard and configure it from the Control panel shown below or continue with the wizard to set up basic settings.

AbanteCart Control Panel

Conclusion

This concludes our tutorial on setting up AbanteCart on a Debian 11 based server. If you have any questions, post them in the comments below.

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

By: michael1979 at: 2022-01-31 18:36:47

Great guide!