How to Install ElkArte Forum with Apache and Let's Encrypt SSL on CentOS 8

ElkArte is a free and open-source forum software based on Simple Machine Forum. It is written in PHP and uses MariaDB as a database backend. It provides all features needed to build a full-featured community forum. It is simple, lightweight and uses responsive themes that are suitable for any modern browser, smartphone or tablet.

Features

  • Simple and user-friendly interface
  • Customizable and built-in add-on manager
  • Improved Anti Spam functionality
  • Drag and drop file attachments
  • Integrated video embedding for youtube, vimeo and dailymotion

In this tutorial, we will show you howto install ElkArte with Let's Encrypt SSL on CentOS 8.

Prerequisites

  • A server running CentOS 8.
  • A valid domain name pointed with your server IP.
  • A root password is configured the server.

Install LAMP Server

First, you will need to install Apache, MariaDB, PHP and other extensions in your system. You can install all of them by running the following command:

dnf install httpd mariadb-server php php-common php-json php-curl php-intl php-mbstring php-xmlrpc php-mysqlnd php-gd php-pgsql php-xml php-cli php-bcmath php-gmp php-zip unzip -y

Once all the packages are installed, edit the php.ini file and make some desired changes:

nano /etc/php.ini

Change the following values:

memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

Save and close the file then start the Apache and MariaDB service and enable them to start at system reboot with the following command:

systemctl start httpd
systemctl start mariadb
systemctl enable httpd
systemctl enable mariadb

Once you are finished, you can proceed to the next step.

Configure MariaDB

By default, MariaDB root password is not set. So you will need to set it in your system. You can do that by running the following script:

mysql_secure_installation

Answer all the questions as shown below to set the root password:

Enter current password for root (enter for none):
OK, successfully used password, moving on...
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once the MariaDB is secured, log in to the MariaDB shell with the following command:

mysql -u root -p

Provide your root password when prompt then create a database and user with the following command:

MariaDB [(none)]> CREATE DATABASE elkarte;
MariaDB [(none)]> CREATE USER 'elkarte'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the ElkArte database with the following command:

MariaDB [(none)]> GRANT ALL ON elkarte.* TO 'elkarte'@'localhost' WITH GRANT OPTION;

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you are finished, you can proceed to the next step.

Download ElkArte

First, you will need to download the latest version of ElkArte from the Git repository. You can download it with the following command:

wget https://github.com/elkarte/Elkarte/archive/master.zip

Once downloaded, unzip the downloaded file with the following command:

unzip master.zip

Next, move the extracted directory to the Apache root directory with the following command:

mv Elkarte-master /var/www/html/elkarte

Next, change the ownership and permissions with the following command:

chown -R apache:apache /var/www/html/elkarte
chmod -R 775 /var/www/html/elkarte

Once you are finished, you can proceed to the next step.

Configure Apache for ElkArte

Next, you will need to create an apache virtual host configuration file for ElkArte. You can create it with the following command:

nano /etc/httpd/conf.d/elkarte.conf

Add the following lines:

<VirtualHost *:80>
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/elkarte
     ServerName elk.example.com

     <Directory /var/www/html/elkarte/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>

     ErrorLog /var/log/httpd/error.log
     CustomLog /var/log/httpd//access.log combined

</VirtualHost>
systemctl restart httpd

At this point, Apache web server is configured to serve ElkArte. You can now proceed to the next step.

Configure Selinux and Firewall

By default, SELinux is enabled in CentOS 8. So you will need to configure it for your ElkArte website.

You can configure the SELinux with the following command:

setsebool httpd_can_network_connect on -P
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/elkarte

Next, allow port 80 and 443 through the firewall with the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Once you are done, you can proceed to the next step.

Access ElkArte

Now, open your web browser and access the ElkArte using the URL http://elk.example.com. You will be redirected to the following page:

ElkArte Installer

Click on the Continue button to start the installation. You should see the following page:

Database Settings

Provide your database details and click on the Continue button. You should see the following page:

Forum Settings

Provide your Forum name, URL and click on the Continue button. You should see the following page:

Populate the database

Now, click on the Continue button to populate the database. You should see the following page:

Create admin account

Provide your admin username, password, email and click on the Continue button. You should see the following page:

Finalize installation

Click on the your newly installed forum button. You should see the following page:

Go to forum frontend

Provide your admin username, password and click on the Log in button. You should see the ElkArte dashboard in the following page:

ElkArte Forum

Secure Elkarte with Let's Encrypt SSL

At this point, ElkArte is installed and configured. Next, it is recommended to secure your ElkArte site with Let's Encrypt SSL. First, you will need to install the Certbot client to your system. The Certbot is a Let's Encrypt client that can be used to download the SSL from Let's Encrypt website and configure the Apache web server to use the downloaded SSL.

You can install the Certbot with the following command:

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

Now, run the following command to obtain and install an SSL certificate for your ElkArte website.

certbot-auto --apache -d elk.example.com

The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:

Note : If you got any SSL related error then restart the httpd service and run the above command again.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/elkarte-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/elkarte-le-ssl.conf

Next, choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to start the installation process. Once the installation has been completed successfully, you should get the following output:

Redirecting vhost in /etc/httpd/conf.d/elkarte.conf to ssl vhost in /etc/httpd/conf.d/elkarte-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://elk.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=elk.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/elk.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/elk.example.com/privkey.pem
   Your cert will expire on 2020-05-10. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can now access your ElkArte securely using the URL https://elk.example.com.

Conclusion

Congratulations! you have successfully installed ElkArte with Apache and Let's Encrypt SSL on CentOS 8. You can now start building your own online forum. Feel free to ask me if you have any questions.

Share this page:

0 Comment(s)