How to Install ElkArte Forum with Apache and Let's Encrypt SSL on CentOS 8
ElkArte is a free and open-source forum software based on Simple Machine Forum. It is written in PHP and uses MariaDB as a database backend. It provides all features needed to build a full-featured community forum. It is simple, lightweight and uses responsive themes that are suitable for any modern browser, smartphone or tablet.
Features
- Simple and user-friendly interface
- Customizable and built-in add-on manager
- Improved Anti Spam functionality
- Drag and drop file attachments
- Integrated video embedding for youtube, vimeo and dailymotion
In this tutorial, we will show you howto install ElkArte with Let's Encrypt SSL on CentOS 8.
Prerequisites
- A server running CentOS 8.
- A valid domain name pointed with your server IP.
- A root password is configured the server.
Install LAMP Server
First, you will need to install Apache, MariaDB, PHP and other extensions in your system. You can install all of them by running the following command:
dnf install httpd mariadb-server php php-common php-json php-curl php-intl php-mbstring php-xmlrpc php-mysqlnd php-gd php-pgsql php-xml php-cli php-bcmath php-gmp php-zip unzip -y
Once all the packages are installed, edit the php.ini file and make some desired changes:
nano /etc/php.ini
Change the following values:
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = America/Chicago
Save and close the file then start the Apache and MariaDB service and enable them to start at system reboot with the following command:
systemctl start httpd
systemctl start mariadb
systemctl enable httpd
systemctl enable mariadb
Once you are finished, you can proceed to the next step.
Configure MariaDB
By default, MariaDB root password is not set. So you will need to set it in your system. You can do that by running the following script:
mysql_secure_installation
Answer all the questions as shown below to set the root password:
Enter current password for root (enter for none): OK, successfully used password, moving on... Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Once the MariaDB is secured, log in to the MariaDB shell with the following command:
mysql -u root -p
Provide your root password when prompt then create a database and user with the following command:
MariaDB [(none)]> CREATE DATABASE elkarte;
MariaDB [(none)]> CREATE USER 'elkarte'@'localhost' IDENTIFIED BY 'password';
Next, grant all the privileges to the ElkArte database with the following command:
MariaDB [(none)]> GRANT ALL ON elkarte.* TO 'elkarte'@'localhost' WITH GRANT OPTION;
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Once you are finished, you can proceed to the next step.
Download ElkArte
First, you will need to download the latest version of ElkArte from the Git repository. You can download it with the following command:
wget https://github.com/elkarte/Elkarte/archive/master.zip
Once downloaded, unzip the downloaded file with the following command:
unzip master.zip
Next, move the extracted directory to the Apache root directory with the following command:
mv Elkarte-master /var/www/html/elkarte
Next, change the ownership and permissions with the following command:
chown -R apache:apache /var/www/html/elkarte
chmod -R 775 /var/www/html/elkarte
Once you are finished, you can proceed to the next step.
Configure Apache for ElkArte
Next, you will need to create an apache virtual host configuration file for ElkArte. You can create it with the following command:
nano /etc/httpd/conf.d/elkarte.conf
Add the following lines:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/html/elkarte ServerName elk.example.com <Directory /var/www/html/elkarte/> Options FollowSymlinks AllowOverride All Require all granted </Directory> ErrorLog /var/log/httpd/error.log CustomLog /var/log/httpd//access.log combined </VirtualHost>
systemctl restart httpd
At this point, Apache web server is configured to serve ElkArte. You can now proceed to the next step.
Configure Selinux and Firewall
By default, SELinux is enabled in CentOS 8. So you will need to configure it for your ElkArte website.
You can configure the SELinux with the following command:
setsebool httpd_can_network_connect on -P
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/elkarte
Next, allow port 80 and 443 through the firewall with the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Once you are done, you can proceed to the next step.
Access ElkArte
Now, open your web browser and access the ElkArte using the URL http://elk.example.com. You will be redirected to the following page:
Click on the Continue button to start the installation. You should see the following page:
Provide your database details and click on the Continue button. You should see the following page:
Provide your Forum name, URL and click on the Continue button. You should see the following page:
Now, click on the Continue button to populate the database. You should see the following page:
Provide your admin username, password, email and click on the Continue button. You should see the following page:
Click on the your newly installed forum button. You should see the following page:
Provide your admin username, password and click on the Log in button. You should see the ElkArte dashboard in the following page:
Secure Elkarte with Let's Encrypt SSL
At this point, ElkArte is installed and configured. Next, it is recommended to secure your ElkArte site with Let's Encrypt SSL. First, you will need to install the Certbot client to your system. The Certbot is a Let's Encrypt client that can be used to download the SSL from Let's Encrypt website and configure the Apache web server to use the downloaded SSL.
You can install the Certbot with the following command:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
Now, run the following command to obtain and install an SSL certificate for your ElkArte website.
certbot-auto --apache -d elk.example.com
The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:
Note : If you got any SSL related error then restart the httpd service and run the above command again.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for elk.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/httpd/conf.d/elkarte-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf.d/elkarte-le-ssl.conf
Next, choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to start the installation process. Once the installation has been completed successfully, you should get the following output:
Redirecting vhost in /etc/httpd/conf.d/elkarte.conf to ssl vhost in /etc/httpd/conf.d/elkarte-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://elk.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=elk.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/elk.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/elk.example.com/privkey.pem Your cert will expire on 2020-05-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
You can now access your ElkArte securely using the URL https://elk.example.com.
Conclusion
Congratulations! you have successfully installed ElkArte with Apache and Let's Encrypt SSL on CentOS 8. You can now start building your own online forum. Feel free to ask me if you have any questions.