How to Install ExpressionEngine CMS with Nginx on FreeBSD 12
ExpressionEngine is a mature, flexible, secure, free open-source content management system (CMS) written in PHP. Its source code is hosted on Github. With ExpressionEngine, you can build full-featured websites, create a web app, or serve content to mobile applications. All without requiring complex programming skills. This guide will walk you through the ExpressionEngine installation process on a fresh FreeBSD 12 using PHP, MariaDB as a database, and Nginx as a web server.
Requirements
ExpressionEngine requires a web server running PHP and MySQL/MariaDB. The recommend software stack and versions are:
- PHP version 7.0 or greater, running with PHP-FPM and with the following PHP extensions (
gd
,fileinfo
,intl
,mbstring
). - MySQL version 5.6 or greater or Percona version 5.6 or greater. This tutorial will use MariaDB.
- A web server like Nginx or Apache. This tutorial will use Nginx.
Prerequisites
- An operating system running FreeBSD 12.
- A non-root user with sudo privileges.
I will be using the domain name example.com in this tutorial. Please replace the word example.com with your own domain name wherever it occurs in the commands and config files below (especially in the Nginx config file and the Let's encrypt commands).
Initial steps
Check your FreeBSD version:
uname -ro
# FreeBSD 12.0-RELEASE
Set up the timezone:
tzsetup
Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system's default software packages:
freebsd-update fetch install
pkg update && pkg upgrade -y
Install some essential packages that are necessary for basic administration of FreeBSD 12.0 operating system:
pkg install -y sudo vim unzip wget bash socat
Install PHP
Install PHP, as well as the necessary PHP extensions:
sudo pkg install -y php72 php72-mbstring php72-tokenizer php72-pdo php72-pdo_mysql php72-openssl php72-hash php72-json php72-phar php72-filter php72-zlib php72-dom php72-xml php72-xmlwriter php72-xmlreader php72-curl php72-session php72-ctype php72-iconv php72-gd php72-simplexml php72-zip php72-filter php72-tokenizer php72-calendar php72-fileinfo php72-intl php72-phar php72-soap php72-xmlrpc
To show PHP compiled in modules, you can run:
php -m
ctype
curl
exif
fileinfo
. . .
. . .
Check the PHP version:
php --version
# PHP 7.2.16 (cli) (built: Apr 30 2019 08:37:17) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.3.5, Copyright (c) 1998-2018 Zend Technologies
# with Zend OPcache v7.3.5, Copyright (c) 1999-2018, by Zend Technologies
Start and enable PHP-FPM service:
sudo sysrc php_fpm_enable=yes
sudo service php-fpm start
Install MariaDB
Install MariaDB database server:
sudo pkg install -y mariadb102-client mariadb102-server
Check the MariaDB version:
mysql --version
# mysql Ver 15.1 Distrib 10.2.23-MariaDB, for Linux (x86_64) using readline 5.1
Start and enable MariaDB service:
sudo sysrc mysql_enable="yes"
sudo service mysql-server start
Run mysql_secure installation
script to improve MariaDB security and set the password for MariaDB root
user:
sudo mysql_secure_installation
Answer each of the questions:
Would you like to setup VALIDATE PASSWORD plugin? N
New password: your_secure_password
Re-enter new password: your_secure_password
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Connect to MariaDB shell as the root user:
sudo mysql -u root -p
# Enter password
Create an empty MariaDB database and user for Shopware and remember the credentials:
mysql> CREATE DATABASE dbname;
mysql> GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
Exit from MariaDB:
mysql> exit
Replace dbname
, username
and password
with your own names.
Install Acme.sh client and obtain Let's Encrypt certificate (optional)
Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let's Encrypt we will use acme.sh client. Acme.sh is a pure Unix shell software for obtaining TLS certificates from Let's Encrypt with zero dependencies.
Download and install acme.sh:
sudo pkg install -y acme.sh
Check acme.sh version:
acme.sh --version
# v2.8.2
Obtain RSA and ECC/ECDSA certificates for your domain/hostname:
# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256
If you want fake certificates for testing you can add --staging
flag to the above commands.
After running the above commands, your certificates and keys will be in:
- For RSA:
/home/username/example.com
directory. - For ECC/ECDSA:
/home/username/example.com_ecc
directory.
To list your issued certs you can run:
acme.sh --list
Create a directory to store your certs. We will use a directory /etc/letsencrypt.
mkdir -p /etc/letsecnrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc
Install/copy certificates to /etc/letsencrypt directory.
# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
All the certificates will be automatically renewed every 60 days.
After obtaining certs exit from root user and return back to normal sudo user:
exit
Install Nginx
Install the NGINX web server:
sudo pkg install -y nginx
Check the NGINX version:
nginx -v
# nginx version: nginx/1.14.2
Start and enable NGINX service:
sudo sysrc nginx_enable=yes
sudo service nginx start
Configure Nginx for ExpressionEngine by running:
sudo vim /usr/local/etc/nginx/expressionengine.conf
And populate the file with the following configuration:
server {
listen 443 ssl;
listen 80;
server_name example.com;
root /usr/local/www/expressionengine;
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;
index index.php;
location / {
index index.php;
try_files $uri $uri/ @ee;
}
location @ee {
rewrite ^(.*) /index.php?$1 last;
}
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_index index.php5;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Run sudo vim /usr/local/etc/nginx/nginx.conf
and add the below line to http {}
block to include Shopware config.
include expressionEngine.conf;
Check Nginx configuration for syntax errors:
sudo nginx -t
Reload Nginx service:
sudo service nginx reload
Install ExpressionEngine
Create a document root directory where ExpressionEngine should reside in:
sudo mkdir -p /usr/local/www/expressionengine
Navigate to the document root folder:
cd /usr/local/www/expressionengine
Download the latest release of ExpressionEngine and unzip the files to a folder on your server:
sudo wget -O ee.zip --referer https://expressionengine.com/ 'https://expressionengine.com/?ACT=243'
sudo unzip ee.zip
sudo rm ee.zip
Change ownership of the /usr/local/www/expressionengine
directory to www:
sudo chown -R www:www /usr/local/www/expressionengine
Point your browser to the URL of the admin.php
file you uploaded. For example: http://example.com/admin.php
. Follow the on-screen instructions to install ExpressionEngine. Once the Installation Wizard is finished, you should rename or remove the system/ee/installer/
directory from your server.
Complete the ExpressionEngine setup
Complete the ExpressionEngine installation by entering the database and administrator account details:
After, you will see default login page:
This is the ExpressionEngine administration dashboard:
And here is the frontend page:
That's it! ExpressionEngine installation is completed.