How to Install Flarum Forum with Nginx and LE SSL on CentOS 8
Flarum is a free, open-source and next-generation forum software that makes it easier for you to start and grow a successful online community. It is simple, lightweight, fast and mobile-friendly software based on PHP. It comes with a rich set of features including, Elegant UI, Two-Pane Interface, Infinite Scrolling, Floating Composer, Fully responsive and many more.
In this tutorial, we will explain how to install the Flarum forum on CentOS 8 server.
Requirements
- A server running CentOS 8.
- A valid domain name pointed with your server IP
- A root password is configured on the server.
Getting Started
Before starting, you will need to install EPEL and Remi repository in your system. First, install the EPEL repository with the following command:
dnf install epel-release -y
Next, download and install the Remi repository with the following command:
wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm
rpm -Uvh remi-release-8.rpm
Install Nginx, MariaDB and PHP
First, install the Nginx webserver and MariaDB server with the following command:
dnf install nginx mariadb-server -y
Once both packages are installed, you will need to enable php:remi-7.3 module to install PHP 7.3. You can enable it with the following command:
dnf module enable php:remi-7.3
Next, install PHP with other required dependencies with the following command:
dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y
Once all the packages are installed, start the Nginx, MariaDB and PHP-FPM service and enable them to start after system reboot with the following command:
systemctl start nginx
systemctl start mariadb
systemctl start php-fpm
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm
Once you are finished, you can proceed to the next step.
Configure MariaDB Database
By default, MariaDB is not secured. You can secure it with the following script:
mysql_secure_installation
Answer all the questions as shown below:
Enter current password for root (enter for none): Set root password? [Y/n] Y New password: Re-enter new password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Once you are done, log in to MariaDB shell with the following command:
mysql -u root -p
Provide your root password when prompt then create a database and user for Flarum with the following command:
MariaDB [(none)]> CREATE DATABASE flarumdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'password';
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Once you are finished, you can proceed to the next step.
Configure PHP-FPM for Nginx
Next, you will need to configure PHP-FPM to work with Nginx. You can do it by editing the file www.conf:
nano /etc/php-fpm.d/www.conf
Change the user and group name from apache to nginx as shown below:
user = nginx group = nginx listen.owner = nginx listen.group = nginx
Next, find the following line:
;listen = /run/php-fpm/www.sock
And replace it with the following line:
listen = 127.0.0.1:9000
Save and close the file when you are finished. Then, restart PHP-FPM service to apply the changes:
systemctl restart php-fpm
Install Flarum
Before installing the Flarum, you will need to install Composer in your system.
You can install it with the following command:
curl -sS https://getcomposer.org/installer | php
Once installed, you should get the following output:
All settings correct for using Composer Downloading... Composer (version 1.9.2) successfully installed to: /root/composer.phar Use it: php composer.phar
Next, move the Composer binary file to the /usr/local/bin directory and give proper permission:
mv composer.phar /usr/local/bin/composer
chmod 755 /usr/local/bin/composer
Next, change the directory to the Nginx document root and create a Flarum project with the following command:
cd /var/www/html
composer create-project flarum/flarum . --stability=beta
Next, give proper permissions on Nginx web root directory with the following command:
chown -R nginx:nginx /var/www/html
chmod -R 755 /var/www/html
chown -R nginx:nginx /var/lib/php
Once you are finished, you can proceed to the next step.
Configure Nginx for Flarum
Next, you will need to create an Nginx virtual host configuration file for Nginx. You can create it with the following command:
nano /etc/nginx/conf.d/flarum.conf
Add the following lines:
server { listen 80; server_name flarum.example.com; # note that these lines are originally from the "location /" block root /var/www/html/public; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php?$query_string; } location /api { try_files $uri $uri/ /api.php?$query_string; } location /admin { try_files $uri $uri/ /admin.php?$query_string; } location /flarum { deny all; return 404; } location ~ \.php$ { try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* \.html$ { expires -1; } location ~* \.(css|js|gif|jpe?g|png)$ { expires 1M; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_proxied any; gzip_types application/atom+xml application/javascript application/json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css #text/html -- text/html is gzipped by default by nginx text/plain text/xml; gzip_buffers 16 8k; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; }
Save and close the file when you are finsihed. Next, you will need to increase the hash_bucket size in nginx.conf file.
You can do it by editing the file /etc/nginx/nginx.conf:
nano /etc/nginx/nginx.conf
Add the following line exact above the last line:
server_names_hash_bucket_size 64;
Save and close the file. Then, check Nginx for any syntax error with the following command:
nginx -t
You should see the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, restart the Nginx and PHP-FPM service to apply the changes:
systemctl restart php-fpm
systemctl restart nginx
Configure SELinux and Firewall
First, you will need to create a firewall rule to allow HTTP and HTTPS service from external networks. You can allow it with the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
By default, SELinux is enabled in CentOS 8. So you will need to configure SELinux for Flarum to work correctly. You can configure SELinux using the following command:
setsebool httpd_can_network_connect on -P
Once you are finished, you can proceed to the next step.
Access Flarum Web UI
Now, open your web browser and type the URL http://flarum.example.com. You will be redirected to the following page:
Provide your forum name, database details, admin username, password and click on the Install Flarum button. Once the installation has been completed successfully, you should see the Flarum dashboard in the following page:
Secure Flarum with Let's Encrypt SSL
Flarum is now installed and configured. It's time to secure it with Let's Encrypt free SSL.
To do so, you will need to download the certbot client on your server. You can download and set correct permission by running the following command:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
Now, run the following command to obtain and install an SSL certificate for your flarum website.
certbot-auto --nginx -d flarum.example.com
The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for flarum.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf
Next, you will need to choose whether or not to redirect HTTP traffic to HTTPS as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to continue. Once the installation has been finished, you should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://flarum.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/flarum.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/flarum.example.com/privkey.pem Your cert will expire on 2020-03-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Thats it! You can now access your Flarum website using the secure URL https://flarum.example.com.