How to Install WonderCMS with Nginx and Let's Encrypt SSL on CentOS 7
WonderCMS is a free and open source flat file CMS, aimed to be extremely small, light and simple. It's built with PHP, jQuery, HTML/CSS and developed since 2008. No initial configuration required. The installation process is pretty straightforward - unzip and upload 5 files. All files can be easily moved, backed up and restored by copy/pasting all files to another location. Moving them to another host does not require any re-configuration. WonderCMS also doesn't require a traditional/relational database like MySQL. The flat file technology enables WonderCMS to save all data to a text file (flat file) called database.js which is structured in JSON format. In this tutorial, we will go through the WonderCMS installation and setup on CentOS 7 system by using Nginx as a web server, and optionally you can secure the transport layer by using Acme.sh client and Let's Encrypt certificate authority to add SSL support.
Requirements
Requirements for installing and running WonderCMS are:
- PHP version 7.1 or greater with the curl, mbstring and zip extensions.
- Web server (Apache with
mod_rewrite
module enabled, Nginx, IIS).
Prerequisites
- CentOS 7 operating system.
- A non-root user with
sudo
privileges.
Initial steps
Check your CentOS version:
cat /etc/centos-release
# CentOS Linux release 7.6.1810 (Core)
Set up the timezone:
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system's default software packages:
sudo yum update -y
Install some essential packages that are necessary for basic administration of the CentOS operating system:
sudo yum install -y curl wget vim git unzip socat bash-completion epel-release
Step 1 - Install PHP and necessary PHP extensions
Setup the Webtatic YUM repo:
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP, as well as the necessary PHP extensions:
sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-curl php72w-zip php72w-mbstring php72w-json
To show PHP compiled in modules, you can run:
php -m
ctype
curl
exif
fileinfo
. . .
. . .
Check the PHP version:
php --version
Start and enable PHP-FPM service:
sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service
Step 2 - Install acme.sh client and obtain Let's Encrypt certificate ( optional )
Securing your forum with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let's Encrypt we will use acme.sh client. Acme.sh is a pure UNIX shell software for obtaining TLS certificates from Let's Encrypt with zero dependencies.
Download and install acme.sh:
sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~
Check acme.sh version:
acme.sh --version
# v2.8.0
Obtain RSA and ECC/ECDSA certificates for your domain/hostname:
# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256
If you want fake certificates for testing you can add --staging
flag to the above commands.
After running the above commands, your certificates and keys will be in:
- For RSA:
/home/username/example.com
directory. - For ECC/ECDSA:
/home/username/example.com_ecc
directory.
To list your issued certs you can run:
acme.sh --list
Create a directory to store your certs. We will use /etc/letsencrypt
directory.
mkdir -p /etc/letsecnrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc
Install/copy certificates to /etc/letsencrypt directory.
# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
All the certificates will be automatically renewed every 60 days.
After obtaining certs exit from root user and return back to normal sudo user:
exit
Step 3 - Install and configure NGINX
WonderCMS can work fine with many popular web server software. In this tutorial, we selected NGINX.
Install NGINX:
sudo yum install -y nginx
Check the NGINX version:
nginx -v
# nginx version: nginx/1.12.2
Start and enable NGINX service:
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
Next, configure NGINX for WonderCMS. Run sudo vim /etc/nginx/conf.d/wondercms.conf
and add the following configuration:
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/wondercms;
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
index index.php;
location / {
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?page=$1 last;
}
}
location ~ database.js {
return 403;
}
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_pass http://127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Check NGINX configuration for syntax errors:
sudo nginx -t
Reload NGINX service:
sudo systemctl reload nginx.service
Step 4 - Install WonderCMS
Create a document root directory for WonderCMS.
sudo mkdir -p /var/www/wondercms
Change ownership of the /var/www/wondercms
directory to [jour_username]. The string [
jour_username] must be replaced with the name of the Linux user that you are currently logged in.
sudo chown -R [your_username]:[your_username] /var/www/wondercms
Navigate to the document root directory:
cd /var/www/wondercms
Download and unzip WonderCMS source:
wget https://github.com/robiso/wondercms/releases/download/2.7.0/WonderCMS-2.7.0.zip
unzip WonderCMS-2.7.0.zip
rm WonderCMS-2.7.0.zip
Move WonderCMS files to document root directory.
mv wondercms/* . && mv wondercms/.*.
rmdir wondercms
Change ownership of the /var/www/wondercms
directory to nginx:
sudo chown -R nginx:nginx /var/www/wondercms
Run sudo vim /etc/php-fpm.d/www.conf
and set user and group to nginx
.
sudo vim /etc/php-fpm.d/www.conf
user = nginx
group = nginx
Remove the # in front of the user and group line, in case there is a # in front.
Then restart the PHP-FPM service.
sudo systemctl restart php-fpm.service
Open your site in a web browser and log in with default password admin
and change the default password afterward.