How to Install WonderCMS with Apache and Let's Encrypt SSL on CentOS 8
WonderCMS is a free, open-source, simple and lightweight content management system for building simple websites and blogs. It is a flat-file CMS and doesn't require any database. The installation process is very simple and does not require any initial configuration. It offers a rich set of features including, WYSIWYG support, flexible CSS framework, SEO friendly and many more.
In this tutorial, we will show you how to install WonderCMS on CentOS 8 and secure it with Let's Encrypt SSL.
Prerequisites
- A server running CentOS 8.
- A root password is configured on your server.
Install Apache and PHP
First, install the Apache webserver, PHP and other PHP extensions with the following command:
dnf install httpd php php-mysqlnd php-curl php-opcache php-xml php-xmlrpc php-gd php-mbstring php-zip php-json wget unzip git -y
Once the installation has been completed, open the php.ini file and change some settings:
nano /etc/php.ini
Change the value as per your requirement:
memory_limit = 128M post_max_size = 32M upload_max_filesize = 16M max_execution_time = 300 date.timezone = Asia/Kolkata
Save and close the file when you are finished. Then, start the Apache service and restart it to start after system reboot with the following command:
systemctl start httpd
systemctl enable httpd
Download WonderCMS
First, download the latest version of the WonderCMS from the Git repository:
cd /var/www/html
git clone https://github.com/robiso/wondercms.git
Once the download is completed, give proper permissions to the downloaded directory with the following command:
chown -R apache:apache /var/www/html/wondercms
chmod -R 775 /var/www/html/wondercms
Configure Apache for WonderCMS
First, create a new Apache virtual host configuration file for WonderCMS with the following command:
nano /etc/httpd/conf.d/wondercms.conf
Add the following lines:
<VirtualHost *:80> ServerName wonder.linuxbuz.com DirectoryIndex index.php DocumentRoot /var/www/html/wondercms Redirect /wondercms/loginURL /loginURL ErrorLog /var/log/httpd/linuxbuz.com-error.log CustomLog /var/log/httpd/linuxbuz.com-access.log combined <Directory /var/www/html/wondercms> Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
Save and close the file. Then, restart the Apache service with the following command:
systemctl restart httpd
You can also check the status of the Apache service with the following command:
systemctl status httpd
You should see the following output:
? httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d ??php-fpm.conf Active: active (running) since Wed 2020-02-19 08:51:34 EST; 1min 25s ago Docs: man:httpd.service(8) Main PID: 4716 (httpd) Status: "Total requests: 6; Idle/Busy workers 100/0;Requests/sec: 0.0759; Bytes served/sec: 812 B/sec" Tasks: 278 (limit: 12558) Memory: 43.1M CGroup: /system.slice/httpd.service ??4716 /usr/sbin/httpd -DFOREGROUND ??4718 /usr/sbin/httpd -DFOREGROUND ??4719 /usr/sbin/httpd -DFOREGROUND ??4720 /usr/sbin/httpd -DFOREGROUND ??4721 /usr/sbin/httpd -DFOREGROUND ??4935 /usr/sbin/httpd -DFOREGROUND Feb 19 08:51:34 centos8 systemd[1]: Starting The Apache HTTP Server...
Secure WonderCMS with Let's Encrypt SSL
Next, install the Certbot Let's Encrypt client with the following command:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
Now, run the following command to obtain and install an SSL certificate for your WonderCMS website.
certbot-auto --apache -d wonder.linuxbuz.com
The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:
Note : If you will get any SSL certificate related error then restart the Apache service and run the above command again.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for wonder.linuxbuz.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/wondercms.conf
Next, you will need to choose whether or not to redirect HTTP traffic to HTTPS as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to continue. Once the installation has been finished, you should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wondercms.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://wonder.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=wonder.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/wonder.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/wonder.linuxbuz.com/privkey.pem Your cert will expire on 2020-03-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Configure Firewall and SELinux
Next, you will need to create a firewall rule to allow HTTP and HTTPS service from external networks. You can allow it with the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Next, you will need to configure SELinux for WonderCMS. You can configure SELinux using the following command:
setsebool httpd_can_network_connect on -P
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/wondercms
Finally, restart the Apache service to apply the changes:
systemctl restart httpd
Access WonderCMS
Now, open your web browser and type the URL https://wonder.linuxbuz.com. You will be redirected to the WonderCMS home page:
Now, copy the password from the above page and click on the Click to login button. You should see the following page:
Paste the password and click on the Login button. You should see the following page:
Next, click on the Settings => Security. You should see the following page:
Change your login URL, password and click on the CHANGE PASSWORD button.
Conclusion
Congratulations! you have successfully installed and secured WonderCMS on CentOS 8 with Let's Encrypt SSL. You can now host your own blog and website easily using WonderCMS.