Create an Online Social Network with Elgg on Debian 9

In this tutorial, I will show you how to install and configure the latest Elgg version on Debian 9 in order to create a free online social network.

Elgg is a free open source social engine framework software written in PHP programming language. The Elgg framework can help individuals or organizations to create powerful social environments in Linux under Apache/Nginx web servers, PHP and MySQL/MariaDB database management system, also known as LAMP or LEMP stack.  It also has built-in features that can power file sharing, blogging, social groups or educational platforms on public or private networks.

In order to successfully deploy the Elgg platform on your premises, you will need to meet the following requirements.

  • A virtual machine or a virtual private server powered by Debian 9, preferably minimal installation
  • Direct access to root account or a local user with root powers via server console or remote management via SSH
  • The server needs a static IP address configured for the external network interface in order to access via its public IP address to visitors
  • You might also need a public or private domain name configured for your server so visitors can access the platform via a domain name, such as www.yourdomain.com, although you can still access the platform via your server IP address.
  • In order to use Elgg website registration via e-mail address, or use other platform features, you need to deploy a mail server at your premises or use a public mail server.

Pre-Requirements

As the first step, login to the Debian 9 server with root privileges or with a user having root powers and issue the following command in order to update your system with the latest security patches, software and kernel updates.

apt update
apt upgrade

Next, make sure you configure the name of your machine by executing the following commands. You should replace the hostname variable used in this example to match your own domain.

hostnamectl set-hostname www.socialnet.org

After you’ve configured the machine hostname, verify if the host has been properly configured by checking the hosts file with the following commands.

hostnamectl
cat /etc/hostname
hostname –s
hostname –f

Finally, in order to apply machine hostname and kernel updates, reboot the system by issuing the following command.

systemctl reboot

After the system reboots, login back to the console and run the following command to install some system utilities that will help us download software over internet and extract some archive files types

apt install wget zip unzip curl

Install LAMP Stack

In order to deploy the Elgg social network framework on our server, we need to install the LAMP stack components. The first component that we’ll install is the database - MariaDB - a fork of the popular MySQL database, as database backend. The MariaDB database will be used by the application to store users, sessions, contacts, posts, comments and other information. In order to install MariaDB database server and client software in Debian 9 via the official repositories, issue the command below in terminal.

apt install mariadb-server mariadb-client

After the database installation completes, log in to the MySQL console and issue the following commands in order to secure database root account, which can be accessed by default without supplying a password.

mysql -h localhost
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

 

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> update user set plugin='' where user='root';

Query OK, 1 row affected (0.00 sec)

Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit

Bye

After you’ve completed the above step, execute the mysql_secure_installation script provided by Debian stretch repositories, in order to further secure MariaDB server and set up a strong password for database root account. Mainly, answer “yes” on all asked questions by the script, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database, as illustrated in the below script excerpt.

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

 ... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] y

 ... Success!

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

In order to test MariaDB security, try logging in to the database from the console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

If the password is supplied, the login process should be granted to MySQL console, as shown in the command sample:

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> exit

Bye

After you’ve installed and secured MariaDB database, it’s time to install the next components required to deploy the Elgg application: Apache HTTP server and PHP programming language processing gateway. In order to install Apache web server and the PHP interpreter alongside with all required PHP modules through which the server will execute the application scripts, execute the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-mbstring php7.0-xml php7.0-mysql

Next, open and modify PHP default configuration file by altering the following PHP variables.  Open /etc/php/7.0/apache2/php.ini file for editing and change the following lines. initially, make a backup of PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in php.ini configuration file:

file_uploads = On
default_charset = UTF-8
memory_limit = 128M
upload_max_filesize = 100M
date.timezone = Europe/London

Increase upload_max_file_size variable as suitable in order to support large file attachments for your application. Also, change PHP timezone setting to your system's geographical location by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php

Enable OPCache plugin available for PHP7 in order to increase website load speed by appending the following OPCache settings at the bottom of the PHP interpreter configuration file, below the [opcache] statement, as detailed below:

opcache.enable=1 
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

After you’ve made all the above changes, save and close the php.ini configuration file, restart the Apache web server to apply PHP interpreter changes by issuing the below command.

systemctl restart apache2

Configure the Firewall

To add the required UFW firewall application rules to allow HTTP traffic to pass through system firewall, issue the following commands in the server console.

ufw allow WWW

or

ufw allow 80/tcp

In case you’re remotely connected to your server via SSH, add the rule below to open SSH port 22 in your firewall.

ufw allow 22/tcp

If you manage the firewall rules in your Debian server via iptables raw rules, add the following rules to allow port 80 and 22 inbound traffic to pass the firewall so that external clients can access the application. Open port 22/TCP only if you’re remotely connected to the server via SSH.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

Configure Apache Web Server

On the next step, enable Apache rewrite module required for altering web server configurations on the fly via .htacccess file and the TLS module required to secure HTTP transactions, by issuing the below command.

a2enmod rewrite ssl
a2ensite default-ssl.conf

Next, open the Apache default SSL site configuration file for editing with your favorite text editor, and add the following URL rewrite rules after DocumentRoot directive:

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Also, make the change shown below to the VirtualHost line to make it look like what's shown in the excerpt that follows:

<VirtualHost *:443>

Add the same changes to Apache default configuration file by opening /etc/apache2/sites-enabled/000-default.conf file for editing. Insert the following lines of code after DocumentRoot statement as shown in the example below.

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory

Finally, restart Apache daemon to apply all rules configured so far and visit your domain or server IP address via HTTP protocol.

systemctl restart apache2

Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, for a certificate that is untrusted by the browser, an error warning should be displayed in the browser. Accept the warning in order to accept the untrusted certificate and continue to be redirected to Apache default web page, as illustrated in the below image.

https://yourdomain.tld

SSL Warning

Apache default page

In order to allow HTTPS traffic to pass through the UFW firewall, you should add the following rule to allow incoming 443/TCP traffic by issuing the command below.

ufw allow 'WWW Full'

or

ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent

Finally, create the PHP info file in your web server document root path by executing the following command.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

Visit the PHP info script file by opening a browser at the following URL:

https://yourdomain.tld/info.php

Verify PHP settings and scroll down to date configuration to check the PHP timezone configuration.

PHP date settings

Install Elgg Software

In order to deploy the Elgg social network platform in your system, first visit the Elgg official download page at https://elgg.org/about/download  and grab the latest zip package compressed archive by issuing the below command.

wget -O elgg-2.3.5.zip https://elgg.org/getelgg.php?forward=elgg-2.3.5.zip
ls

Next, extract the Elgg zip archive file to your current working directory and list the extracted files by issuing the following commands.

unzip elgg-2.3.5.zip
ls -al elgg-2.3.5

On the next step, delete the default index.html file installed by Apache web server to webroot path and the info.php file created earlier by issuing the below commands.

rm /var/www/html/index.html
rm /var/www/html/info.php

Next, copy all the content of the extracted Elgg directory, including the hidden .htaccess file, into your web server document root path by issuing the following command.

cp -rf elgg-2.3.5/* /var/www/html/
cp elgg-2.3.5/.htaccess /var/www/html/

After you’ve copied Elgg installation files to your domain webroot path, create a directory named data for Elgg application, one level up your domain webroot, by issuing the following command. The data directory will be used by Elgg application to store diverse user related files. This data directory can be created anywhere in your server filesystem hierarchy, with the remark that you must grant Apache runtime user the write permissions to this directory.

mkdir  /var/www/data
chown www-data:www-data /var/www/data

Next, execute the below commands in order to grant Apache runtime user with full write permissions to the web root path. Use the ls command to list permissions for application’s installed files located in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/

Before beginning with the installation process via a web browser, log in to the MariaDB database console and create the Elgg database and a user with a password that will be used to manage this database, by issuing the following commands. Make sure you replace the database name, user and password used in this tutorial accordingly.

mysql –u root -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

 

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database elgg_db;

Query OK, 1 row affected (0.00 sec) 

MariaDB [(none)]> grant all privileges on elgg_db.* to 'elgg_user'@'localhost' identified by 'password1234';

Query OK, 0 rows affected (0.00 sec) 

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec) 

MariaDB [(none)]> exit

Bye 

Now, let’s proceed with Elgg installation. First open a browser and navigate to your server’s IP address or domain name or server FQDN via HTTPS protocol.

https://yourdomain.tld

On the welcome screen, the installer will display an introduction message that informs you that Elgg platform software will require six steps to follow in order to install the application. Just hit on Next button in order to start the installation process, as illustrated in the below screenshot.

Welcome to Elgg

Next, the Elgg installer will parse your system and check if PHP and web server requirements are met for installing the application. Hit on Next button, to continue the installation process, as shown in the below screenshot.

Elgg Requirements

In the next installation screen, configure the MySQL database settings by supplying MySQL database name, server host (use localhost if the database is installed on the same node), the database username and the password created earlier for installing Elgg. Use the database table prefix as default or change it if you want to add an extra layer of security for your application. Finally, select your default timezone setting for the application and hit on Next button to move to the next installation screen. Use the below screenshot as a guide to configuring this step.

Database settings

On the next step, configure the Elgg website by adding a name for the site and an email address for user communication. Also, change the site URL address if it was not correctly detected and add the full path to website data directory. Finally, setup your default website access level for newbies and hit on Next button to continue the installation process.

Configure site in Elgg

Next, create the first admin account for your website, by filling the Display Name field with the name of your admin account. Also, add the admin account email address, username and password, as illustrated in the below image. When you complete this step, hit on Next button to continue and finish the installation process.

Create admin account

After the installation process completes, hit on “Go to site” button in order to be redirected to the Elgg admin dashboard.

Elgg Installation is finished

After you’ve been logged in to Elgg dashboard, navigate to Configure -> Plugins menu from right panel and start enabling your required Elgg plugins by hitting on the Activate button for the selected plugin.

Elgg admin panel

You can also visit Elgg application by navigating to your server IP address or domain name via HTTPS protocol. Use the credentials configured for admin account during the installation process in order to log in to Elgg social engine application, as shown in the below screenshot.

https://yourdomain.tld

Elgg Social network

As the final step, if you want to force visitors to securely browse the Elgg website via HTTPS protocol that encrypts the traffic between the server and client browsers, return to the Debian server console and edit the .htaccess file located in your website document root path, by issuing the below command.

nano /var/www/html/.htaccess

In .htaccess file, search for the <IfModule mod_rewrite.c> line and add the below rules after RewriteEngine On statement in order to automatically redirect all your domain traffic to HTTPS.

RewriteEngine On
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

Here, you can also change some PHP variables for your website. Search for <IfModule mod_php7.c> directive and under this line add your own PHP settings such as: increase the file upload size for the domain or disable some server default PHP configurations, as shown in the below excerpt:

# Alter web server PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

In order for the Elgg application to send out queued notifications, rotate system logs in database and collect garbage in the database (compacting the database by removing entries that are no longer required),  create a crontab file for with the below configurations.  Also, this crontab job must be owned and executed by Apache runtime user.

crontab -u www-data –e

Crontab file excerpt. The cron task output of each job will be discarded to Linux /dev/null blackhole file. Replace the domain name variable ($ELGG) used in this script accordingly.

GET="curl -k"
ELGG="https://www.socialnet.org/"

OUT=" > /dev/null 2>&1"

* * * * * $GET ${ELGG}cron/minute/${OUT}
*/5 * * * * $GET ${ELGG}cron/fiveminute/${OUT}
15,30,45,59 * * * * $GET ${ELGG}cron/fifteenmin/${OUT}
30,59 * * * * $GET ${ELGG}cron/halfhour/${OUT}
@hourly $GET ${ELGG}cron/hourly/${OUT}
@daily $GET ${ELGG}cron/daily/${OUT}
@weekly $GET ${ELGG}cron/weekly/${OUT}
@monthly $GET ${ELGG}cron/monthly/${OUT}
@yearly $GET ${ELGG}cron/yearly/${OUT}
@reboot $GET ${ELGG}cron/reboot/${OUT}

Congratulations! The Elgg social media platform has been successfully installed and configured at your premises in a Debian 9 server. In case you’re using a registered public domain name to expose Elgg application to public-facing visitors, you should consider buying an SSL certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA.

In order to further administer the Elgg application, visit the documentation pages at the following address:  http://learn.elgg.org/en/stable/index.html

Share this page:

0 Comment(s)