How to Install Monica Personal CRM on Rocky Linux 9

Conventionally, Customer Relationship Management (CRM) software is made for businesses to manage their customers. CRM software helps businesses to gather data from customers and provide assistance via various means of communication.

Monica Personal CRM, however, is aimed at individuals and their relationships with their family and friends. Monica CRM helps in organizing and storing everything that there is to about the people around you. It is open-source and completely free to use.

In this tutorial, you will learn how to install Monica Personal CRM on a Rocky Linux 9 server.

Prerequisites

  • A server running Rocky Linux 9 with a minimum of 1.5 GB of RAM. If your server has less than 1.5 GB of RAM, the Yarn installation tasks will most likely fail. Upgrade to a server with better RAM before proceeding with this tutorial to ensure a smooth installation.

  • A non-root user with sudo privileges.

  • A Fully Qualified Domain Name (FQDN) like monica.example.com pointing to your server.

  • An SMTP account with an email service like Amazon SES or Mailgun.

  • Everything is updated.

    $ sudo dnf update
    
  • A few essential packages are required for the tutorial and Monica CRM to run. Some of these will already be on your server.

    $ sudo dnf install wget curl nano unzip yum-utils policycoreutils-python-utils -y
    

Step 1 - Configure Firewall

The first step is to configure the firewall. Rocky Linux uses Firewalld Firewall. Check the firewall's status.

$ sudo firewall-cmd --state
running

The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.

$ sudo firewall-cmd --permanent --list-services

It should show the following output.

cockpit dhcpv6-client ssh

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https

Recheck the status of the firewall.

$ sudo firewall-cmd --permanent --list-services

You should see a similar output.

cockpit dhcpv6-client http https ssh

Reload the firewall to enable the changes.

$ sudo firewall-cmd --reload

Step 2 - Install Git

Git comes usually pre-installed with Rocky Linux 9 but in case it is not installed, run the following command to install it.

$ sudo dnf install git -y

Check Git's version.

$ git --version
git version 2.39.3

Run the following commands to configure Git to add your name and email address to it.

$ git config --global user.name "Your Name"
$ git config --global user.email "[email protected]"

Step 3 - Install Node

Monica CRM needs Node.js to work.

$ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/nodesource.gpg

Install the Nodesource RPM package. The current Node LTS version is 20.x but it doesn't work with the Yarn package manager therefore we have set it to 18.x for now.

$ NODE_MAJOR=18
$ sudo yum install https://rpm.nodesource.com/pub_$NODE_MAJOR.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm -y

Install Node.js.

$ sudo yum install nodejs -y --setopt=nodesource-nodejs.module_hotfixes=1

Confirm if it is installed properly.

$ node --version
v18.18.2

Update NPM.

$ sudo npm install -g npm@latest

Verify the NPM version.

$ npm --version
10.2.4

Step 4 - Install Yarn

Yarn is another Javascript package manager that is needed by Monica CRM along with Node.js. The usual method of installing Yarn is to install it globally. This ensures all testing and automation tools in a project use the same version of Yarn, preventing inconsistency.

Install Yarn using the following command.

$ sudo npm install --global yarn

Verify Yarn installation.

$ yarn --version
1.22.21

Step 5 - Install Nginx

Rocky Linux 9 ships with an older version of Nginx. To install the latest version, you need to download the official Nginx repository.

Create and open the file /etc/yum.repos.d/nginx.repo for editing.

$ sudo nano /etc/yum.repos.d/nginx.repo

Paste the following code in it.

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Once you are finished, save the file by pressing Ctrl + X and entering Y when prompted.

Install Nginx.

$ sudo dnf install nginx -y

Verify the installation.

$ nginx -v
nginx version: nginx/1.24.0

Enable and start the Nginx server service.

$ sudo systemctl enable nginx --now

Check the service status.

$ sudo systemctl status nginx
? nginx.service - nginx - high performance web server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
     Active: active (running) since Thu 2023-11-23 01:10:33 UTC; 1s ago
       Docs: http://nginx.org/en/docs/
    Process: 4560 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
   Main PID: 4561 (nginx)
      Tasks: 2 (limit: 10841)
     Memory: 1.9M
        CPU: 11ms
     CGroup: /system.slice/nginx.service
             ??4561 "nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf"
             ??4562 "nginx: worker process"

Open your server's IP address in your web browser. You should see the following page which means your server is up and running.

Nginx Default Page

Step 6 - Install PHP and extensions

Rocky Linux 9 ships with PHP 8.1 by default. To always stay on the latest version of PHP or if you want to install multiple versions of PHP, we need to use the REMI repository.

The first step is to grab the Epel repository.

$ sudo dnf install epel-release -y

Next, install the Remi repository.

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Check for available PHP streams.

$ dnf module list php -y
Name    Stream              Profiles                                      Summary
php     8.1                 common [d], devel, minimal                    PHP scripting language

Remi's Modular repository for Enterprise Linux 9 - x86_64
Name    Stream              Profiles                                      Summary
php     remi-7.4            common [d], devel, minimal                    PHP scripting language
php     remi-8.0            common [d], devel, minimal                    PHP scripting language
php     remi-8.1            common [d], devel, minimal                    PHP scripting language
php     remi-8.2            common [d], devel, minimal                    PHP scripting language
php     remi-8.3            common [d], devel, minimal                    PHP scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

The default version is 8.1. Enable Remi's PHP 8.2 repository.

$ sudo dnf module reset php -y
$ sudo dnf module enable php:remi-8.2

Install PHP and its extensions.

$ sudo dnf install php php-bcmath php-cli php-curl php-common \
    php-fpm php-gd php-gmp php-intl php-mbstring \
    php-mysql php-opcache php-redis php-xml php-zip -y

Check the version of PHP installed.

$ php --version
PHP 8.2.13 (cli) (built: Nov 21 2023 09:55:59) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.2.13, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.13, Copyright (c), by Zend Technologies

Enable and start the PHP-FPM service.

$ sudo systemctl enable php-fpm --now

Check the status of the service.

$ sudo systemctl status php-fpm
? php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled)
     Active: active (running) since Thu 2023-11-23 01:21:11 UTC; 1s ago
   Main PID: 5643 (php-fpm)
     Status: "Ready to handle connections"
      Tasks: 6 (limit: 10841)
     Memory: 15.7M
        CPU: 85ms
     CGroup: /system.slice/php-fpm.service
             ??5643 "php-fpm: master process (/etc/php-fpm.conf)"
             ??5644 "php-fpm: pool www"
             ??5645 "php-fpm: pool www"
             ??5646 "php-fpm: pool www"
             ??5647 "php-fpm: pool www"
             ??5648 "php-fpm: pool www"

Step 7 - Install Composer

Composer acts as a dependency manager for PHP. It is also the dependency manager of the Laravel PHP framework, which is what powers Monica CRM.

Download the Composer installation script.

$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

Verify the downloaded installer.

$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

You will receive the following output.

Installer verified

Run the installation script to download the latest version of Composer.

$ php composer-setup.php

Remove the installation script.

$ php -r "unlink('composer-setup.php');"

Move the downloaded binary file to the /usr/local/bin directory.

$ sudo mv composer.phar /usr/local/bin/composer

Confirm the installation.

$ composer --version
Composer version 2.6.5 2023-10-06 10:11:52

Step 8 - Install MariaDB

MariaDB is a drop-in replacement for MySQL which means commands to run and operate MariaDB are the same as those for MySQL.

Rocky Linux 9 by default ships with MariaDB 10.5.22 which is a bit outdated. To get the latest stable version of MariaDB, you need to use the official repository.

Create MariaDB's repository file and open it for editing.

$ sudo nano /etc/yum.repos.d/mariadb.repo

Paste the following code in it.

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.11/rhel9-amd64
module_hotfixes=1
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1 

Once you are finished, save the file by pressing Ctrl + X and entering Y when prompted.

Issue the following command to install the MariaDB server. Notice how the package name is capitalized. The official MariaDB package that Rocky Linux ships is named simply mariadb-server. Make sure you don't mix up the two.

$ sudo dnf install MariaDB-server -y

Check if MariaDB is installed correctly.

$ mysql --version

You should see the following output.

mysql  Ver 15.1 Distrib 10.11.6-MariaDB, for Linux (x86_64) using  EditLine wrapper

You can also use mariadb --version to check the version.

Start and Enable the MariaDB service.

$ sudo systemctl enable --now mariadb

MariaDB service is already enabled and running. Check its status using the following command.

$ sudo systemctl status mariadb
? mariadb.service - MariaDB 10.11.6 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/mariadb.service.d
             ??migrated-from-my.cnf-settings.conf
     Active: active (running) since Thu 2023-11-23 01:23:52 UTC; 2s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 6831 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
    Process: 6832 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ]   && systemctl set-environment _WSREP_START_POSITION=$VAR >
    Process: 6850 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
   Main PID: 6840 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 10 (limit: 10841)
     Memory: 193.1M
        CPU: 162ms
     CGroup: /system.slice/mariadb.service
             ??6840 /usr/sbin/mariadbd

Run the following command to perform default configuration such as giving a root password, removing anonymous users, disallowing root login remotely, and dropping test tables.

$ sudo mariadb-secure-installation

You will be asked for your root password. Since we don't have any root password set, press the Enter key to proceed.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): [PRESS ENTER]
OK, successfully used password, moving on...

Next, you will be asked if you want to switch to the unix_socket plugin. The unix_socket plugin allows you to log in to MariaDB with your Linux user credentials. Choose n to skip switching to it since you already have a protected root account.

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

Next, you will be asked if you want to change your root password. On Rocky Linux 9, the root account for MariaDB is tied closely to automated system maintenance, so you should not change the configured authentication methods for the account. Doing so would allow a package update to break the database system by removing access to the administrative account. Type n to proceed.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

From here on, press y and then Enter to accept defaults for all the following questions. This will remove access to anonymous users, test databases, disable remote root login, and load the changes.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

That's it. Next time you want to log in to the MariaDB shell, use the following command.

$ sudo mysql

Enter your Linux root password when prompted.

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.11.6-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Press exit to close the MariaDB shell.

Step 9 - Configure MariaDB

Log in to the MariaDB shell.

$ sudo mysql

Create a new MySQL database, database user, and password for your Monica CRM installation.

MariaDB> CREATE DATABASE monica CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
MariaDB> CREATE USER 'monicauser'@'localhost' IDENTIFIED BY 'yourpassword';
MariaDB> GRANT ALL PRIVILEGES ON monica.* TO 'monicauser'@'localhost';

Replace monica, monicauser and yourpassword with the credentials of your choice. Choose a strong password.

Also, create an administrative user with the same capabilities as the root account.

MariaDB> GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

Flush the privileges to ensure that they are saved in the current session.

MariaDB> FLUSH PRIVILEGES;

Exit the MariaDB shell.

MariaDB> exit

Step 10 - Downloading Monica

Create the web root directory for Monica CRM.

$ sudo mkdir /var/www/html/monica -p

Set the currently logged-in user as the owner of this directory.

$ sudo chown -R $USER:$USER /var/www/html/monica

Switch to the directory.

$ cd /var/www/html/monica

Clone the official Monica Github repository at this location. Notice the dot(.) at the end of the command which means clone Monica to the current directory instead of a sub-directory.

$ git clone https://github.com/monicahq/monica.git .

Grab the latest data from GitHub.

$ git fetch

Checkout the latest version of Monica. To choose the latest version, check the Monica releases page. At the time of writing this tutorial, the latest available version is 4.0.0. Substitute 4.0.0 with the version you are installing in the command below.

$ git checkout tags/v4.0.0

You will get the following output.

Note: switching to 'tags/v4.0.0'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at e1a3e1315 build: delete heroku workflow (#6540)

Step 11 - Installing Monica

Make sure you are in the root directory for Monica.

$ cd /var/www/html/monica

Copy the sample environment variable file to create one for configuring Monica CRM.

$ cp .env.example .env

Change the following values as shown. Set the APP_ENV variable to production. This will enforce the HTTPS protocol. Set the APP_URL variable to your Monica's domain name along with HTTPS protocol. Set the database credentials as created in the previous step. In our tutorial, we are using Amazon's SES SMTP service. Enter the details for the service you are going to use. If you are not going to use any, you can skip filling those fields.

APP_ENV=production
...
APP_URL=https://monica.example.com
...
DB_DATABASE=monicadb
DB_USERNAME=monicauser
DB_PASSWORD=YourPassword23!
...
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=SESID
MAIL_PASSWORD=SESKey
MAIL_ENCRYPTION=tls
# Outgoing emails will be sent with these identity
[email protected]
MAIL_FROM_NAME="Monica CRM"
# New registration notification sent to this email
[email protected]
...

Once finished, save the file by pressing Ctrl + X and entering Y when prompted.

Install all required packages for Monica using Composer.

$ composer install --no-interaction --no-dev

Use Yarn to install frontend packages and build the assets (JS, CSS, and fonts).

$ yarn install
$ yarn run production

Generate the APP_KEY value and fill it automatically in the .env file. You will be prompted with a yes or no question on whether to proceed. Type yes to proceed.

$ php artisan key:generate

Issue the following command to run migrations, seed the database, and create symlink directories. You will be prompted with a yes or no question on whether to proceed. Type yes to proceed. Enter your required email address and password to create a default user and use those values in the command.

$ php artisan setup:production [email protected] --password=yourpassword -v

You will receive the following output notifying you about the successful installation.

Monica v4.0.0 is set up, enjoy.
? Filling database
   INFO  Seeding database.


-----------------------------
|
| Welcome to Monica v4.0.0
|
-----------------------------
| You can now sign in to your account:
| username: [email protected]
| password: <hidden>
| URL:      https://monica.example.com
-----------------------------
Setup is done. Have fun.

Step 12 - Install SSL

We need to install Certbot to generate the SSL certificate. We will use the Snapd package installer for that. Since Rocky Linux doesn't ship with it, install the Snapd installer. It requires the EPEL (Extra Packages for Enterprise Linux) repository to work. But since we already installed it in step 3, we can directly move ahead.

Install Snapd.

$ sudo dnf install -y snapd

Enable and Start the Snap service.

$ sudo systemctl enable snapd --now

Install the Snap core package, and ensure that your version of Snapd is up to date.

$ sudo snap install core && sudo snap refresh core

Create necessary links for Snapd to work.

$ sudo ln -s /var/lib/snapd/snap /snap
$ echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' | sudo tee -a /etc/profile.d/snapd.sh

Install Certbot.

$ sudo snap install --classic certbot

Use the following command to ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin directory.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Verify if Certbot is functioning correctly.

$ certbot --version
certbot 2.7.4

Run the following command to generate an SSL Certificate.

$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d monica.example.com

The above command will download a certificate to the /etc/letsencrypt/live/monica.example.com directory on your server.

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096

Check the Certbot renewal scheduler service.

$ sudo systemctl list-timers

You will find snap.certbot.renew.service as one of the services scheduled to run.

NEXT                        LEFT           LAST                        PASSED      UNIT                      ACTIVATES     
---------------------------------------------------------------------------------------------------------------------------               
Thu 2023-11-23 02:34:37 UTC 45min left Thu 2023-11-23 00:57:54 UTC 51min ago    dnf-makecache.timer          dnf-makecache.service
Thu 2023-11-23 08:49:00 UTC 6h left    -                           -            snap.certbot.renew.timer     snap.certbot.renew.service
Fri 2023-11-24 00:00:00 UTC 22h left   Thu 2023-11-23 00:30:29 UTC 1h 18min ago logrotate.timer              logrotate.service

Do a dry run of the process to check whether the SSL renewal is working fine.

$ sudo certbot renew --dry-run

If you see no errors, you are all set. Your certificate will renew automatically.

Step13 - Configure SELinux

Change the file security context for OpenEMR.

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/monica(/.*)?"

Apply the policy.

$ sudo restorecon -Rv /var/www/html/monica/

Apply the policy to allow Nginx to give access to MariaDB.

$ sudo setsebool -P httpd_can_network_connect_db 1

Apply the policy to allow connections to be made to outside hosts. This is needed for sending emails.

$ sudo setsebool -P httpd_can_network_connect 1

With MariaDB 10.11, you will face another issue which is that SELinux prevents PHP-FPM from connecting to MariaDB. That can be solved by installing an SELinux module. The first step is to create a type enforcement file.

Create the file my-phpfpm.te in your home directory and open it for editing.

$ cd ~
$ nano my-phpfpm.te

Paste the following code in it.

module my-phpfpm 1.0;

require {
        type unconfined_service_t;
        type httpd_t;
        type httpd_sys_content_t;
        class dir write;
        class unix_stream_socket connectto;
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_content_t:dir write;

#!!!! This avc is allowed in the current policy
allow httpd_t unconfined_service_t:unix_stream_socket connectto;

Save the file by pressing Ctrl + X and entering Y when prompted.

The next step is to convert it into a policy module using the following command. Don't modify the filename in the command otherwise, it won't work. The module is named my-phpfpm and the file name should be the same as the module name.

$ sudo checkmodule -M -m -o my-phpfpm.mod my-phpfpm.te

Next, we need to compile the policy module to create a policy package.

$ sudo semodule_package -o my-phpfpm.pp -m my-phpfpm.mod

The final step is to load the policy package using the semodule command which installs the policy to be used.

$ sudo semodule -i my-phpfpm.pp

Step 14 - Configure PHP-FPM

Open php.ini for editing.

$ sudo nano /etc/php.ini

To set file upload sizes, change the values of the upload_max_filesize and post_max_size variables. This value decides the size of the file you can upload to Monica. By default, it is set at 10MB which is what we will configure with PHP.

$ sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php.ini
$ sudo sed -i 's/post_max_size = 8M/post_max_size = 10M/' /etc/php.ini

Configure PHP's memory limit depending on your server resources and requirements.

$ sudo sed -i 's/memory_limit = 128M/memory_limit = 256M/' /etc/php.ini

Open the file /etc/php-fpm.d/www.conf.

$ sudo nano /etc/php-fpm.d/www.conf

We need to set the Unix user/group of PHP processes to nginx. Find the user=apache and group=apache lines in the file and change them to nginx.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Find the listen.owner = nobody, listen.group = nobody, listen.mode = 0660 lines in the file and change them as follows after uncommenting them.

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the PHP-fpm process. Make sure you have Nginx installed before restarting the PHP service otherwise, it will fail since it won't be able to find the nginx group.

$ sudo systemctl restart php-fpm

Change the group of the PHP sessions directory to Nginx.

$ sudo chgrp -R nginx /var/lib/php/session

Step 15 - Configure Nginx

Allow Nginx access to the Monica root directory.

$ sudo chown -R nginx:nginx /var/www/html/monica

Set the correct directory permissions on the storage directory.

$ sudo chmod -R 775 /var/www/html/monica/storage

Open the file /etc/nginx/nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Create and open the file /etc/nginx/conf.d/monica.conf for editing.

$ sudo nano /etc/nginx/conf.d/monica.conf

Paste the following code in it. Replace monica.example.com with your domain name. Make sure the value of the client_max_body_size is set to 10MB which is what the default upload size of files in Monica is. It is the same value we configured with PHP earlier.

server {

    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name monica.example.com;
    root /var/www/html/monica/public;

    index index.php;
    client_max_body_size 10M;

    access_log  /var/log/nginx/monica.access.log;
    error_log   /var/log/nginx/monica.error.log;

    ssl_certificate      /etc/letsencrypt/live/monica.example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/monica.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/monica.example.com/chain.pem;
    
    ssl_session_timeout  5m;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_index index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_keep_conn on;
        include fastcgi_params;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}
# enforce HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name  monica.example.com;
    return 301   https://$host$request_uri;
}

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify your Nginx configuration.

$ sudo nginx -t

Restart the Nginx server.

$ sudo systemctl restart nginx

Step 16 - Access Monica CRM

Open the URL https://monica.example.com in your browser and you will be taken to the login page as shown below.

Monica CRM Login Page

Enter the email and password you configured in step 12 and press the Login button to proceed. You will be taken to the welcome screen from where you can start using the application.

Monica CRM Welcome Screen

Step 17 Set up Cron

Monica CRM requires several background processes to ensure its smooth running. This is managed using Cron functionality. To do this, set up a cron that will run every minute to run the php artisan schedule:run command.

Run the crontab editor. We are passing nginx as the user as it has access to the /var/www/html/monica directory. We are passing nano as the editor choice in the command itself which is the easiest way to get going.

$ sudo editor=NANO crontab -u nginx -e

Next, you will be taken to the crontab editor. Paste this line at the bottom of the file.

* * * * * php /var/www/html/monica/artisan schedule:run >> /dev/null 2>&1

Save the file by pressing Ctrl + X and entering Y when prompted. That's it. Monica's scheduled tasks will be run regularly using cron functionality.

Step 18 - Update Monica CRM

The first step to backing up the Monica CRM is to make sure it's backed up. You can back up the SQL from the settings page. Click the Settings icon on the top right of the dashboard to open the Account settings page. Next, open the Export data page from the left menu.

Monica Export Data page

Click the Export to SQL button to export the database. There is an Export to Json option as well which backups a lot more than just the SQL but there is no way to import it. You will probably see the status as failed for both exports but if you browse the directory /var/www/html/monica/storage/app/public/exports on your server, you should see both files.

$ ls /var/www/html/monica/storage/app/public/exports -al
total 84
drwxr-xr-x 2 nginx nginx  4096 Nov 22 09:47 .
drwxrwxr-x 4 nginx nginx  4096 Nov 22 09:47 ..
-rw-r--r-- 1 nginx nginx 53712 Nov 22 09:47 cvlK5RAl7VVLdYLplnSZ8SFGHHwDZy9cjRhtoOWB.json
-rw-r--r-- 1 nginx nginx 17050 Nov 22 09:47 dgZf5T0SnXeAuZ67HfaFLu2JosyUsByJcp2C8nlv.sql

Now that we have backed up the data, time to update.

Switch to the Monica directory.

$ cd /var/www/html/monica

Since the directory's permissions are set to nginx, we will need to use sudo to run any commands. But it is better to switch the permissions temporarily instead of using sudo which is what we will do.

$ sudo chown -R $USER:$USER /var/www/html/monica

Fetch the latest Git changes.

$ git fetch

Clone the desired version. For our tutorial, we are referring to the beta version. Don't use it on a production server.

$ git checkout tags/v5.0.0-beta.3

Update the dependencies.

$ composer install --no-interaction --no-dev

Install the frontend packages.

$ yarn install

Build the JavaScript and CSS assets.

$ yarn run production

Run the following command to update the instance. This runs migration scripts for the database, and flushes all caches for config, route, and view as an optimization process.

$ php artisan monica:update --force

If you want to restore the SQL database to a different Monica instance, make sure your instance is completely empty which means no tables and no data. Once you have ensured that, run the following command to start the database migration process.

$ php artisan migrate

Next, import the monica.sql file using the following command.

$ sudo mysqlimport -u monicauser -p monica /var/www/html/monica/storage/app/public/exports/dgZf5T0SnXeAuZ67HfaFLu2JosyUsByJcp2C8nlv.sql

You will be prompted for your Monica user DB password configured earlier. Next, log in to the instance using the credentials used on the older instance.

Once you are finished, restore the Monica directory permissions to the nginx user.

$ sudo chown -R nginx:nginx /var/www/html/monica

Conclusion

This concludes our tutorial where you learned how to install Monica CRM software on a Rocky Linux 9 server. If you have any questions, post them in the comments below.

Share this page:

0 Comment(s)