How to Install Monica Personal CRM on Rocky Linux 9
On this page
- Prerequisites
- Step 1 - Configure Firewall
- Step 2 - Install Git
- Step 3 - Install Node
- Step 4 - Install Yarn
- Step 5 - Install Nginx
- Step 6 - Install PHP and extensions
- Step 7 - Install Composer
- Step 8 - Install MariaDB
- Step 9 - Configure MariaDB
- Step 10 - Downloading Monica
- Step 11 - Installing Monica
- Step 12 - Install SSL
- Step13 - Configure SELinux
- Step 14 - Configure PHP-FPM
- Step 15 - Configure Nginx
- Step 16 - Access Monica CRM
- Step 17 Set up Cron
- Step 18 - Update Monica CRM
- Conclusion
Conventionally, Customer Relationship Management (CRM) software is made for businesses to manage their customers. CRM software helps businesses to gather data from customers and provide assistance via various means of communication.
Monica Personal CRM, however, is aimed at individuals and their relationships with their family and friends. Monica CRM helps in organizing and storing everything that there is to about the people around you. It is open-source and completely free to use.
In this tutorial, you will learn how to install Monica Personal CRM on a Rocky Linux 9 server.
Prerequisites
-
A server running Rocky Linux 9 with a minimum of 1.5 GB of RAM. If your server has less than 1.5 GB of RAM, the Yarn installation tasks will most likely fail. Upgrade to a server with better RAM before proceeding with this tutorial to ensure a smooth installation.
-
A non-root user with sudo privileges.
-
A Fully Qualified Domain Name (FQDN) like
monica.example.com
pointing to your server. -
An SMTP account with an email service like Amazon SES or Mailgun.
-
Everything is updated.
$ sudo dnf update
-
A few essential packages are required for the tutorial and Monica CRM to run. Some of these will already be on your server.
$ sudo dnf install wget curl nano unzip yum-utils policycoreutils-python-utils -y
Step 1 - Configure Firewall
The first step is to configure the firewall. Rocky Linux uses Firewalld Firewall. Check the firewall's status.
$ sudo firewall-cmd --state running
The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.
$ sudo firewall-cmd --permanent --list-services
It should show the following output.
cockpit dhcpv6-client ssh
Allow HTTP and HTTPS ports.
$ sudo firewall-cmd --permanent --add-service=http $ sudo firewall-cmd --permanent --add-service=https
Recheck the status of the firewall.
$ sudo firewall-cmd --permanent --list-services
You should see a similar output.
cockpit dhcpv6-client http https ssh
Reload the firewall to enable the changes.
$ sudo firewall-cmd --reload
Step 2 - Install Git
Git comes usually pre-installed with Rocky Linux 9 but in case it is not installed, run the following command to install it.
$ sudo dnf install git -y
Check Git's version.
$ git --version git version 2.39.3
Run the following commands to configure Git to add your name and email address to it.
$ git config --global user.name "Your Name" $ git config --global user.email "[email protected]"
Step 3 - Install Node
Monica CRM needs Node.js to work.
$ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
Install the Nodesource RPM package. The current Node LTS version is 20.x but it doesn't work with the Yarn package manager therefore we have set it to 18.x for now.
$ NODE_MAJOR=18 $ sudo yum install https://rpm.nodesource.com/pub_$NODE_MAJOR.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm -y
Install Node.js.
$ sudo yum install nodejs -y --setopt=nodesource-nodejs.module_hotfixes=1
Confirm if it is installed properly.
$ node --version v18.18.2
Update NPM.
$ sudo npm install -g npm@latest
Verify the NPM version.
$ npm --version 10.2.4
Step 4 - Install Yarn
Yarn is another Javascript package manager that is needed by Monica CRM along with Node.js. The usual method of installing Yarn is to install it globally. This ensures all testing and automation tools in a project use the same version of Yarn, preventing inconsistency.
Install Yarn using the following command.
$ sudo npm install --global yarn
Verify Yarn installation.
$ yarn --version 1.22.21
Step 5 - Install Nginx
Rocky Linux 9 ships with an older version of Nginx. To install the latest version, you need to download the official Nginx repository.
Create and open the file /etc/yum.repos.d/nginx.repo
for editing.
$ sudo nano /etc/yum.repos.d/nginx.repo
Paste the following code in it.
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
Once you are finished, save the file by pressing Ctrl + X and entering Y when prompted.
Install Nginx.
$ sudo dnf install nginx -y
Verify the installation.
$ nginx -v nginx version: nginx/1.24.0
Enable and start the Nginx server service.
$ sudo systemctl enable nginx --now
Check the service status.
$ sudo systemctl status nginx ? nginx.service - nginx - high performance web server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled) Active: active (running) since Thu 2023-11-23 01:10:33 UTC; 1s ago Docs: http://nginx.org/en/docs/ Process: 4560 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS) Main PID: 4561 (nginx) Tasks: 2 (limit: 10841) Memory: 1.9M CPU: 11ms CGroup: /system.slice/nginx.service ??4561 "nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf" ??4562 "nginx: worker process"
Open your server's IP address in your web browser. You should see the following page which means your server is up and running.
Step 6 - Install PHP and extensions
Rocky Linux 9 ships with PHP 8.1 by default. To always stay on the latest version of PHP or if you want to install multiple versions of PHP, we need to use the REMI repository.
The first step is to grab the Epel repository.
$ sudo dnf install epel-release -y
Next, install the Remi repository.
$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
Check for available PHP streams.
$ dnf module list php -y Name Stream Profiles Summary php 8.1 common [d], devel, minimal PHP scripting language Remi's Modular repository for Enterprise Linux 9 - x86_64 Name Stream Profiles Summary php remi-7.4 common [d], devel, minimal PHP scripting language php remi-8.0 common [d], devel, minimal PHP scripting language php remi-8.1 common [d], devel, minimal PHP scripting language php remi-8.2 common [d], devel, minimal PHP scripting language php remi-8.3 common [d], devel, minimal PHP scripting language Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
The default version is 8.1. Enable Remi's PHP 8.2 repository.
$ sudo dnf module reset php -y $ sudo dnf module enable php:remi-8.2
Install PHP and its extensions.
$ sudo dnf install php php-bcmath php-cli php-curl php-common \ php-fpm php-gd php-gmp php-intl php-mbstring \ php-mysql php-opcache php-redis php-xml php-zip -y
Check the version of PHP installed.
$ php --version PHP 8.2.13 (cli) (built: Nov 21 2023 09:55:59) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.2.13, Copyright (c) Zend Technologies with Zend OPcache v8.2.13, Copyright (c), by Zend Technologies
Enable and start the PHP-FPM service.
$ sudo systemctl enable php-fpm --now
Check the status of the service.
$ sudo systemctl status php-fpm ? php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled) Active: active (running) since Thu 2023-11-23 01:21:11 UTC; 1s ago Main PID: 5643 (php-fpm) Status: "Ready to handle connections" Tasks: 6 (limit: 10841) Memory: 15.7M CPU: 85ms CGroup: /system.slice/php-fpm.service ??5643 "php-fpm: master process (/etc/php-fpm.conf)" ??5644 "php-fpm: pool www" ??5645 "php-fpm: pool www" ??5646 "php-fpm: pool www" ??5647 "php-fpm: pool www" ??5648 "php-fpm: pool www"
Step 7 - Install Composer
Composer acts as a dependency manager for PHP. It is also the dependency manager of the Laravel PHP framework, which is what powers Monica CRM.
Download the Composer installation script.
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
Verify the downloaded installer.
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
You will receive the following output.
Installer verified
Run the installation script to download the latest version of Composer.
$ php composer-setup.php
Remove the installation script.
$ php -r "unlink('composer-setup.php');"
Move the downloaded binary file to the /usr/local/bin
directory.
$ sudo mv composer.phar /usr/local/bin/composer
Confirm the installation.
$ composer --version Composer version 2.6.5 2023-10-06 10:11:52
Step 8 - Install MariaDB
MariaDB is a drop-in replacement for MySQL which means commands to run and operate MariaDB are the same as those for MySQL.
Rocky Linux 9 by default ships with MariaDB 10.5.22 which is a bit outdated. To get the latest stable version of MariaDB, you need to use the official repository.
Create MariaDB's repository file and open it for editing.
$ sudo nano /etc/yum.repos.d/mariadb.repo
Paste the following code in it.
[mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.11/rhel9-amd64 module_hotfixes=1 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
Once you are finished, save the file by pressing Ctrl + X and entering Y when prompted.
Issue the following command to install the MariaDB server. Notice how the package name is capitalized. The official MariaDB package that Rocky Linux ships is named simply mariadb-server
. Make sure you don't mix up the two.
$ sudo dnf install MariaDB-server -y
Check if MariaDB is installed correctly.
$ mysql --version
You should see the following output.
mysql Ver 15.1 Distrib 10.11.6-MariaDB, for Linux (x86_64) using EditLine wrapper
You can also use mariadb --version
to check the version.
Start and Enable the MariaDB service.
$ sudo systemctl enable --now mariadb
MariaDB service is already enabled and running. Check its status using the following command.
$ sudo systemctl status mariadb ? mariadb.service - MariaDB 10.11.6 database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled) Drop-In: /etc/systemd/system/mariadb.service.d ??migrated-from-my.cnf-settings.conf Active: active (running) since Thu 2023-11-23 01:23:52 UTC; 2s ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Process: 6831 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 6832 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR > Process: 6850 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Main PID: 6840 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 10 (limit: 10841) Memory: 193.1M CPU: 162ms CGroup: /system.slice/mariadb.service ??6840 /usr/sbin/mariadbd
Run the following command to perform default configuration such as giving a root password, removing anonymous users, disallowing root login remotely, and dropping test tables.
$ sudo mariadb-secure-installation
You will be asked for your root password. Since we don't have any root password set, press the Enter key to proceed.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): [PRESS ENTER] OK, successfully used password, moving on...
Next, you will be asked if you want to switch to the unix_socket
plugin. The unix_socket
plugin allows you to log in to MariaDB with your Linux user credentials. Choose n
to skip switching to it since you already have a protected root
account.
Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] n ... skipping.
Next, you will be asked if you want to change your root password. On Rocky Linux 9, the root account for MariaDB is tied closely to automated system maintenance, so you should not change the configured authentication methods for the account. Doing so would allow a package update to break the database system by removing access to the administrative account. Type n
to proceed.
You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping.
From here on, press y
and then Enter
to accept defaults for all the following questions. This will remove access to anonymous users, test databases, disable remote root login, and load the changes.
By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
That's it. Next time you want to log in to the MariaDB shell, use the following command.
$ sudo mysql
Enter your Linux root password when prompted.
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.11.6-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
Press exit
to close the MariaDB shell.
Step 9 - Configure MariaDB
Log in to the MariaDB shell.
$ sudo mysql
Create a new MySQL database, database user, and password for your Monica CRM installation.
MariaDB> CREATE DATABASE monica CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; MariaDB> CREATE USER 'monicauser'@'localhost' IDENTIFIED BY 'yourpassword'; MariaDB> GRANT ALL PRIVILEGES ON monica.* TO 'monicauser'@'localhost';
Replace monica
, monicauser
and yourpassword
with the credentials of your choice. Choose a strong password.
Also, create an administrative user with the same capabilities as the root account.
MariaDB> GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Flush the privileges to ensure that they are saved in the current session.
MariaDB> FLUSH PRIVILEGES;
Exit the MariaDB shell.
MariaDB> exit
Step 10 - Downloading Monica
Create the web root directory for Monica CRM.
$ sudo mkdir /var/www/html/monica -p
Set the currently logged-in user as the owner of this directory.
$ sudo chown -R $USER:$USER /var/www/html/monica
Switch to the directory.
$ cd /var/www/html/monica
Clone the official Monica Github repository at this location. Notice the dot(.
) at the end of the command which means clone Monica to the current directory instead of a sub-directory.
$ git clone https://github.com/monicahq/monica.git .
Grab the latest data from GitHub.
$ git fetch
Checkout the latest version of Monica. To choose the latest version, check the Monica releases page. At the time of writing this tutorial, the latest available version is 4.0.0. Substitute 4.0.0 with the version you are installing in the command below.
$ git checkout tags/v4.0.0
You will get the following output.
Note: switching to 'tags/v4.0.0'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example: git switch -c <new-branch-name> Or undo this operation with: git switch - Turn off this advice by setting config variable advice.detachedHead to false HEAD is now at e1a3e1315 build: delete heroku workflow (#6540)
Step 11 - Installing Monica
Make sure you are in the root directory for Monica.
$ cd /var/www/html/monica
Copy the sample environment variable file to create one for configuring Monica CRM.
$ cp .env.example .env
Change the following values as shown. Set the APP_ENV
variable to production
. This will enforce the HTTPS protocol. Set the APP_URL
variable to your Monica's domain name along with HTTPS protocol. Set the database credentials as created in the previous step. In our tutorial, we are using Amazon's SES SMTP service. Enter the details for the service you are going to use. If you are not going to use any, you can skip filling those fields.
APP_ENV=production ... APP_URL=https://monica.example.com ... DB_DATABASE=monicadb DB_USERNAME=monicauser DB_PASSWORD=YourPassword23! ... MAIL_MAILER=smtp MAIL_HOST=email-smtp.us-west-2.amazonaws.com MAIL_PORT=587 MAIL_USERNAME=SESID MAIL_PASSWORD=SESKey MAIL_ENCRYPTION=tls # Outgoing emails will be sent with these identity [email protected] MAIL_FROM_NAME="Monica CRM" # New registration notification sent to this email [email protected] ...
Once finished, save the file by pressing Ctrl + X and entering Y when prompted.
Install all required packages for Monica using Composer.
$ composer install --no-interaction --no-dev
Use Yarn to install frontend packages and build the assets (JS, CSS, and fonts).
$ yarn install $ yarn run production
Generate the APP_KEY
value and fill it automatically in the .env
file. You will be prompted with a yes or no question on whether to proceed. Type yes to proceed.
$ php artisan key:generate
Issue the following command to run migrations, seed the database, and create symlink directories. You will be prompted with a yes or no question on whether to proceed. Type yes to proceed. Enter your required email address and password to create a default user and use those values in the command.
$ php artisan setup:production [email protected] --password=yourpassword -v
You will receive the following output notifying you about the successful installation.
Monica v4.0.0 is set up, enjoy. ? Filling database INFO Seeding database. ----------------------------- | | Welcome to Monica v4.0.0 | ----------------------------- | You can now sign in to your account: | username: [email protected] | password: <hidden> | URL: https://monica.example.com ----------------------------- Setup is done. Have fun.
Step 12 - Install SSL
We need to install Certbot to generate the SSL certificate. We will use the Snapd package installer for that. Since Rocky Linux doesn't ship with it, install the Snapd installer. It requires the EPEL (Extra Packages for Enterprise Linux) repository to work. But since we already installed it in step 3, we can directly move ahead.
Install Snapd.
$ sudo dnf install -y snapd
Enable and Start the Snap service.
$ sudo systemctl enable snapd --now
Install the Snap core package, and ensure that your version of Snapd is up to date.
$ sudo snap install core && sudo snap refresh core
Create necessary links for Snapd to work.
$ sudo ln -s /var/lib/snapd/snap /snap $ echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' | sudo tee -a /etc/profile.d/snapd.sh
Install Certbot.
$ sudo snap install --classic certbot
Use the following command to ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin
directory.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Verify if Certbot is functioning correctly.
$ certbot --version certbot 2.7.4
Run the following command to generate an SSL Certificate.
$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d monica.example.com
The above command will download a certificate to the /etc/letsencrypt/live/monica.example.com
directory on your server.
Generate a Diffie-Hellman group certificate.
$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
Check the Certbot renewal scheduler service.
$ sudo systemctl list-timers
You will find snap.certbot.renew.service
as one of the services scheduled to run.
NEXT LEFT LAST PASSED UNIT ACTIVATES --------------------------------------------------------------------------------------------------------------------------- Thu 2023-11-23 02:34:37 UTC 45min left Thu 2023-11-23 00:57:54 UTC 51min ago dnf-makecache.timer dnf-makecache.service Thu 2023-11-23 08:49:00 UTC 6h left - - snap.certbot.renew.timer snap.certbot.renew.service Fri 2023-11-24 00:00:00 UTC 22h left Thu 2023-11-23 00:30:29 UTC 1h 18min ago logrotate.timer logrotate.service
Do a dry run of the process to check whether the SSL renewal is working fine.
$ sudo certbot renew --dry-run
If you see no errors, you are all set. Your certificate will renew automatically.
Step13 - Configure SELinux
Change the file security context for OpenEMR.
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/monica(/.*)?"
Apply the policy.
$ sudo restorecon -Rv /var/www/html/monica/
Apply the policy to allow Nginx to give access to MariaDB.
$ sudo setsebool -P httpd_can_network_connect_db 1
Apply the policy to allow connections to be made to outside hosts. This is needed for sending emails.
$ sudo setsebool -P httpd_can_network_connect 1
With MariaDB 10.11, you will face another issue which is that SELinux prevents PHP-FPM from connecting to MariaDB. That can be solved by installing an SELinux module. The first step is to create a type enforcement
file.
Create the file my-phpfpm.te
in your home directory and open it for editing.
$ cd ~ $ nano my-phpfpm.te
Paste the following code in it.
module my-phpfpm 1.0; require { type unconfined_service_t; type httpd_t; type httpd_sys_content_t; class dir write; class unix_stream_socket connectto; } #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_content_t:dir write; #!!!! This avc is allowed in the current policy allow httpd_t unconfined_service_t:unix_stream_socket connectto;
Save the file by pressing Ctrl + X and entering Y when prompted.
The next step is to convert it into a policy module using the following command. Don't modify the filename in the command otherwise, it won't work. The module is named my-phpfpm
and the file name should be the same as the module name.
$ sudo checkmodule -M -m -o my-phpfpm.mod my-phpfpm.te
Next, we need to compile the policy module to create a policy package.
$ sudo semodule_package -o my-phpfpm.pp -m my-phpfpm.mod
The final step is to load the policy package using the semodule
command which installs the policy to be used.
$ sudo semodule -i my-phpfpm.pp
Step 14 - Configure PHP-FPM
Open php.ini
for editing.
$ sudo nano /etc/php.ini
To set file upload sizes, change the values of the upload_max_filesize
and post_max_size
variables. This value decides the size of the file you can upload to Monica. By default, it is set at 10MB which is what we will configure with PHP.
$ sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php.ini $ sudo sed -i 's/post_max_size = 8M/post_max_size = 10M/' /etc/php.ini
Configure PHP's memory limit depending on your server resources and requirements.
$ sudo sed -i 's/memory_limit = 128M/memory_limit = 256M/' /etc/php.ini
Open the file /etc/php-fpm.d/www.conf
.
$ sudo nano /etc/php-fpm.d/www.conf
We need to set the Unix user/group of PHP processes to nginx. Find the user=apache
and group=apache
lines in the file and change them to nginx
.
... ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache user chosen to provide access to the same directories as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx ...
Find the listen.owner = nobody
, listen.group = nobody
, listen.mode = 0660
lines in the file and change them as follows after uncommenting them.
; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. The owner ; and group can be specified either by name or by their numeric IDs. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = nginx listen.group = nginx listen.mode = 0660
Save the file by pressing Ctrl + X and entering Y when prompted.
Restart the PHP-fpm process. Make sure you have Nginx installed before restarting the PHP service otherwise, it will fail since it won't be able to find the nginx
group.
$ sudo systemctl restart php-fpm
Change the group of the PHP sessions directory to Nginx.
$ sudo chgrp -R nginx /var/lib/php/session
Step 15 - Configure Nginx
Allow Nginx access to the Monica root directory.
$ sudo chown -R nginx:nginx /var/www/html/monica
Set the correct directory permissions on the storage
directory.
$ sudo chmod -R 775 /var/www/html/monica/storage
Open the file /etc/nginx/nginx.conf
for editing.
$ sudo nano /etc/nginx/nginx.conf
Add the following line before the line include /etc/nginx/conf.d/*.conf;
.
server_names_hash_bucket_size 64;
Save the file by pressing Ctrl + X and entering Y when prompted.
Create and open the file /etc/nginx/conf.d/monica.conf
for editing.
$ sudo nano /etc/nginx/conf.d/monica.conf
Paste the following code in it. Replace monica.example.com
with your domain name. Make sure the value of the client_max_body_size
is set to 10MB which is what the default upload size of files in Monica is. It is the same value we configured with PHP earlier.
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name monica.example.com; root /var/www/html/monica/public; index index.php; client_max_body_size 10M; access_log /var/log/nginx/monica.access.log; error_log /var/log/nginx/monica.error.log; ssl_certificate /etc/letsencrypt/live/monica.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/monica.example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/monica.example.com/chain.pem; ssl_session_timeout 5m; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; ssl_stapling on; ssl_stapling_verify on; ssl_dhparam /etc/ssl/certs/dhparam.pem; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_keep_conn on; include fastcgi_params; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } # enforce HTTPS server { listen 80; listen [::]:80; server_name monica.example.com; return 301 https://$host$request_uri; }
Save the file by pressing Ctrl + X and entering Y when prompted.
Verify your Nginx configuration.
$ sudo nginx -t
Restart the Nginx server.
$ sudo systemctl restart nginx
Step 16 - Access Monica CRM
Open the URL https://monica.example.com
in your browser and you will be taken to the login page as shown below.
Enter the email and password you configured in step 12 and press the Login button to proceed. You will be taken to the welcome screen from where you can start using the application.
Step 17 Set up Cron
Monica CRM requires several background processes to ensure its smooth running. This is managed using Cron functionality. To do this, set up a cron that will run every minute to run the php artisan schedule:run
command.
Run the crontab editor. We are passing nginx
as the user as it has access to the /var/www/html/monica
directory. We are passing nano as the editor choice in the command itself which is the easiest way to get going.
$ sudo editor=NANO crontab -u nginx -e
Next, you will be taken to the crontab editor. Paste this line at the bottom of the file.
* * * * * php /var/www/html/monica/artisan schedule:run >> /dev/null 2>&1
Save the file by pressing Ctrl + X and entering Y when prompted. That's it. Monica's scheduled tasks will be run regularly using cron functionality.
Step 18 - Update Monica CRM
The first step to backing up the Monica CRM is to make sure it's backed up. You can back up the SQL from the settings page. Click the Settings icon on the top right of the dashboard to open the Account settings page. Next, open the Export data page from the left menu.
Click the Export to SQL button to export the database. There is an Export to Json option as well which backups a lot more than just the SQL but there is no way to import it. You will probably see the status as failed for both exports but if you browse the directory /var/www/html/monica/storage/app/public/exports
on your server, you should see both files.
$ ls /var/www/html/monica/storage/app/public/exports -al total 84 drwxr-xr-x 2 nginx nginx 4096 Nov 22 09:47 . drwxrwxr-x 4 nginx nginx 4096 Nov 22 09:47 .. -rw-r--r-- 1 nginx nginx 53712 Nov 22 09:47 cvlK5RAl7VVLdYLplnSZ8SFGHHwDZy9cjRhtoOWB.json -rw-r--r-- 1 nginx nginx 17050 Nov 22 09:47 dgZf5T0SnXeAuZ67HfaFLu2JosyUsByJcp2C8nlv.sql
Now that we have backed up the data, time to update.
Switch to the Monica directory.
$ cd /var/www/html/monica
Since the directory's permissions are set to nginx
, we will need to use sudo
to run any commands. But it is better to switch the permissions temporarily instead of using sudo
which is what we will do.
$ sudo chown -R $USER:$USER /var/www/html/monica
Fetch the latest Git changes.
$ git fetch
Clone the desired version. For our tutorial, we are referring to the beta version. Don't use it on a production server.
$ git checkout tags/v5.0.0-beta.3
Update the dependencies.
$ composer install --no-interaction --no-dev
Install the frontend packages.
$ yarn install
Build the JavaScript and CSS assets.
$ yarn run production
Run the following command to update the instance. This runs migration scripts for the database, and flushes all caches for config, route, and view as an optimization process.
$ php artisan monica:update --force
If you want to restore the SQL database to a different Monica instance, make sure your instance is completely empty which means no tables and no data. Once you have ensured that, run the following command to start the database migration process.
$ php artisan migrate
Next, import the monica.sql
file using the following command.
$ sudo mysqlimport -u monicauser -p monica /var/www/html/monica/storage/app/public/exports/dgZf5T0SnXeAuZ67HfaFLu2JosyUsByJcp2C8nlv.sql
You will be prompted for your Monica user DB password configured earlier. Next, log in to the instance using the credentials used on the older instance.
Once you are finished, restore the Monica directory permissions to the nginx
user.
$ sudo chown -R nginx:nginx /var/www/html/monica
Conclusion
This concludes our tutorial where you learned how to install Monica CRM software on a Rocky Linux 9 server. If you have any questions, post them in the comments below.