How to Install Bolt CMS on Debian 9

Bolt CMS is a simple and flexible open source Content Management System that is written in PHP programming language and can be successfully deployed in Linux under Apache/Nginx web servers, PHP and MySQL/MariaDB database management system, also known as LAMP or LEMP stack.

In this tutorial, we’ll learn how to install and configure the latest Bolt CMS version in the Debian 9 release, on top of a LAMP stack, in order to create dynamic websites.

With Bolt CMS, you can create and design beautiful and modern dynamic portals with the latest markup languages and source libraries.

Requirements

In order to deploy a Bolt CMS website at your premises, you need to assure that some of the following requirements are met:

  • You need a dedicated physical server or a virtual machine or a VPS from a cloud provider with the latest version of Debian 9 minimal installation.
  • A static IP address configured for one of your system network interfaces cards
  • Remote or direct access to root account or to a local or remote account with sudo root privileges
  • A properly configured domain name, private or public, depending on your deployment, with the required DNS records, such as a A and CNAME records to point back to www. If you don’t have a valid or a registered domain name you can perform the installation and access the website via your server IP address
  • In order to use Bolt CMS email registration or other CMS features, you should configure a mail server at your premises (IMAP and SMTP services), although for that matter a public mail server, such as Gmail or Yahoo! can be used to achieve the same goal.

Pre-Requirements

In the first step, log in to your Debian server with root account or with an account with root privileges gained via sudo utility and install utilities such as zip, unzip (to decompress zip archives), curl and wget (download online files) and bash-completion command line auto-completer. Issue the following commands in order to install all these utilities in one-shot.

su -
apt install bash-completion zip unzip curl wget

In the next step, configure a descriptive name for your machine to reflect the destination of this server by executing the following command. Replace your hostname variable accordingly.

hostnamectl set-hostname www.myblog.com

You can check the machine hostname and the record in system hosts file by issuing the below commands.

hostnamectl
cat /etc/hostname
hostname –s
hostname –f

Before rebooting the server, first assure the system is up-to-date with the latest security patches, kernel updates, repositories and software packages by issuing the following command.

apt update
apt upgrade

After the update process completes, reboot your Debian machine in order to apply all kernel updates and the hostname changes properly.

systemctl reboot

Install Apache and PHP

As said in the introduction, Bolt CMS is a web-based content management platform that is written in PHP server-side programming language and must be deployed on top of a LAMP stack. First, we’ll start by installing Apache HTTP server and the PHP interpreter alongside some required PHP extensions that are required by Bolt CMS to properly run. To install the web server component and the PHP programming language with all required modules, issue the following command in your server console with root privileges.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-xml php7.0-cli php7.0-curl php7.0-zip php7.0-bcmath php-imagick php7.0-xmlrpc php7.0-intl

Next, check if all installed PHP modules are enabled in your system by executing the following command.

php7.0 –m

Install MariaDB

The next component that is missing is the RDBMS database. In this tutorial, we’ll install Bolt CMS with MariaDB database server as backend. Bolt CMS web application uses MariaDB database to store different website configurations, users, sessions and other various data. To install MariaDB database server and client and the PHP MySQL extension in Debian 9, issue the below command in your server console.

apt install mariadb-server mariadb-client php7.0-mysql

After MariaDB installation completes, check if the database daemon is up and running in your machine and listens for incoming connections on localhost, port 3306, by running netstat or ss command.

netstat –tlpn | grep mysql

Or

ss –tlpn | grep mysql

If netstat network utility is not install by default in your Debian system, execute the following command to install it.

apt install net-tools

By default, MySQL database server is not sufficiently secured in Debian 9. The database root account can be accessed by supplying a password. To secure the database server, first log in to MySQL console and execute the below commands to secure MariaDB root account.

mysql -h localhost
Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A


Database change
MariaDB [mysql]> update user set plugin='' where user='root';
Query OK, 1 row affected (0.00 sec)

Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> exit
Bye

After we’ve enforced the database root account to use a password, further secure MariaDB server by executing the script mysql_secure_installation provided by the installation packages from Debian stretch repositories. While running the script will ask a series of questions designed to secure MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the below command and setup a strong password for database root account and assure you type yes to all questions asked, as shown in the below excerpt.

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!


In order to log into MariaDB to secure it, we'll need the current

password for the root user. If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.


Enter current password for root (enter for none):

OK, successfully used password, moving on...


Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.


You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.


Remove anonymous users? [Y/n] y

... Success!


Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.


Disallow root login remotely? [Y/n] y

... Success!


By default, MariaDB comes with a database named 'test' that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.


Remove test database and access to it? [Y/n] y

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!


Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.


Reload privilege tables now? [Y/n] y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

After the script completes, log in to the database from console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

If the password is supplied, the login process should be granted to MySQL console, as shown in the command sample. Type exit to leave the database console.

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> exit
Bye

After all LAMP components have been installed, test if the web server is up and running and listening for network connections on port 80 by issuing the following command with root privileges.

netstat –tlpn

By inspecting the netstat command output you can see that the Apache web server is listening for incoming network connections on port 80. For the same task you can also use the ss command, which is automatically installed, by default, in Debian 9.

ss- tulpn

Configure the Firewall

In case you have a firewall enabled in your system, such as UFW firewall application, you should add a new rule to allow HTTP traffic to pass through firewall by issuing the following command.

ufw allow WWW

or

ufw allow 80/tcp

You should also allow SSH traffic to pass through UFW firewall in case of remote connections to the server.

ufw allow 22/tcp

Some system administrators prefer to use iptables raw rules to manage Firewall rules in your Debian server. If that’s the case, you need to add the following rules to allow port 80 inbound traffic on the firewall so that other visitors can browse the your website.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

In case you’re connected to Debian server remotely via SSH, you should first add the following rule to allow SSH traffic to pass through iptables firewall. Otherwise you will be locked-up, because the firewall will start dropping all incoming traffic to port 22.

iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent

After you’ve added the required firewall rules, you should test if Apache web server is reachable in your network, by opening a browser and visiting your Debian machine IP address or your domain name or server FQDN via HTTP protocol. If incoming connections are allowed to port 80 the default web page should be displayed in your clients browsers. If you don’t know your machine IP address, execute ifconfig or ip a command to reveal the IP address of your server.

http://your_domain.tld

Configure Apache and PHP

On the next step, we need to make some further changes to PHP default configuration file and modify the following PHP variables as described below. Also, make sure that the PHP timezone setting is correctly configured and matches your system geographical location. Open /etc/php/7.0/apache2/php.ini file for editing after you initially, make a backup of PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in php.ini configuration file:

file_uploads = On
memory_limit = 128M
post_max_size = 80M
upload_max_filesize = 80M
default_charset = UTF-8
short_open_tag = off
intl.error_level = 0
magic_quotes_gpc =off
register_globals = off
session.auto_start = off
date.timezone = Europe/London

Increase the upload_max_file_size variable as suitable to support large file attachments if that’s the case and replace the date.timezone variable accordingly to your geographical time by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php

In order to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, below the [opcache] statement, as detailed here:

nano /etc/php/7.0/apache2/php.ini
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

After you’ve modified all the lines described below, close the php.ini configuration file and check if the OPCache variables have been correctly added by issuing the below command.

grep opcache /etc/php/7.0/apache2/php.ini

Next, we need to enable Apache rewrite and TLS modules in order to force the visitors to securely browse the website via HTTPS protocol. The TSL module will secure the traffic between the server and your client browsers with a Self-Signed Certificate automatically issued by Apache. You should also activate Apache SSL configuration file for TLS module to work properly. Execute the following command to activate all required configurations.

a2enmod ssl rewrite
a2ensite default-ssl.conf

After we’ve enabled rewrite and TLS modules, open Apache default SSL site configuration file with a text editor and add the URL rewrite rules code lines after DocumentRoot directive, as shown in the below sample. Also, change DocumentRoot path to /var/ww/html/public.

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

DocumentRoot  /var/www/html/public
<Directory /var/www/html/public>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>

Close the SSL Apache file and also open /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the below example. Also, modify DocumentRoot path to point to /var/ww/html/public directory.

DocumentRoot  /var/www/html/public
<Directory /var/www/html/public>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>

After you’ve made all changes explained above you need to restart Apache daemon to apply all rules.

systemctl restart apache2

Finally, open a browser and visit your domain name or IP address of the server via HTTP protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, a certificate that is untrusted by the browser, an error warning should be displayed in the browser. Accept the warning in order to accept the untrusted certificate and continue to be redirected to Apache default web page.

https://yourdomain.tld

Apache cert error

If the UFW firewall application blocks incoming network connections to HTTPS port, insert a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.

ufw allow ‘WWW Full’

or

ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent

Finally, create a PHP info file in web server webroot path by executing the following command.

echo '<?php phpinfo(); ?>'| tee /var/www/html/public/info.php

Visit the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to date setting to check PHP time zone configuration. The timezone settings should reflect your PHP geographical location configured earlier.

https://domain.tld/info.php

Date setting in PHP

Next, login into MariaDB database console and create the Bolt CMS database and a user with a password that will be used to manage the website database from localhost, by issuing the following commands. Replace the database name, user and password accordingly.

mysql –u root -p
Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 305

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE bolt_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on bolt_db.* to 'bolt_user'@'localhost' identified by 'password1234';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye

Install Bolt CMS

After all system requirements are met to install the Bolt CMS application, visit Bolt official download page at https://bolt.cm/pages/download and grab the latest zip compressed archive in your system by issuing the below command.

wget https://bolt.cm/distribution/bolt-latest.zip 

After the zip archive download finishes, extract Bolt CMS zip archive file to your current working directory and list the extracted files by issuing the below commands. Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.

unzip bolt-latest.zip
ls bolt-[TAB]
rm /var/www/html/index.html
rm /var/www/html/public/info.php

The installation files for Bolt CMS are located in your current working directory in bolt-v3.4.4/ directory. Issue ls command to list this directory files. Copy all the content of the extracted directory to your web server document root path by issuing the following command. Also, make sure you copy the hidden file .htaccess to webroot path.

cp -rf bolt-v3.4.4/* /var/www/html/
cp -rf bolt-v3.4.4/.bolt.yml.dist /var/www/html/bolt.yml

Next, execute the following commands in order to grant Apache runtime user with full write permissions to the web root path. Use ls command to list permissions for application’s installed files, located in /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls -al /var/www/html/

Next, open Bolt CMS configuration file and add MySQL database connection information, as shown in the following file excerpt:

nano /var/www/html/app/config/config.yml

config.yml file sample:

database:
driver: mysql
databasename: bolt_db
username: bolt_user
password: password1234

config.yml

Save and close the Bolt CMS configuration file, enter the /var/www/html directory and install PHP Composer dependency manager software by issuing the below commands.

cd /var/www/html/
mv composer.json.dist composer.json
curl -sS https://getcomposer.org/installer | php
All settings correct for using Composer
Downloading...
Composer (version 1.5.5) successfully installed to: /var/www/html/composer.phar
Use it: php composer.phar
php7.0 composer.phar install
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 5 updates, 0 removals
- Updating league/flysystem-sftp (1.0.14 => 1.0.15): Downloading (100%)
- Updating doctrine/inflector (v1.1.0 => v1.2.0): Downloading (100%)
- Updating doctrine/collections (v1.3.0 => v1.4.0): Downloading (100%)
- Updating doctrine/annotations (v1.2.7 => v1.4.0): Downloading (100%)
- Updating doctrine/common (v2.6.2 => v2.7.3): Downloading (100%)
Writing lock file
Generating autoload files
> Bolt\Composer\ScriptHandler::updateProject
> Bolt\Composer\ScriptHandler::installAssets
Installing bolt_assets to /var/www/html/public/bolt-public

After Composer has been installed, open a browser and navigate to your server IP address or domain name via HTTPS protocol. On the first installation screen, create the first Bolt CMS username, add a strong password for this user and provide the e-mail address and the display name for Bolt admin account. When you finish, hit on Create the first user button to save changes.

Bolt CMS installer

After creating the Bolt admin username, you will be redirected to Bolt CMS admin dashboard, from where you can start further set-up of the application or add some website content.

Bolt CMS Dashboard

In order to visit Bolt CMS frontend page, open a browser and navigate to your domain name or server IP address via HTTPS protocol.

https://www.yourdomain.tld

Bolt CMS sample site

The backend admin panel of Bolt CMS can be accessed at the following URL. To log in, supply the username and password configured for the initial account during the installation process.

https://www.yourdomain.tld/bolt/login

Bolt CMS Login

Finally, to force visitors to securely browse the Bolt CMS interface via HTTPS protocol, return to your server’s console and edit the .htaccess file located in public directory document root path, by issuing the below command.

nano /var/www/html/public/.htaccess

Here, search for the line that starts with </IfModule mod_rewrite.c> opening tag and add the below lines after RewriteEngine on directive.

# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

At the bottom of the file, you can tamper PHP server settings to match your own server resources and configurations, as shown in the example below.

php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 50M
php_value post_max_size 50M

Congratulations! You have successfully installed the modern Bolt CMS application in Debian 9 server. In order to further customize the application, visit Bolt CMS documentation page at the following address: https://docs.bolt.cm/3.4/getting-started/introduction

Share this page:

Suggested articles

0 Comment(s)

Add comment