Home / How To / How to install Vanila Forum and secure it with Let & # 39; s Encrypt on CentOS 8

How to install Vanila Forum and secure it with Let & # 39; s Encrypt on CentOS 8



Vanilla is a free, open source and flexible community software that can be used to build your own forum website. It is an easy and multilingual forum solution that helps you set up an online community in minutes. It is written in PHP and comes with lots of add-ons and themes. It is packed with premium features and is used by top brands to engage customers, drive loyalty and reduce support costs.

In this tutorial, we will teach you how to install Vanilla forums on CentOS 8 and secure it with Let & # 39; s Encrypt SSL. [1

9659003] Prerequisites
  • A server running CentOS 8.
  • A root password is set on your server.

Installing LEMP server

First you need to install Nginx web server, MariaDB database server, PHP and other necessary PHP extensions in your system. You can run the following command to install them all:

  dnf install nginx mariadb server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php -pear php-openssl php-intl unzip -y 

After installing all packages, start Nginx, PHP-FPM and MariaDB service and enable them to start after system startup with the following command:

  systemctl start nginx 
systemctl start php-fpm
systemctl start mariadb
systemctl enable nginx
systemctl enable php-fpm
systemctl enable mariadb

Configure MariaDB Database

Before you start, it's a good idea to to secure your MariaDB. You can secure it with the following script:

  mysql_secure_installation 

Answer all the questions shown below:

  Enter the current root password (specify for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Delete anonymous users? [Y/n] Y
Remove root login remotely? [Y/n] Y
Delete the test database and access it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

After securing MariaDB, log in to the MariaDB shell with the following command:

  mysql -u root -p 

Enter your MariaDB root password and create a database and user for Vanilla with the following command: [19659008] MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> CREATE USER & # 39; vanilla & # 39; @ & # 39; localhost & # 39; IDENTIFIED BY & # 39; password & # 39 ;;

You then grant all privileges to the Vanilla database with the following command:

  MariaDB [(none)]> GIVE ALL PRIVILEGES ON the vanilla database. * ON & # 39; vanilla & # 39; @ & # 39; localhost & # 39 ;; 

Then flush the privileges and exit from the MariaDB shell with the following command:

  MariaDB [(none)]> FLUSH PRIVILEGES; 
MariaDB [(none)]> EXIT;

Download Vanilla Forum

You can download the latest stable version of the Vanilla Forum from its official website with the following command:

  wget htt ps: //open.vanillaforums.com/get/vanilla-core -3.3.zip 

After downloading, package the downloaded file with the following command:

  unzip vanilla-core-3.3.zip 

Next, move the extracted directory to the Nginx web directory using the following command: [19659007] mv-package / var / www / html / vanilla

Then you change the ownership of the vanilla directory to Nginx:

  chown -R nginx: nginx / var / www / html / vanilla 

When you are done you can Proceed to the next step.

Configuring PHP-FPM Pool

By default, PHP-FPM is configured for Apache. Here we will use Nginx as a web server. So you need to configure PHP-FPM for Nginx. You can do this by editing the /etc/php-fpm.d/www.conf:ebrit19659008achtenano /etc/php-fpm.d/www.conf file Chapter19659009 ?? Change the following lines:

  user = nginx
group = nginx

Save and close the file when you are done. Then create a session directory for PHP and change its ownership:

  mkdir -p / var / lib / php / session 
chown -R nginx: nginx / var / lib / php / session

Next, restart PHP -FPM service to apply the changes:

  systemctl restart php-fpm 

Configure Nginx for Vanilla

Then create a new virtual Nginx host file to serve Vanilla forums.

  nano /etc/nginx/conf.d/vanilla.confebrit19659009vardAdd the following lines: 

  server {

listen 80;
server name vanilla.linuxbuz.com;
root / var / www / html / vanilla;
index index.php;

location ~ * /.git {deny all; return 403; }
place / build / {deny all; return 403; }
location / cache / {deny all; return 403; }
location / cgi-bin / {deny all; return 403; }
location / uploads / import / {deny all; return 403; }
place / conf / {deny all; return 403; }
location / tests / {deny all; return 403; }
location / provider / {deny everyone; return 403; }

location ~ * ^ / index  .php (/ | $) {
fastcgi_split_path_info ^ (. + . php) (/.+) $;
try_files $ fastcgi_script_name = 404;
set $ path_info $ fastcgi_path_info;
fastcgi_param PATH_INFO $ path_info;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $ realpath_root / index.php;
fastcgi_param X_REWRITE 1;
fastcgi_pass unix: /var/run/php-fpm/www.sock;
}

location ~ *  .php (/ | $) {
write about ^ /index.php$uri last;
}
location / {
try_files $ uri $ uri / @vanilla;
}

location @vanilla {
write about ^ /index.php$uri last;
}

}

Save and close the file when you are done. Then restart the Nginx service to apply the changes:

  systemctl restart nginx 

Secure Vanilla with Let & # 39; s Encrypt SSL

Then you must install the Certbot utility in your system to download and install Let's Encrypt SSL for your Vanilla site.

You can install the Certbot client with the following command:

  wget https://dl.eff.org/certbot-auto Chapter19459022 1988mv certbot-auto / usr / local / bin / certbot-auto 
chown root / usr / local / bin / certbot-auto
chmod 0755 / usr / local / bin / certbot-auto

Then download and install an SSL certificate for your Vanilla site with the following command:

  certbot-auto --nginx -d vanilla.linuxbuz.com 

The above command first installs all the necessary dependencies on your server. Once installed, you will be prompted to enter an email address and accept the service shown below.
Selected plugins: Authenticator nginx, installer nginx
Enter Email Address (Used for Emergency Renewal and Security Messages) (Enter & # 39; c & # 39; to

cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Read the terms of use at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree to register on the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A) gree / (C) ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Should you be willing to share your email address with Electronic Frontier
Foundation, a founding partner of Let & # 39; s Encrypt project and the nonprofit
organization developing Certbot? We want to send an e-mail about our work
web encryption, EFF news, campaigns and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y) es / (N) o: Y

Get a new certificate
Perform the following challenges:
http-01 challenge for vanilla.linuxbuz.com
Waiting for verification ...
Cleaning of challenges
Distribute certificates to VirtualHost /etc/nginx/conf.d/vanilla.conf

Choose whether or not to redirect HTTP traffic to HTTPS as shown below:

  Select whether to redirect HTTP traffic to HTTPS or remove HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No Redirect - Do not make any further changes to the web server configuration.
2: Redirect - Makes all requests redirect to secure HTTPS access. Select this for

new websites, or if you are sure your site is working on HTTPS. You can undo this
change by editing your web server configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] and then [enter] (press & # 39; c & # 39; to cancel): 2

Type 2 and hit Enter to continue. When the installation is successfully completed you should get the following output:

  Redirect all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have enabled https://vanilla.linuxbuz.com

You should test your configuration on:
https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved to:
/etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem
Your key file has been saved to:
/etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem
Your certificate expires on 2020-06-11. To get a new or fine tuned
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. Not to renew * everything *
of your certificates, run "certbot-auto-renewal"
- If you like Certbot, you can consider supporting our work by:

Donate to ISRG / Let & # 39; s Encrypt: https://letsencrypt.org/donate
Donate to EFF: https://eff.org/donate-le

Configuring SELinux and Firewall

By default, SELinux is enabled in CentOS 8. So you have to configure it for your Vanilla forum site.

You can configure SELinux with the following command:

  setsebool httpd_can_network_connect on -P 
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r / var / www / html / vanilla

Then allow port 80 and 443 through the firewall with the following command:

  firewall-cmd --permanent --add-service = http 
  firewall-cmd --permanent --add-service = https 
firewall-cmd - reload

When you're done, you can move on to the next step.

Open Vanilla Forum

Open your browser and visit the URL https://vanilla.linuxbuz.com . You will be redirected to the following page:

 Database Settings

 Application Settings


Source link