Install Magento with Nginx and Let’s Encrypt on Ubuntu 16.04 | 18.04

Magento — an open-source e-Commerce platform written in PHP for professionals and businesses who want to manage their online stores… You should probably get it if you want to your stores to be successful online..

However, when running an online store, please make sure to run it over HTTPS… That’s because stores that run HTTPS compliant sites do better than those that do not..

Also, Google and other search engines rank HTTPS website better than HTTP, you should always setup your sites with HTTPS…

This brief tutorial will show students and new user a step by step guide on how to setup Magento websites with Nginx and use Let’s Encrypt free SSL/TLS certificates and security features to help improve their websites performance and protect against malicious actors..

This setup might take a while to complete and the process below should work on other websites as well… It doesn’t have to be Magento… This setup should work on other CMSes and plain HTML sites out of the box…When you’re ready to setup Magento and Let’s Encrypt, follow the steps below:

Step 0: Get your Domain Name

Let’s Encrypt works with valid domain and a working server that the domain is pointing to… This setup assumes that your domain name is called example.com and is pointing to your server with IP address 192.168.1.2

Don’t forget to also make sure www CNAME is pointing to the domain name…. Should look like something below:

example.com        A       ==========>    192.168.1.2
www               CNAME    ==========>    example.com

Step 1: Install and Configure Magento

Now that you’ve configured your domain to point to your server, continue below to setting up Magento and Let’s Encrypt…

First install Nginx HTTP server since we’re using Nginx for this post.. To install Nginx server, run the commands below:

sudo apt update
sudo apt install nginx

After installing Nginx, the commands below can be used to stop, start and enable Nginx service to always start up with the server boots…

sudo systemctl stop nginx.service
sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Now that Nginx is installed…. to test whether the web server is working, open your browser and browse to the URL below…

https://localhost

nginx default home page test

If you see the page above, then Nginx is successfully installed…

Step 2: Install MariaDB Database Server

Magento also requires a database server to store its content… If you’re looking for a truly open source database server, then MariaDB is a great place to start… To install MariaDB run the commands below:

sudo apt-get install mariadb-server mariadb-client

After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots…

Run these on Ubuntu 16.04 LTS

sudo systemctl stop mysql.service
sudo systemctl start mysql.service
sudo systemctl enable mysql.service

Run these on Ubuntu 19.04 and 18.04 LTS

sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation…

sudo mysql_secure_installation

When prompted, answer the questions below by following the guide.

  • Enter current password for root (enter for none): Just press the Enter
  • Set root password? [Y/n]: Y
  • New password: Enter password
  • Re-enter new password: Repeat password
  • Remove anonymous users? [Y/n]: Y
  • Disallow root login remotely? [Y/n]: Y
  • Remove test database and access to it? [Y/n]:  Y
  • Reload privilege tables now? [Y/n]:  Y

Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below…

sudo mysql -u root -p

type the root password when prompted…

mariadb welcome

If you see a similar screen as shown above, then the server was successfully installed…

Step 3: Install PHP 7.2-FPM and Related Modules

Magento CMS is a PHP based CMS and PHP is required… However, PHP 7.2-FPM may not be available in Ubuntu default repositories… To run PHP 7.2-FPM on Ubuntu 16.04 and previous, you may need to run the commands below:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php

Then update and upgrade to PHP 7.2-FPM

sudo apt update

Next, run the commands below to install PHP 7.2-FPM and related modules.

sudo apt install php7.2-fpm php7.2-common php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-xsl php7.2-bcmath php7.2-soap php7.2-gd php7.2-xml php7.2-cli php7.2-zip

After installing PHP 7.2, run the commands below to open PHP default configuration file for Nginx…

sudo nano /etc/php/7.2/fpm/php.ini

The lines below is a good settings for most PHP based CMS… Update the configuration file with these and save….

file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

Everytime you make changes to PHP configuration file, you should also restart Nginx web server… To do so, run the commands below:

sudo systemctl restart nginx.service

Now that PHP is installed, to test whether it’s functioning, create a test file called phpinfo.php in Nginx default root directory…. ( /var/www/html/)

sudo nano /var/www/html/phpinfo.php

Then type the content below and save the file.

<?php phpinfo( ); ?>

Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php

http://localhost/phpinfo.php

You should see PHP default test page…

PHP Test Page

Step 4: Create Magento Database

Now that you’ve installed all the packages that are required for Magento to function, continue below to start configuring the servers. First run the commands below to create a blank Magento database.

To logon to MariaDB database server, run the commands below.

sudo mysql -u root -p

Then create a database called magento

CREATE DATABASE magento;

Create a database user called magentouser with a new password

CREATE USER 'magentouser'@'localhost' IDENTIFIED BY 'new_password_here';

Then grant the user full access to the database.

GRANT ALL ON magento.* TO 'magentouser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Finally, save your changes and exit.

FLUSH PRIVILEGES;
EXIT;

Step 5: Download Magento Latest Release

To get Magento 2 latest release you may want to use Github repository… Install Composer, Curl and other dependencies to get started…

sudo apt install curl git
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

After installing curl and Composer above, change into the Nginx root directory and download Magento 2 packages from Github…

When prompted, enter your authentication keys. Your public key is your username; your private key is your password….  ( https://marketplace.magento.com/customer/accessKeys/ )

You’ll have to register for an account to create the key above….

cd /var/www/html
sudo composer create-project --repository=https://repo.magento.com/ magento/project-community-edition example.com

Copy and paste the authentication key… (Your public key is your username; your private key is your password)

Output:
Authentication required (repo.magento.com):
Username: 234f2343435d190983j0ew8u3220
Password: 
Do you want to store credentials for repo.magento.com in /opt/magento/.config/composer/auth.json ? [Yn] Y

After downloading Magento packages, run the commands below to install Magento 2 with the following options:

cd /var/www/html/example.com
sudo bin/magento setup:install --base-url-secure=https://example.com/ --db-host=localhost --db-name=magento --db-user=magentouser --db-password=new_password_here --admin-firstname=Admin --admin-lastname=User --admin-email=admin@example.com --admin-user=admin --admin-password=admin123 --language=en_US --currency=USD --timezone=America/Chicago --use-rewrites=1

 

  • The Magento software is installed in the root directory on localhost…. Admin is admin;  therefore: Your storefront URL is https://exmaple.com
  • The database server is on the same localhost as the webserver….
  • The database name is magento, and the magentouser and password is new_passwored_here
  • Uses server rewrites
  • The Magento administrator has the following properties:
    • First and last name are: Admin User
    • Username is: admin
  •  and the password is admin123
  • E-mail address is: admin@example.com
  • Default language is: (U.S. English)
  • Default currency is: U.S. dollars
  • Default time zone is: U.S. Central (America/Chicago)

After that, run the commands below to set the correct permissions for Magento 2 to function.

sudo chown -R www-data:www-data /var/www/html/example.com/
sudo chmod -R 755 /var/www/html/example.com/

Step 6: Configure Nginx

Next, configure Nginx site configuration file for Magento… This file will control how users access Magento content. Run the commands below to create a new configuration file called example.com

sudo nano /etc/nginx/sites-available/example.com

Then copy and paste the content below into the file and save it. Replace the highlighted line with your own domain name and directory root location.

upstream fastcgi_backend {
  server fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;

    server_name  example.com www.example.com;
    index  index.php;

    set $MAGE_ROOT /var/www/html/example.com;
    set $MAGE_MODE production;

    access_log /var/log/nginx/example.com-access.log;
    error_log /var/log/nginx/example.com-error.log;

    include /var/www/html/example.com/nginx.conf.sample;
}

Save the file and exit.

At this point Nginx should be configured and ready to respond over HTTP… It doesn’t yet support HTTPS.

Step 7: Install and Configure Let’s Encrypt

Now that our Nginx site is enabled and ready to use, run the commands below to install and configure Let’s Encrypt to secure the Nginx website…

First install Certbot… Certbot is a fully featured and easy to use tool that can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates…

After installing Certbot, create a file to for Let’s Encrypt to the Webroot plugin to validate our domain in the ${webroot-path}/.well-known/acme-challenge directory….

To do that, create the directory and give Nginx access to it…

sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt

Next, create a well-known challenge file with the configurations below…

sudo nano /etc/nginx/snippets/well-known

Then copy and paste the content below into the file and save…

location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
}

Save the file and exit

Step 8: Obtain Your Free Certificate

At this point, your domain should be pointing to your server IP… Nginx HTTP server installed and configured and Certbot installed ready to obtain your certificate…

Before requesting your free certificate, open your example.com  Nginx configuration file created above….

sudo nano /etc/nginx/sites-available/example.com

When the file opens, add the highlighted line below into the file and save…

upstream fastcgi_backend {
  server fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;

    server_name  example.com www.example.com;
    index  index.php;

    include snippets/well-known;

    set $MAGE_ROOT /var/www/html/example.com;
    set $MAGE_MODE production;

    access_log /var/log/nginx/example.com-access.log;
    error_log /var/log/nginx/example.com-error.log;

    include /var/www/html/example.com/nginx.conf.sample;
}

Save the file and exit

When you’re done, enable the site and restart Nginx HTTP server by running the commands below…

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service

At this point all is set and you’re ready to obtain your certificate… To do that run the commands below:

sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com

Let’s Encrypt should connect validate your domain and server, then install the domain certificate… If everything is successful, you should see a similar message as below:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-08-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point you have a certificate, now go and add it to Nginx configuration for example.com domain…

First, let’s generate a Diffie–Hellman key exchange (DH) certificate to securely exchange cryptographic keys… To do that, run the commands below to generate a certificate with 2048 bit…

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Next, open your example.com config file and make it so that it looks similar to the one below:

sudo nano /etc/nginx/sites-available/example.com

Configure your file to look similar to the one below

upstream fastcgi_backend {
  server fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}

server {
    listen 80;
    server_name www.example.com example.com;
    include snippets/well-known;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name example.com www.example.com;
    root /var/www/html/example.com;
    index index.html;

    if ($host != "example.com") {
           return 301 https://example.com$request_uri;
       }
    
    include snippets/well-known;
    
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    
    sl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 30s;
    
    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;

    set $MAGE_ROOT /var/www/html/example.com;
    set $MAGE_MODE production;

    include /var/www/html/example.com/nginx.conf.sample;
}

Save your changes above and restart Nginx for the settings above to take effect..

sudo systemctl restart nginx

To setup a process to automatically renew the certificates, add a cron job to execute the renewal process.

sudo crontab -e

Then add the line below and save.

0 1 * * * /usr/bin/certbot renew & > /dev/null

The cron job will attempt to renew 30 days before expiring

Step 9: Complete Magento Setup

Next, open your browser and browse to your domain name used above…

https://example.com/

You should see Magento home page as shown below

Ubuntu Magento

Congratulation! You have successfully installed Magento on Ubuntu 16.04 | 18.04 with Let’s Encrypt free certificates…

In the future when you want to upgrade to a new released version, simply run the commands below to upgrade…

Upgrading Magento

First stop the webserver…

sudo systemctl stop nginx

In the future when you want to upgrade to a new released version, simply run the commands below to upgrade…

cd /var/www/html/example.com
sudo bin/magento maintenance:enable
sudo composer require magento/product-community-edition 2.2.5 --no-update
sudo composer update
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:di:compile
sudo php bin/magento indexer:reindex
sudo php bin/magento maintenance:disable

You may have to re-run the to update Nginx directory permissions…

You may also like the post below:

Install WBCE CMS on Ubuntu 16.04 / 18.04 with Apache2, MariaDB and PHP 7.2

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.