Note: This article has been deprecated as of 2024/01/10. It is no longer maintained and may contain outdated information. For updated content, please refer to How to install a local eFront portal using Docker.
Reason for Deprecation: custom, local installations are no longer supported. If you have any questions or need further assistance, please contact our support. |
This article will guide you through the process of setting up a Linux server capable of running eFront with default settings, suitable for a simple application.
You will need a CentOS 7 server with SSH access (get the image). Then, follow these steps:
- Install and configure MariaDB
- Install and configure Apache Web Server
- Install and Configure PHP - PHP-FPM
- Configure PHP-FPM
- Install Memcached
- Install OPCache
- Configure cron job for notifications
- Using Let’s Encrypt SSL Certificates
- Installing your owned SSL Certificate
- How to Install an SSL/TLS Certificate In Apache Open SSL
- How to redirect all HTTP requests to HTTPS
Step A: Install and Configure MariaDB Server
-
Create repo for MariaDB. Log in to your server and access the directory
/etc/yum.repos.d
[root]# cd /etc/yum.repos.d
- Create the file
MariaDB-Server.repo
and add the below in it:[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1 - Run yum update to load the new repository for MariaDB Server and install the MariaDB Server:
[root]# yum update
[root]# yum -y install mariadb-server (accept all required packages if asked) - Use SSH to sign in to your server, using the root account, and run yum upgrade to bring the system up to date with the latest patches.
[root]# yum -y upgrade
- Enable the query cache: edit the file
/etc/my.cnf
and add the following lines inside the[mysqld]
section:query_cache_type = 1
query_cache_limit = 1M
query_cache_size = 64M - Start MariaDB:
[root]# /bin/systemctl start mariadb.service
- Run mysql_secure_installation to set up and secure MariaDB:
[root]# mysql_secure_installation
- Make sure MariaDB starts automatically:
[root]# systemctl enable mariadb.service
- Connect to MariaDB and create a new user and database for eFront:
[root]# mysql
MariaDB> create database efront;
MariaDB> grant all privileges on efront.* to 'efront'@'localhost' identified by '<dbpass>';
MariaDB> flush privileges;
MariaDB> exit;
Note: where<dbpass> is your preferred password. |
Note: if you are going to create a separate WebServer and Database Server, you need to add a MySQL client in the WebServer with the below command:
Where DB_IP_Address is the Database IP Address, efront_user the Database user for eFront (which was created in step A-9, i.e efront), dbpass is the password for the database user for eFront. |
Testing step: to test that the new user has access to the efront database, run the command:
[root]# mysql -uefront -p<dbpass> efront
If the above command is successful, you should log into the MariaDB Command Line interface
MariaDB>
Note: Make sure that the SQL Mode of your MySQL Server does not include the optionONLY_FULL_GROUP_BY . You can find out by running the following command:SELECT @@GLOBAL.sql_mode; . Our recommended values are the following: IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION . |
Step B: Install and Configure Apache Web Server
-
Install EPEL Repository for CentOS:
[root]# yum -y install epel-release
- Install Apache Web Server:
[root]# yum -y install httpd
- Make sure Apache starts automatically:
[root]# systemctl enable httpd.service
- Edit the file
/etc/httpd/conf/httpd.conf
and add the below line at the bottom of the file:IncludeOptional sites.d/*.conf
- In the same file, change the ServerName option to match the server’s domain name or IP address
- Create a configuration file for the Virtual Host:
[root]# mkdir /etc/httpd/sites.d
[root]# vi /etc/httpd/sites.d/efront.conf - Add the following lines inside the newly created file
efront.conf
:
<VirtualHost 127.0.0.1:80>
ServerName localhost
TimeOut 300
DocumentRoot /var/www/efront/www/
ErrorLog /var/log/httpd/efront-error.log
CustomLog /var/log/httpd/efront-access.log combined
LogLevel warn
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
<Proxy "fcgi://127.0.0.1:9000/">
</Proxy>
<Directory /var/www/efront/www/>
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost> - Upload the efront zip file (for example, eFront-5.2.16.zip) to the server and extract to the proper location:
[root]# mkdir /var/www/efront
[root]# cd /var/www/efront
[root]# mv ~/efront-5.2.16.zip .
[root]# unzip efront-5.2.16..zip
[root]# rm efront-5.2.16..zip
[root]# chown -R apache:apacheNote: If you have enabled selinux, then you have to permit Apache to write to the filesystem, by executing the following command: [root]# chcon -t httpd_sys_rw_content_t /var/www/efront -R
Note: The last command enables the user running apache to change any of the platform's files. This simplifies things but is potentially unsafe. In production configurations, it is recommended to give write access only to the folders temp/
,backups/
,www/content/
and, for the duration of the installation, tolibraries/
-
Restart Apache:
[root]# systemctl start httpd.service
Step C: Install and Configure PHP - PHP-FPM
- Install REMI repository by running the following command:
sudo yum -y install
https://rpms.remirepo.net/enterprise/remi-release-7.rpm - Install YUM utils by running the following:
sudo yum -y install yum-utils
- Enable remi php 7.4 repository as follows:
sudo yum-config-manager --enable remi-php74
- Update YUM:
sudo yum update
- Install the PHP required packages (7.4 version) as follows:
yum install php.x86_64 php-cli.x86_64 php-common.x86_64 php-devel.x86_64 php-embedded.x86_64 php-fpm.x86_64 php-gd.x86_64 php-ldap.x86_64 php-mbstring.x86_64 php-mysqlnd.x86_64 php-opcache.x86_64 php-pdo.x86_64 php-process.x86_64 php-tidy.x86_64 php-xml.x86_64 php-pecl-memcached php-pecl-zip php-pecl-oauth
- Set proper PHP limits: Edit the file
/etc/php.ini
and changemax_execution_time
,memory_limit
andupload_max_filesize
:
upload_max_filesize = 1024M
post_max_size = 1024M
memory_limit=512M - Install OAuth:
[root]# yum install gcc
Then, edit the file
[root]# pecl install oauth-1.2.3/etc/php.ini
and add the lineextension=oauth.so
(You can also add this at the bottom of the file or among the other extensions existing in this file). - Make sure PHP-FPM starts automatically:
[root]# systemctl enable php-fpm.service
Step D: Configure PHP-FPM
-
Go to the directory
/etc/php-fpm.d/
and copy existing www.conf to www.conf.original
[root]# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.original
- Create a new
www.conf
and set the below values:
[root]# vi /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
listen.owner = nobody
listen.group = nobody
user = apache
group = apache
pm = dynamic
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 15
pm.max_requests = 200
pm.status_path = /php-fpm-status
ping.path = /php-fpm-ping
ping.response = pong
slowlog = /var/log/php-fpm/www-slow.log
security.limit_extensions =
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files - Restart HTTPD and PHP-FPM Services to load the new configuration file.
[root]# systemctl restart httpd.service
[root]# systemctl restart php-fpm.service
Step Ε: Install Memcached
-
Install Memcached
[root]# yum -y memcached.x86_64 libmemcached.x86_64 libmemcached-devel.x86_64
- Ensure that the file:
/etc/sysconfig/memcached
has the belowvalues:
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="" - Make sure Memcached starts automatically:
systemctl enable memcached.service
- Start Memcached:
[root]# systemctl start memcached.service
Step F: Install OPCache
- Install OPCache with the following commands:
# yum update && yum install epel-release
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum install php-opcache - Confirm that OpCache is installed by running the following:
# php -v
You should see results similar to - Restart your webserver to complete the process.
Step G: Configure cron job for notifications
Add the following lines in your cron job file so that eFront can send email notifications to your users. Edit the cron job file:
[root]# crontab -e
Update the following lines, replacing <hostname> with the actual domain name of your installation, for example https://example.efrontlearning.com
.
MAILTO=""
*/3 * * * * /usr/bin/php /var/www/efront/www/cron.php https://example.efrontlearning.com
If you visit the server's URL in the browser, for example, https://example.efrontlearning.com/
you should see the installation wizard's first page. Follow the on-screen instructions to set up eFront and you're done.
Step H: Using Let’s Encrypt SSL Certificates
Log in to your server’s terminal via Secure Shell (SSH). Enable the EPEL (Extra Packages for Enterprise Linux) repository.
sudo yum install -y epel-release
If you are using RHEL or Oracle Linux, you will also need to enable the optional channel. On EC2, RHEL users can enable the optional channel by running the following command, substituting your EC2 region for REGION in the command:
sudo yum -y install yum-utils
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
Run this command on the command line on the machine to install Certbot.
sudo yum install certbot python2-certbot-apache
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --apache
We recommend running the following line, which will add a cron job to the default crontab.
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
To confirm that your site is set up properly, visit https://example.efrontlearning.com/
in your browser and look for the lock icon in the URL bar.
Step I: Installing your own SSL Certificate
How to Generate a CSR for Apache Web Server Using OpenSSL
Log in to your server’s terminal via Secure Shell (SSH). Make sure that openssl package has been installed in your system by running:
sudo yum list installed | grep openssl
If you receive no response, then install it by running the following command:
sudo yum install -y openssl
Generate a private key and CSR by running the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Note: Replace “server” with the domain name you intend to secure. |
Add your details
Enter the following CSR details when prompted:
- Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc.
- Organization: The full legal name of your organization including the corporate identifier.
- Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’
- City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate.
- State or Province: The state or province where your organization is legally incorporated. Do not abbreviate.
- Country: The official two-letter country code (i.e. US, CH) where your organization is legally incorporated.
Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair. |
Find the newly created CSR and open it in a text editor. Copy all the text from BEGIN CERTIFICATE REQUEST to END CERTIFICATE REQUEST.
Note 1: Your CSR should be saved in the same user directory that you SSH into unless otherwise specified by you. |
Note 2: We recommend saving or backing up your newly generate “.key” file as this will be required later during the installation process. |
Now you are ready to copy/paste the CSR in the relevant application form of your provider (SSL Authority).
Step J: How to Install an SSL/TLS Certificate In Apache Open SSL
Before you proceed, make sure that you have, your server certificate, your intermediate certificates, and your private key. You should be able to find these files saved in the server’s directory, where all certificate/key files are stored.
Edit the httpd.conf
file and enter the following commands on your VirtualHost to enable SSL:
<VirtualHost *:443>
DocumentRoot /var/www/efront
ServerName www.yourwebsite.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/cabundle.crt
</VirtualHost>
Note 1: The SSL config file can be in a <VirtualHost> block in another config file. You can always search for it on your CentOS7 Server using this grep command (as root or with sudo privileges): grep -i -r “SSLCertificateFile” /etc/httpd/
|
Note 2: If you need the site to load via https and http, create another virtual host for http. You can simply copy the existing config file before making any during this step. |
Test your new config file by running the following command: httpd -t
If the test is successful restart your Apache by running this command: httpd restart
Note 3: You may be asked to enter the password you generated with your RSA key. If you do not want to be asked for a password, you will need to re-generate your RSA key file. |
All done. To confirm that the certificate works as expected visit the website in your browser at https://example.efrontlearning.com/
and view the certificate/site information.
Step K: How to redirect all HTTP requests to HTTPS
To do so, edit the httpd.conf file and enter the following commands on your VirtualHost:
<VirtualHost *:80>
DocumentRoot /var/www/efront
ServerName www.yourwebsite.com
Redirect permanent / https://www.yourwebsite.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/efront
ServerName www.yourwebsite.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/cabundle.crt
</VirtualHost>