Tag Archives: Let’s Encrypt

How to Configure Odoo with Nginx as Reverse Proxy on Debian 13

If you are planning to deploy Odoo in a production environment, configuring it behind a reverse proxy like Nginx is highly recommended. Odoo’s built-in server is sufficient for development but not optimized for handling SSL encryption, load balancing, URL routing, and performance tuning. Nginx acts as a powerful reverse proxy that enhances reliability, security, and performance, making your Odoo installation production-ready.

In this tutorial, you will learn step-by-step how to configure Odoo with Nginx as a reverse proxy on Debian 13, including SSL setup.

Step 1: Update Operating System

Update your Debian 13 operating system to the latest version with the following command:

# apt update && apt upgrade

Step 2: Install Nginx Web Server

To install Nginx web server, run the following command:

Cloud server hosting

# apt install nginx

You can start the Nginx service and configure it to run on startup by entering the following commands:

# systemctl start nginx
# systemctl enable nginx

Verify the status of the Nginx service using systemctl status command:

# systemctl status nginx

Step 3: Configure Odoo for Reverse Proxy

Make sure that Odoo is configured to work behind a proxy. In the Odoo configuration file (/etc/odoo.conf), you need to set the proxy_mode parameter to True:

proxy_mode = True

After making the changes, it’s important to restart the Odoo service to ensure the changes take effect:

# systemctl restart odoo

Step 4: Configure Nginx for Odoo

Now we set up the Nginx configuration to route traffic to Odoo.

Create a new configuration file:

# /etc/nginx/conf.d/odoo.conf

Paste the following configuration (replace erp.example.com with your real domain):

upstream odoo {
server 127.0.0.1:8069;
}

upstream odoo-chat {
server 127.0.0.1:8072;
}

server {
listen 80;
server_name erp.example.com;

access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;

proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

location / {
proxy_pass http://odoo;
}

location /websocket {
proxy_pass http://odoo-chat;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

Save the file and Exit.

Check Nginx syntax:

# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

To implement the changes, restart Nginx webserver:

# systemctl restart nginx

You can now open your Odoo at:

http://erp.your-domain.com

However, this is still not secure because we are using HTTP.

Step 5: Install free Let’s Encrypt SSL certificate (Optional)

First you need to install the Certbot client which is used to create Let’s Encrypt certificates:

# apt install certbot python3-certbot-nginx

Then to get the SSL certificate using the Certbot, type the following command:

# certbot --nginx -d erp.your-domain.com

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for erp.your-domain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/erp.your-domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/erp.your-domain.com/privkey.pem
This certificate expires on 2026-02-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for erp.your-domain.com to /etc/nginx/conf.d/odoo.conf
Congratulations! You have successfully enabled HTTPS on https://erp.your-domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now, you have successfully installed SSL on your website.

Step 6: Access Odoo server

Open your web browser and type the URL https://erp.your-domain.com.

You should now see your Odoo login page loading securely via Nginx.

Comments and Conclusion

Configuring Nginx as a reverse proxy for Odoo enhances security, performance, and scalability.

It allows you to run Odoo in a professional production environment with HTTPS, HTTP/2, caching, and better resource usage.

If you have any questions please leave a comment below.

How to Configure Odoo with Apache as Reverse Proxy on Debian 12

3 Replies

Odoo is an open-source suite of integrated business applications that includes various modules for different business needs. Odoo is developed using the Python programming language and follows a modular architecture, allowing users to select and deploy the specific modules that suit their business requirements.

The system is highly customizable, and it covers a wide range of business functions. It provides a comprehensive set of tools to manage various aspects of a business, from sales and finance to human resources and inventory management.

In this tutorial, we will show you how to configure Odoo with Apache 2 as Reverse Proxy on Debian 12 OS.

If you do not have Odoo installed on your server you can follow our tutorial how to install Odoo 17 on Debian 12.

Step 1: Update Operating System

Update your Debian 12 operating system to the latest version with the following command:

# apt update && apt upgrade

Step 2: Install Apache webserver

You can install it via apt package manager by executing the following command.

# apt install apache2

You can verify the status of the Apache service using the systemctl status command:

# systemctl status apache2

Output:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running)
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 1127 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 1131 (apache2)
      Tasks: 6 (limit: 2273)
     Memory: 18.4M
        CPU: 86ms
     CGroup: /system.slice/apache2.service
             ├─1131 /usr/sbin/apache2 -k start
             ├─1132 /usr/sbin/apache2 -k start
             ├─1133 /usr/sbin/apache2 -k start

Step 3: Enable Apache Modules

Next run the following commands to enable all necessary modules:

# /usr/sbin/a2enmod rewrite
# /usr/sbin/a2enmod proxy
# /usr/sbin/a2enmod proxy_http
# /usr/sbin/a2enmod proxy_html
# /usr/sbin/a2enmod headers

Then restart the Apache web server:

# systemctl restart apache2

Step 4: Configure Apache for Odoo

Run the commands below to create a new VirtualHost file called odoo in the /etc/apache2/sites-available/ directory.

# nano /etc/apache2/sites-available/odoo.conf

Paste the content as shown below:

 <VirtualHost *:80>
    ServerAdmin admin@your-domain.com
    DocumentRoot /var/www/html/
    
    ServerName your-domain.com
    ServerAlias www.your-domain.com

    ProxyPass / http://127.0.0.1:8069/
    ProxyPassReverse / http://127.0.0.1:8069/> 

    ErrorLog /var/log/apache2/your-domain.com-error_log
    CustomLog /var/log/apache2/your-domain.com-access_log common

 </VirtualHost>

Remember to replace your-domain.com with the domain name of your server.

Then save and exit the configuration file.

To enable this site run the following command:

# ln -s /etc/apache2/sites-available/odoo.conf /etc/apache2/sites-enabled/odoo.conf

To implement the changes, you need to restart the Apache webserver:

# systemctl restart apache2

Step 5: Install free Let’s Encrypt SSL certificate (Optional)

First you need to install the Certbot client which is used to create Let’s Encrypt certificates:

# apt install certbot python3-certbot-apache

Then to get the SSL certificate using the Certbot, type the following command:

# certbot --apache -d your-domain.com -d www.your-domain.com

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2024-03-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

Step 6: Odoo Proxy Configuration

Make sure that Odoo is configured to work behind a proxy. In the Odoo configuration file (/etc/odoo.conf), you need to set the proxy_mode parameter to True:

proxy_mode = True

After making the changes, it’s important to restart the Odoo service to ensure the changes take effect:

# systemctl restart odoo

Step 7: Access Odoo server

Open your web browser and type the URL https://your-domain.com. You should see the following page:

Comments and Conclusion

Congratulations! You have successfully configured Odoo with Apache 2 as Reverse Proxy on your Debian 12 OS.

For additional information, you can check the official Odoo documentation.

If you have any questions please leave a comment below.

How to Install RainLoop on Debian 12

Leave a reply

RainLoop is an open-source web-based email client that allows users to access their email accounts through a web browser. It provides a user-friendly interface for managing emails, contacts, and other related tasks without the need for a dedicated email client like Outlook or Thunderbird.

It is designed to be lightweight, fast, and easy to install, making it a popular choice for those who want a simple webmail solution.

In this tutorial, we will show you how to install RainLoop on Debian 12 OS with Nginx web server and MariaDB database server..

Step 1: Update Operating System

Update your Debian 12 operating system to the latest version with the following command:

# apt update && apt upgrade

Also, install necessary packages.

# apt install curl nano wget unzip zip

Step 2: Install Nginx webserver

You can install it via apt package manager by executing the following command.

# apt install nginx

Verify the status of the Nginx service using systemctl status command:

# systemctl status nginx

Step 3: Install PHP

To install PHP and the necessary extensions, run the following command:

# apt install php php-cli php-fpm php-json php-common php-mysql php-zip php-imap php-mbstring php-curl php-xml

Once the installation is complete verify if PHP is installed:

php -v

Output:
PHP 8.2.12 (cli) (built: Oct 27 2023 13:00:10) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.12, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.12, Copyright (c), by Zend Technologies

After installing all the packages, edit the php.ini file:

# nano /etc/php/8.2/fpm/php.ini

Change the following settings per your requirements:

max_execution_time = 300
memory_limit = 512M
post_max_size = 25M
upload_max_filesize = 25M

To implement the changes, restart the php-fpm service:

# systemctl restart php8.2-fpm

Step 4: Install MariaDB and create a database

To install MariaDB run the following command:

# apt install mariadb-server mariadb-client

Verify the status of the MariaDB service using systemctl status command:

# systemctl status mariadb

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script.

# mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] Y
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y

Now run the command below to log in to the MariaDB shell.

# mysql -u root -p

Once you are logged in to your database server you need to create a database for the Roundcube installation:

mysql> CREATE DATABASE rainloop;
mysql> CREATE USER 'rainloopuser'@'localhost' IDENTIFIED BY 'Str0ngPa$$word';
mysql> GRANT ALL PRIVILEGES ON rainloop . * TO 'rainloopuser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit;

Step 5: Download RainLoop

You can download the latest stable release version for RainLoop with the following command:

# https://www.rainloop.net/repository/webmail/rainloop-latest.zip

After that, you will need to decompress the RainLoop archive:

# unzip rainloop-latest.zip -d /var/www/rainloop/

Make Nginx the owner of the rainloop folder and grant it sufficient permissions.

# chown -R www-data:www-data /var/www/rainloop
# chmod 755 -R /var/www/rainloop

Step 6: Configure Nginx for RainLoop

Then, create an virtual host configuration file:

# nano /etc/nginx/conf.d/rainloop.conf

Add the following lines:

server {

listen 80;

   server_name webmail.your-domain.com;
   root /var/www/rainloop;

   index index.php;

location / {
        try_files $uri $uri/ /index.php?$query_string;
   }

location ~ \.php$ {
        fastcgi_index index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_keep_conn on;
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

location ^~ /data {
        deny all;
    }

}

Save and exit the configuration file.

Check Nginx syntax:

# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

To implement the changes, restart Nginx webserver:

# systemctl restart nginx

Step 7: Install free Let’s Encrypt SSL certificate

First we need to install the Certbot client which is used to create Let’s Encrypt certificates:

# apt install certbot python3-certbot-nginx

To get the SSL certificate using the Certbot, type the command given below:

# certbot --nginx -d webmail.your-domain.com

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
   Your cert will expire on 2024-03-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

Step 8: RainLoop Setup and Configurations

Now open your web browser and go to https://webmail.your-domain.com/?admin and you will see the following screen:

You can log in with the default username admin and default password 12345

You will see the Rainloop dashboard as below:

When you login for the first time, you need to change your admin password immediately.

Enter your new password and click on the Update Password button to change the password.

Then, open the Contacts menu and select MySQL from the dropdown menu:

Enter the database credentials you created earlier and press the Test button to check the connection and install the necessary tables.

If the button turns green, it means the connection is successful.

Comments and Conclusion

Congratulations. You have learned how to install RainLoop on Debian 12 OS.

For additional help or useful information, we recommend you to check the official RainLoop documentation.

How to Install NextCloud on Debian 12

9 Replies

Nextcloud is a versatile and community-driven project, making it a popular choice for individuals, businesses, and organizations looking for a secure and self-hosted cloud storage and collaboration solution.

It is similar in functionality to popular cloud storage services like Dropbox, Google Drive, and Microsoft OneDrive but gives users greater control over their data and privacy because it can be deployed on their own servers or a cloud infrastructure of their choice.

In this tutorial, we will show you how to install Nextcloud on Debian 12 OS.

Step 1: Update Operating System

Update your Debian 12 operating system to make sure all existing packages are up to date:

# apt update && apt upgrade

Step 2: Install Nginx webserver

You can install Nginx via apt package manager by executing the following command.

# apt install nginx

You can start the Nginx service and configure it to run on startup by entering the following commands:

# systemctl start nginx
# systemctl enable nginx

Verify the status of the Nginx service using systemctl status command:

# systemctl status nginx

Output:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running)
       Docs: man:nginx(8)
    Process: 1280 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 1281 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 1304 (nginx)
      Tasks: 2 (limit: 2273)
     Memory: 1.7M
        CPU: 23ms
     CGroup: /system.slice/nginx.service
             ├─1304 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─1307 "nginx: worker process"

Step 3: Install PHP and PHP extensions for Nextcloud

To install PHP and the necessary extensions, run the following command:

# apt install php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-intl php-curl php-xml php-mbstring php-bcmath php-gmp

Once the installation is complete verify if PHP is installed:

# php -v

Output:
PHP 8.2.7 (cli) (built: Jun  9 2023 19:37:27) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies

After installing all the packages, edit the php.ini file:

# nano /etc/php/8.2/fpm/php.ini

Change the following settings per your requirements:

max_execution_time = 300
memory_limit = 512M
post_max_size = 128M
upload_max_filesize = 128M

To implement the changes, restart the php-fpm service:

# systemctl restart php8.2-fpm

Step 4: Install MariaDB database server

To install the MariaDB database server, run the following command:

# apt install mariadb-server mariadb-client

Verify the status of the MariaDB service using systemctl status command:

# systemctl status mariadb

Output:

● mariadb.service - MariaDB 10.11.3 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running)
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
   Main PID: 14433 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 11 (limit: 2273)
     Memory: 163.8M
        CPU: 513ms
     CGroup: /system.slice/mariadb.service
             └─14433 /usr/sbin/mariadbd

Once the installation is complete, run the following command to secure your MariaDB server:

# mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] Y
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y

Restart the database server for the changes to take effect.

# systemctl restart mariadb

Step 5: Create a New Database for Nextcloud

Once you have installed MariaDB, you’ll need to create a new database and user for Nextcloud to use.

To do this, log in to your MariaDB server using the following command:

# mysql -u root -p

You will be prompted to enter your root password. Once you have entered your password, you will be taken to the MariaDB prompt.

Run the following commands to create a new database and user:

MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'Password';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Note: Make sure to replace 'Password' with a strong password of your choice.

Step 6: Download and Install Nextcloud

You can download the latest version of Nextcloud from the Nextcloud Official site.

Use the following command to download the latest version of Nextcloud:

# wget  https://download.nextcloud.com/server/releases/latest.zip

Extract file into the folder /var/www/ with the following command:

# unzip latest.zip -d /var/www/

Change ownership of the /var/www/nextcloud directory to www-data.

# chown -R www-data:www-data /var/www/nextcloud

Step 7: Configure Nginx for Nextcloud

Run the commands below to create a new VirtualHost file called nextcloud in the /etc/nginx/conf.d/ directory.

# nano /etc/nginx/conf.d/nextcloud.conf

Paste the content as shown below:

server {
  listen 80;
  server_name your-domain.com www.your-domain.com;
  root /var/www/nextcloud;
  index index.php index.html;
  charset utf-8;
  location / {
    try_files $uri $uri/ /index.php?$args;
  }
  location ~ .php$ {
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

Remember to replace your-domain.com with the domain name of your server.

Save and exit the configuration file.

To implement the changes, restart Nginx webserver:

# systemctl restart nginx

Step 8: Install free Let’s Encrypt SSL certificate

First we need to install the Certbot client which is used to create Let’s Encrypt certificates:

# apt install certbot python3-certbot-nginx

To get the SSL certificate using the Certbot, type the command given below:

# certbot --nginx -d your-domain.com -d www.your-domain.com

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2023-12-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

Step 9: Access Nextcloud Web Interface

Open your web browser and type the URL https://your-domain.com. You should see the Nextcloud installation page.

Click the Install button, you will see the Web interface of NextCloud.

Comments and Conclusion

That’s it. You have successfully installed NextCloud on Debian 12 OS.

For additional help or useful information, we recommend you to check the official Nextcloud documentation.

If you have any questions please leave a comment below.

How to Install Elgg on Debian 12

Leave a reply

Elgg is an open-source social networking platform that allows users to create and manage their own social networks and communities.

It provides a flexible architecture that allows developers to extend and customize its functionality according to their specific needs. Elgg also supports the creation of plugins and themes, enabling further customization and integration with other systems.

In this tutorial, we will show you how to install Elgg on Debian 12 OS.

Step 1: Update Operating System

Update your Debian 12 operating system to the latest version with the following command:

# apt update && apt upgrade

Step 2: Install Apache webserver

You can install it via apt package manager by executing the following command.

# apt install apache2

Verify the status of the Apache service using systemctl status command:

# systemctl status apache2

Output:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running)
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 3682 (apache2)
      Tasks: 55 (limit: 2273)
     Memory: 8.6M
        CPU: 32ms
     CGroup: /system.slice/apache2.service
             ├─3682 /usr/sbin/apache2 -k start
             ├─3684 /usr/sbin/apache2 -k start
             └─3685 /usr/sbin/apache2 -k start

Step 3: Install PHP and PHP extensions for Elgg

To install PHP and additional PHP modules to support Elgg, run the following command:

# apt install php php-cli php-common libapache2-mod-php php-curl php-zip php-gd php-mysql php-xml php-mbstring php-xmlrpc php-intl

Verify if PHP is installed.

php -v

Output:
PHP 8.2.7 (cli) (built: Jun  9 2023 19:37:27) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies

After installing all the packages, edit the php.ini file:

# nano /etc/php/8.2/apache2/php.ini

Change the following settings per your requirements:

max_execution_time = 300
memory_limit = 512M
post_max_size = 128M
upload_max_filesize = 128M
date.timezone = America/Chicago

To implement the changes, restart Apache webserver:

# systemctl restart apache2

Step 4: Install MariaDB and create a database

To install MariaDB run the following command:

# apt install mariadb-server mariadb-client

Verify the status of the MariaDB service using systemctl status command:

# systemctl status mariadb

Output:

● mariadb.service - MariaDB 10.11.3 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running)
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
   Main PID: 16734 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 12 (limit: 2273)
     Memory: 203.0M
        CPU: 464ms
     CGroup: /system.slice/mariadb.service
             └─16734 /usr/sbin/mariadbd

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script.

# mysql_secure_installation

Configure it like this:

- Enter current password for root (enter for none): Enter
- Switch to unix_socket authentication [Y/n] Y
- Change the root password? [Y/n] Y
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y

Now run the command below to log in to the MariaDB shell.

# mysql -u root -p

Once you are logged in to your database server you need to create a database for the Elgg installation:

MariaDB [(none)]> CREATE DATABASE elgg;
MariaDB [(none)]> CREATE USER 'elgg'@'localhost' IDENTIFIED BY 'Str0ngPass2F';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON elgg. * TO 'elgg'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Step 5: Download Elgg

The latest version of Elgg is available to download from the official website. As of writing this tutorial, the latest version available is 5.0.1.

# wget https://elgg.org/download/elgg-5.0.1.zip

Then extract file into the folder /var/www/ with the following command:

# unzip elgg-5.0.1.zip -d /var/www/

Rename the extracted directory:

# mv /var/www/elgg-5.0.1 /var/www/elgg/

Create a data directory:

# mkdir /var/www/data/

Then enable permission for the Apache webserver user to access the files:

# chown -R www-data:www-data /var/www/data/
# chown -R www-data:www-data /var/www/elgg/

Step 6: Configure Apache for Elgg

Run the commands below to create a new VirtualHost file called elgg in the /etc/apache2/sites-available/ directory.

# nano /etc/apache2/sites-available/elgg.conf

Paste the content as shown below:

 <VirtualHost *:80>
    ServerAdmin admin@your-domain.com
    DocumentRoot /var/www/elgg/
    
    ServerName your-domain.com
    ServerAlias www.your-domain.com

    <Directory /var/www/elgg/> 
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory> 

    ErrorLog /var/log/apache2/your-domain.com-error_log
    CustomLog /var/log/apache2/your-domain.com-access_log common

 </VirtualHost>

Remember to replace your-domain.com with the domain name of your server.

Save and exit the configuration file.

Then enable the "rewrite" module in Apache:

# a2enmod rewrite

To enable this site run the command:

# ln -s /etc/apache2/sites-available/elgg.conf /etc/apache2/sites-enabled/elgg.conf

To implement the changes, restart Apache webserver:

# systemctl restart apache2

Step 7: Install free Let’s Encrypt SSL certificate

First we need to install the Certbot client which is used to create Let’s Encrypt certificates:

# apt install certbot python3-certbot-apache

To get the SSL certificate using the Certbot, type the command given below:

# certbot --apache -d your-domain.com -d www.your-domain.com

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2023-09-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

Step 8: Access Elgg Web Interface

Open your web browser and type the URL https://your-domain.com. You should see the following page:

Click on the Next button.

The installer will then check the requirements. Once all checks are passed, click on the Next button.

After that, you will have to write the credentials from the database, data directory, and site URL and then click on the Next button:

Then, you have to set up your site name and email and then click on the Next button:

Provide your admin username, password, email and click on the Next button. Once the installation has been completed, you should see the following page:

Click on the Go to site button you should see your administration panel:

Comments and Conclusion

Congratulations! You have successfully installed Elgg. Thanks for using this tutorial for installing Elgg on your Debian 12 OS.

For additional help or useful information, we recommend you to check the official Elgg documentation.

How To Secure Nginx with Let’s Encrypt on Ubuntu 22.04

Leave a reply

Let’s Encrypt is a free, automated, and open-certificate authority (CA) that provides Digital SSL/TLS certificates to enable secure encrypted connections for websites. The goal of Let’s Encrypt is to make encryption widely accessible to everyone and to help create a more secure and privacy-respecting web.

Let’s Encrypt certificates are valid for 90 days and can be easily renewed. The certificate issuance and renewal process is fully automated, making it easy for website owners to secure their sites with HTTPS.

In addition to being free and easy to use, Let’s Encrypt is also transparent and collaborative, with a broad community of stakeholders who support its mission and contribute to its development.

Step 1: Update Operating System

Update your Ubuntu 22.04 operating system to make sure all existing packages are up to date:

$ sudo apt update && sudo apt upgrade -y

Step 2: Install Nginx webserver

You can install Nginx via apt package manager by executing the following command.

$ sudo apt install nginx

Verify the status of the Nginx service using the following command:

$ sudo systemctl status nginx

Output:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running)
       Docs: man:nginx(8)
    Process: 30128 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 30129 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 30218 (nginx)
      Tasks: 2 (limit: 2196)
     Memory: 10.1M
        CPU: 77ms
     CGroup: /system.slice/nginx.service
             ├─30218 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─30221 "nginx: worker process"

Step 3: Install Certbot on Ubuntu 22.04

Now we install the Certbot client which is used to create Let’s Encrypt certificates:

$ sudo apt install certbot python3-certbot-nginx

Verify that Certbot is installed and working properly:

$ certbot --version

You should see the version number of Certbot that you just installed:

certbot 1.21.0

Now you can use Certbot to obtain SSL certificates and configure your web server to use them.

Step 4: Configure Nginx Web Server

Navigate to /etc/nginx/sites-available directory and run the following command to create a configuration file for your installation:

$ sudo nano /etc/nginx/sites-available/your-domain.com.conf

Add the following code to the file:

server {
        listen 80;

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

        server_name your-domain.com www.your-domain.com;

        location / {
                try_files $uri $uri/ =404;
        }

        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;

}

Remember to replace your-domain.com with the domain name of your server.

Save and exit the configuration file.

Enable the new configuration file.

$ sudo ln -s /etc/nginx/sites-available/your-domain.com.conf /etc/nginx/sites-enabled/your-domain.com.conf

Check Nginx syntax:

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

To implement the changes, restart Nginx webserver:

$ sudo systemctl restart nginx

Step 5: Get the Let’s Encrypt SSL certificate

To get the SSL certificate using the Certbot, type the command given below:

$ sudo certbot --nginx

You will be asked to provide your valid email address and accept the term of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Next, you’ll be asked if you want to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, write N.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Next, you will be asked to select the domain on which you want to install the Let’s Encrypt SSL:

Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your-domain.com
2: www.your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2023-04-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

You can now open your website using https://, and you’ll notice a green lock icon.

Step 6: Verifying Certbot Auto-Renewal

Verifying that Certbot’s auto-renewal is working correctly is an important step in ensuring that your website remains secure. You can verify Certbot’s auto-renewal by performing the following steps:

Check the Certbot Logs

The Certbot logs are the best place to start when verifying auto-renewal. The logs will contain information about any renewal attempts and any errors that may have occurred. You can access the Certbot logs by running the following command:

$ sudo cat /var/log/letsencrypt/letsencrypt.log

Test the Renewal Process

You can test the renewal process by manually running the Certbot renewal command. To do this, run the following command:

$ sudo certbot renew --dry-run

This will simulate a renewal attempt and will provide you with information about the outcome. If the renewal was successful, you should see a message indicating that the certificates were successfully renewed.

Check the Certificate Expiration Date

Finally, you can check the expiration date of your certificate to ensure that it has been renewed. You can do this by visiting your website and checking the certificate information in your browser’s security settings.

If you encounter any issues with the auto-renewal process, it is recommended that you reach out to the Let’s Encrypt community or consult the Certbot documentation for assistance.

Step 7: Revoking Let’s Encrypt certificates

To revoke a Let’s Encrypt SSL certificate, you can use the certbot revoke command.

First, stop your Nginx web server:

$ sudo systemctl stop nginx

Run the certbot revoke command, specifying the certificate you want to revoke:

$ sudo certbot revoke --cert-path /etc/letsencrypt/live/your-domain.com/fullchain.pem

Note: You’ll need to replace /etc/letsencrypt/live/your-domain.com/fullchain.pem with the actual path to your certificate file.

Start your web server again:

$ sudo systemctl start nginx

After revoking the certificate, the certificate will no longer be trusted by browsers and will no longer work for encrypting your website traffic.

This is useful if, for example, you need to transfer the domain to another owner or if you suspect that your private key has been compromised.

Comments and Conclusion

That’s it. Today, you had learn how to secure Nginx with Let’s Encrypt on Ubuntu 22.04.

If you have any questions or feedback, feel free to leave a comment.

How To Secure Apache with Let’s Encrypt on Ubuntu 22.04

Leave a reply

Let’s Encrypt is a free, automated, and open certificate authority (CA). Let’s Encrypt offer free 90-day SSL certificates.

Let’s Encrypt provide two types of certificates. The standard single-domain SSL and the Wildcard SSL, which covers not only a single domain, but all of its subdomains too.

In this tutorial, we will use Certbot a free, open-source software tool for automatically issuing the Let’s Encrypt SSL Certificate and verify that your certificate is set up to renew automatically.

Step 1: Update Operating System

Update your Ubuntu 22.04 operating system to make sure all existing packages are up to date:

$ sudo apt update && sudo apt upgrade -y

Step 2: Install Apache on Ubuntu 22.04

You can install Apache via apt package manager by executing the following command.

$ sudo apt install apache2

You can start the Apache service and configure it to run on startup by entering the following commands:

$ sudo systemctl start apache2
$ sudo systemctl enable apache2

Verify the status of the Apache service using systemctl status command:

$ sudo systemctl status apache2

Output:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running)
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 3170 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 3174 (apache2)
      Tasks: 12 (limit: 2200)
     Memory: 246.8M
        CPU: 18.104s
     CGroup: /system.slice/apache2.service
             ├─3174 /usr/sbin/apache2 -k start
             ├─3175 /usr/sbin/apache2 -k start
             ├─3176 /usr/sbin/apache2 -k start

Step 3: Install Certbot on Ubuntu 22.04

Now we install the Certbot client which is used to create Let’s Encrypt certificates:

$ sudo apt install certbot python3-certbot-apache

To verify the Certbot installation run:

$ certbot --version

Output:

certbot 1.21.0

Step 4: Configure Apache Web Server

Navigate to /etc/apache2/sites-available directory and run the following command to create a configuration file for your installation:

$ sudo nano /etc/apache2/sites-available/your-domain.conf

Add the following content:

<VirtualHost *:80>

ServerAdmin webmaster@your-domain.com

ServerName your-domain.com
ServerAlias www.your-domain.com
DocumentRoot /var/www/html/

<Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/your-domain.com_error.log
CustomLog ${APACHE_LOG_DIR}/your-domain.com_access.log combined

</VirtualHost>

Save the file and Exit.

Enable the Apache virtual host:

$ sudo a2ensite your-domain.conf

After that, restart the Apache web server.

$ sudo systemctl restart apache2

Step 5: Get the Let’s Encrypt SSL certificate

To get the SSL certificate using the Certbot, type the command given below:

$ sudo certbot --apache

You will be asked to provide your valid email address and accept the term of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Next, you’ll be asked if you want to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, write N.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Next, you will be asked to select the domain on which you want to install the Let’s Encrypt SSL:

Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your-domain.com
2: www.your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2023-03-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you have successfully installed SSL on your website.

You can now open your website using https://, and you’ll notice a green lock icon.

Step 6: Verifying Certbot Auto-Renewal

Let’s Encrypt certificates are valid for only ninety days. Installing Certbot will create a cronjob to renew any SSL certificate. You can run the command to check the status of the service.

$ sudo systemctl status certbot.timer

Output:

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Thu 2022-12-22 16:20:05 CDT;
    Trigger: Fri 2022-12-23 06:29:34 CST; 14h left
   Triggers: ● certbot.service

Optionally, you can test the renewal process using the following command. The –dry-run flag is for simulation:

$ sudo certbot renew --dry-run --agree-tos

Step 7: Revoking certificates

If you wish to remove a certificate from your server it can be revoked using a subcommand with Let’s Encrypt client. The command below can be used to revoke a particular certificate.

$ sudo certbot revoke --cert-path /etc/letsencrypt/live/your-domain.com/cert.pem

Note: Replace your-domain.com with the domain which certificate you wish to revoke.

The process does not give a confirmation upon completion, but if you perform it again you will get a message that the certificate has already been revoked.

Comments and Conclusion

Congratulations! You have successfully installed the Let’s Encrypt SSL certificate on your domain.

If you have any questions or feedback, feel free to leave a comment.