Concrete5 is a free open source content management system (CMS) written in PHP. Conceret5 is used for deploying powerful internet and intranets websites, similar to popular Joomla or Drupal CMS.

In this tutorial we’ll learn how to install and configure the latest version of Concrete5 platform on Debian 9 release.

Requirements

  • Debian 9 minimal installation on a bare-metal server machine or on a virtual private server.
  • Root access to the server.
  • A static IP address configured for one of your system network interfaces cards.
  • A domain name, private or public, depending on your deployment, with the proper DNS records configured for web services. If you don’t have a valid or a registered domain name you can perform the installation and access the website via your server IP address.
  • To use website registration, notifications or other CMS features, you should have a running mail server.

Prepare the server

Before we start installing Concrete5 on the server, we have to assure the system meets all the software requirements for compiling and installing the application. In the first step, update your system repositories and software packages by issuing the below commands.

apt update

apt upgrade

In the next step, execute the following command in order to install some necessary utilities that will be used to further manage your system from the command line.

apt install wget bash-completion curl zip unzip

Set the server hostname

After the system has been fully updated and the required utilities were installed, configure the hostname of your system by executing the following command. Replace your hostname variable accordingly, in this example, I will use www.myblog.com.

hostnamectl set-hostname www.myblog.com

Verify machine hostname by issuing the below command.

hostname –f

Finally, reboot Debian server in order to apply kernel updates and the hostname changes properly.

init 6

Install Apache and PHP

Concrete5 is a web based CMS platform written in PHP server-side programming language. In order to execute the PHP file scripts of the application, a web server, such as Apache HTTP server, and a PHP processing gateway must be installed and operational in the system.  In order to install Apache web server and the PHP interpreter with all required PHP modules, issue the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-opcache php-imagick php7.0-xml php7.0-gd php7.0-mbstring php7.0-mcrypt php7.0-zip php7.0-curl

After Apache and PHP have been installed, test if the web server is up and running.

netstat –tlpn

In case netstat network utility is not install by default in your Debian system, execute the below command to install it.

apt install net-tools

By inspecting the netstat command output, you can see that Apache web server is listening for incoming network connections on port 80.

Firewall Configuration

In case you have a firewall enabled on your server, such as UFW firewall application, you should add a new rule to allow HTTP traffic to pass through firewall by issuing the following command.

ufw allow WWW

If you’re using iptables raw rules to manage the Firewall, add the following rule to allow port 80 inbound traffic on the firewall so that visitors can browse the the website.

apt-get install -y iptables-persistent

iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT

iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl status netfilter-persistent

systemctl enable netfilter-persistent.service

Configure Apache Web Server

Next, enable the Apache rewrite module.

a2enmod rewrite

systemctl restart apache2

Finally, test if Apache web server default web page can be displayed in your client’s browser by visiting your Debian machine IP address or your domain name or server FQDN via HTTP protocol, as shown in the below image. If you don’t know your machine IP address, execute ifconfig or ip a command to reveal the IP address of your server.

http://your_domain.tld

Debian Default page

In order to install and access Concrete5 via HTTPS protocol that will secure the traffic for your clients, issue the following command to enable Apache web server SSL module and SSL site configuration file.

a2enmod ssl

a2ensite default-ssl.conf

Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the below sample:

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Also, make the following change to VirtualHost line to look like shown in the below excerpt:

        <VirtualHost *:443>

Configure apache rewrite rules

Close the SSL Apache file and open /etc/apache2/sites-enabled/000-default.conf file for editing. Add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the below example.

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Configure apache default configuration file

Finally, restart Apache daemon to apply all rules configured so far and visit your domain via HTTP protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, the certificate is untrusted by the browser, an error warning should be displayed in the browser.

systemctl restart apache2

https://yourdomain.tld

SSL warning shown in the Browser

Accept the warning in order to accept the untrusted certificate and continue to be redirected to Apache default web page, as illustrated in the below image.

Apache accessible by secure HTTPS protocol

In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through firewall by issuing the following command.

ufw allow ‘WWW Full’

If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.

iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl status netfilter-persistent

Configure PHP

In the next step, we need to make some further changes to PHP default configuration file in order to assure that the following PHP variables are enabled and the PHP timezone setting is correctly configured and matches your system geographical location.  Open /etc/php/7.0/apache2/php.ini file for editing and assure that the following lines are setup as follows. Also, initially, make a backup of PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}

nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in php.ini configuration file:

file_uploads = On
memory_limit = 128M
max_execution_time = 1800
upload_max_filesize = 100M
date.timezone = Europe/London

Increase upload_max_file_size variable as suitable to support large file attachments and replace the date.timezone variable accordingly to your physical time by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php

If you want to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, below [opcache] line, as detailed below:

[opcache]
opcache.enable=1 
opcache.enable_cli=1 
opcache.interned_strings_buffer=8 
opcache.max_accelerated_files=10000 
opcache.memory_consumption=128 
opcache.save_comments=1
opcache.revalidate_freq=1

After you’ve made all changes explained above, restart apache daemon to apply the new changes by issuing the following command.

systemctl restart apache2

Finally, create a PHP info file by executing the following command and check if the PHP time zone has been correctly. Open the PHP info script URL from a web browser as illustrated in the below image. Scroll down to date setting to check php time zone configuration.

echo ‘<?php phpinfo(); ?>’| tee /var/www/html/info.php

https://yourdomain.tld/info.php

PHP info output

Install MariaDB database server

Concrete5 CMS web stores users, sessions, articles and other data, in a database.  In this guide, we’ll configure Concrete5 CMS to use a MariaDB database as backend. Issue the below command to install MariaDB database and the PHP module needed to access the database.

apt install mariadb-server php7.0-mysql mariadb-client

After you’ve installed MariaDB, verify if the daemon is running and listens for connections on localhost, port 3306, by running netstat command.

netstat –tlpn | grep mysql

Then, log in to MySQL console and secure MariaDB root account by issuing the following commands.

mysql -h localhost

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> use mysql;

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [mysql]> update user set plugin=” where user=’root’;

Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit

Bye

In the next step, secure MariaDB by executing the script mysql_secure_installation. While running, the script will ask a series of questions designated to secure the MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the below command and assure you type yes to all questions asked in order to fully secure MySQL daemon. Use the below script output except as a guide.

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current

password for the root user.  If you’ve just installed MariaDB, and

you haven’t set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

You already have a root password set, so you can safely answer ‘n’.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 … Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] y

 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y

 … Success!

By default, MariaDB comes with a database named ‘test’ that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] y

 – Dropping test database…

 … Success!

 – Removing privileges on test database…

 … Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] y

 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

In order to test MariaDB security, try to log in to the database from the console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:

mysql -h localhost -u root

ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)

If the password is supplied, the login process should be granted to MySQL console, as shown in the command sample:

mysql -h localhost -u root -p

Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> exit

Bye

Next, login to MariaDB database console, create a database for the Concrete5 application and a user with a password that will be used to manage the application database. Replace the database name, user and password accordingly.

mysql –u root -p

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> create database concrete_db;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on concrete_db.* to ‘cuser’@’localhost’ identified by ‘password1234’;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

Bye

In order to apply all changes, restart MySQL and Apache daemons and verify if daemons are running by issuing the following commands.

systemctl restart mysql apache2

systemctl status mysql apache2

Install Concrete5 CMS

After all system requirements are met, visit Concrete5 download page at http://www.concrete5.org/download and download the latest zip archive onto your system by issuing the below command.

cd /tmp
wget https://core-releases.s3-us-west-2.amazonaws.com/9815/1317/5540/concrete5-8.3.0.zip

After the zip archive download finished, extract Concrete5 zip archive to your current working directory and list the extracted files by issuing the below commands. Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.

unzip concrete5-8.3.0.zip

rm /var/www/html/index.html

rm /var/www/html/info.php

The installation files for Concrete5 are located in your current working directory in concrete5-8.3.0 directory. Issue ls command to list this directory files.

ls concrete5-8.3.0

Copy all the content of the Concrete5 extracted directory to your web server document root path by issuing the following command.

cp -fr concrete5-8.3.0/* /var/www/html/

Next, execute the below commands in order to grant Apache runtime user with full write permissions to the web root path. Use ls command to list permissions for application’s installed files located in /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/

ls –al /var/www/html/

 Set file permissions

Proceed with Concrete5 installation process by opening a browser and navigate to your server’s IP address or domain name via HTTPS protocol. On the first installation screen, Concrete5 installer will ask you to choose your Language. Select the appropriate language from the list and hit the right arrow button in order to start the installation process, as illustrated in the below screenshot.

https://yourdomain.tld

Choose installation language

Now the installer will check the installation environment in order to detect if all requirements for installing the application are met. If all required items and Optional Items are the green, hit on below Continue the Installation button to move to the next step, as illustrated in the below image.

Check system requirents

In the next installation screen, choose a name for your website, add your email address for the Administrator account and a strong password. Select Full Site as Starting Point and supply MySQL database server address (usually localhost if the database is installed on the same node), the username and the password needed to access Concrete5 database and the database name created for Concrete5 installation. After you write all required database information, hit on Install concrete5 button to move to the next installation screen. Use the below screenshot as a guide for this step.

Configure database and website details

Wait for the installation process to complete, as shown in the below screenshot.

Wait until Concrete5 is installed

After the installation process of Concrete5 completed, hit on Edit Your Site button in order to start setting up your website.

Installation complete

You will first be redirected to the main screen of Concrete5 CMS, where a pop-up window will present a help page from where you will learn the basics of administering the application.

Help page

In order to further configure Concrete5 CMS, hit on the top right button to open the application dashboard from where you can set-up your blog, as shown in the below screenshot.

Concrete5 dashboard

In order to visit your website frontend, navigate to your server IP address or domain name via HTTPS protocol, as shown in the below example, and the main page of the Concrete5 website should be displayed in your browser.

https://yourdomain.tld

Concrete5 website installed

To visit Concrete5 admin dashboard panel, navigate to your server IP address or domain name via HTTPS protocol to /index.php/login URL. Supply the admin account username and password created for your website during the installation process in order to log in to Concrete5 CMS dashboard.

https://yourdomain.tld/index.php/login

Sign-in to the CMS

To secure Concrete5 CMS, return to your server console and execute the below commands to grant Apache HTTP server the write permissions only to some specific parts of the application files.

chown -R root /var/www/html/
chown -R www-data /var/www/html/application/files/
chown -R www-data /var/www/html/application/config/
chown -R www-data /var/www/html/packages/
chown -R www-data /var/www/html/updates/
chown -R root:root /var/www/html/application/config/database.php

Finally, to force visitors to browse the website and to securely access the backend interface via HTTPS protocol that encrypts the traffic between the server and client browsers, return to your server’s terminal and create a .htaccess file in your website document root path, by issuing the below command.

nano /var/www/html/.htaccess

Edit the .htaccess file. At the bottom of the file you, can change the native PHP server settings with the below configurations. Modify the PHP settings to match your own server resources and configurations.

.htaccess file excerpt:

# Modify PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

Finally, add the below rules in the .htaccess file in order to automatically redirect domain traffic to HTTPS and disable webroot directory indexing.

# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Options -Indexes
</IfModule>

That’s all! You have successfully installed and configured Concrete5 CMS platform on a Debian 9 server. However, because Apache HTTP server uses Self-Signed certificates to encrypt the traffic between the server and visitor’s browsers, a warning message will always be generated and displayed in their browsers. This warning is bad for your website reputation and SEO. In this case, you should buy a certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA.

Links

For other custom configurations regarding Concrete5, visit the documentation page at the following address:  https://documentation.concrete5.org/

How to Install Concrete5 CMS on Debian 9