Blog

  • Home
  •   »  
    • Linux
  •   »  
  • How to Install Grav CMS on CentOS 7

How to Install Grav CMS on CentOS 7

Grav is a fast, simple, and flexible, file-based CMS platform. Grav comes with a powerful Package Management System to allow for simple installation and upgrading of plugins and themes, as well as simple updating of Grav itself.

The underlying architecture of Grav is designed to use well-established and best-in-class technologies to ensure that Grav is simple to use and easy to extend. Some of these key technologies include:

  • Twig Templating: for powerful control of the user interface
  • Markdown: for easy content creation
  • YAML: for simple configuration
  • Parsedown: for fast Markdown and Markdown Extra support
  • Doctrine Cache: layer for performance
  • Pimple Dependency Injection Container: for extensibility and maintainability
  • Symfony Event Dispatcher: for plugin event handling
  • Symfony Console: for CLI interface
  • Gregwar Image Library: for dynamic image manipulation

Requirements

Grav is intentionally designed with few requirements. Grav is built with plain text files for your content. There is no database needed.

Make sure your system meets the following requirements:

  • Web Server (Apache, Nginx, LiteSpeed, Lightly, IIS, etc.) We will use NGINX.
  • PHP version 7.1.3 or higher

Prerequisites

  • An operating system running CentOS 7.
  • A non-root user with sudo privileges.

Initial steps

Check your CentOS version:

cat /etc/centos-release
# CentOS Linux release 7.6.1810 (Core)

Set up the timezone:

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo yum update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo yum install -y curl wget vim git unzip socat bash-completion epel-release

Step 1 – Install PHP and necessary PHP extensions

Setup the Webtatic YUM repo:

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP, as well as the necessary PHP extensions:

sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-curl php72w-gd php72w-json php72w-mbstring php72w-xml php72w-zip php72w-opcache php72w-pecl-apcu

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .

Check the PHP version:

php --version

# PHP 7.2.17 (cli) (built: May 13 2019 18:03:04) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
# with Zend OPcache v7.2.17, Copyright (c) 1999-2018, by Zend Technologies

Start and enable PHP-FPM service:

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

Step 2 – Install acme.sh client and obtain Let’s Encrypt certificate ( optional )

Securing your forum with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain TLS certificate from Let’s Encrypt we will use acme.sh client. Acme.sh is a pure UNIX shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.

Download and install acme.sh:

sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~

Check acme.sh version:

acme.sh --version
# v2.8.0

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256

If you want fake certificates for testing you can add --staging flag to the above commands.

After running the above commands, your certificates and keys will be in:

  • For RSA/home/username/example.com directory.
  • For ECC/ECDSA/home/username/example.com_ecc directory.

To list your issued certs you can run:

acme.sh --list

Create a directory to store your certs. We will use /etc/letsencrypt directory.

mkdir -p /etc/letsecnrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc

Install/copy certificates to /etc/letsencrypt directory.

# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"

All the certificates will be automatically renewed every 60 days.

After obtaining certs exit from root user and return back to normal sudo user:

exit

Step 3 – Install and configure NGINX

Install NGINX:

sudo yum install -y nginx

Check the NGINX version:

nginx -v
# nginx version: nginx/1.12.2

Start and enable NGINX service:

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure NGINX for Grav. Run sudo vim /etc/nginx/conf.d/grav.conf and add the following configuration.

server {
  
  listen 80;
  listen 443 ssl;
  server_name example.com;
  root /var/www/grav;
  ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/example.com/private.key;
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
  index index.html index.php;
  
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  
  location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
  location ~* /(system|vendor)/.*.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
  location ~* /user/.*.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
  location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|.htaccess) { return 403; }

  location ~ .php$ {
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  }

}

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 4 – Install Grav CMS

Create a document root directory:

sudo mkdir -p /var/www/grav

Change ownership of the /var/www/grav directory to johndoe:

sudo chown -R johndoe:johndoe /var/www/grav

Navigate to the document root folder:

cd /var/www/grav

Download and unzip Grav:

wget https://getgrav.org/download/core/grav-admin/1.6.9
unzip 1.6.9
mv grav-admin/* .  mv grav-admin/.* .
rm -rf grav-admin 1.6.9

NOTE: Version 1.6.9 is the current version and may be different by the time you read this. Please check the Grav website for the latest information.

Change ownership of the /var/www/grav directory to nginx:

sudo chown -R nginx:nginx /var/www/grav

Run sudo vim /etc/php-fpm.d/www.conf and set user and group to nginx. Initially, it will be set to user and group apache:

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Restart the PHP-FPM service.

sudo systemctl restart php-fpm.service

Create /var/lib/php/session/ directory and change ownership to nginx:

sudo mkdir -p /var/lib/php/session/  sudo chown -R nginx:nginx /var/lib/php/session/

Open http://example.com in your web browser and follow the on-screen instructions. To access Grav admin append /admin to your URL.

Step 5 – Complete Grav setup

Links

Related Post

Popular Linux Distributions for Security Testing

How to create a jailed ssh user with Jailkit on Debian Wheezy

How to Install PowerDNS and Poweradmin on CentOS 7