How to Install Pico CMS with Nginx and Let’s Encrypt on CentOS 7
Pico is an open-source simple and fast flat-file CMS written in PHP. This means there is no administration backend and database to deal with. You simply create .md files in the content folder and that becomes a page. Pico uses the Twig templating engine, for powerful and flexible themes. Pico source code is available on Github. In this tutorial, we will install Pico CMS with Nginx on CentOS 7 system.
Requirements
Requirements for running Pico are:
- Nginx
- PHP version 5.3.6 or greater
- Composer
Prerequisites
- A CentOS 7 operating system.
- A non-root user with
sudo
privileges.
Initial steps
Check your CentOS version:
cat /etc/centos-release
# CentOS Linux release 7.6.1810 (Core)
Set up the timezone:
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:
sudo yum update -y
Install some essential packages that are necessary for basic administration of the CentOS operating system:
sudo yum install -y curl wget vim git unzip socat bash-completion epel-release
Step 1 – Install PHP
Setup the Webtatic YUM repo:
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP, as well as the necessary PHP extensions:
sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-curl php72w-gd php72w-json php72w-zip php72w-xml php72w-mbstring
To show PHP compiled in modules, you can run:
php -m
ctype
curl
exif
fileinfo
. . .
. . .
Check the PHP version:
php --version
# PHP 7.2.19 (cli) (built: Jan 12 2019 12:47:33) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
# with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies
Start and enable PHP-FPM service:
sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service
Step 2 – Install acme.sh
client and obtain Let’s Encrypt certificate (optional)
Securing your forum with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use acme.sh client. Acme.sh is a pure UNIX shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.
Download and install acme.sh:
sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~
Check acme.sh version:
acme.sh --version
# v2.8.2
Obtain RSA and ECC/ECDSA certificates for your domain/hostname:
# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256
If you want fake certificates for testing you can add --staging
flag to the above commands.
After running the above commands, your certificates and keys will be in:
- For RSA:
/home/username/example.com
directory. - For ECC/ECDSA:
/home/username/example.com_ecc
directory.
To list your issued certs you can run:
acme.sh --list
Create a directory to store your certs. We will use /etc/letsencrypt
directory.
mkdir -p /etc/letsecnrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc
Install/copy certificates to /etc/letsencrypt directory.
# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
All the certificates will be automatically renewed every 60 days.
After obtaining certs exit from root user and return back to normal sudo user:
exit
Step 3 – Install and configure NGINX
Download and install Nginx from the CentOS repository:
sudo yum install -y nginx
Check the Nginx version:
nginx -v
# nginx version: nginx/1.12.2
Start and enable Nginx service:
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
Configure NGINX for Pico CMS by running:
sudo vim /etc/nginx/conf.d/pico.conf
And populate the file with the following configuration:
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/pico;
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
index index.php;
location ~ ^/((config|content|vendor|composer.(json|lock|phar))(/|$)|(.+/)?.(?!well-known(/|$))) {
deny all;
}
location / {
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PICO_URL_REWRITING 1;
}
}
Check NGINX configuration for syntax errors:
sudo nginx -t
Reload NGINX service:
sudo systemctl reload nginx.service
Step 4 – Install Composer
Install Composer, the PHP dependency manager globally:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'a5c698ffe4b8e849a443b120cd5ba38043260d5c4023dbf93e1558871f1f07f58274fc6f4c93bcfd858c6bd0775cd8d1') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
Check the Composer version:
composer --version
# Composer version 1.9.0 2019-08-02 20:55:32
NOTE: Composer installation commands will change in the future, so check https://getcomposer.org/download/ for the most up to date commands if the above commands don’t work.
Step 5 – Install Pico CMS
Create a document root directory for Pico CMS:
sudo mkdir -p /var/www/pico
Change ownership of the /var/www/pico
directory to your_username
that you should have created before and you should be logged in as this user.
sudo chown -R your_username:your_username /var/www/pico
NOTE: Don’t forget to replace your_username with the name that you have chosen.
Navigate to the document root directory:
cd /var/www/pico
Download Pico with composer:
composer create-project picocms/pico-composer .
Provide the appropriate ownership:
sudo chown -R nginx:nginx /var/www/pico
Run sudo vim /etc/php-fpm.d/www.conf
and set the user and group to nginx
. Initially, they will be set to apache.
Run:
sudo vim /etc/php-fpm.d/www.conf
And set user and group to nginx, like below:
user = nginx
group = nginx
And finally, restart PHP-FPM service for these changes to take effect:
sudo systemctl restart php-fpm.service
You have successfully installed Pico CMS on CentOS 7 server. You can now simply create your own content folder in Pico’s root directory, create .md files in the content directory and those files become your pages.
Links
Đăng ký liền tay Nhận Ngay Bài Mới
Subscribe ngay
Cám ơn bạn đã đăng ký !
Lỗi đăng ký !
Add Comment