Difference between revisions of "Joomla 3"
(Add suggestion to force secure connections for remote users.) |
m (→Set the PHP version for the ibay: libmcrypt dependency is in epel repo) |
||
(7 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
− | |||
{{Level|Medium|These instructions assume familiarity with basic shell commands}} | {{Level|Medium|These instructions assume familiarity with basic shell commands}} | ||
[[Category:Howto|J]] [[Category:Webapps]] | [[Category:Howto|J]] [[Category:Webapps]] | ||
Line 7: | Line 6: | ||
[http://www.joomla.org/ Joomla!] is a powerful, flexible content management system (CMS) that is in wide use across the Internet. This How-To will cover configuration of the SME 9.0 server to support Joomla! 3, and installation of Joomla! 3 on the SME 9.0 server. It will not cover configuration or use of Joomla! itself; those subjects are covered by the Joomla! documentation and many other sources. | [http://www.joomla.org/ Joomla!] is a powerful, flexible content management system (CMS) that is in wide use across the Internet. This How-To will cover configuration of the SME 9.0 server to support Joomla! 3, and installation of Joomla! 3 on the SME 9.0 server. It will not cover configuration or use of Joomla! itself; those subjects are covered by the Joomla! documentation and many other sources. | ||
− | As of this writing, the most recent version of Joomla! 3 is 3.3.6. This version requires PHP 5.3.10 or greater, which is a greater version than installed by default with SME 9.0. | + | As of this writing, the most recent version of Joomla! 3 is 3.3.6. This version requires PHP 5.3.10 or greater, which is a greater version than installed by default with SME 9.0. To avoid potential conflicts with packages in SME server which depend on the stock version of PHP, you will use [[PHP Software Collections]] to install a newer version alongside the installed version. Install and configure that contrib before proceeding with these instructions. |
− | Installation of Joomla! involves creating an ibay to house Joomla!, creating a MySQL user for Joomla!, downloading and extracting the Joomla! package, and going through the Joomla! web setup. | + | Installation of Joomla! involves creating an ibay to house Joomla!, creating a MySQL user for Joomla!, downloading and extracting the Joomla! package, and going through the Joomla! web setup. In the text boxes below, commands you type will be in '''bold''', while any response from the system will be in normal print. |
===Create the ibay=== | ===Create the ibay=== | ||
Create an ibay for Joomla! to live in. You can call it anything you want, but I'll use joomla for this example. I used the following settings: | Create an ibay for Joomla! to live in. You can call it anything you want, but I'll use joomla for this example. I used the following settings: | ||
[[File:joomla_ibay.png]] | [[File:joomla_ibay.png]] | ||
+ | |||
If you expect to give remote users the ability to log in, you should probably set "Force secure connections" to "Enabled". | If you expect to give remote users the ability to log in, you should probably set "Force secure connections" to "Enabled". | ||
+ | |||
+ | ===Set the PHP version for the ibay=== | ||
+ | Browse to the PHP-SCL versions panel in the server manager (if you don't see it, return to the [[PHP Software Collections]] page and complete the installation). Select php55 as the version for your ibay. | ||
+ | |||
+ | You will also need to install a PHP module which doesn't come installed as a default. This also requires libmcrypt, which is available from the [[epel]] repository. So you need to enable the [[epel]] repository first, then: | ||
+ | yum install libmcrypt --enablerepo=epel | ||
+ | |||
+ | Then from the command line: | ||
+ | [root@e-smith ~]# '''yum --enablerepo=remi install php54-php-mcrypt php55-php-mcrypt php56-php-mcrypt''' | ||
===Create the MySQL user=== | ===Create the MySQL user=== | ||
Line 42: | Line 51: | ||
===Download and extract the Joomla! package=== | ===Download and extract the Joomla! package=== | ||
− | Download the Joomla! package | + | Download the Joomla! package to joomla/html and unzip it. You can do this from the command line like this (substituting the link for the most recent version). These commands will also move the .zip file out of your web-accessible space, and set ownership and permissions appropriately. |
[root@e-smith ~]# '''cd ~joomla/../html''' | [root@e-smith ~]# '''cd ~joomla/../html''' | ||
Line 72: | Line 81: | ||
===Security=== | ===Security=== | ||
− | + | Two possible security measures are to restrict access to the administration backend to users on your LAN, and to enable two-factor authentication. | |
− | [root@e-smith | + | ====Restrict access to backend==== |
+ | I wanted to restrict access to the administration backend to my LAN, so an outside user couldn't even get to the login page. To do this, I created a custom template fragment: | ||
+ | |||
+ | [root@e-smith ~]# '''mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf''' | ||
+ | [root@e-smith ~]# '''cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf''' | ||
+ | [root@e-smith httpd.conf]# '''nano -w 92Joomla''' | ||
The contents of the file look like this: | The contents of the file look like this: | ||
+ | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Joomla | ||
+ | <Directory /home/e-smith/files/ibays/'''joomla'''/html/administrator> | ||
Order Deny,Allow | Order Deny,Allow | ||
Deny from all | Deny from all | ||
− | Allow from 192.168. | + | Allow from 192.168.'''0'''.0/24 |
+ | </Directory> | ||
+ | |||
+ | You'll need to change the directory name to reflect your ibay name, and the "Allow" IP range to reflect your LAN IP address range. Then, expand the template and restart Apache: | ||
+ | |||
+ | [root@e-smith httpd.conf]# '''expand-template /etc/httpd/conf/httpd.conf''' | ||
+ | [root@e-smith httpd.conf]# '''service httpd-e-smith restart''' | ||
+ | Restarting httpd-e-smith [ OK ] | ||
+ | |||
+ | ====Enable two-factor authentication==== | ||
+ | Two-factor authentication allows you to use Google Authenticator, or any compatible app or device, to further secure your installation by requiring a six-digit PIN that changes every 30 seconds. You can require this for all users, or specific users. Enabling this is part of the Joomla! configuration, and is not discussed here. | ||
+ | |||
+ | ==Removing Joomla!== | ||
+ | |||
+ | To remove Joomla! from your system, you will need to remove the ibay, the database, the database user, and the httpd.conf template fragment, if you added one. | ||
+ | |||
+ | ===Remove the ibay=== | ||
+ | Remove the ibay using the server-manager | ||
+ | |||
+ | ===Remove the database and database user=== | ||
+ | [root@e-smith html]# '''mysql''' | ||
+ | mysql> '''revoke all privileges from joomla@localhost;''' | ||
+ | mysql> '''drop user joomla@localhost;''' | ||
+ | mysql> '''drop database joomla;''' | ||
+ | mysql> '''quit''' | ||
+ | |||
+ | ===Remove the httpd.conf template fragment=== | ||
+ | [root@e-smith html]# '''rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Joomla''' | ||
+ | [root@e-smith httpd.conf]# '''expand-template /etc/httpd/conf/httpd.conf''' | ||
+ | [root@e-smith httpd.conf]# '''service httpd-e-smith restart''' | ||
+ | Restarting httpd-e-smith [ OK ] | ||
− | --[[User:DanB35|DanB35]] ([[User talk:DanB35|talk]]) | + | --[[User:DanB35|DanB35]] ([[User talk:DanB35|talk]]) 23:54, 10 October 2014 (CEST) |
Latest revision as of 10:20, 13 March 2016
Installing Joomla! 3 on SME Server 9.0
Overview
Joomla! is a powerful, flexible content management system (CMS) that is in wide use across the Internet. This How-To will cover configuration of the SME 9.0 server to support Joomla! 3, and installation of Joomla! 3 on the SME 9.0 server. It will not cover configuration or use of Joomla! itself; those subjects are covered by the Joomla! documentation and many other sources.
As of this writing, the most recent version of Joomla! 3 is 3.3.6. This version requires PHP 5.3.10 or greater, which is a greater version than installed by default with SME 9.0. To avoid potential conflicts with packages in SME server which depend on the stock version of PHP, you will use PHP Software Collections to install a newer version alongside the installed version. Install and configure that contrib before proceeding with these instructions.
Installation of Joomla! involves creating an ibay to house Joomla!, creating a MySQL user for Joomla!, downloading and extracting the Joomla! package, and going through the Joomla! web setup. In the text boxes below, commands you type will be in bold, while any response from the system will be in normal print.
Create the ibay
Create an ibay for Joomla! to live in. You can call it anything you want, but I'll use joomla for this example. I used the following settings:
If you expect to give remote users the ability to log in, you should probably set "Force secure connections" to "Enabled".
Set the PHP version for the ibay
Browse to the PHP-SCL versions panel in the server manager (if you don't see it, return to the PHP Software Collections page and complete the installation). Select php55 as the version for your ibay.
You will also need to install a PHP module which doesn't come installed as a default. This also requires libmcrypt, which is available from the epel repository. So you need to enable the epel repository first, then:
yum install libmcrypt --enablerepo=epel
Then from the command line:
[root@e-smith ~]# yum --enablerepo=remi install php54-php-mcrypt php55-php-mcrypt php56-php-mcrypt
Create the MySQL user
You should set up a database user just for Joomla!, rather than using the root user. To do this, log in to your SME server as root and do the following:
[root@e-smith ~]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 110981 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> grant all on joomla.* to joomla@localhost identified by 'password'; Query OK, 0 rows affected (0.05 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) mysql> quit Bye
You should, of course, replace 'password' above with a secure password.
Download and extract the Joomla! package
Download the Joomla! package to joomla/html and unzip it. You can do this from the command line like this (substituting the link for the most recent version). These commands will also move the .zip file out of your web-accessible space, and set ownership and permissions appropriately.
[root@e-smith ~]# cd ~joomla/../html [root@e-smith html]# wget https://github.com/joomla/joomla-cms/releases/download/3.3.6/Joomla_3.3.6-Stable-Full_Package.zip [root@e-smith html]# unzip Joomla_3.3.6-Stable-Full_Package.zip [root@e-smith html]# rm index.html [root@e-smith html]# mv Joomla_3.3.6-Stable-Full_Package.zip ../files/ [root@e-smith html]# chown -R apache:www * [root@e-smith html]# find . -type f -exec chmod 644 {} \; [root@e-smith html]# find . -type d -exec chmod 755 {} \;
Configure Joomla! using its web installer
Using a web browser, browse to http://yourserver/joomla. The installer is pretty self-explanatory, as shown below:
If you receive an error message when you click on the "Remove installation folder" button, you may need to remove it from the command line, like this:
[root@e-smith html]# rm -rf installation
Now you can browse to your Joomla! site at http://yourserver/joomla. It should look like this:
You can go to the administration backend at http://yourserver/joomla/administrator. Once you log in with the admin user and password you specified in the installer, it should look like this:
Security
Two possible security measures are to restrict access to the administration backend to users on your LAN, and to enable two-factor authentication.
Restrict access to backend
I wanted to restrict access to the administration backend to my LAN, so an outside user couldn't even get to the login page. To do this, I created a custom template fragment:
[root@e-smith ~]# mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf [root@e-smith ~]# cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf [root@e-smith httpd.conf]# nano -w 92Joomla
The contents of the file look like this:
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Joomla <Directory /home/e-smith/files/ibays/joomla/html/administrator> Order Deny,Allow Deny from all Allow from 192.168.0.0/24 </Directory>
You'll need to change the directory name to reflect your ibay name, and the "Allow" IP range to reflect your LAN IP address range. Then, expand the template and restart Apache:
[root@e-smith httpd.conf]# expand-template /etc/httpd/conf/httpd.conf [root@e-smith httpd.conf]# service httpd-e-smith restart Restarting httpd-e-smith [ OK ]
Enable two-factor authentication
Two-factor authentication allows you to use Google Authenticator, or any compatible app or device, to further secure your installation by requiring a six-digit PIN that changes every 30 seconds. You can require this for all users, or specific users. Enabling this is part of the Joomla! configuration, and is not discussed here.
Removing Joomla!
To remove Joomla! from your system, you will need to remove the ibay, the database, the database user, and the httpd.conf template fragment, if you added one.
Remove the ibay
Remove the ibay using the server-manager
Remove the database and database user
[root@e-smith html]# mysql mysql> revoke all privileges from joomla@localhost; mysql> drop user joomla@localhost; mysql> drop database joomla; mysql> quit
Remove the httpd.conf template fragment
[root@e-smith html]# rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Joomla [root@e-smith httpd.conf]# expand-template /etc/httpd/conf/httpd.conf [root@e-smith httpd.conf]# service httpd-e-smith restart Restarting httpd-e-smith [ OK ]