Pre-Requirements<\/h2>\n
In the first step, log in to your Debian server with root account or with an account with root privileges gained via sudo utility and install utilities such as zip, unzip (to decompress zip archives), curl and wget (download online files) and bash-completion command line auto-completer. Issue the following commands in order to install all these utilities in one-shot.<\/p>\n
su –<\/p>\n
apt install bash-completion zip unzip curl wget<\/p>\n
In the next step, configure a descriptive name for your machine to reflect the destination of this server by executing the following command. Replace your hostname variable accordingly.<\/p>\n
hostnamectl set-hostname www.myblog.com<\/p>\n
You can check the machine hostname and the record in system hosts file by issuing the below commands.<\/p>\n
hostnamectl<\/p>\n
cat \/etc\/hostname<\/p>\n
hostname \u2013s<\/p>\n
hostname \u2013f<\/p>\n
Before rebooting the server, first assure the system is up-to-date with the latest security patches, kernel updates, repositories and software packages by issuing the following command.<\/p>\n
apt update<\/p>\n
apt upgrade<\/p>\n
After the update process completes, reboot your Debian machine in order to apply all kernel updates and the hostname changes properly.<\/p>\n
systemctl reboot<\/p>\n
Install Apache and PHP<\/h2>\n
As said in the introduction, Bolt CMS is a web-based content management platform that is written in PHP server-side programming language and must be deployed on top of a LAMP stack. First, we\u2019ll start by installing Apache HTTP server and the PHP interpreter alongside some required PHP extensions that are required by Bolt CMS to properly run. To install the web server component and the PHP programming language with all required modules, issue the following command in your server console with root privileges.<\/p>\n
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-xml php7.0-cli php7.0-curl php7.0-zip php7.0-bcmath php-imagick php7.0-xmlrpc php7.0-intl<\/p>\n
Next, check if all installed PHP modules are enabled in your system by executing the following command.<\/p>\n
php7.0 \u2013m<\/p>\n
Install MariaDB<\/h2>\n
The next component that is missing is the RDBMS database. In this tutorial, we\u2019ll install Bolt CMS with MariaDB database server as backend. Bolt CMS web application uses MariaDB database to store different website configurations, users, sessions and other various data. To install MariaDB database server and client and the PHP MySQL extension in Debian 9, issue the below command in your server console.<\/p>\n
apt install mariadb-server mariadb-client php7.0-mysql<\/p>\n
After MariaDB installation completes, check if the database daemon is up and running in your machine and listens for incoming connections on localhost, port 3306, by running netstat<\/b><\/strong> or ss<\/b><\/strong> command.<\/p>\n netstat \u2013tlpn | grep mysql<\/p>\n Or<\/p>\n ss \u2013tlpn | grep mysql<\/p>\n If netstat<\/b><\/strong> network utility is not install by default in your Debian system, execute the following command to install it.<\/p>\n apt install net-tools<\/p>\n By default, MySQL database server is not sufficiently secured in Debian 9. The database root account can be accessed by supplying a password. To secure the database server, first log in to MySQL console and execute the below commands to secure MariaDB root account.<\/p>\n mysql -h localhost<\/p>\n Your MariaDB connection id is 2<\/p> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1<\/p> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.<\/p> Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.<\/p><\/pre>\n MariaDB [(none)]> <\/i><\/em>use mysql;<\/p>\n You can turn off this feature to get a quicker startup with -A<\/p> Database change<\/p><\/pre>\n MariaDB [mysql]> <\/i><\/em>update user set plugin=” where user=’root’;<\/p>\n Rows matched: 1 Changed: 1 Warnings: 0<\/p><\/pre>\n MariaDB [mysql]> flush privileges;<\/p>\n MariaDB [mysql]> exit<\/p>\n After we\u2019ve enforced the database root account to use a password, further secure MariaDB server by executing the script mysql_secure_installation<\/b><\/strong> provided by the installation packages from Debian stretch repositories. While running the script will ask a series of questions designed to secure MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the below command and setup a strong password for database root account and assure you type yes<\/i><\/b><\/em><\/strong> to all questions asked, as shown in the below excerpt.<\/p>\n mysql_secure_installation<\/p>\n SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!<\/p> In order to log into MariaDB to secure it, we'll need the current<\/p> password for the root user. If you've just installed MariaDB, and<\/p> you haven't set the root password yet, the password will be blank,<\/p> so you should just press enter here.<\/p> Enter current password for root (enter for none):<\/p> OK, successfully used password, moving on...<\/p> Setting the root password ensures that nobody can log into the MariaDB<\/p> root user without the proper authorisation.<\/p> You already have a root password set, so you can safely answer 'n'.<\/p> Change the root password? [Y\/n] y<\/p> New password:<\/p> Re-enter new password:<\/p> Password updated successfully!<\/p> Reloading privilege tables..<\/p> ... Success!<\/p> By default, a MariaDB installation has an anonymous user, allowing anyone<\/p> to log into MariaDB without having to have a user account created for<\/p> them. This is intended only for testing, and to make the installation<\/p> go a bit smoother. You should remove them before moving into a<\/p> production environment.<\/p> Remove anonymous users? [Y\/n] y<\/p> ... Success!<\/p> Normally, root should only be allowed to connect from 'localhost'. This<\/p> ensures that someone cannot guess at the root password from the network.<\/p> Disallow root login remotely? [Y\/n] y<\/p> ... Success!<\/p> By default, MariaDB comes with a database named 'test' that anyone can<\/p> access. This is also intended only for testing, and should be removed<\/p> before moving into a production environment.<\/p> Remove test database and access to it? [Y\/n] y<\/p> - Dropping test database...<\/p> ... Success!<\/p> - Removing privileges on test database...<\/p> ... Success!<\/p> Reloading the privilege tables will ensure that all changes made so far<\/p> will take effect immediately.<\/p> Reload privilege tables now? [Y\/n] y<\/p> ... Success!<\/p> Cleaning up...<\/p> All done! If you've completed all of the above steps, your MariaDB<\/p> installation should now be secure.<\/p> Thanks for using MariaDB!<\/p><\/pre>\n After the script completes, log in to the database from console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:<\/p>\n mysql -h localhost -u root<\/p>\n If the password is supplied, the login process should be granted to MySQL console, as shown in the command sample. Type exit to leave the database console.<\/p>\n mysql -h localhost -u root -p<\/p>\n Welcome to the MariaDB monitor. Commands end with ; or \\g.<\/p> Your MariaDB connection id is 15<\/p> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1<\/p> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.<\/p> Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.<\/p><\/pre>\n MariaDB [(none)]> <\/i><\/em>exit<\/i><\/em><\/p>\n After all LAMP components have been installed, test if the web server is up and running and listening for network connections on port 80 by issuing the following command with root privileges.<\/p>\n netstat \u2013tlpn<\/p>\n <\/b><\/strong>By inspecting the netstat command output you can see that the Apache web server is listening for incoming network connections on port 80. For the same task you can also use the ss<\/b><\/strong> command, which is automatically installed, by default, in Debian 9.<\/p>\n ss- tulpn<\/p>\n In case you have a firewall enabled in your system, such as UFW firewall application, you should add a new rule to allow HTTP traffic to pass through firewall by issuing the following command.<\/p>\n ufw allow WWW<\/p>\n or<\/p>\n ufw allow 80\/tcp<\/p>\n <\/b><\/strong>You should also allow SSH traffic to pass through UFW firewall in case of remote connections to the server.<\/p>\n ufw allow 22\/tcp<\/p>\n <\/b><\/strong> apt-get install -y iptables-persistent<\/p>\n iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT<\/p>\n netfilter-persistent save<\/p>\n systemctl restart netfilter-persistent<\/p>\n systemctl status netfilter-persistent<\/p>\n systemctl enable netfilter-persistent.service<\/p>\n <\/b><\/strong>In case you\u2019re connected to Debian server remotely via SSH, you should first add the following rule to allow SSH traffic to pass through iptables firewall. Otherwise you will be locked-up, because the firewall will start dropping all incoming traffic to port 22.<\/p>\n iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT<\/p>\n netfilter-persistent save<\/p>\n systemctl restart netfilter-persistent<\/p>\n After you\u2019ve added the required firewall rules, you should test if Apache web server is reachable in your network, by opening a browser and visiting your Debian machine IP address or your domain name or server FQDN via HTTP protocol. If incoming connections are allowed to port 80 the default web page should be displayed in your clients browsers. If you don\u2019t know your machine IP address, execute ifconfig<\/b><\/strong> or ip a<\/b><\/strong> command\u00a0to reveal the IP address of your server.<\/p>\n http:\/\/your_domain.tld<\/span><\/strong><\/em><\/p>\n cp \/etc\/php\/7.0\/apache2\/php.ini{,.backup}<\/p>\n nano \/etc\/php\/7.0\/apache2\/php.ini<\/p>\n <\/b><\/strong>Search, edit and change the following variables in php.ini<\/b><\/strong> configuration file:<\/p>\n Increase the upload_max_file_size<\/b><\/strong> variable as suitable to support large file attachments if that\u2019s the case and replace the date.timezone<\/i><\/b><\/em><\/strong> variable accordingly to your geographical time by consulting the list of time zones provided by PHP docs at the following link http:\/\/php.net\/manual\/en\/timezones.php<\/span><\/span><\/a><\/span><\/p>\n In order to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, below the [opcache]<\/i><\/b><\/em><\/strong> statement, as detailed here:<\/p>\n nano \/etc\/php\/7.0\/apache2\/php.ini<\/p>\n After you\u2019ve modified all the lines described below, close the php.ini<\/i><\/b><\/em><\/strong> configuration file and check if the OPCache variables have been correctly added by issuing the below command.<\/p>\n grep opcache \/etc\/php\/7.0\/apache2\/php.ini<\/p>\n Next, we need to enable Apache rewrite and TLS modules in order to force the visitors to securely browse the website via HTTPS protocol. The TSL module will secure the traffic between the server and your client browsers with a Self-Signed Certificate automatically issued by Apache. You should also activate Apache SSL configuration file for TLS module to work properly. Execute the following command to activate all required configurations.<\/p>\n a2enmod ssl rewrite<\/p>\n a2ensite default-ssl.conf<\/p>\n After we\u2019ve enabled rewrite and TLS modules, open Apache default SSL site configuration file with a text editor and add the URL rewrite rules code lines after DocumentRoot<\/i><\/b><\/em><\/strong> directive, as shown in the below sample. Also, change DocumentRoot <\/i><\/b><\/em><\/strong>path to \/var\/ww\/html\/public<\/i><\/b><\/em><\/strong>.<\/p>\n nano \/etc\/apache2\/sites-enabled\/default-ssl.conf<\/p>\n SSL site configuration file excerpt:<\/p>\n Close the SSL Apache file and also open \/etc\/apache2\/sites-enabled\/000-default.conf<\/b><\/strong> file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot<\/b><\/strong> statement as shown in the below example. Also, modify DocumentRoot <\/i><\/b><\/em><\/strong>path to point to \/var\/ww\/html\/public <\/i><\/b><\/em><\/strong>directory.<\/p>\n After you\u2019ve made all changes explained above you need to restart Apache daemon to apply all rules.<\/p>\n systemctl restart apache2<\/p>\n Finally, open a browser and visit your domain name or IP address of the server via HTTP protocol. Because you\u2019re using the automatically Self-Signed certificates pairs issued by Apache at installation, a certificate that is untrusted by the browser, an error warning should be displayed in the browser. Accept the warning in order to accept the untrusted certificate and continue to be redirected to Apache default web page.<\/p>\n https:\/\/yourdomain.tld<\/span><\/em> <\/b><\/strong><\/p>\n If the UFW firewall application blocks incoming network connections to HTTPS port, insert a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.<\/p>\n ufw allow \u2018WWW Full\u2019<\/p>\n or<\/p>\n ufw allow 443\/tcp<\/p>\n If iptables<\/i><\/em> is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.<\/p>\n iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT<\/p>\n netfilter-persistent save<\/p>\n systemctl restart netfilter-persistent<\/p>\n Finally, create a PHP info file in web server webroot path by executing the following command.<\/p>\n echo ‘<?php phpinfo(); ?>’| tee \/var\/www\/html\/public\/info.php<\/p>\n Visit the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to date<\/b><\/strong> setting to check PHP time zone configuration. The timezone settings should reflect your PHP geographical location configured earlier.<\/p>\n https:\/\/domain.tld\/info.php<\/span><\/strong><\/em><\/p>\n Next, login into MariaDB database console and create the Bolt CMS database and a user with a password that will be used to manage the website database from localhost, by issuing the following commands. Replace the database name, user and password accordingly.<\/p>\n mysql \u2013u root -p<\/p>\n Your MariaDB connection id is 305<\/p> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1<\/p> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.<\/p> Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.<\/p><\/pre>\n MariaDB [(none)]> CREATE DATABASE bolt_db;<\/p>\n MariaDB [(none)]> grant all privileges on bolt_db.* to ‘bolt_user’@’localhost’ identified by ‘password1234’;<\/p>\n MariaDB [(none)]> flush privileges;<\/p>\n MariaDB [(none)]> exit<\/p>\n After all system requirements are met to install the Bolt CMS application, visit Bolt official download page at https:\/\/bolt.cm\/pages\/download<\/span><\/span><\/a><\/span> and grab the latest zip compressed archive in your system by issuing the below command.<\/p>\n wget <\/i><\/em>https:\/\/bolt.cm\/distribution\/bolt-latest.zip<\/span> <\/i><\/em><\/p>\n After the zip archive download finishes, extract Bolt CMS zip archive file to your current working directory and list the extracted files by issuing the below commands. Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.<\/p>\n unzip bolt-latest.zip<\/p>\n ls bolt-[TAB]<\/p>\n rm \/var\/www\/html\/index.html<\/p>\n rm \/var\/www\/html\/public\/info.php<\/p>\n <\/b><\/strong> cp -rf bolt-v3.4.4\/* \/var\/www\/html\/<\/p>\n cp -rf bolt-v3.4.4\/.bolt.yml.dist \/var\/www\/html\/bolt.yml<\/p>\n <\/b><\/strong>Next, execute the following commands in order to grant Apache runtime user with full write permissions to the web root path. Use ls<\/b><\/strong> command to list permissions for application\u2019s installed files, located in \/var\/www\/html\/ directory.<\/p>\n chown -R www-data:www-data \/var\/www\/html\/<\/p>\n ls -al \/var\/www\/html\/<\/p>\n Next, open Bolt CMS configuration file and add MySQL database connection information, as shown in the following file excerpt:<\/p>\n nano \/var\/www\/html\/app\/config\/config.yml<\/p>\n <\/b><\/strong>config.yml <\/b><\/strong>file sample:<\/p>\n Save and close the Bolt CMS configuration file, enter the \/var\/www\/html<\/strong> directory and install PHP Composer dependency manager software by issuing the below commands.<\/p>\n cd \/var\/www\/html\/<\/p>\n mv composer.json.dist composer.json<\/p>\n curl -sS https:\/\/getcomposer.org\/installer | php<\/p>\n php7.0 composer.phar install<\/p>\n After Composer has been installed, open a browser and navigate to your server IP address or domain name via HTTPS protocol. On the first installation screen, create the first Bolt CMS username, add a strong password for this user and provide the e-mail address and the display name for Bolt admin account. When you finish, hit on Create the first user<\/em> button to save changes.<\/p>\n After creating the Bolt admin username, you will be redirected to Bolt CMS admin dashboard, from where you can start further set-up of the application or add some website content.<\/p>\n In order to visit Bolt CMS frontend page, open a browser and navigate to your domain name or server IP address via HTTPS protocol.<\/p>\n https:\/\/www.yourdomain.tld<\/span><\/strong><\/em><\/p>\n The backend admin panel of Bolt CMS can be accessed at the following URL. To log in, supply the username and password configured for the initial account during the installation process.<\/p>\n https:\/\/www.yourdomain.tld\/bolt\/login<\/strong><\/em><\/p>\n Finally, to force visitors to securely browse the Bolt CMS interface via HTTPS protocol, return to your server\u2019s console and edit the .htaccess<\/i><\/em> file located in public directory document root path, by issuing the below command.<\/p>\n nano \/var\/www\/html\/public\/.htaccess<\/p>\n Here, search for the line that starts with <\/IfModule mod_rewrite.c><\/i><\/b><\/em><\/strong> opening tag and add the below lines after RewriteEngine on<\/strong> directive.<\/p>\n At the bottom of the file, you can tamper PHP server settings to match your own server resources and configurations, as shown in the example below.<\/p>\n Congratulations! You have successfully installed the modern Bolt CMS application in Debian 9 server. In order to further customize the application, visit Bolt CMS documentation page at the following address: https:\/\/docs.bolt.cm\/3.4\/getting-started\/introduction<\/span><\/span><\/a><\/span><\/p>\n Share this page:<\/b><\/p>\n \n Bolt CMS is a simple and flexible open source Content Management System that is written in PHP programming language and can be successfully deployed in Linux under Apache\/Nginx web servers, PHP and MySQL\/MariaDB database management system, also known as LAMP or LEMP stack. In this tutorial, we\u2019ll learn how to install and configure the latest …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-6914","post","type-post","status-publish","format-standard","hentry","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/6914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=6914"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/6914\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=6914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=6914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=6914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Welcome to the MariaDB monitor. Commands end with ; or \\g.
Reading table information for completion of table and column names
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)<\/i><\/em><\/pre>\n
Bye<\/i><\/em><\/pre>\n
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)<\/i><\/em><\/pre>\n
Enter password:
Bye<\/i><\/em><\/pre>\n
Configure the Firewall<\/h2>\n
Configure Apache and PHP<\/h2>\n
file_uploads = On
[opcache]
DocumentRoot \/var\/www\/html\/public
DocumentRoot \/var\/www\/html\/public
![\"Apache](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9.png\" "\\"\\"")
<\/a><\/p>\n![\"Date](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-1.png\" "\\"\\"")
<\/a><\/span><\/span><\/span><\/p>\nWelcome to the MariaDB monitor. Commands end with ; or \\g.
Query OK, 1 row affected (0.00 sec)<\/i><\/em><\/pre>\n
Query OK, 0 rows affected (0.00 sec)<\/i><\/em><\/pre>\n
Query OK, 0 rows affected (0.00 sec)<\/i><\/em><\/pre>\n
Bye<\/i><\/em><\/pre>\n
Install Bolt CMS<\/h2>\n
database:
![\"config.yml\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-2.png\" "\\"\\"")
<\/a><\/p>\nAll settings correct for using Composer
Do not run Composer as root\/super user! See https:\/\/getcomposer.org\/root for details
![\"Bolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-3.png\" "\\"\\"")
<\/a><\/p>\n![\"Bolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-4.png\" "\\"\\"")
<\/a><\/p>\n![\"Bolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-5.png\" "\\"\\"")
<\/a><\/span><\/span><\/span><\/p>\n![\"Bolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-6.png\" "\\"\\"")
<\/a><\/p>\n# Redirect to HTTPS
php_value session.use_trans_sid 0
![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-7.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-8.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-9.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/09\/how-to-install-bolt-cms-on-debian-9-10.png\" "\\"\\"")
<\/a>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"