In order to install and access Magento web admin panel backend and the frontend website via HTTPS protocol that will secure the traffic for your clients, issue the following command to enable Apache web server SSL module and SSL site configuration file.
a2enmod ssl
a2ensite default-ssl.conf
Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the sample below:
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Also, make the following change to VirtualHost line to look like as shown in the below excerpt:
<VirtualHost *:443>
Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the example below.
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Finally, restart Apache daemon to apply all rules configured so far and visit your domain via HTTP protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, an error warning should be displayed in the browser.
systemctl restart apache2
Accept the warning in order to continue and be redirected to Apache default web page, as illustrated in the following image.
In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through firewall by issuing the following command.
ufw allow ‘WWW Full’
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
On the next step, we need to make some further changes to PHP default configuration file in order to assure that the following PHP variables are enabled and the PHP timezone setting is correctly configured and matches your system’s geographical location. Open /etc/php/7.0/apache2/php.ini file for editing and assure that the following lines are setup as follows. Also, initially, make a backup of PHP configuration file.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in the php.ini configuration file:
file_uploads = On memory_limit = 256M upload_max_file_size = 128M zlib.output_compression = Off #output_buffering = 4096 output buffering = Off date.timezone = Europe/Helsinki
Increase memory_limit variable as suitable to support large file attachments and replace the time.zone variable accordingly to your physical time by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php
If you want to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, as detailed below:
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Close the php.ini configuration file and check if the verify the end of PHP configuration file to check if the variables have been correctly added by issuing the below command.
tail /etc/php/7.0/apache2/php.ini
After you’ve made all changes explained above, restart apache daemon to apply the new changes by issuing the following command.
systemctl restart apache2
Finally, create a PHP info file by executing the following command and check if the PHP time zone has been correctly configured by visiting the PHP info script file from a browser at the following URL, as illustrated in the image below. Scroll down to date setting to check php time zone configuration.
echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php
Magento e-commerce web application stores different configurations, such as users, sessions, contacts, products, catalogs and others, in a RDBMS database. In this guide, we’ll configure Magento 2 platform to use MariaDB database as backend. Issue the following command to install MariaDB database and the PHP module needed to access mysql database.
apt install mariadb-server php7.0-mysql
After you’ve installed MariaDB, verify if the daemon is running and listens for connections on localhost, port 3306, by running the netstat command.
netstat –tlpn | grep mysql
Then, log in to MySQL console and secure MariaDB root account by issuing the following commands.
mysql -h localhost
use mysql; update user set plugin='' where user='root'; flush privileges; exit
On the next step, secure MariaDB by executing the script mysql_secure_installation provided by the installation packages from Debian stretch repositories. While running the script will ask a series of questions designed to secure MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the below command and assure you type yes to all questions asked in order to fully secure MySQL daemon. Use the below script output excerpt as a guide.
sudo mysql_secure_installation
In order to test MariaDB security, try logging in to the database from console with no root password. The access to the database should be denied if no password is provided for the root account. If the password is supplied, the log in process should be granted to MySQL console, as shown in the screenshot below.
mysql -h localhost -u root
mysql -h localhost -u root –p
Next, logged in to MariaDB database console, create a database for Magento application and a user with a password that will be used to manage the application database, by issuing the following commands. Replace the database name, user, and password accordingly.
mysql –u root -p
create database magentodb; grant all privileges on magentodb.* to 'magento_user'@'localhost' identified by 'strong_password'; flush privileges; exit
In order to apply all changes made so far, restart MySQL and Apache daemons and verify if daemons are running by issuing the following commands.
systemctl restart mysql apache2
systemctl status mysql apache2
After all system requirements are met for your e-commerce online shop installation, visit Magento 2 Community Edition download page at https://magento.com/tech-resources/download and download the latest zip archive in your system. We’ll use the Magento github source code zip archive in this tutorial to perform the installation from sources. The address of Magento 2 source code archives can be found at the following address https://github.com/magento/magento2/releases
wget https://github.com/magento/magento2/archive/2.2.1.zip
After the zip archive download finishes, extract Magento zip compressed archive and list the extracted files by issuing the following commands. In addition, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.
rm /var/www/html/index.html
rm /var/www/html/info.php
unzip 2.2.0.zip
ls
The installation files for Magento are located in magento2-2.2.0 directory. Issue the ls command to view upload directory files. Copy all the content of the upload directory to your web server document root path by issuing the following command. Also, make sure you copy all hidden files to the webroot path.
ls -al magento2-2.2.0/
cp -rf magento2-2.2.0/* /var/www/html/
cp -rf magento2-2.2.0/.ht* /var/www/html/
cp -rf magento2-2.2.0/.user* /var/www/html/
cp -rf magento2-2.2.0/.travis* /var/www/html/
cp -rf magento2-2.2.0/.php* /var/www/html/
After you’ve copied all required Magento installation files to your web server’s document root path, switch directory to webroot path and download Composer dependency management file for PHP, by issuing the commands below.
cd /var/www/html/
curl -sS https://getcomposer.org/installer | php
Copy composer.phar file to a local executable system path by issuing the following command.
cp composer.phar /usr/local/sbin/composer
Next, create a user account in your system named magento that will be used for installing Composer framework. Follow the interactive prompt to setup magento user account.
adduser magento
Make sure you grant composer user with full write privileges to web server document root path.
chown -R composer:composer /var/www/html/
Then, log in to system in magento user, change directory to Apache webroot path and install Composer dependency management for PHP by issuing the below commands.
su - composer
cd /var/www/html/
/usr/local/sbin/composer install
After the Composer framework has been installed in your web server document root path, where Magento installation files are located, log off composer user and log in back to system with root account.Then, execute the below commands in order to grant Apache runtime user with full write permissions to the web root path. Use the ls command to list permissions for application’s installed files located in the /var/www/html/ directory.
exit
su -
chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/
Now, proceed Magento 2 online shop installation process by opening a browser and navigate your server’s IP address or domain name or server FQDN via HTTPS protocol. On the first installation screen Magento installer will present you the license agreement, as shown in the below image. Hit on Agree and Setup Magento button to accept the license and continue the installation process.
Next, hit on Start Readiness Check button for the installer to start checking your server’s PHP version, extensions, file permissions and compatibility.
After all required PHP checks are completed with success, hit on the top Next button to continue the installation process.
In the next installation screen, add MySQL database address, name and credentials created earlier for Magento database and hit on top next button to continue.
On the next step, add the URL address of your Magento store and setup a magento admin address. You can also use the default address configured by the installer. Make sure you note down this address because you will needed it later to access Magento backend admin panel.
Also, click on the Advanced Options and check Use HTTPS for Magento Storefront and Use HTTPS for Magento Admin options. Leave the HTTPS store address as default and check Use Apache Web Server Rewrites and I want to use a Magento encryption key options. In Session Save select Files as illustrated in the below image and, then, hit the top Next button to complete this step and continue the installation process.
Next, select your store default time zone, currency and language and hit Next to continue.
On the next installation screen, add an admin account username and an e-mail address for your store and setup a strong password for this username. When you finish, hit top Next button to continue.
Finally, hit on Install Now button to start installing Magento 2 e-commerce platform in Debian and wait for the installation process to complete, as shown in the following screenshots.
After the installation completes, the installer will display Magento Admin information for your store, where you can find the addresses for accessing Magento Backend Administration panel, which will be used to manage your online shop, and Magento Frontend Store Address of your store, which will be displayed to your clients. Make sure you write down the address for accessing Magento Admin Panel or navigate to the link and make a bookmark of this link in your browser.
Hit in Launch Magento Admin button to be redirected to backend admin panel and log in with the credentials configured during the installation process.
After logging in to store admin panel, a warning message about invalid indexers will be displayed on top of the browser, as illustrated in the below image.
In order to get rid of this warning, return to your server’s console, log in with root account and issue the following command to secure your store etc directory [HIMANSHU: Not sure how to edit this].
chown -R root:www-data /var/www/html/app/etc/
Next, create a cron job owned by Apache runtime user with the configuration below.
crontab -u www-data -e
Crontab file excerpt:
* * * * * /usr/bin/php7.0 /var/www/html/bin/magento cron:run >> /var/www/html/var/log/magento.log
Afterwards, return to Magento web dashboard admin panel and check if the warning message has disappeared, as illustrated in the below screenshot.
In order to visit your Magento online store, navigate to your server IP address or domain name via the HTTPS protocol.
That’s all! You have successfully installed and configured Magento 2 e-commerce application in Debian 9.2. However, because the Apache HTTP server uses Self-Signed certificates to encrypt the traffic between the server and visitor’s browsers, a warning message will always be generated and displayed in visitors browsers. This warning is bad for your online shop business. In this case, you should buy a certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA.
For other custom configurations regarding Magento 2 e-commerce platform, visit the documentation page at the following address: http://devdocs.magento.com/