How to install Magento with NGINX and Letsencrypt

If you have a need for an e-commerce solution in your data center, look no further than Magento. Find out how to install this flexible tool on Ubuntu Server 18.04.

magentohero.jpg
Image: Jack Wallen

In today's world, you cannot risk serving up your company websites without extra layers of security. I've demonstrated how to install the Magento e-commerce solution with Apache on Ubuntu Server 18.04 (See: How to install Magento on Ubuntu 18.04). That particular installation works fine, but it comes with a price: No Secure Sockets Layer (SSL).

I want to walk you through another path of installation, one that includes HTTPS. This process will opt for NGINX (over Apache) and uses letsencrypt for SSL.

SEE: Disaster recovery and business continuity plan (Tech Pro Research)

What you need

The only things you need for this installation are:

  • A Ubuntu Server 18.04 installation up and running.
  • A Fully Qualified Domain Name (FQDN).
  • A user account with sudo privileges.

I will demonstrate the set up using the domain example.com. You will need to substitute your FQDN anywhere you see example.com.

And with that, let's install.

Update/upgrade

First, update and upgrade your server. Do note that, should the kernel be updated in the process, a restart of the server will be required. Because of this, run the update/upgrade process during a time when an update is possible.

To run the update/upgrade process, log into your Ubuntu server and issue the following command:

sudo apt-update
sudo apt-get upgrade -y

Should your kernel be upgraded, reboot the server and get ready to install.

NGINX

Next, we need to install the NGINX web server. Back at your terminal window, issue the following command:

sudo apt-get install nginx -y

Once the installation completes, start and enable the web server with the following commands:

sudo systemctl start nginx
sudo systemctl enable nginx

PHP components

There are a number of PHP components that must be installed. In order to do this, first install a third-party repository. Do this with the following commands:

sudo apt install software-properties-common -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt-get update

Install the PHP components with the command:

sudo apt install php7.1-fpm php7.1-mcrypt php7.1-curl php7.1-cli php7.1-mysql php7.1-gd php7.1-xsl php7.1-json php7.1-intl php-pear php7.1-dev php7.1-common php7.1-mbstring php7.1-zip php7.1-soap php7.1-bcmath -y

Before continuing, PHP must be configured. There are two files that must be modified:

  • /etc/php/7.1/fpm/php.ini
  • /etc/php/7.1/cli/php.ini

For each file, make the following configuration edits:

memory_limit = 512M
max_execution_time = 180
zlib.output_compression = On

Restart and enable PHP FPM with the following commands:

sudo systemctl restart php7.1-fpm
sudo systemctl enable php7.1-fpm

MySQL server

Magento depends upon the MySQL server. Install this package with the command:

sudo apt install mysql-server mysql-client -y

Start and enable the service with the commands:

sudo systemctl start mysql
sudo systemctl enable mysql

Secure the MySQL installation with the command:

sudo mysql_secure_installation

Make sure to create a strong/unique password for the MySQL admin user and answer "yes" for the remaining questions.

It's time to create the necessary database. Log onto the MySQL prompt with the command:

sudo mysql -u root -p

Create the database and a new user with the commands:

CREATE DATABASE magentodb;
CREATE USER 'magentouser'@'localhost' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON magentodb.* TO 'magentouser'@'localhost' IDENTIFIED BY 'PASSWORD';
FLUSH PRIVILEGES;
exit

where PASSWORD is a strong/unique password.

PHP composer

PHP Composer must also be installed. For this, issue the command:

sudo apt install composer -y

Clone and install Magento

Let's grab the latest version of Magento. To do this, first install git (if not already installed) with the command:

sudo apt-get install git -y

Clone Magento with the command:

git clone https://github.com/magento/magento2.git

Change into the newly created directory with the command cd magento2 and install Magento with the command:

sudo composer install -v

SSL

It's now time to generate our SSL certificates. Before we can do this, we must first install Letsencrypt. Do this with the command:

sudo apt install letsencrypt -y

After that installation completes, stop NGINX with:

sudo systemctl stop nginx

Generate the SSL certificate with the command:

sudo certbot certonly --standalone -d example.com

When the above command completes, the certificates will be placed in /etc/letsencrypt/live/example.com/ (where example.com is your FQDN).

Configure NGINX

Create a new configuration file with the command:

sudo nano /etc/nginx/sites-available/magento

Paste the following into that file (remember to replace example.com with your FQDN):

upstream fastcgi_backend {
        server  unix:/run/php/php7.1-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
}

server {

        listen 443 ssl;
        server_name example.com;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        set $MAGE_ROOT /var/www/magento2;
        set $MAGE_MODE developer;
        include /var/www/magento2/nginx.conf.sample;
}

Save and close that file.

Activate the newly created site with the command:

sudo ln -s /etc/nginx/sites-available/magento /etc/nginx/sites-enabled/

Restart NGINX with the commands:

sudo systemctl restart php7.1-fpm
sudo systemctl start nginx

Finally, change the ownership of the magento2 directory with the command:

sudo chown -R www-data:www-data /var/www/magento2/

You can now point your browser to https://FQDN (where FQDN is your Fully Qualified Domain Name) and finish the Magento set up, via the web-based tool.

Ready to serve

And that's all there is to setting up the Magento e-commerce solution with NGINX and SSL. If you plan on selling products for your business, you owe it to your company and customers to do so over a secure HTTP (otherwise you risk the integrity of your security and reputation).

Also see