MAGENTO INSTALLATION SERVICES POWERED BY NGINX

MAGENTO INSTALLATION SERVICES POWERED BY NGINX

This guide has been written for a competent developer or server administrator to set up the Magento webshop. The installation instructions assume you have fully qualified and recent Ubuntu server at hand, with root access. Besides the tips described in this manual, ITsyndicate’s system administrators and developers elaborated automated installation of Magento websites. Please, contact us to find out more details about automated Magento installation services.

One of the first things to do before installing any server software, to an Ubuntu, or any other Linux server is to ensure that the operating system itself is up to date. Run the updates you would need to issue the apt-get commands update and upgrade. The former will update the local cache of list of software available, and the latter will actually trigger the upgrade to be performed.

So, in most of the cases one would log into the console as root and hit

apt-get --yes update && apt-get --yes upgrade

After a successful upgrade/update cycle you might need or just want to reboot the server to make sure everything is set up. For example many recent Debian include kernel or bootloader updates, and those would only become in effect after reboot. However they might not be relevant to the upcoming Magento installation with NginX web server, but were good for the health of the server generally.

From now on, we don’t any more issue the ssh command, but just the relevant shell commands on the root shell, for the simplicity.

To install the Magento, you would follow similar procedure than with any other web application. The usual combination of database, and web server comes up with Magento with enhanced PHP processor and variation of MySQL. The Web server chosen here is NginX, which is becoming more and more popular among the server markets. When we provide management services, we use NginX, because it gives an opportunity to speed up the work of the application, it’s flexible in configuration and easily allows to cope with load in high-loaded projects.Percona Server provides a replacement of MySQL with added features (for more information on Percona please check their documentation under ww.percona.com. Percona is not part of the standard Ubuntu distribution, so we need first add that source to the distribution, so that apt-get command will find it and look for any updates. That is done by first issuing the proper key for the archive, removing any existing mysql servers, and then editing the source list to add the corresponding repositories.

apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
apt-get --yes --purge remove mysql-server mysql-client mysql-common && apt-get --yes autoremove
cat <<EOF >> /etc/apt/sources.list
# Percona update sources
deb http://repo.percona.com/apt "$(lsb_release -sc)" main
deb-src http://repo.percona.com/apt "$(lsb_release -sc)" main
EOF
cat <<EOF > /etc/apt/preferences.d/00percona.pref
Package: *
Pin: release o=Percona Development Team
Pin-Priority: 1001
EOF

After the source list has been updated, you need to update the local APT cache again, by issuing the update command, and then install the percona server.

apt-get --yes update && apt-get install percona-server-server

During the installation of percona server, you will need to respond to the wizard questions, such as setting up the password.

The next step is to install the prerequisites for Magento installation, that is the PHP and related modules. There will also be NginX web server installed, along with the database management interface web application.

apt-get --yes install php5 php5-mhash php5-mcrypt php5-curl php5-cli php5-mysql php5-gd nginx php5-fpm php5-memcache php-apc ntp phpmyadmin

Note! For the production installation, one should take special care to ensure that the phpmyadmin component is properly secured.

After the installation, run the MySQL utility to ensure that the basic security mechanisms are set in place, such as disabling root login for particular situations.

mysql_secure_installation

The mysql wizard will ask you specific questions, and set up the environment accordingly. However it is also good to get familiar of the overall architecture, to make sure that for example on the networking level the connections to the MySQL instance were silently dropped.

Besides the above-described, there are lots of other security options which we provide in our server management plans.As you have the database up and running, even when it is the percona variant, the usual mysql commands and same old SQL queries are in place. Hence to create the database, you would need to execute the following SQL commands against the database.

mysql -u root -p
create database magento;
GRANT USAGE ON *.* TO magento@localhost IDENTIFIED BY 'magento';
GRANT ALL ON magento.* TO magento@localhost;

This will essentially create the database, and grant permissions for local user with naive password, to access that database.

Note! For the secure installations, one should choose a secure password instead of simple one.First of all, you need to create a directory under /var/www/ with the name of the domain are installing, or the one you want to use. For example, for the domain.com, one would create the directory, as follows.

mkdir -p /var/www/domain.com/public_html

After the directory has been created, you would move into it

cd /var/www/domain.com/public_html

download and extract the magento package

wget http://www.magentocommerce.com/downloads/assets/1.9.0.1/magento-1.9.0.1.tar.gz
tar xzvf magento-1.9.0.1.tar.gz
rm magento-1.9.0.1.tar.gz
mv magento/* .
rm -rf magento

As the Magento installation package has been downloaded and extracted under the /var/www tree, the final step is to set up and configure the NginX web server, so as to serve the Magento content from that directory. First thing is to remove the default configuration file.

rm /etc/nginx/sites-enabled/default

Note here, that you are actually removing a symbolic link, from the “sites-enabled” folder, and the original default config will stay in the “sites-available” folder, should you need it afterwards.

Then place the correct nginx.conf file. You may also use nano or any of your favourite text editor, or just upload the file from your local work directory (like saying scp nginx.conf root@server:/etc/nginx).

nano /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
    worker_connections 10000;
    multi_accept on;
    use epoll;
}

http {

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;
    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format loadtime '$remote_addr - $remote_user [$time_local] '
    '$request_time "$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" ';

    access_log off;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

    client_max_body_size 100m;
    autoindex off;
    map $scheme $fastcgi_https { ## Detect when HTTPS is used
    default off;
    https on;
    }
    include /etc/nginx/sites-enabled/*;
}

Then you need to set up the domain specific configuration for Magento under the sites-available folder, and symlink that to the sites-enabled folder. The above configuration script will include all the configurations from the sites-enabled folder, but not from the sites-available. This is handy and standard layout scheme in many of the Linux distributions, as then the administrator is able to toggle the online status of one domain, without loosing the original configuration file (as each site is only enabled by the symbolic link).

To set up the domain specific configuration file, you can use the same approach as before, either your favourite text editor, like nano or vim, on the server, or locally notepad and transfer the file to the server.

Note! Choose the appropriate domain name for your particular installation situation. In this example we use domain.com, but obviously for any production installation, the actual domain name should be used.

For the production installation, please note that additional configuration should be created to enable the SSL for the Magento installation. This example will only set up plain text HTTP version, which would leave the use user credentials vulnerable and should not be used in the production environment.

nano /etc/nginx/sites-available/domain.com
server {
    listen 80;
    server_name DOMAIN.com;
    ## Forcibly prepend a www
    rewrite / $scheme://www.$host$request_uri permanent;
}
server {
    listen 80 default;
    ## SSL directives might go here
    server_name www.DOMAIN.com *.DOMAIN.com; ## Domain is here twice so server_name_in_redirect will favour the www
    root /var/www/vhosts/DOMAIN.com;

    location / {
    index index.html index.php; ## Allow a static html file to be shown first
    try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
    expires 30d; ## Assume all files are cachable
    }

    ## These locations would be hidden by .htaccess normally
    location ^~ /app/ { deny all; }
    location ^~ /includes/ { deny all; }
    location ^~ /lib/ { deny all; }
    location ^~ /media/downloadable/ { deny all; }
    location ^~ /pkginfo/ { deny all; }
    location ^~ /report/config.xml { deny all; }
    location ^~ /var/ { deny all; }

    location /var/export/ { ## Allow admins only to view export folder
    auth_basic "Restricted"; ## Message shown in login window
    auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
    autoindex on;
    }

    location /. { ## Disable .htaccess and other hidden files
    return 404;
    }

    location @handler { ## Magento uses a common front handler
    rewrite / /index.php;
    }

    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
    rewrite ^(.*.php)/ $1 last;
    }

    location ~ .php$ { ## Execute PHP scripts
    if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss

    expires off; ## Do not cache dynamic content
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_param HTTPS $fastcgi_https;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
    fastcgi_param MAGE_RUN_TYPE store;
    include fastcgi_params; ## See /etc/nginx/fastcgi_params
    }
}

Then back on the shell, build the symbolic link to the sites-enabed folder, to let the NginX to find out your domain configuration and include it to the main configuration upon launch of the web server.

ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/
service nginx restart

After the web server has been restarted, there are still fine-tuning of the PHP execution environment.

PHP-FPM is a custom enhancement for the PHP application execution environment, it enforces the FastCGI execution environment to bring up features related to the process control. It has been chosen by Magento to improve the stability and reliability of the Magento instances running for busy environments.

The module requires a specific operating system level user to be created. Please choose here your favorite username, instead of just “username”, like phpfpmuser or alike, so that you can identify it later on. Also as the user should never log in, please ensure that it is safe enough! Additionally some configurations might not want to create separate user to run with, but use the existing web user “www-data” instead. Please ensure from the FPM documentation and from the system architecture plan on the specifics of the chosen username to run FPM under.

useradd username -d /var/www/domain.com -s /bin/bash
passwd username

As the user has been created, the configuration for FPM need to be stored at. Again you may use either your favorite text editor locally or remotely, or write the file via a shell script cat command, like in this example.

ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/
service nginx restart
cat <<EOF > /etc/php5/fpm/pool.d/www.conf
 [www-username]
user = username
group = username
listen = 127.0.0.1:9000
pm = ondemand
pm.max_children = 100
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 500
pm.status_path = /status
chdir = /

php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 1024M
EOF
service php5-fpm restart

<strong>Finalizing the permissions and setting up the cron job</strong>

To ensure that the web root has proper permissions, you could run the following commands. In essence that will change the permissions of all the directories to 755 and all the files to 644. As a reminder, 755 equals to user writable, group readable and executable (browseable), and 644 for files the same without execution flag set.

cd /var/www/domain.com
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

<strong>Note!</strong> Some server instances might come with SELinux pre-installed and running in enforcing mode. The SELinux will introduce another layer of permissions on top, or beneath, the traditional user/group/others combination. In that case, you might need to ensure that the proper SELInux context has been assigned for the files, and that the we server is running under compatible security policy.

Finally you would set up the cron job to periodically clean up internal Magento session information. That is defined in the cron scheduled file x, to be created at the similar manner to the creation of all the other file in this guide, either using the text editor, or directly via cat command.

cat <<EOF > /etc/cron.d/phpsessclean
24 3 * * * root find /var/www/*/public_html/var/session/ -type f -name 'sess_*' -mtime +7 | xargs rm -rf > /dev/null
EOF

At the end you should check that the Magento is up and running as expected, execute its database initialization and other application specific wizards. This guide has been written using Ubuntu 14.04 running on the VPS server.

If you have any questions or comments, please, drop us a line.

About the Author
ITsyndicate contact form

Contact us if you have any questions!