Support #851
Updated by Daniel Curtis about 9 years ago
{{>toc}}
This is a guide for installing Magento 2 on FreeBSD 10 with Nginx as the web server.
*WARNING*: Installing Magento 2 from GitHub requires an account be made to connect to repo.magento.com. Go To https://marketplace.magento.com/ and create an account. This requires personal information to be given that is irrelevant to the installation process, but mandatory nonetheless. Once created go to +Developer -> My Access Keys -> Create a New Access Key+
h1. Pre-installation requirements
* Before installation of the components, make sure everything is up to date using the following command:
<pre>
pkg update -f && pkg upgrade
</pre>
* Next update the ports tree:
<pre>
portsnap fetch extract
</pre>
* Install portmaster:
<pre>
pkg install portmaster
</pre>
---
h1. Install Nginx
* Install Nginx
<pre>
pkg install nginx
</pre>
* Start and enable nginx at boot:
<pre>
echo 'nginx_enable="YES"' >> /etc/rc.conf
service nginx start
</pre>
* Create a configuration directory to make managing individual server blocks easier
<pre>
mkdir /usr/local/etc/nginx/conf.d
</pre>
* Edit the main nginx config file:
<pre>
vi /usr/local/etc/nginx/nginx.conf
</pre>
#* And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:
<pre>
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
worker_processes 1;
error_log /var/log/nginx-error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /usr/local/etc/nginx/conf.d/*.conf;
}
</pre>
---
h1. Install PHP
* Install PHP 5.6 and dependencies:
<pre>
pkg install php56 php-composer php56-{bcmath,curl,gd,mbstring,mcrypt,hash,openssl,pdo_mysql,simplexml,soap,xml,xsl,zip,json,iconv}
</pre>
* Configure the default PHP settings
<pre>
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
</pre>
* Change max execution time limit in the main PHP config from the default 30 seconds to 300 seconds.
<pre>
vi /usr/local/etc/php.ini
</pre>
#* And set:
<pre>
max_execution_time = 300
always_populate_raw_post_data = -1
</pre>
h2. Configure PHP-FPM
* Edit @/usr/local/etc/php-fpm.conf@:
<pre>
vi /usr/local/etc/php-fpm.conf
</pre>
#* Make the following changes:
<pre>
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660
</pre>
* Start and enable PHP-FPM at boot:
<pre>
echo 'php_fpm_enable="YES"' >> /etc/rc.conf
service php-fpm start
</pre>
* Restart nginx:
<pre>
service nginx restart
</pre>
---
h1. Install MariaDB
* Install MariaDB server and client:
<pre>
pkg install mariadb100-{server,client}
</pre>
* Start and enable MariaDB at boot:
<pre>
echo 'mysql_enable="YES"' >> /etc/rc.conf
service mysql-server start
</pre>
* Secure your installation:
<pre>
mysql_secure_installation
</pre>
h2. Configure a new MariaDB database
* Log into the MySQL console:
<pre>
mysql -h localhost -u root -p
</pre>
#* Create the *magentouser* user with the *SuperSecretPassword* password and the *magentodb* database:
<pre>
CREATE USER 'magentouser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
CREATE DATABASE IF NOT EXISTS `magentodb` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `magentodb`.* TO 'magentouser'@'localhost';
flush privileges;
exit
</pre>
* And wrap up by restarting the nginx and mariadb servers:
<pre>
service nginx restart
service mysql-server restart
</pre>
---
h1. Install Magento
* Install git:
<pre>
pkg install git
</pre>
* Clone the magento 2 repo from GitHub:
<pre>
cd /usr/local/www
git clone https://github.com/magento/magento2.git
cd magento2
git checkout 2.0
</pre>
* Run composer to install any missing dependencies:
<pre>
composer install
</pre>
#* When the username prompt appears enter the *public key*
#* When the password prompt appears enter the *private key*
* Change the ownership and file permissions of magento to the nginx user:
<pre>
cd /usr/local/www/magento
chown -R www:www . /usr/local/www/magento2
find var vendor pub/static pub/media app/etc -type f -exec </pre>
* Then add write permissions to a few necessary files:
<pre>
chmod u+w {} \; /usr/local/www/magento2/var/package/*.xml
find var vendor pub/static pub/media app/etc -type d -exec chmod u+w {} \; /usr/local/www/magento2/media/xmlconnect/{original,system,custom}/ok.gif
chmod u+x bin/magento u+w /usr/local/www/magento2/media/dhl/logo.jpg
</pre>
* Add a *magento2.example.com server block*:
<pre>
vi /usr/local/etc/nginx/conf.d/magento2.example.com.conf
</pre>
#* Add the following:
<pre>
upstream magento2 {
server unix:/var/run/php-fpm.sock;
}
server {
listen 80;
server_name magento2.example.com;
root /usr/local/www/magento2/pub; /usr/local/www/magento2;
access_log /var/log/magento2.example.com-access.log;
error_log /var/log/magento2.example.com-error.log;
location / {
index index.html index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
location ^~ /app/ { deny all; }
autoindex off; location ^~ /includes/ { deny all; }
charset UTF-8; location ^~ /lib/ { deny all; }
error_page 404 403 = /errors/404.php; location ^~ /media/downloadable/ { deny all; }
#add_header "X-UA-Compatible" "IE=Edge";
# PHP entry point for setup application
location ~* ^/setup($|/) ^~ /pkginfo/ {
root /usr/local/www/magento2;
deny all; }
location ~ ^/setup/index.php ^~ /report/config.xml {
fastcgi_pass magento2;
fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
fastcgi_param PHP_VALUE "memory_limit=768M \n max_execution_time=600";
fastcgi_read_timeout 600s;
fastcgi_connect_timeout 600s;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
deny all; }
location ~ ^/setup/(?!pub/). ^~ /var/ {
deny all;
}
location ~ ^/setup/pub/ /usr/local/www/magento2/var/export/ {
add_header X-Frame-Options "SAMEORIGIN";
auth_basic "Restricted";
} auth_basic_user_file htpasswd;
autoindex on;
}
# PHP entry point for update application location /. {
return 404;
}
location ~* ^/update($|/) @handler {
root /usr/local/www/magento2;
rewrite / /index.php;
}
location ~ ^/update/index.php .php/ {
fastcgi_split_path_info ^(/update/index.php)(/.+)$;
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass magento2;
fastcgi_index index.php;
unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
fastcgi_read_timeout 300;
}
# Deny everything but index.php
location ~ ^/update/(?!pub/). {
deny all;
}
location ~ ^/update/pub/
</pre>
* Now finish the installation by going to http://magento2.example.com
---
h1. Securing Nginx With SSL
* Install OpenSSL:
<pre>
pkg install openssl
</pre>
* Setup the Diffie-Hellman Key Exchange Parameters
<pre>
openssl dhparam -out /usr/local/etc/nginx/dhparam.pem 4096
</pre>
* Generate a strong SSL key and a CSR to send for signing by a CA:
<pre>
cd
openssl req -sha512 -out /usr/local/etc/nginx/magento2.example.com.csr -new -newkey rsa:4096 -nodes -keyout /usr/local/etc/nginx/magento2.example.com.key
</pre>
#* If the received SSL certificate requires additional bundle certificates, add them together like so:
<pre>
cd /usr/local/etc/nginx
cat magento2.example.com.crt magento2.example.com.bundle > magento2.example.com.chained.crt
</pre>
* Setup the default site configuration:
<pre>
vi /usr/local/etc/nginx/conf.d/magento2.example.com.conf
</pre>
#* Then add or modify the configuration to look similar to the following:
<pre>
server {
listen 80;
listen 443 default ssl;
server_name magento2.example.com;
# Turn on ans set SSL key/cert
ssl on;
ssl_certificate /usr/local/etc/nginx/magento2.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/magento2.example.com.key;
# Strong SSL configuration
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options "SAMEORIGIN";
} DENY;
} add_header X-Content-Type-Options nosniff;
root /usr/local/www/magento2;
index index.html index.htm;
autoindex on;
## Allow a static html file to be shown first
location / {
index index.html index.php;
try_files $uri $uri/ /index.php$is_args$args; @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
## These locations would be hidden by .htaccess normally
location /pub/ ^~ /app/ {
deny all; }
location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) ^~ /includes/ {
deny all;
}
alias /usr/local/www/magento2/pub/;
add_header X-Frame-Options "SAMEORIGIN";
}
location /static/ ^~ /lib/ {
# Uncomment the following line in production mode
# expires max;
# Remove signature of the static files that is used to overcome the browser cache
location ~ ^/static/version {
rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
deny all; }
location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ ^~ /media/downloadable/ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;
if (!-f $request_filename) {
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
deny all; }
}
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ ^~ /pkginfo/ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
if (!-f $request_filename) {
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
deny all; }
}
if (!-f $request_filename) {
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
}
add_header X-Frame-Options "SAMEORIGIN";
}
location /media/ ^~ /report/config.xml {
try_files $uri $uri/ /get.php$is_args$args;
location ~ ^/media/theme_customization/.*\.xml {
deny all;
}
location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ ^~ /var/ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;
try_files $uri $uri/ /get.php$is_args$args;
deny all; }
## Allow admins only to view export folder
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ /usr/local/www/magento2/var/export/ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
try_files $uri $uri/ /get.php$is_args$args;
auth_basic "Restricted"; ## Message shown in login window
} auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
add_header X-Frame-Options "SAMEORIGIN"; autoindex on;
}
## Disable .htaccess and other hidden files
location /media/customer/ /. {
deny all;
return 404;
}
## Magento uses a common front handler
location /media/downloadable/ @handler {
deny all;
rewrite / /index.php;
}
## Forward paths like /js/index.php/x.js to relevant handler
location /media/import/ ~ .php/ {
deny all;
rewrite ^(.*.php)/ $1 last;
}
#
## Execute PHP entry point for main application
scripts
location ~ (index|get|static|report|404|503)\.php$ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files $uri =404;
miss
expires off; ## Do not cache dynamic content
fastcgi_pass magento2;
fastcgi_buffers 1024 4k;
unix:/var/run/php-fpm.sock;
fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
HTTPS $fastcgi_https;
fastcgi_param PHP_VALUE "memory_limit=768M \n max_execution_time=18000";
fastcgi_read_timeout 600s;
fastcgi_connect_timeout 600s;
fastcgi_index SCRIPT_FILENAME index.php;
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
fastcgi_param $document_root$fastcgi_script_name;
MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss
image/svg+xml;
gzip_vary on;
# Banned locations (only reached Uncomment to force HTTPS
# if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.htaccess$|\.git) ($scheme = http) {
deny all;
}
# return 301 https://$server_name$request_uri;
# }
</pre>
* Restart nginx and php-fpm:
<pre>
service nginx php-fpm restart
</pre>
* Open a web browser and go to http://magento2.example.com/setup to complete the install process.
* Remove write permission to the app/etc folder:
<pre>
chmod -w app/etc }
</pre>
h2. Resources
* https://github.com/magento/magento2
* http://devdocs.magento.com/guides/v2.0/install-gde/install/prepare-install.html
* http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/install-cli.html
* http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/install-cli-sample-data-clone.html
* http://magento.stackexchange.com/questions/121758/how-to-configure-nginx-for-magento-2