Migrating a Magento Installation from Apache2 to NGINX on Ubuntu 18.04 LTS

Magento is one of the worlds leading e-commerce CMS solutions and is used by over 200K websites. What makes Magento such an appealing e-commerce CMS is that Magento offers a free, community edition of their platform. Anyone with some Linux knowledge and access to a modest virtual machine can get their online store up and running in no time. Magento runs on a Linux stack giving wide flexibility on the open source components that are used to power the store. The typical first choice for a Linux web server is usually Apache which makes for a stable and dependable choice. However, there are other options that can offer greater performance with lower system resource usage. One popular such alternative is NGINX.

In this guide, we will walk through the process of migrating an existing Magento installation from Apache to NGINX on Ubuntu 18.04 LTS.

Prerequisites

In order to follow this guide you will need the following:

  • An Ubuntu 18.04 server.
  • A Magento installation.
  • A non-root sudo user account on the Magento server.

In order to begin this guide you need to log into your server as a non-root sudo enabled user.

Put Magento in Maintenance Mode

During this guide, we will be stopping and starting the web servers which will make your Magento store appear and disappear for any user accessing it. This is not a great experience for your clients we will avoid this issue by putting Magento into maintenance mode. When Magento is in maintenance mode any visitor will see a holding page and will not be able to interact with your store.

You put Magento into maintenance mode by running the following command:

sudo php /path/to/magento2/bin/magento maintenance:enable --ip=

The --ip= option will allow you to access your store from your IP whilst all other IP’s will see the maintenance page. This will allow you to view and check that the store is working whilst still maintaining maintenance mode for visitors.

Now that Magento is in maintenance mode we can install NGINX.

Step 2 – Installation

In this step, we will install NGINX and the PHP-FPM packages. NGINX uses PHP-FPM which is a performant re-implementation of standard PHP. If you are already using PHP-FPM with Apache you can remove it from the apt-get install command but leaving it in place will not cause a problem.

We should stop Apache here or the installation will encounter an error when APT attempts to start NGINX while Apache is running. The following commands will stop Apache running and disable it from stating on boot:

sudo systemctl stop apache2.service
sudo systemctl disable apache2.service

Run the following command to install NGINX and PHP-FPM:

sudo apt-get install nginx php-fpm

NGINX is now installed and ready for configuration.

Installation NGINX and PHP-FPM

In this step, we will configure NGINX to serve only an HTTP Magento instance. If your Magento instance uses HTTPS then skip ahead to the next section which covers migrating an HTTPS Magento instance.

NGINX works like Apache in that it has two directories /etc/nginx/sites-available and /etc/nginx/sites-enabled that contain the web server configuration to serve your store. We will first place the configuration file into /etc/nginx/sites-available and then create a symlink to that file in /etc/nginx/sites-enabled which will allow NGINX to start serving your site.

We will create and edit the site configuration file using a text editor. I will use nano throughout this guide but you can use whichever you are most comfortable with:

sudo nano /etc/nginx/sites-available/magento.conf

The contents of this file should look like the following basic example (remember you need to change exmaple.com and /var/www/magento2 to match your setup):

server {
   listen 80;
   server_name ;
   set $MAGE_ROOT /path/to/magento2;
   include /path/to/magento2/nginx.conf.sample;
}

upstream fastcgi_backend {
   server  unix:/var/run/php/php7.1-fpm.sock;
}

The above configuration assumes that you are using PHP 7.1 (the default) on your server. If you are using a different version then you will need to edit the line server unix:/var/run/php/php7.1-fpm.sock; to match the version of PHP and PHP-FPM you are using. If you run:

ls /var/run/php/

You will be able to see the name of the PHP-FPM socket that you need to use.

The following line:

include /path/to/magento2/nginx.conf.sample;

causes NGINX to load additional configuration contained in the file /path/to/magento2/nginx.conf.sample. This file is supplied by Magento and contains very important additional configuration such as blocking access to confidential files, setting compression etc. If you don’t have a copy of this file you can download one from these locations:

You will need to include this file for this NGINX configuration file to serve your store.

Now that the configuration file is in place we need to enable it by creating a symlink from sites-enabled with the following command:

sudo ln -s /etc/nginx/sites-available/magento.conf /etc/nginx/sites-enabled/

Then reload NGINX:

sudo systemctl reload nginx.service

NGINX should now be serving your store. You should visit your store in a browser to check that it is working normally. If your site does not render correctly after the migration it is quite likely because of stale cache and indexed data. Flushing the cache and re-indexing the site with these two commands will resolve this issue:

sudo php /path/to/magento2/bin/magento cache:flush
sudo php /path/to/magento2/bin/magento indexer:reindex

The site should now be working normally. You should visit both the home page and the admin pages to ensure they are working as expected. The following command will disable maintenance mode and resume normal site operation:

sudo php /path/to/magento2/bin/magento maintenance:disable

Your Magento instance is now migrated to using NGINX as its webserver.

Migrating An HTTPS Magento Instance

In this step, we will configure NGINX to serve an HTTPS enabled Magento instance. NGINX works like Apache in that it has two directories /etc/nginx/sites-available and /etc/nginx/sites-enabled that contain the website configuration. We will first place the configuration file into /etc/nginx/sites-available and then create a symlink to that file in /etc/nginx/sites-enabled which will enable NGINX to start serving your store.

We will create and edit the site configuration file using a text editor. I will use nano throughout this guide but you can use whichever you are most comfortable with:

sudo nano /etc/nginx/sites-available/magento.conf

The following file will serve an HTTPS site. The first server block will automatically redirect any visitors arriving on HTTP to the HTTPS site:

server {
    listen 80;
    server_name ;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name ;

    ssl on;
    ssl_certificate /path/to/fullchain.pem;
    ssl_certificate_key /path/to/privkey.pem;

    set $MAGE_ROOT /path/to/magento2;
    include /path/to/magento2/nginx.conf.sample;
}

upstream fastcgi_backend {
        server  unix:/run/php/php7.1-fpm.sock;
}

The above configuration assumes that you are using PHP 7.1 (the default) on your server. If you are using a different version then you will need to edit the line server unix:/var/run/php/php7.1-fpm.sock; to match the version of PHP and PHP-FPM you are using. If you run:

ls /var/run/php/

You will be able to see the name of the PHP-FPM socket that you need to use.

The following line:

include /path/to/magento2/nginx.conf.sample;

causes NGINX to load additional configuration contained in the file /path/to/magento2/nginx.conf.sample. This file is supplied by Magento and contains very important additional configuration such as blocking access to confidential files, setting compression, etc. If you don’t have a copy of this file you can download one from these locations:

You will need to include this file for this NGINX configuration file to serve your store.

Now that the configuration file is in place we need to enable it by creating a symlink from sites-enabled with the following command:

sudo ln -s /etc/nginx/sites-available/magento.conf /etc/nginx/sites-enabled/

Then reload NGINX:

sudo systemctl reload nginx.service

NGINX should now be serving your store. You should visit your store in a browser to check that it is working normally. If your site does not render correctly after the migration it is quite likely because of stale cache and indexed data. Flushing the cache and re-indexing the site with these two commands will resolve this issue:

sudo php /path/to/magento2/bin/magento cache:flush
sudo php /path/to/magento2/bin/magento indexer:reindex

The site should now be working normally. You should visit both the home page and the admin pages to ensure they are working as expected. The following command will disable maintenance mode and resume normal site operation:

sudo php /path/to/magento2/bin/magento maintenance:disable

Conclusion

Your site should now be running normally and taking advantage of the increased performance and reduced resource requirements of NGINX. If you need additional information on configuration and tuning NGINX their documentation can be found on their website here.

The post Migrating a Magento Installation from Apache2 to NGINX on Ubuntu 18.04 LTS appeared first on Low End Box.

How to Secure Apache with Let’s Encrypt Ubuntu 16.04

In this tutorial, we will examine how to secure Apache with Let’s Encrypt for the Ubuntu 16.04 operating system.   We will first examine an overview of Let’s Encrypt, certificate authorities, and then dive into a step by step guide to install & configure Let’s Encrypt on your Ubuntu 16.04 VPS servers and the review how to automatically renew SSL certificates.

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open Certificate Authority (CA), that provides the ability to secure a website. Let’s Encrypt also provides automation and tools to reduce setup and maintenance challenges needed to secure web servers using HTTPS (SSL/TLS).


Why use Let’s Encrypt as your Certificate Authority?

Let’s Encrypt is free, easy to create, configure, and renew certificates on web servers (like Apache).

Most administrators who host web servers have a goal of attracting new visitors along with retaining end-user attention – as this often translates into profits or a growing website community. People hosting web servers also want to reduce maintenance and cost.

End users, on the other hand, are motivated to visit websites that are safe and do not compromise their security.

To satisfy both administrators and end users, a Certificate Authority is used to validate the authenticity of the web server’s domain name.

Traditional CA (Certificate Authorities) solutions like Verisign required domain owners to pay a fee to use the CA services, this is no longer required when using Let’s Encrypt. The Let’s encrypt service is funded by sponsors and donors.


How Certificate Authority works

  1. The web server admin creates a private and public key pair. Using the public key the website admin will create a CSR (certificate signing request) and then send the CSR to a Certificate Authority.
  2. The Certificate Authority signs the CSR and returns a final certificate that the web server admin will install on their web server.
  3. The final certificate is signed by the Certificate Authorities private key and holds metadata about the admin’s web server.
  4. When a website visitor goes to the web page, the visitor’s browser will download the final certificate from the web server. The visitor’s browser will contact the Certificate Authority to make sure that the certificate downloaded from the website is valid.
  5. If the Certificate authority confirms that the certificate is authentic/valid, the website visitor will receive a green padlock in their browser in the URL address box. This will notify the end user that the website is safe to visit.


Prerequisites to installing Let’s Encrypt on Ubuntu

  1. You must be an administrator of the domain name you want to secure; for this tutorial, we will be using the DNS hostname “LetsEncryptTutorial.ddns.net.
  2. You need to have your public IP address.
  3. You must install Apache web server if it’s not already installed.


Install Apache

  1. Update the Ubuntu apt repository package definitions. Open a command line terminal and type “apt-update” or if you are logged in as a non-root user, type “sudo apt update”.

  1. To Install Apache: “apt install apache2 -y” or “sudo apt install apache2 -y”

  1. Change into the directory called /var/www/html and ensure an index.html file exists in the directory.

  1. Optional but recommended: Edit the default index.html title to be unique (example: Let’s Encrypt tutorial website) by adding “Let’s Encrypt tutorial” to the body. NOTE: This is simply to help you confirm the server is resolving and you are not accessing cached pages.

  1. If using systemd for startup restart Apache “systemctl restart apache2” or “sudo systemctl restart apache2” if using non-root user. If using init run “service apache2 restart”

  1. Confirm Apache is running properly on your system. If using systemd use “systemctl status apache2” and if using init use “service apache2 status”

  1. Confirm that the modified default Apache website is now available via a web browser

First, confirm that port 80 is open and working by going to the following URL,
http://:80 (you should see your edited webpage)

Next, confirm that the web server SSL port 443 is also open and working by going to the following,
https://:443

NOTE: When the server resolves in a browser using port 443 you will get a “Not Encrypted” or “Not Secure” error in the address bar. That’s ok.

Caution: Do not proceed to the following steps if you are not able to successfully reach your Apache server on both ports 80 and 443. If the server does not resolve to either port contact your network admins to ensure that both ports are configured to allow web traffic.

Once we know Apache is resolving correctly, we can move on to the next section of this tutorial.


How to set up Let’s Encrypt on Apache

  1. Install common tools “apt-get install software-properties-common -y” if logged in as root user

  1. Add the apt component for installing new repositories, by running: “add-apt-repository universe”

  1. Add certbot to the list of apt repositories “add-apt-repository ppa:certbot/certbot”

  1. Update apt to detect the newly added repositories: “apt update”

  1. Install certbot to create and renew certificates using let’s encrypt: “apt-get install certbot python-certbot-apache -y”

  1. Run the certbot command to create SSL for your domain.

  1. Now visit https:// to verify that your new certificate works properly and your website has a valid certificate. You will notice a green lock icon confirming a secured connection is established with your Apache server. Click the green lock to get details about the SSL certificate.


How to automate the renewal of Let’s Encrypt

It is highly recommended to automate the renewal of your certificate to avoid http traffic interruption due to an expired SSL certificate. For Example; on the Apache server you can create a cron job to renew the certificate every month on the 10th at 6:04 am using cron by typing “sudo crontab -e” and at the bottom add the following line (below) and save/exit.

4 6 10 * * certbot –apache –force-renewal renew –quiet


EOF

The post How to Secure Apache with Let’s Encrypt Ubuntu 16.04 appeared first on Low End Box.