How to Install OpenCart 2 with Nginx, Mariadb and SSL Centos7/RHEL7 + Amazon AWS

OpenCart is free open source e-commerce software based on PHP and MySQL. OpenCart allows you to setup and run your own online store at a minimal cost. The software is suitable for a small and medium online businesses, it is easy to install and there are many add-ons and extensions available. OpenCart comes with translations for numerous languages and supports multiple currencies.

Step 1 — Create AWS Instance

First you have to Create Instance on Amazon AWS EC2. Login to your Amazon AWS console and Launch Instance.

Currently selected: t2.micro (Variable ECUs, 1 vCPUs, 2.5 GHz, Intel Xeon Family, 1 GiB memory, EBS only)

You have to create a new SSH key-pair, what you will need to login. After if your VM has been created, you have to login via SSH.

After your VM has been started you need to configure the Security Groups.
Add Rule — HTTPS, HTTP

ssh -i medium.pem ec2-user@35.156.211.192

Step 2— Install Nginx

We will use nginx as the webserver, it is a lightweight web server that is fast and has a small of memory footprint. Install nginx with the yum command from the Epel repositories:

yum update -y 
yum localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install nginx -y

systemctl enable nginx

Once it is installed, you can start Nginx on your VM:

systemctl start nginx

Open in a web browser: http://server_domain_name_or_IP/

Before continuing, you will want to do is enable Nginx to start on boot. Use the following command to do so:

sudo systemctl enable nginx

Step 3— Install and Configure PHP-FPM

In this step, I will install as php-fpm version, php-fpm (FastCGI Process Manager) is a modern alternative for the classic PHP FastCGI mode. We will install php-fpm with some php modules that are required by OpenCart.

Install PHP-FPM and the PHP extension with the single apt command below:

yum install php-mysql php-gd php-curl php-pecl-zip

When the packages are installed, go to the php-fpm configuration directory and edit the ‘php.ini’ file with vim.

cd /etc/php5/fpm
vim php.ini

Uncomment line 773 and change the value to ‘0’ :

cgi.fix_pathinfo=0

Save the file and Exit.

Now we must enable the mcrypt module, which is required by OpenCart. Go to the php-fpm conf.d directory and make a symlink for the .ini file.

cd /etc/php5/fpm/conf.d/
ln -s ../../mods-available/mcrypt.ini mcrypt.ini

The mcrypt module is enabled, now restart the php-fpm and nginx to apply the changes:

systemctl restart nginx
systemctl restart php5-fpm

Step 4— Install and configure MariaDB

Now that we have our web server up and running, it is time to install MariaDB, a MySQL drop-in replacement. MariaDB is a community-developed fork of the MySQL relational database management system.

We will use Yum to install the MariaDB package. Once the installation is complete, we’ll start the daemon with the following command:

yum install mariadb-server mariadb -y
systemctl start mariadb

systemctl does not display the outcome of all service management commands, so to be sure we succeeded, we'll use the following command:

systemctl status mariadb

Next, let’s take a moment to ensure that MariaDB starts at boot, using the systemctl enable command, which will create the necessary symlinks.

systemctl enable mariadb

MariaDB includes a security script to change some of the less secure default options for things like remote root logins and sample users. Use this command to run the security script:

sudo mysql_secure_installation

The script provides a detailed explanation for every step. The first prompts asks for the root password, which hasn’t been set so we’ll press ENTER as it recommends. Next, we'll be prompted to set that root password, which we'll do.

Then, we’ll accept all the security suggestions by pressing Y and then ENTER for the remaining prompts, which will remove anonymous users, disallow remote root login, remove the test database, and reload the privilege tables.

Finally, now that we’ve secured the installation, we’ll verify it’s working.

mysqladmin -u root -p version

Output:

mysqladmin  Ver 9.0 Distrib 5.5.52-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Server version  5.5.52-MariaDB
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/lib/mysql/mysql.sock
Uptime: 13 min 22 sec

This indicates the installation has been successful.
Next, you have to create database, users and give permission for your database. You can to use MySQL Workbench.

MySQL Workbench
CREATE SCHEMA `opencart` DEFAULT CHARACTER SET utf8 ;
CREATE USER 'oc_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'os_user'@'localhost';

Step 5— Download Opencart2

You can download from https://www.opencart.com or clone the OpenCart GitHub repository

Step 6 — Create SSL certification with Let’sEncrypt

The first step to using Let’s Encrypt to obtain an SSL certificate is to install the certbot software on your server. Currently, the best way to install this is through the EPEL repository.

Once the repository has been enabled, you can obtain the certbot package by typing:

sudo yum install certbot

The certbot Let's Encrypt client should now be installed and ready to use.

To ensure that the directory is accessible to Let’s Encrypt for validation, let’s make a quick change to our default Nginx server block. The default Nginx configuration file allows us to easily add directives to the port 80 server block by adding files in the /etc/nginx/default.d directory.

If you’re using the default configuration, create a new file called le-well-known.conf and open it for editing with this command:

sudo vi /etc/nginx/default.d/le-well-known.conf

Then paste in these lines:

/etc/nginx/default.d/le-well-known.conf

location ~ /.well-known {
allow all;
}

Save and exit.

Check the configuration for syntax errors by typing:

sudo nginx -t

If no errors were reported, start or restart Nginx with this command:

sudo systemctl restart nginx

If you have a firewalld firewall running, you can open these ports by typing:

sudo firewall-cmd — add-service=http
sudo firewall-cmd — add-service=https
sudo firewall-cmd — runtime-to-permanent

If have an iptables firewall running, the commands you need to run are highly dependent on your current rule set. For a basic rule set, you can add HTTP and HTTPS access by typing:

sudo iptables -I INPUT -p tcp -m tcp — dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp — dport 443 -j ACCEPT

Now that we know our webroot-path, we can use the Webroot plugin to request an SSL certificate with these commands. Here, we are also specifying our domain names with the -d option. If you want a single cert to work with multiple domain names (e.g. example.com and www.example.com), be sure to include all of them. Also, make sure that you replace the highlighted parts with the appropriate webroot path and domain name(s):

sudo certbot certonly -a webroot — webroot-path=/usr/share/nginx/html -d example.com -d www.example.com

After certbot initializes, you will be prompted for some information. The exact prompts may vary depending on if you've used certbot before, but we'll step you through the first time.

At the prompt, enter an email address that will be used for notices and lost key recovery:

Then you must agree to the Let’s Encrypt Subscribe Agreement. Select Agree:

If everything was successful, you should see an output message that looks something like this:

Output:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your
cert will expire on 2016-03-15. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you lose your account credentials, you can recover through
e-mails sent to sammy@digitalocean.com
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If like Let's Encrypt, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

You will want to note the path and expiration date of your certificate, which was highlighted in the example output.

Certificate Files

After obtaining the cert, you will have the following PEM-encoded files:

  • cert.pem: Your domain’s certificate
  • chain.pem: The Let’s Encrypt chain certificate
  • fullchain.pem: cert.pem and chain.pem combined
  • privkey.pem: Your certificate’s private key

It’s important that you are aware of the location of the certificate files that were just created, so you can use them in your web server configuration. The files themselves are placed in a subdirectory in /etc/letsencrypt/archive. However, the certbot Let's Encrypt client creates symbolic links to the most recent certificate files in the /etc/letsencrypt/live/your_domain_name directory. Because the links will always point to the most recent certificate files, this is the path that you should use to refer to your certificate files.

You can check that the files exist by running this command (substituting in your domain name):

sudo ls -l /etc/letsencrypt/live/your_domain_name

The output should be the four previously mentioned certificate files. In a moment, you will configure your web server to use fullchain.pem as the certificate file, and privkey.pem as the certificate key file.

Step 7—Set Up the Virtual Host (nginx)

The virtual host file is already almost completely set up on your virtual serve…

server {
listen 80;
server_name http://ec2-35-156-211-192.eu-central-1.compute.amazonaws.com;
    add_header Strict-Transport-Security max-age=2592000;
return 301 https://ec2-35-156-211-192.eu-central-1.compute.amazonaws.com$request_uri;
}
server {
listen 80;
server_name ec2-35-156-211-192.eu-central-1.compute.amazonaws.com;
root /srv/opencart/upload;
index index.html index.htm index.php;
charset utf-8;
access_log  /var/log/nginx/opencart.access.log;
error_log /var/log/nginx/opencart.error.log;
rewrite /admin$ $scheme://$host$uri/ permanent;
location / {
try_files $uri @opencart;
}
location @opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
location /admin {
index index.php;
}
rewrite ^/sitemap.xml$ /index.php?route=feed/google_sitemap last;
rewrite ^/googlebase.xml$ /index.php?route=feed/google_base last;
rewrite ^/download/(.*) /index.php?route=error/not_found last;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
sendfile off;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-your_user.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
server_name www.ec2-35-156-211-192.eu-central-1.compute.amazonaws.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/ec2-35-156-211-192.eu-central-1.compute.amazonaws.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ec2-35-156-211-192.eu-central-1.compute.amazonaws.com/privkey.pem ;
#    return 301 https://ec2-35-156-211-192.eu-central-1.compute.amazonaws.com$request_uri;
}
server {
listen 443;
server_name ec2-35-156-211-192.eu-central-1.compute.amazonaws.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/ec2-35-156-211-192.eu-central-1.compute.amazonaws.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ec2-35-156-211-192.eu-central-1.compute.amazonaws.com/privkey.pem ;
ssl_session_timeout 5m;
ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /srv/opencart/upload;
index index.html index.htm index.php;
charset utf-8;
access_log  /var/log/nginx/opencart.ssl.access.log;
error_log /var/log/nginx/opencart.ssl.error.log;
rewrite /admin$ $scheme://$host$uri/ permanent;
location / {
try_files $uri @opencart;
}
location @opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
location /admin {
index index.php;
}
rewrite ^/sitemap.xml$ /index.php?route=feed/google_sitemap last;
rewrite ^/googlebase.xml$ /index.php?route=feed/google_base last;
rewrite ^/download/(.*) /index.php?route=error/not_found last;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
sendfile off;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Include your virtual host to nginx.conf. Open for editing /etc/nginx/nginx.conf and add your virtualhost and restart nginx.

include /srv/opencart.vhost;
systemctl restart nginx

Step 8— Install Opencart

rm -rf install/

And that’s all.

If you have any question, please leave a comment, or find me on social sites!

@tbela9111