Install Mautic with LEMP on Ubuntu 18.04 – Google Cloud. In this article you are going to learn how to install and setup Mautic on Google Cloud with Ubuntu 18.04 LTS, Nginx, PHP 7.2 and Cloud SQL.
This setup is tested on Google Cloud Platform, so this guide can be used on any other cloud hosting services or VPS or Dedicated server running Ubuntu.
Prerequisites
- Your Compute Engine Instance running.
- For setting up Compute Engine, see the Setting up Compute Engine Instance.
- Install LEMP stack on Ubuntu in Google Cloud.
- Set up Cloud DNS, see the Setting up Google Cloud DNS for your domain.
- Google Cloud SQL Setup, see Setup Cloud SQL and connect with Compute Engine.
Setup your website
Once you have installed LEMP stack with PHP 7.2 and Nginx and connected your instance with Cloud SQL you can proceed to the following steps by setting up the directories.
Your Mautic installation will have the following folder structure.
Replace yourdomainname.com with your original domain name.
home
-- yourdomainname.com
---- logs
---- public
The public directory is your root directory and logs directory for your error logs
Now we create these directories and set correct permissions
You need to SSH into your VM Instance and run these commands
mkdir -p yourdomainname.com/logs
yourdomainname.com/public
sudo chmod -R 755 yourdomainname.com
Configure Nginx for Mautic
Now create a new Nginx configuration for your website in the sites-available directory.
sudo nano /etc/nginx/sites-available/yourdomainname.com
Copy and paste the following configuration, ensure that you change the server_name, error_log and root directives to match your domain name. Hit CTRL+X followed by Y to save the changes.
server {
listen [::]:80;
listen 80;
server_name yourdomainname.com;
error_log /home/username/yourdomainname.com/logs/error.log;
root /home/username/yourdomainname.com/public/;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
}
To enable this newly created website configuration, symlink the file that you just created into the sites-enabled directory.
sudo ln -s /etc/nginx/sites-available/yourdomainname.com /etc/nginx/sites-enabled/yourdomainname.com
Check your configuration and restart Nginx for the changes to take effect
sudo nginx -t sudo service nginx restart
Install and Configure SSL certificate
HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.
HTTP/2
HTTP/2 is the latest version of the HTTP protocol and can provide a significant improvement to the load time of your sites. There really is no reason not to enable HTTP/2, the only requirement is that the site must use HTTPS.
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx
Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.
sudo certbot --nginx certonly
Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.
To select all domains simply hit Enter
The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.
Redirect HTTP Traffic to HTTPS with www in Nginx
Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.
sudo nano /etc/nginx/sites-available/yourdomainname.com
server {
listen [::]:80;
listen 80;
server_name yourdomainname.com www.yourdomainname.com;
# redirect http to https www
return 301 https://www.yourdomainname.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name yourdomainname.com;
ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;
root /home/username/yourdomainname.com/public/;
index index.html index.php;
# redirect https non-www to https www
return 301 https://www.yourdomainname.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.yourdomainname.com;
ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;
error_log /home/username/yourdomainname.com/logs/error.log;
root /home/username/yourdomainname.com/public/;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Access-Control-Allow-Origin "https://www.yourdomainname.com";
add_header Referrer-Policy "origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
}
}
The http2 value is all that is needed to enable the HTTP/2 protocol.
Now you have enabled SSL Hardening, X-XSS-Protection, Clickjacking, MIME Sniffing, Access Control Allow Origin.
These are some Nginx security tweaks by closing all areas of attacks.
Hit CTRL+X followed by Y to save the changes.
Check your configuration and restart Nginx for the changes to take effect.
sudo nginx -t sudo service nginx restart
Renewing SSL Certificate
Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.
sudo crontab -e
Add this line at the end of the file
0 0,12 * * * certbot renew >/dev/null 2>&1
Hit CTRL+X followed by Y to save the changes.
This cronjob will attempt to check for renewing the certificate twice daily.
Download and Install Mautic
Now that our server software is configured, you can download and set up Mautic.
You need to install an additional required extension for Mautic.
sudo apt install php7.2-bcmath
Now proceed to install Composer
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/bin --filename=composer
Download Mautic using Git. Git is installed by default in Google Cloud, so don’t have to install it.
cd ~/yourdomainname.com/public
sudo git clone https://github.com/mautic/mautic.git
This command will clone Mautic inside the public folder. All the Mautic files are located inside the mautic folder. So, you need to move all files to the M autic root folder.
sudo mv ~/yourdomainname.com/mautic/* ~/yourdomainname.com/public
Now, install all dependencies using composer.
sudo composer install
Once the installation is completed setup correct permissions.
sudo chown -R useranme:username ~/yourdomainname.com/public sudo chmod -R 755 ~/yourdomainname.com/public
Completing Mautic Setup
Now visit your website in the browser and you will see the screen similar to the one below.
Click Next Step.
Enter the Database Name we created in Cloud SQL and the Database Username assigned with the database with the password. Enter the public IP address of Cloud SQL as the Database Host. Enter a prefix of your choice and click Next Step.
Now, setup your admin login credentials and click Next Step.
Here, you can configure email for Mautic. As Google Cloud does not allows default email sending, you need to configure SMTP for your email. Go ahead and choose SMTP for Mailer transport and configure it.
Click Next Step.
Now use the login credentials you created to login to access Mautic dashboard.
Once logged in you will see your Mautic marketing automation dashboard.
Conclusion
Now you have installed Mautic on Google Compute Engine with Nginx, PHP 7.2 and connected it with Cloud SQL and secured your installation with Let’s Encrypt SSL certificate.
Hope you liked this tutorial, please feel free to post your questions in the comments section.
