Install Mautic with LEMP on Ubuntu 18.04 – Google Cloud. In this article you are going to learn how to install and setup Mautic on Google Cloud with Ubuntu 18.04 LTS, Nginx, PHP 7.2 and Cloud SQL.

Prerequisites

  1. Your Compute Engine Instance running.
  2. For setting up Compute Engine, see the Setting up Compute Engine Instance.
  3. Install LEMP stack on Ubuntu in Google Cloud.
  4. Set up Cloud DNS, see the Setting up Google Cloud DNS for your domain.
  5. Google Cloud SQL Setup, see Setup Cloud SQL and connect with Compute Engine.

Setup your website

Once you have installed LEMP stack with PHP 7.2 and Nginx and connected your instance with Cloud SQL you can proceed to the following steps by setting up the directories.

Your Mautic installation will have the following folder structure.

Replace yourdomainname.com with your original domain name.

home
-- yourdomainname.com
---- logs
---- public

The public directory is your root directory and logs directory for your error logs

Now we create these directories and set correct permissions

You need to SSH into your VM Instance and run these commands

mkdir -p yourdomainname.com/logs
yourdomainname.com/public
sudo chmod -R 755 yourdomainname.com

Configure Nginx for Mautic

Now create a new Nginx configuration for your website in the sites-available directory.

sudo nano /etc/nginx/sites-available/yourdomainname.com

Copy and paste the following configuration, ensure that you change the server_name, error_log and root directives to match your domain name. Hit CTRL+X followed by Y to save the changes.

server {
     listen [::]:80;
     listen 80;

     server_name yourdomainname.com;

     error_log /home/username/yourdomainname.com/logs/error.log;

     root /home/username/yourdomainname.com/public/;
     index index.php;

     location / {
         try_files $uri $uri/ /index.php?$args;
     }

     location = /favicon.ico {
         log_not_found off;
         access_log off;
     }

     location = /robots.txt {
         allow all;
         log_not_found off;
         access_log off;
     }

     location ~ .php$ {
         try_files $uri =404;
         fastcgi_split_path_info ^(.+.php)(/.+)$;
         fastcgi_pass unix:/run/php/php7.2-fpm.sock;
         fastcgi_read_timeout 3600;
         fastcgi_index index.php;
         fastcgi_buffers 16 16k; 
         fastcgi_buffer_size 32k;
         include fastcgi_params;
     }
}

To enable this newly created website configuration, symlink the file that you just created into the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/yourdomainname.com /etc/nginx/sites-enabled/yourdomainname.com

Check your configuration and restart Nginx for the changes to take effect

sudo nginx -t
sudo service nginx restart

Install and Configure SSL certificate

HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

HTTP/2
HTTP/2 is the latest version of the HTTP protocol and can provide a significant improvement to the load time of your sites. There really is no reason not to enable HTTP/2, the only requirement is that the site must use HTTPS.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Redirect HTTP Traffic to HTTPS with www in Nginx

Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.

sudo nano /etc/nginx/sites-available/yourdomainname.com
server {
    listen [::]:80;
    listen 80;

    server_name yourdomainname.com www.yourdomainname.com;
    # redirect http to https www
    return 301 https://www.yourdomainname.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name yourdomainname.com;

    ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

    root /home/username/yourdomainname.com/public/;
    index index.html index.php;

    # redirect https non-www to https www
    return 301 https://www.yourdomainname.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name www.yourdomainname.com;

    ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

    error_log /home/username/yourdomainname.com/logs/error.log;

    root /home/username/yourdomainname.com/public/;
    index index.html index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    } 

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_read_timeout 3600;
        fastcgi_index index.php;
        fastcgi_buffers 16 16k; 
        fastcgi_buffer_size 32k;
        include fastcgi_params;

        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Access-Control-Allow-Origin "https://www.yourdomainname.com";
        add_header Referrer-Policy "origin-when-cross-origin" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    }
}

The http2 value is all that is needed to enable the HTTP/2 protocol.

Now you have enabled SSL Hardening, X-XSS-Protection, Clickjacking, MIME Sniffing, Access Control Allow Origin.

These are some Nginx security tweaks by closing all areas of attacks.

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

Download and Install Mautic

Now that our server software is configured, you can download and set up Mautic.

You need to install an additional required extension for Mautic.

sudo apt install php7.2-bcmath

Now proceed to install Composer

curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/bin --filename=composer

Download Mautic using Git. Git is installed by default in Google Cloud, so don’t have to install it.

cd ~/yourdomainname.com/public
sudo git clone https://github.com/mautic/mautic.git

This command will clone Mautic inside the public folder. All the Mautic files are located inside the mautic folder. So, you need to move all files to the M autic root folder.

sudo mv ~/yourdomainname.com/mautic/* ~/yourdomainname.com/public

Now, install all dependencies using composer.

sudo composer install

Once the installation is completed setup correct permissions.

sudo chown -R useranme:username ~/yourdomainname.com/public
 sudo chmod -R 755 ~/yourdomainname.com/public

Completing Mautic Setup

Now visit your website in the browser and you will see the screen similar to the one below.

Click Next Step.

Enter the Database Name we created in Cloud SQL and the Database Username assigned with the database with the password. Enter the public IP address of Cloud SQL as the Database Host. Enter a prefix of your choice and click Next Step.

Now, setup your admin login credentials and click Next Step.

Here, you can configure email for Mautic. As Google Cloud does not allows default email sending, you need to configure SMTP for your email. Go ahead and choose SMTP for Mailer transport and configure it.

Click Next Step.

Now use the login credentials you created to login to access Mautic dashboard.

Once logged in you will see your Mautic marketing automation dashboard.

Conclusion

Now you have installed Mautic on Google Compute Engine with Nginx, PHP 7.2 and connected it with Cloud SQL and secured your installation with Let’s Encrypt SSL certificate.

Hope you liked this tutorial, please feel free to post your questions in the comments section.

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Like this post...

Signup for FREE Cloudbooklet Newsletter
SUBSCRIBE
close-link
Please help us get 1000 likes in Facebook. Thank You!
LIKE NOW

Stay Connected!

Get latest tutorials on Google Cloud and Open Source topics
SUBSCRIBE
close-link