Grav is a free, open-source, and flat-file CMS that does not require any database. It is based on PHP and offers several features that may not be available to other CMS like, WordPress, Joomla, etc. It is simple, easy to use, and comes with some of the key technologies including, Twig Templating, Markdown, YAML, Parsedown, Doctrine Cache, Gregwar Image Library, and Symfony Console.
In this tutorial, I will show you how to install Grav CMS with Nginx and Let’s Encrypt SSL on Ubuntu 20.04 server.
Prerequisites
- A server running Ubuntu 20.04.
- A valid domain name pointed with your server IP.
- A root password is configured on the server.
Getting Started
First, update the system packages to the updated version by running the following command:
apt-get update -y
Once all the packages are updated, you can proceed to the next step.
Install Nginx and PHP
First, you will need to install the Nginx web server, PHP and other PHP extensions to your system. You can install all of them with the following command:
apt-get install nginx php php-cli php-fpm php-common php-curl php-gd php-json php-mbstring php-xml php-zip php-opcache php-apcu unzip -y
Once all the packages are installed, verify the PHP version using the following command:
php --version
You should get the following output:
PHP 7.4.3 (cli) (built: Jul 5 2021 15:13:35) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
Next, edit the php.ini file and make some changes:
nano /etc/php/7.4/fpm/php.ini
Change the following lines:
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 max_input_vars = 1500 date.timezone = America/Chicago
Save and close the file then restart the PHP-FPM service to apply the changes:
systemctl restart php7.4-fpm
Once you are finished, you can proceed to the next step.
Install Grav CMS
Next, you will need to download the Grav CMS to the Nginx web root directory. You can download it from the Grav download page using the following command:
cd /var/www/html
wget https://getgrav.org/download/core/grav-admin/1.7.17
Once the download is completed, unzip the downloaded file with the following command:
unzip 1.7.17
Next, rename the extracted directory to grav with the following command:
mv grav-admin grav
Next, set proper ownership to the grav directory:
chown -R www-data:www-data /var/www/html/grav
Once you are finished, you can proceed to the next step.
Configure Nginx for Grav CMS
Next, You will need to create an Nginx virtual host configuration file to host Grav CMS. You can create it with the following command:
nano /etc/nginx/conf.d/grav.conf
Add the following lines:
server {
listen 80;
server_name grav.example.com;
root /var/www/html/grav;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
location ~* /(system|vendor)/.*.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
location ~* /user/.*.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|.htaccess) { return 403; }
location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(. .php)(/. )$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
}
Save and close the file when you are finished then verify the Nginx for any syntax error:
nginx -t
You should get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, restart the Nginx service to apply the changes:
systemctl restart nginx
You can also verify the status of the Nginx with the following command:
systemctl status nginx
You should see the following output:
? nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-07-09 06:45:28 UTC; 3s ago
Docs: man:nginx(8)
Process: 33099 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 33110 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 33111 (nginx)
Tasks: 2 (limit: 2353)
Memory: 2.6M
CGroup: /system.slice/nginx.service
??33111 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
??33112 nginx: worker process
Jul 09 06:45:28 node1 systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 09 06:45:28 node1 systemd[1]: Started A high performance web server and a reverse proxy server.
Once everything is fine, you can proceed to the next step.
Access Grav CMS
You can now access the Grav CMS web UI using the URL http://grav.example.com. You should see the following screen:Advertisement
Set your admin username, password and click on the Create User button. You will be redirected to the Grav CMS dashboard:
Configuration Page
Accounts Page
Plugins Page
Tools Page
Secure Grav CMS with Let’s Encrypt SSL
Next, you will need to install the Certbot client package to install and manage the Let’s Encrypt SSL.
First, install the Certbot with the following command:
apt-get install python3-certbot-nginx -y
Once the installation is finished, run the following command to install the Let’s Encrypt SSL on your website:
certbot --nginx -d grav.example.com
You will be asked to provide a valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for grav.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/grav.conf
Next, choose whether or not to redirect HTTP traffic to HTTPS as shown below:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to finish the installation. You should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/grav.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://grav.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=grav.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/grav.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/grav.example.com/privkey.pem Your cert will expire on 2021-12-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
You can now access the Grav CMS securely using the HTTPS protocol.
Conclusion
Congratulations! you have successfully installed Grav CMS with Nginx and Let’s Encrypt SSL on Ubuntu 20.04 server. You can now create your website easily using the Grav CMS.
