In this guide, we’ll learn how to install and configure the latest version of Typo3 CMS in Debian 9.
Typo3 is a powerful open source content management system with most parts written in PHP programming language. It is often deployed in Linux under Apache/Nginx web servers, PHP server-side programming language and MySQL/MariaDB database management system, also known as LAMP or LEMP stack. Typo3 CMS platform is highly flexible and scalable and can be extended without writing any line of code, making it a perfect candidate for deploying small websites or powerful multi-lingual enterprise portals.
Requirements
- Debian 9 minimal installation on a bare-metal machine or on a virtual private server
- sudo root privileges for a local or remote account or direct access to root account
- A static IP address configured for one of your system network interfaces cards
- A domain name, private or public, depending on your deployment, with the proper DNS records configured for web services. If don’t have a valid or a registered domain name you can perform the installation and access the website via your server IP address
- If you want to use website registration, comment moderation and other features, you should have a running mail server properly configured at your premises with remote access to its IMAP and SMTP services.
Prepare the server
Before starting to install and configure Typo from sources in your own server, first assure the system meets all the software requirements for compiling and installing the application. On the first step, update your system repositories and software packages by issuing the following command.
apt update
apt upgrade
After the system has been fully updated, setup the name for your system by executing the following command. Replace your hostname variable accordingly.
Set the Hostname
hostnamectl set-hostname typo
Verify machine hostname and hosts file by issuing the below commands.
hostnamectl
cat /etc/hostname
hostname –s
hostname –f
Finally, reboot Debian server in order to apply kernel updates and the hostname changes properly.
systemctl reboot
Install required Tools
On the next step, execute the following command in order to install some necessary utilities that will be used to further manage your system from command line.
apt install wget bash-completion zip unzip
Also, install the imagemagick software, required by Typo3 to create, edit, compose or convert bitmap or other types of images format uploaded to website.
apt install imagemagick
Typo3 is a web based CMS platform written mostly in PHP server-side programming language. In order to execute the PHP file scripts of the application, a web server, such as Apache HTTP server, and a PHP processing gateway must be installed and made operational in the system.
Install Apache and PHP
In order to install Apache web server and the PHP interpreter alongside with all required PHP modules needed by the application to run properly, issue the following command in your server console.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-zip php7.0-gd php7.0-xml php7.0-gd php7.0-json php7.0-opcache php-imagick php7.0-curl php7.0-mbstring php7.0-bcmath php7.0-gmp
After Apache and PHP has been installed, test if the web server is up and running and listening for network connections on port 80 by issuing the following command with root privileges.
netstat –tlpn
In case netstat network utility is not installed by default in your Debian system, execute the following command to install it.
apt install net-tools
By inspecting the netstat command output you can see that apache web server is listening for incoming network connections on port 80. For the same task you can also use the ss command, which is automatically installed by default in Debian 9.
ss- tulpn
Configure the Firewall
In case you have a firewall enabled in your system, such as UFW firewall application, you should add a new rule to allow HTTP traffic to pass through the firewall by issuing the following command.
ufw allow WWW
or
ufw allow 80/tcp
If you’re using iptables raw rules to manage Firewall rules in your Debian server, add the following rule to allow port 80 inbound traffic on the firewall so that visitors can browse the website.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
Configure Apache
Next, enable and apply the following Apache modules required by the web application to run properly, by issuing the following command.
a2enmod rewrite deflate headers
systemctl restart apache2
Finally, test if Apache web server default web page can be displayed in your client’s browsers by visiting your Debian machine IP address or your domain name or server FQDN via HTTP protocol, as shown in the below image. If you don’t know your machine IP address, execute ifconfig or ip a commands to reveal the IP address of your server.
http://your_domain.tld
In order to install and access Typo3 web admin panel backed and the frontend website via HTTPS protocol that will secure the traffic for your clients, issue the following command to enable Apache web server SSL module and SSL site configuration file.
a2enmod ssl
a2ensite default-ssl.conf
Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the following sample:
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
Options FollowSymlinks
AllowOverride All
Require all granted
Also, make the following change to VirtualHost line to look like shown in the below excerpt:
Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the following example.
Options FollowSymlinks
AllowOverride All
Require all granted
Finally, restart Apache daemon to apply all rules configured so far and visit your domain via HTTP protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, an error warning should be displayed in the browser.
systemctl restart apache2
https://yourdomain.tld
Accept the warning in order to use the untrusted certificate and to continue and be redirected to Apache default web page, as illustrated in the following image.
In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.
ufw allow 'WWW Full'
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
Configure PHP
In the next step, we need to make some further changes to the PHP default configuration file in order to assure that the following PHP variables are enabled and the PHP timezone setting is correctly configured and matches your system geographical location. Open the /etc/php/7.0/apache2/php.ini file for editing and assure that the following lines are setup as follows. Also, initially, make a backup of PHP configuration file.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in the php.ini configuration file:
file_uploads = On
memory_limit = 128 M
upload_max_file_size = 64M
max_execution_time = 240
max_input_vars = 1500
date.timezone = Europe/London
Increase upload_max_file_size variable as suitable to support large file attachments and replace the time.zone variable accordingly to your physical time by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php
If you want to increase the load speed of your website pages via the OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, as detailed below:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Close the php.ini configuration file and check if the verify the end of PHP configuration file to check if the variables had been correctly added by issuing the below command.
tail /etc/php/7.0/apache2/php.ini
After you’ve made all changes explained above, enable OPCache module and restart apache daemon to apply the new changes by issuing the following commands.
phpenmod opcache
systemctl restart apache2
Finally, create a PHP info file by executing the following command and check if the PHP time zone has been correctly configured by visiting the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to date setting to check PHP time zone configuration.
echo ''| tee /var/www/html/info.php
https://domain.tld/info.php
Install MariaDB
Typo3 CMS platform stores different configurations, such as users, sessions, contacts, articles, pages and other settings, in a relational database. In this guide, we’ll configure Typo3 to use MariaDB database as backend. Issue the below command to install MariaDB database and the PHP module needed to access the mysql database.
apt install mariadb-server php7.0-mysql mariadb-client
After you’ve installed MariaDB, verify if the daemon is running and listens for connections on localhost, port 3306, by running netstat command.
netstat –tlpn | grep mysql
Then, log in to MySQL console and secure MariaDB root account by issuing the following commands.
mysql -h localhost
use mysql;
update user set plugin='' where user='root';
flush privileges;
exit
On the next step, secure MariaDB by executing the script mysql_secure_installation provided by the installation packages from Debian stretch repositories. While running the script will ask a series of questions designed to secure MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the following command and assure you type yes to all questions asked in order to fully secure MySQL daemon. Use the following script output excerpt as a guide.
sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
In order to test MariaDB security settings, try login to the database from the console with root account and provide no password. The access to the database should be denied if no password is provided for the root account, as illustrated in the following command excerpt:
[email protected]:~# mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
If the root password is supplied, the login process should be granted to the MySQL console, as shown in the following command sample:
[email protected]:~# mysql -h localhost -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 15
Server version: 10.1.26-MariaDB-0 deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> exit
Bye
Next, log in to MariaDB database console, create a database for Typo3 CMS and a user with a password that will be used to manage the application database, by issuing the following commands. Replace the database name, user and password accordingly.
mysql –u root -p
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.26-MariaDB-0 deb9u1 Debian 9.1Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]>
create database typo;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on typo.* to 'typo_user' identified by 'password1';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
In order to apply all changes made so far, restart MySQL and Apache daemons and verify if daemons are running by issuing the following commands.
systemctl restart mysql apache2
systemctl status mysql apache2
Install Typo3
After all system requirements are met to install Typo3 platform, visit Typo3 CMS official download page at https://typo3.org/download/ and grab the latest zip package compressed archive with the help of wget utility, by issuing the following command.
wget --content-disposition https://get.typo3.org/current/zip
After the zip archive download finishes, extract Typo3 zip compressed archive to your current working directory and list the extracted files by issuing the following commands.
unzip typo3_src-8.7.8.zip
ls -al typo3_src-8.7.8
Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.
rm /var/www/html/index.html
rm /var/www/html/info.php
The installation files for Typo3 are located in your current working directory in typo3_src-8.7.8 directory. Copy all the content of the Typo3 extracted directory to your web server document root path by issuing the following command.
cp -rf typo3_src-8.7.8/* /var/www/html/
Next, create the file FIRST_INSTALL in your domain webroot path and execute the following commands in order to grant Apache runtime user with full write permissions to the web server document root path. Use ls command to list permissions for application’s installed files located in the /var/www/html/ directory.
touch /var/www/html/FIRST_INSTALL
chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/
Next, proceed with Typo3 CMS installation process by opening a browser and navigate your server’s IP address or domain name or server FQDN via HTTPS protocol. On the first installation screen, the Typo3 installer will check your system environment in order to determine if all requirements for installing the application are met, as shown in the below image. If all requirements are met, click on System looks good. Continue! button in order to start the installation process.
https://yourdomain.tld
In the next installation screen, select manually configured MySQL TCP/IP connection and add MySQL database address, name and credentials created earlier for Typo3 CMS database. Use 127.0.0.1 address for MySQL Host and leave the port number to default (3306), as illustrated in the below image. When you finish, hit on Continue button to move to the next installation step.
In the next step, choose ‘Use an existing empty database’ option, select the database name created earlier for Typo3 and hit on Continue button to proceed further with the installation process.
After the database schema has been imported, create an admin user for Typo3 CMS and write a strong password for admin account. Also, add a name for the Typo3 website, as illustrated in the below image, and hit on Continue button to complete the installation process.
After the installation completes, the installer will ask you whether you want a pre-configured site. Choose Yes, download the list of distributions and hit on Open the TYPO3 Backend button to be redirected to website dashboard panel.
You can also visit the Typo3 admin web panel by navigating to your server IP address or domain name via HTTPS protocol to /typo3/index.php URL. Log in to Typo3 dashboard with the admin account credentials configured during the installation process, as illustrated in the below image.
https://yourdomain.tld/typo3/index.php
After logging in to Typo3 admin dashboard, select and install a pre-configured distribution package from the displayed list. In this guide we’ll install and use the official introduction package distribution offered by Typo3 in order to create page structure and content elements easily.
Finally, to force visitors to browse Typo3 frontend website and to securely access the backend interface via HTTPS protocol, that encrypts the traffic between the server and client browsers, return to your server’s terminal and edit the .htaccess file located in your website path.
First, create the .htaccess file based on the sample file provided by the Typo3, by executing the below command.
cp /var/www/html/_.htaccess /var/www/html/.htaccess
Then, open and edit the .htaccess file and at the bottom of the file modify the native PHP settings with the below configurations. You can change PHP settings to match your own server resources.
nano /var/www/html/.htaccess
.htaccess file excerpt:
# Modify PHP settings
php_flag register_globals off
php_flag magic_quotes_gpc Off
php_value upload_max_filesize 500M
php_value post_max_size 500M
Finally, insert the following rules to the end of the file in order to redirect domain traffic to HTTPS.
# Redirect to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Also, create a new .htaccess file in typo3 directory located in domain webroot path in order to automatically redirect admin dashboard sessions to HTTPS.
nano /var/www/html/typo3/.htaccess
.htaccess file excerpt:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Finally, visit the default Typo3 website frontend page by navigating to your server IP address or domain name via HTTPS protocol, as illustrated in the following screenshot.
https://www.yourdomain.tld
That’s all! You have successfully installed and configured Typo3 CMS web platform in Debian 9. However, because Apache HTTP server uses an untrusted Self-Signed certificate to encrypt the traffic between the server and visitor’s browsers, a warning message will always be generated and displayed in their browsers. This warning is bad for clients who visit your website frontend page. In this case you should buy a certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA.
For other custom configurations regarding Typo3 CMS web application, visit the documentation page at the following address: https://docs.typo3.org/
