Magento is a popular open-source e-commerce platform written in PHP. It provides a flexible shopping cart system and control over the look, content and functionality of your online store. Magento can be installed on various Linux distributions like Ubuntu, Debian, CentOS, RedHat etc.
In this comprehensive guide, we will discuss how to install, configure, and secure Magento 2 on Ubuntu 18.04/20.4/22.04 and CentOS 7/8 from scratch.
Prerequisites
Before you begin with the installation, make sure your server meets the following requirements:
- Ubuntu 18.04/20.4/22.04 or CentOS 7/8 with root access or a user with sudo privileges.
- Apache or Nginx web server. We’ll use Apache in this guide.
- MySQL 5.6 or MariaDB 10.0 or higher.
- PHP 7.4 or newer with required extensions like php-mysql, php-curl, php-gd, php-bcmath, php-mbstring, php-xml, php-zip etc.
- Composer package manager.
- SSL certificate for HTTPS access (optional but recommended).
Also make sure that your firewall allows HTTP and HTTPS traffic if you have enabled firewall on the server.
Step 1 – Install LAMP Stack (Linux, Apache, MySQL, PHP)
Magento requires LAMP or LEMP stack to run properly. Here are the steps to install Apache, MySQL and PHP on Ubuntu:
# Install Apache
$ sudo apt update
$ sudo apt install apache2
# Install MySQL
$ sudo apt install mysql-server
# Secure MySQL installation
$ sudo mysql_secure_installation
# Install required PHP packages
$ sudo apt install php php-cli php-mysql php-gd php-curl php-bcmath php-mbstring php-xml php-zip
# Restart Apache
$ sudo systemctl restart apache2
For CentOS 7, you can install the LAMP stack using the following commands:
# Install Apache
$ sudo yum install httpd
# Start Apache
$ sudo systemctl start httpd
$ sudo systemctl enable httpd
# Install MySQL
$ sudo yum install mysql-server
# Secure MySQL installation
$ sudo mysql_secure_installation
# Install EPEL repository
$ sudo yum install epel-release yum-utils
# Install Remi's RPM repository
$ sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# Enable PHP 7.4 Remi repo
$ sudo yum-config-manager --enable remi-php74
# Install PHP
$ sudo yum install php php-cli php-mysqlnd php-opcache php-gd php-curl php-mcrypt php-xml php-mbstring
# Restart Apache
$ sudo systemctl restart httpd
This will install a basic LAMP stack on both operating systems with PHP 7.3 on CentOS 7.
Step 2 – Install Composer
Composer is a dependency manager for PHP that allows you to install Magento and its dependencies. Here are the steps to install composer:
# Download and install Composer
$ curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
Verify the installation with:
$ composer --version
Step 3 – Download and Install Magento
Now we are ready to install Magento 2 using Composer.
Create the document root directory for Magento:
$ sudo mkdir -p /var/www/html/magento2
Switch to the document root directory:
$ cd /var/www/html/magento2
Run composer to install Magento:
$ composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition .
This will download and install the latest version of Magento 2 CE in the current directory.
Step 4 – Set Up Database for Magento
Magento requires a database to store its data. We’ll create a new database and user for Magento.
Log in to MySQL shell:
$ sudo mysql -u root -p
Create a new database:
CREATE DATABASE magento;
Create a new user and grant privileges:
CREATE USER 'magento'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON magento.* TO 'magento'@'localhost';
Flush privileges and exit:
FLUSH PRIVILEGES;
exit
Replace strong_password
with a strong password of your choice.
Step 5 – Configure Magento
We’ll now configure Magento to use the database we just created.
Rename the default config file:
$ mv app/etc/env.php app/etc/env.php.bak
Then open app/etc/env.php
in your editor:
$ sudo nano app/etc/env.php
And update it with your database credentials:
return [
'db' => [
'table_prefix' => '',
'connection' => [
'default' => [
'host' => 'localhost',
'dbname' => 'magento',
'username' => 'magento',
'password' => 'strong_password',
'model' => 'mysql4',
'engine' => 'innodb',
'initStatements' => 'SET NAMES utf8;',
'active' => '1',
]
]
],
];
Save and close the file after updating the credentials.
Step 6 – Set Up Ownership and Permissions
For security, the Magento files should be owned by the web server user and set with proper permissions.
Find your web server user:
$ ps aux | grep apache
For Ubuntu, it is usually www-data
. For CentOS, it is apache
.
Set ownership:
$ sudo chown -R www-data:www-data /var/www/html/magento2
Set recursive permissions:
$ sudo find /var/www/html/magento2 -type f -exec chmod 644 {} \;
$ sudo find /var/www/html/magento2 -type d -exec chmod 755 {} \;
$ sudo chmod o+w /var/www/html/magento2/var
$ sudo chmod o+w /var/www/html/magento2/pub/media
$ sudo chmod o+w /var/www/html/magento2/pub/static
This restricts permissions and gives proper access to the web server user to read/write files.
Step 7 – Install Magento
Now we can proceed with the final installation from the web interface.
Go to http://your_server_ip/magento2
in your browser. It will start the setup wizard.
- Select your language and click Next.
- Accept the terms and conditions, enter your Admin account details and click Next.
- Set your web store configurations like base URL, timezone etc. and click Next.
- For the sample data, you can skip it for now.
- Finally, click Install Now to complete the installation.
The setup will create the necessary database tables and install Magento 2 CE!
Step 8 – Configure Base URL
For proper functioning, you need to set the base URL for your Magento 2 install.
Go to Magento admin dashboard at http://your_server_ip/magento2/admin
and login with your admin credentials.
Then go to Stores > Configuration > General > Web.
Set Base URLs to your domain name (example.com/magento2). And click Save Config.
This will configure the base URL so that assets and links work properly.
Step 9 – Setup Cron Jobs
Magento requires some background cron jobs to handle scheduled tasks like sending emails, indexing, clean up etc.
Set up cron for Magento:
$ crontab -e
Add the following lines:
* * * * * /usr/bin/php /var/www/html/magento2/bin/magento cron:run | grep -v "Ran jobs by schedule" >> /var/www/html/magento2/var/log/magento.cron.log
* * * * * /usr/bin/php /var/www/html/magento2/update/cron.php >> /var/www/html/magento2/var/log/update.cron.log
* * * * * /usr/bin/php /var/www/html/magento2/bin/magento setup:cron:run >> /var/www/html/magento2/var/log/setup.cron.log
This will run the Magento cron job, update cron job, and setup cron job respectively and log the output to log files.
Step 10 – Secure Magento
Magento provides a flexible platform for e-commerce sites. However, the default installation leaves the site vulnerable to exploits. Here we will discuss some steps to further secure your Magento 2 store.
Use HTTPS
Enable HTTPS on your server with a valid SSL certificate. All traffic including admin access should use HTTPS protocol. It encrypts communication and prevents snooping of traffic.
Strong Admin Credentials
Change the default admin username and use a very strong password. The admin account has complete access to your store, data and configurations. Protect it with long & complex password.
You can also setup two-factor authentication for admin login.
Limit Admin Path
Change the default /admin
path of the admin dashboard to something unique like /secret-admin-access
. This prevents unauthorized access through the well known path.
Disable File Execution
Disable execution of PHP files in the Magento directories like app, lib, dev, var, generated.
DisablePHPInDir /var/www/html/magento2/app
DisablePHPInDir /var/www/html/magento2/lib
DisablePHPInDir /var/www/html/magento2/dev
DisablePHPInDir /var/www/html/magento2/var
DisablePHPInDir /var/www/html/magento2/generated
This prevents execution of malware PHP scripts if the site is hacked.
Restrict Permissions
Follow the least privilege principle. Set restrictive permissions for files/folders accessible from web. Limit write access only to required folders like media, var, generated.
Monitor for Suspicious Activity
Check logs regularly for any unauthorized or unusual activity like multiple failed admin login attempts, file changes, PHP execution in disallowed directories etc. Also monitor for performance issues.
Keep Software Up-to-Date
Magento releases security patches and feature updates frequently. Keep your Magento version and extensions up-to-date for latest security fixes and improvements.
Add Security Extensions
There are several extensions like Magento Security Scan, Magento Malware Scanner that provide additional protection by monitoring changes, checking for malware injection, doing security audits etc.
Use a Web Application Firewall (WAF)
A WAF provides additional protection by analyzing web traffic and blocking common exploits like XSS, SQLi, RFI etc. It adds an extra layer of security for your online store.
By taking these steps, you can have a secure Magento 2 installation. The key is to follow security best practices, restrict access, monitor for issues and keep the software up-to-date. This will help prevent compromise and protect your customer data.
Conclusion
Magento is a feature-rich e-commerce platform that provides merchants with powerful tools to create custom online stores. This detailed guide covered how to install, configure and secure Magento 2 on Ubuntu and CentOS for production use.
Some key points are:
- Install LAMP or LEMP stack as prerequisites
- Use Composer to install latest Magento version
- Create database and configure credentials
- Complete initial setup from web interface
- Set base URL, cron jobs for scheduled tasks
- Secure admin access, enable HTTPS, restrict permissions
- Monitor for issues, apply updates/patches regularly
With these steps, you can deploy Magento securely and take advantage of its flexible commerce capabilities to build a fully-functional online store.