Table of Contents

Anchor CMS

Ubuntu 18.04 Server installation tutorial for Anchor CMS.

Package installation

sudo apt install nginx mariadb-server
sudo apt install php7.2 php7.2-curl php7.2-gd php7.2-mbstring php7.2-mysql

mcrypt needs to be installed manually with pecl 

sudo apt-get -y install gcc make autoconf libc-dev pkg-config
sudo apt-get -y install php7.2-dev
sudo apt-get -y install libmcrypt-dev

Make sure you sudo pecl search mcrypt to find the newest version even though it is out of support 

sudo pecl install mcrypt-1.0.3

Setup the database

sudo mysql_secure_installation

Answer all the questions as shown below: 

Enter current password for root (enter for none):
Set root password? [Y/n]: Y
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

Log in to the mysql console 

sudo mysql -u root -p

Create the database and the admin user. 

CREATE DATABASE anchordb;
GRANT ALL ON anchordb.* TO 'dbadmin' IDENTIFIED BY '4L94jSPEZC9eNpWAHdRLWtPfRVeBLrei';
FLUSH PRIVILEGES;

Let's Encrypt

For SSL use the EFF's PPA for the Let's Encrypt certbot. 

sudo add-apt-repository ppa:certbot/certbot
sudo apt upgrade
sudo apt install python-certbot-nginx
sudo certbot --nginx certonly

Cert and Key locations: 

/etc/letsencrypt/live/sub.domain.tld/fullchain.pem
/etc/letsencrypt/live/sub.domain.tld/privkey.pem

By default, a generic DH key is used which weakens the key exchange. Generate a non-generic Diffie-Hellman key with OpenSSL, the line in the Nginx configuration file has already been added in the config below. 

sudo openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 4096

Configuring Nginx

server {
	listen 80;
	server_name blog.arctic.cat;
	# enforce https
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl http2;
	server_name blog.arctic.cat;

	ssl_certificate /etc/letsencrypt/live/blog.arctic.cat/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/blog.arctic.cat/private.key;
	ssl_session_timeout 5m;
	ssl_ecdh_curve prime256v1;
	ssl_session_tickets off;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!aNULL';
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1.2;
	ssl_dhparam /etc/ssl/dhparam.pem;

	# Add headers to serve security related headers
	# Before enabling Strict-Transport-Security headers please read into this
	# topic first.
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";
	add_header Referrer-Policy "no-referrer" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-Download-Options "noopen" always;
	#add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Permitted-Cross-Domain-Policies "none" always;
	add_header X-Robots-Tag "none" always;
	add_header X-XSS-Protection "1; mode=block" always;

	root /var/www/anchor;

	index index.php index.html;

	location / {
		try_files $uri $uri/ /index.php;
	}
    
	location ~ \.php$ {
		try_files $uri =404;
		include fastcgi_params;
		fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}
}

Before testing the config, you need to increase the server_names_hash_bucket_size in /etc/nginx/nginx.conf to 64, it should be commented out be default.

Be sure to test the config. 

sudo nginx -t

Install PHP Composer

Composer will allow us to install Anchor in a single line. Follow the instructions found here: https://getcomposer.org/download/ 

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer

Install Anchor CMS

Make the webroot directory for anchor apply ownership to your current user. 

sudo mkdir -p /var/www/anchor
sudo chown -R {your_user}:{your_user} /var/www/anchor
cd /var/www/anchor

This was supposed to be rather quick, but due to a syntax error in the anchor config, it will require a few more additional commands. 

composer create-project anchorcms/anchor-cms ./

The above command will error out, but you just need to edit one line in composer.json 

sudo vim /var/www/anchor/composer.json
- "type": "CMS",
+ "type": "cms",

Now install anchor. 

composer install

Permissions

Change the permissions for the anchor web root to www-data 

sudo chown -R www-data:www-data /var/www/anchor

Create some other directory that I have no real idea what it does. 

sudo mkdir -p /var/lib/php/session && sudo chown -R www-data:www-data /var/lib/php

Let's Go!

I usually reboot for good measure just to make sure reboots are handled properly. 

sudo reboot