Tag: #letsencrypt

Categories
Business PrestaShop Technology Tutorial Ubuntu

Setting Up Prestashop on Digital Ocean Ubuntu Server

The background to this post is that I had a sudden need to ‘figure out shopping carts’. I understood from times past it probably isn’t wise to have a shopping cart that intends to scale on a shared cpanel host, even though it’s pretty dead easy to set that up. I decided this was the day I had to learn how to set up an Ubuntu server myself and face it until I knew enough to do so.

I started with Digital Ocean because I recall testing a ‘droplet’ and being surprised how easy and nice it was. They also support UBports and their servers so I appreciate that. I got a promotional code to try it out and glad I did. I think it’s a really nice solution.

The real purpose of this tutorial is to make sure I don’t forget all the things I learned and also to leave some bread crumbs for others who might want to do the same thing.

I landed on prestashop because it’s very open software, very flexible, been around for many years, and has a bunch of modules that should be quite helpful to roll out store after store.

The idea of this server is that it will run the ‘main business website’ as well as the shopping cart.

Any time you see ‘123.123.123.123’ this is your IP address for your server. Replace it with your actual one, of course.

You should also have a nice password manager set up to save yourself much time and pain as you learn. I recommend keepasxc

Let’s get started

Big Step 1 – Set up the Digital Ocean Droplet

  1. Initiate your server / droplet
    I won’t give detailed instructions here because there is lots of documentation out there. One thing I will say is that i used an Ubuntu 18.04 LTS server with 2GB of ram to make sure I had enough ram to do what’s needed for both the main site and prestashop.
  2. Immediately set up your A records to point to your domain.
    In Digital Ocean (“DO”) it’s pretty easy but I don’t have any links to it. Just go to ‘networking’, add your domain, then create your domains, subdomains, etc, and then point the A record to the Server you just initialed in step 1 above. This step is important to do right away because propagation of the name server to the IP address / box takes an hour or more sometimes depending on where you are.
  3. Set up your SSH keys
    Before you install the droplet, make sure your SSH keys are set up properly because you are going to use them a lot in the terminal. Here is some ssh tutorial. Note that it’s a little hard for me to find SSH stuff in the DO backend so for the records it’s at settings / security and then a tab (I think…)
  4. SSH into your new server
    ssh root@123.123.123.123
  5. Set up a non-root user account on the server
    This is a nice detailed tutorial on this if you’d like here.

Otherwise, this summaries it:

  • Log into the server as root: ssh root@123.123.123.123
  • Make sysadmin user: adduser sysadmin and follow the prompts (should be password prompt and then a few questions)
  • Add new user to the sudo list: sudo usermod -aG sudo sysadmin
  • Switch to new sysadmin user: su sysadmin
  • (Optional) Test the new-found powers by running this and then cancelling: sudo dpkg-reconfigure tzdata

Helpful note
If you find you are not getting prompted for the questions after running the adduser command, it might be because you accidentally ran useradd command like me… weird how it works both ways…

  1. Update the server’s packages
    sudo apt update
    sudo apt upgrade

Big Step 2 – Install Apache

  1. sudo apt install apache2
  2. Check to see if this triggered new packages to upgrade: sudo apt update
  3. If packages need updating: sudo apt ugrade

Big Step 3 – Install PHP

There were about a million different tutorials out there that worked but were pretty hard. At the end of all that I found this which seems to work just fine and dandy, so hopefully it works for you:

  1. Add PPA: sudo add-apt-repository ppa:ondrej/php
  2. Update packages: sudo apt update
  3. Install php (adjusting version and number as you over time and making sure the version is correct for Prestashop / other software): sudo apt install php7.3
  4. Test php version: `php -v’
  5. Add the modules required for Prestashop (adjust for whatever else you are installing): sudo apt install libapache2-mod-php7.3 php7.3 php7.3-common php7.3-curl php7.3-gd php7.3-imagick php7.3-mbstring php7.3-mysql php7.0-json php7.3-xsl php7.3-intl php7.3-zip
  6. Open this file (adjust PHP version as needed / as appropriate): sudo nano /etc/php/7.3/apache2/php.ini
  7. Add these lines of code. Truthfully I don’t know where you are supposed to add them so I added them near the bottom in the first space from the bottom I could find, but not at the very bottom. Adjust as needed:
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago
  1. Restart apache2 after doing php changes (now) with this sudo systemctl restart apache2.service (I’m not 100% sure this step is required, but never hurts!)
  2. Test that PHP is working by:
  • Creating this test file: sudo nano /var/www/html/phpinfo.php
  • Adding this info to the file and saving: <?php phpinfo( ); ?>
  • Going to the URL where this file is where you should see a boring PHP info page: 123.123.123.123/phpinfo.php
  • Deleting the file if the test is good: sudo rm /var/www/html/phpinfo.php

Big Step 4 – Install Mariadb

Apparently mariadb is like mysql but getting more love as we move into the future. I’m just following along.

  1. Create a database name and save it to your password manager. I’m going to use ‘presta_db’ for this. You can call it what you’d like.
  2. Create a database user name and a password and do the same in the password manager.
  3. Install mariadb: sudo apt-get install mariadb-server mariadb-client
  4. Do a security upgrade on it and make a password, etc for database: sudo mysql_secure_installation. Follow the prompts with very likely these answers: Enter, Y, password, repeat password, Y, Y, Y, Y

Big Step 5 – Create your Database in Mariadb

Assuming you did the steps above in step 4, you should now be able to log into your database area with your new password you created. I don’t know if you HAVE to use CAPS for the maria commands, but I do just for visual aid, which is probably why we see this around town…

  1. Log into mariadb: sudo mysql -u root -p
  2. Create your database with the database name you saved to your password manager above: CREATE DATABASE presta_db;
  3. Create the user and password for the database replacing username and password in the following code with yours between the apostrophes: CREATE USER 'username_here'@'localhost' IDENTIFIED BY 'new_password_here';
  4. Do whatever this does, lol: GRANT ALL ON presta_db.* TO 'username_here'@'localhost' IDENTIFIED BY 'same_password_here' WITH GRANT OPTION;
  5. Flush stuff: FLUSH PRIVILEGES;
  6. Exit stuff: EXIT;

Big Step 6 – Create the Directory Structure for a Shared Server Environment (Optional)

First a good resource for hosting multiple domains on a single ubuntu server.

I will provide the directory structure I used for both the ‘standalone’ setup and the ‘shared’ setup (multiple domains on one machine). You can choose and adjust how you like.

  1. Make the full path to the place where you plan to put Prestashop on a shared server environment:
  • sudo mkdir -p /var/www/shop.domain.com/public_html
  • repeat this command for each domain, changing the shop.domain.com/ part to whatever is appropriate

On a standalone environment: sudo mkdir -p /var/www/html/domain.com

Bit Step 7 – Set up your Virtual Host Files in Apache for Each Domain (Shared server environment)

This blog really says it all resource, except, you don’t have to mess around with that /etc/hosts stuff that he talks about at the end. I did that and messed things up on DO environment… The key with this section here is to make sure (in whatever way you are most confortable) that you have a ‘domain.com.conf’ file sitting in the /etc/apache2/sites-available/ directory with the correct domain information in that file and saved. If you don’t, you’ll have pain. The nice part is this wasn’t as scary as I first thought it was. The key items you’ll need are probably these for a basic setup, and this worked fine for Prestashop for me:

ServerName domain.com
ServerAlias www.domain.com
ServerAdmin yourname@youremail.com
DocumentRoot /var/www/domain.com/public_html/prestashop

Lets Encrypt (awesome free SSL cert system) will do ‘the rest’ for you in an upcoming step to deal with port 443 / https:// if you were wondering…

Here is a summary of what I do showing two domains on a shared environment getting their own conf files which we can then edit:

Copy default template for domain 1: sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/shop.domain1.com.conf

Copy default template for domain 2: sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/domain2.com.conf

sudo nano edit each of the above configs with:

  1. Uncomment ServerName line and add correct one:
  2. Add ServerAlias for the www entry below it (not showing in default for some reason, so type it in ServerAlias www.domain.com )
  3. Update admin email
  4. Update document root to /var/www/shop.dailynow.ca/public_html
  5. Repeat for conf files for any other domains on server
  6. Reload Apache just because: systemctl reload apache2.service
  7. Disable the default conf file: sudo a2dissite 000-default.conf
  8. Enable domain 1: sudo a2ensite shop.domain1.com.conf
  9. Enable domain 2 (if applicable): sudo a2ensite domain2.com.conf
  10. Enable re-write mode (which drops some code into your conf file above): sudo a2enmod rewrite
  11. Restart Apache again for fun: sudo systemctl restart apache2.service

Big Step 8 – Putting Prestashop on the server

  1. Install the unzip tool for dealing with the Prestashop zip file: sudo apt install unzip
  2. Navigate to a safe place for doing stuff: cd /tmp/
  3. Verify that you are updating the link in the following code to the latest version. You can verify by going to thei releases page, clicking the latest, right clicking on the zip file and selecting copy link location and pasting into url in code here:
  4. Download the goods! wget -c https://github.com/PrestaShop/PrestaShop/releases/download/1.7.6.7/prestashop_1.7.6.7.zip
  5. Create a prestashop empty directory and unzip the file you just downloaded in step 4 into it: unzip prestashop_1.7.6.7.zip -d prestashop/
  6. move up a level to be able to perform next ‘move’ cd ..
  7. Move the whole directory you just made to the appropriate directory you created in ‘Big Step 6″ above. Adjust as required to your situation: sudo mv prestashop /var/www/shop.domain.com/public_html/
  8. Assign the correct ownership to the prestashop directory (adjust path as fitting for your situation): sudo chown -R www-data:www-data /var/www/shop.domain.com/public_html/prestashop/
  9. Assign the correct permissions to the same directory: sudo chmod -R 755 /var/www/shop.domain.com/public_html/prestashop/

Big Step 9 – Lets Encrypt

I feel, although I’m not sure, that this is the right place for this section: after everything is setup and just before installing Prestashop. When you start the Prestashop installation process it passes sensitive data around like passwords so I feel it should be set up here. However, I’m going to write a warning here, and then repeat it later: you must enable SSL in Prestashop itself in the admin area or things are going to go really bad. SUPER Special thanks to whoever you are author of this blog.

At this point, too, you’ll need to make sure that your domain has propagated (which is why I put the nameserver stuff at the very top). If it hasn’t propagated, Letsencrypt will fail it’s process on the last part. Here is how you can check to make sure you’re ready to continue:

  1. From inside your server, check your current ip address with ifconfig
  2. In a new terminal window (not the server itself but your own PC in a different network) ping your domains individually: ping domain1.com ping domain2.com
  3. Make sure the bounce ip address from ping matches the ifconfig ip address of your server / droplet in step 1 above.

If you get a long hang or failed ping, probably your domain hasn’t propagated yet. You’ll have to wait as I don’t know of another way to speed things up, except I believe you can reduce the TTL rate from 3600 down but that may have adverse affects on your server resources. Study this topic yourself if you run into it.

Bonus Tip
You can find out a bunch of cool stuff about your domains and propagation with DIG command dig domainname.com .
This command seems to be more powerful than propagation and can at least tell you if things ‘should’ propagate correctly before it actually propagates.
Here are two cool ones:

  • Find out the name server associated with your domain: dig domain.com NS
  • Check out that an A record is setup and working: dig domain.com A

Install LetsEncrypt

  1. Add the PPA: sudo add-apt-repository ppa:certbot/certbot
  2. Install the certbot: sudo apt install python-certbot-apache
  3. Test the syntax of, what I believe, are the conf files and apache conf files: sudo apache2ctl configtest. If you get an ‘OK’ message, continue. If you change anything in your conf files, don’t forget to reload Apache after sudo systemctl reload apache2
  4. Enable the firewall: sudo ufw enable
  5. MISSION CRITICAL Right here and right now, be sure you allow the ssh rule in the firewall rules, otherwise, you’ll get locked out of your server like I did. Thankfully with DO if you do get locked out you can go in through their virtual console, but still…So, simply run this line of code to open up SSH in the firewall: sudo ufw allow ssh
  6. Let https traffic through so that Letsencrypt can do its thing: sudo ufw allow 'Apache Full'
  7. Check the firewall status which should show active, as well as show BOTH 22/tcp and Apache Full enabled for both ipv4 and ipv6. Don’t continue until these are both present: sudo ufw status
  8. RUN IT sudo certbot --apache -d your_domain -d www.your_domain
  9. Most questions are easy to answer. Choose option 2 for normal and higher security forcing redirects to https. Note! It seems after you choose this it’s forever impossible to connect with regular http:// on port 80. This may be important? Not sure…didn’t affect prestashop.
  10. Probably you should test your domains here to make sure https:// is working. I didn’t write any steps for this as I figured Prestashop will be a good test coming soon…
  11. Repeat steps 8-10 for other domains (ie. domain2.com) if required adjusting as appropriate
  12. When done all your domains, do a dry run renewal to make sure renewal process is working well too: sudo certbot renew --dry-run

Bonus Section! How to get rid of Letsencrypt Stuff When everything goes bad…

Sometimes we make mistakes and things go wrong with SSL certificates. If you want to rule out Letsencrypt and your certs from the equation, it’s not entirely simple to get it out of your system, as I thought it was. So, here is your bonus section in case you need it nearby:

  1. Disable the letsencrypt conf file: sudo a2dissite prestashop-le-ssl.conf
  2. Totally uninstall letsencrypt (‘certbot’) sudo apt remove --purge python-certbot-apache
  3. Purge these dirs of their certs:

rm -rf /etc/letsencrypt
rm -rf /var/log/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /path/to/your/git/clone/directory (seemed not applicable)
rm -rf ~/.local/share/letsencrypt (seemed not applicable)

  1. Wipe all the ssl conf files (which stuck around after wiping the above) in /etc/apache2/sites-available/ with something like:
    sudo rm shop.domain.com-le-ssl.conf
    and sudo rm shop.domain2.com-le-ssl.conf
  2. Restart apache: sudo systemctl restart apache2.service
  3. Restart installation process again if applicable sudo apt install python-certbot-apache

Big Step 10 – Installing Prestashop Via Browser

Go to your var/www/domain.com/public_html/prestashop directory and you should now see Prestashop magically start to do stuff if everything above went well.

You will walk through the install steps and connect the database to the mariadb database name, database user, and database password you created in Big Step 5 above. You will also create a shop admin user and password in the process. When the process is finished, it will warn you to delete your install directory. You cannot log in to your admin area without first deleting this, or, renaming this directory.

To delete it:
Change to where directory is: cd /var/www/shop.domain.com/public_html/prestashop
Remove install directory and all its contents: sudo rm -r install/

To rename it:
Change to where directory is: cd /var/www/shop.domain.com/public_html/prestashop
Move it (which actually renames it), giving it whatever name you’d like: sudo mv install/ install_123abc

Now go to your Prestashop admin area which will be something like domain.com/admin128r78575 (some random characters after the word admin). By the way, you can always find this by navigating to the prestashop directory and just looking for it. This is a nice tip if things go bad 😉

Log in with your shop admin user / password

STOP! Enable and Force SSL HTTPS:// NOW! Do not wait, wonder, etc. If you don’t enable this, things will be bad because your letsencrypt SSL certs are set up and forcing HTTPS:// traffic meaning you’ll never be able to see your shop from the outside without this step. Here is the link again to the post

Note If you happen to get this error while installing Prestashop, you can safely continue as it reportedly does not mess anything major up:

PrestaShop 1.7.5.0 install reports that:
To get the latest internationalization data upgrade the ICU system package and the intl PHP extension”

This is a post I found which indicated this.

Oh, you probably want to rename your Presta-generated admin login directory because it probably made a weird one like admin37dumj777 which means you’d have to log in to your back end at domain.com/admin37dumj777. I did this with this command: sudo mv /admin37dum777 newadmindirectoryname/ which thus ‘moves’ it, or more accurately, renames it and doesn’t move it at all since we didn’t actually change its location. Nice trick, eh?? Now you can log in at domain.com/newadmindirectoryname/

Concluding Comments

I’m tired. That was hard. I hope it helped at least one person besides me. Have a nice day!