This express tutorial is for intermediate IT Admin or fullstack developper that want to setup and publish a website.
We will learn how to setup and use:


To follow this Tiki Tutorial, you need to know how use the shell, have root access and a minimum of knowledge about servers, mysql and hosting... or just try and learn ! As long as you don't work with real data you can aways terminate and re-install an instance till you get your Tiki to work. Amazon or Google Cloud offers tier free options so you fail, learn and retry as long as you want. (during the trial period of course).

If you don't want to experiment, if your time is precious. are in a hurry or don't want to play on live data without knowing what to do, you can always ask me to do it for you or search in the Tiki Consultants list and you'll have professional job done by... a Tiki Specialist. 😉

Server preparation

Install an Amazon Lightsail Instance

Log into your AWS Console (or create you account) and look for Lightsail in the search bar.
Select your instance location (the region you want the server to be set for... the closer to your targeted users the better) and pick your instance image: Linux/Unix.
Following our case, pick your instance image, for the platform select Linux/Unix, for the blueprint choose "OS Only" and select Debian10.x.
Note: They are other possible options if you select "Apps + OS" like LAMP, Ngnix or CPanel, etc. While I prefer to control exactly what is installed, you can choose one of them of course and "kind-of" follow this tutorial. Same for OS choice, this tutorial is about setting up a Debian Linux but you can select something else and adapt this tutorial instructions to get the same result in the end.

Install Tiki On Lightsail Tutorial Select Region Install Tiki On Lightsail Tutorial Select OS


Below this, if you have already an SSH key linked to this account, select to use the default key created with your instance (you will need to download it into your computer, user/.ssh folder), upload an existing key. If you don't have an SSH key linked to your account you can create a new SSH key pair and there are guides available for this.

Choose your instance plan (I suggest you start with the cheapest as you can always upgrade your plan).
Identify your instance by giving it a name. While you can add tags, I suggest you be descriptive to avoid being lost later if you create other instances (for development or test).
Your instance should be running in a minute and you should be already able to use the integrated SSH console by clicking on the terminal icon ( )

Install Tiki On Lightsail Tutorial Instance Ready


Once the instance is running you can start managing it, click on the 3 vertical dots and select "Manage".
This part is done and, while we can connect and use the HTML was terminal, we want to use our own shell or terminal from our local computer.

Install Tiki On Lightsail Tutorial Connect To The Instance


The first thing to do is to check you can connect to your server (the public instance IP) using your own terminal (putty, terminal or any of your preferred) to have shell access.
The user set for the Debian Linux is "admin". So I need to ssh to my public instance IP using the key pair (set above) with the admin user.

SSH Key pair may be complicate story if you are not oriented IT Admin.
In very short, if you select to use the default key this is what I would do (replace "LightsailDefaultKeyPair-us-east-1.pem" with your key filename).
Download the key into my computer, move the file to my ~/.ssh directory and set the correct file permissions:

Set per file permissions
sudo chmod 600 ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem

Then I should be able to use the following to connect :

SSH using the stored default key
ssh -i ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem admin@xx.xx.xx.xx

You can find here more documentation about this : https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-ssh-using-terminal

You may have some warning about "locale" it is up to you to fix it now or later. (by default I use : en_US.UTF-8 UTF-8)

Fix locale warning
select your locales, recommended: en_US.UTF-8
sudo dpkg-reconfigure locales
re-generate the locale on your server
sudo locale-gen


To tight it up, enter those two shell command: LC_CTYPE=en_US.UTF-8 and LC_ALL=en_US.UTF-8
(export LC_CTYPE=en_US.UTF-8, export LC_ALL=en_US.UTF-8 in some case)


Once you passed this step we can continue with the install.

Lightsail Networking and security group

To allow access to your "secured" site and the Virtualmin control panel we need to go to the Lightsail instance control panel and select Networking.
Set security group and open port 80, 443, 22 and 10000.
I usually open 80 and 443 to all traffic (no IP restriction) and restrict access to 22 and 10000 to my IP only. (we are never too safe ! )

While we are here, another important thing you want to do, especially if you are going to work with a domain name is to create a static IP.
Just follow the onscreen instruction it is very easy.

Install Tiki On Lightsail Tutorial   Networking Settings


Be aware that you may have to reboot the instance so your security settings are properly applied.

Set and use root login

As Lightsail allow you to login using a default admin from which you can login with root, setting external access for the root user may be discutable and it will be up to you to set this or not.
However, for me to diagnose or manage my virtual domains correctly so I usually setup an SSH root access using elaborated password and fail2ban mechanism (if someone, a bot, try too many time to connect using SSH it is blacklisted from accessing my server).

Logged as the default "admin" user. (I use nano but it is the same with VI, VIM or any editor)

Switch for the Super user (root)
sudo su
Edit ssh configuration file
nano /etc/ssh/sshd_config

Change #PermitRootLogin prohibit-Password to PermitRootLogin yes
and PasswordAuthentication no to PasswordAuthentication yes and of course save your changes.

Restart SSHD to validate changes
systemctl restart sshd
Set the root password
passwd root
Reboot your instance
sudo reboot

You will be disconnected, reconnect and check everything is working fine when you login as root.

Check your hostname

For VirtualMin/Webmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname file.

hostname

By default it will display the instance internal IP (later on Virtualmin won’t like it) and it should display your hostname mostly your domain name like "mydomain" (without http or https)

You can change this and set it for your host name (yourdomain.com)

sudo nano /etc/hostname


You need to check and add your host to the hosts file.
But if you do it directly (editing /etc/hosts) the changes will be reverted on the next reboot.
To make it permanent, you need to modify the template used to recreate on each reboot the hosts file.

Edit hosts.debian.tmpl
sudo nano /etc/cloud/templates/hosts.debian.tmpl

After the "fqdn" and "hostname" variables add your hostname. It should look like this;
127.0.1.1 yourhostname

Reboot the server and check changes are permanent.

cat /etc/hosts


After the last Lightsail IP address add your hostname without extension (TLD). It should look like this:
127.0.1.1 ip-172-xx-x-xxx.eu-west-3.compute.internal ip-172-x-xx-xxx mydomain

Reboot and recheck

Reboot your instance
sudo reboot

Update your Debian server

The first thing you want to do is to log onto your server and first update/upgrade it with the following commands:

sudo apt update
sudo apt upgrade

Install your MySQL database (mariaDB)

It is important to install and setup MariaDB before Virtualmin.

Install mariaDB
sudo apt install mariadb-server


Then we will secure the installation to tight our defences against the "bad guys".

Secure mariaDB
sudo mysql_secure_installation

You should be able to answer most of the questions without too much thinking those are my answers (explanations can be found on the web)

  • Enter current password for root (enter for none):
  • Change the root password? Y/n n
  • Remove anonymous users? Y/n y
  • Disallow root login remotely? Y/n y
  • Remove test database and access to it? Y/n y
  • Reload privilege tables now? Y/n y


Done, let's check MariaDB is running:

Test mariaDB status
sudo systemctl status mariadb

Install Webmin and Virtualmin

We will download Virtualmin automated install script and run it. It is basically a shell script that will handle rest of the installation once executed.

Download Virtualmin install script
wget https://software.virtualmin.com/gpl/scripts/install.sh

You can do a full install but also you can do a minimal install which will spare the instance resources. For exemple where I don't need a mail server I do minimal install.

Full install of Virtualmin
sudo /bin/sh ./install.sh
Minimal install of Virtualmin
sudo /bin/sh --minimal ./install.sh


If you choose the lowest memory option for your Lightsails instance you will have an error message about "Memory"
"ERROR Memory is below 1024 MB. A full installation may not be possible."
Continue and create a swap file.
You should see now the different components being installed one by one.

 Postinstall configuration returned an error.
I encountered the following error "Postinstall configuration returned an error" once, but it doesn't seems it halt the installation and the Virtualmin control panel was working just fine.


You will now have access to your control panel if the port 10000 is open else, you may need to open the port it on the server. Because by default the Virtualmin will listen to the port Virtualmin. You only have to open this port if all the incoming requests on your server are blocked by default. (check above Lightsail Networking and security group )

Use https://your_server_publicIP:10000 (you can use your a domain name if set already)
View and trust the certificate and login.
Once you are in , follow Virtualmin Post installation wizard.
It is pretty straightforward and everything is done to guide you.

For the DNS configuration parameters, it may show a mix with your hostname (the domain your registrar is pointing to) and some AWS internal address. IE : hostname.ec2.internal
Change the value for your domain and complete the process. If your domain is not already redirecting, you can check the " Skip check for resolvability" option.

The next question is... a trap ! 🤗
If you don't create a default Virtual Server, Virtualmin will load but with errors (like: missing postfix maps) so you can solve them later by creating at least one Virtual Server or create one during the installation process and restart Virtualmin (a reboot never hurt once all is set you check things are starting as they should).

Troubleshooting Virtualmin installation

Fixing Postfix virtual maps error

You may see this error: "A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration"
Applied the postfix config script for Virtuamin

Configure postfix for Virtualmin
virtualmin-config-system -i Postfix

DNS server error

You may see this error: "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server"
This is some false check that Virtualmin team is aware of. They planned to remove and fix the issue for Virtualmin 6.17+.
In the meantime, go to System Settings ⇾ Virtualmin Configuration / Advanced options page to set Check resolv.conf for this system to No.

Additional stuff

Install Let's encrypt certificate

You need first to use your domain name set it at the registrar properly. As long as you use your server IP you can't create the certificate and should skip.
Under Virtualmin => Server Configuration => SSL Certificate click on the "Let's Encrypt" tab and request certificate.
Install automatically for all domain or use set manually the domain for whom you want to create a certificate (Virtualmin may add domains you did set yet at this stage)

Install several versions of PHP

Allow "PHP script execution mode" under Virtualmin => Server Configuration => PHP Options
Debian 10 come by default with a PHP that may not fit your needs.

I enabled the sury.org repository and update the package list:

sudo apt install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt update
apt upgrade

This will also install the last version of PHP (php8.0).
From here you can install any PHP package (change version number for what you need) and it will be accessible for your PHP version configuration in Virtualmin

sudo apt-get install php7.4 php7.4-cgi php7.4-cli php7.4-fpm php7.4-mysql php7.4-xml php7.4-gd php7.4-intl php7.4-xsl php7.4-curl php7.4-zip php7.4-mbstring php7.4-bcmath


Once I completed the installation of the second PHP I recheck the Virtualmin configuration it by logging into Virtualmin, and clicking System Settings -> Re-Check Config

You can configure which one is the default PHP version used on new Virtual Servers. The default is to use the newest available. You can change that default in System Settings -> Server Templates -> Default -> PHP Options. To set your host or domain PHP version go to Virtualmin -> Server configuration -> PHP version and on that screen you can set the PHP version to useversion.

Quota settings

By default your Virtual Server will be limited to the default plan.
While this is enough if you install a Tiki package, you may need more memory to run composer.
Adjust the quota at Edit Virtual Server => Quotas and limits.

Installing git

Install and check git is running

sudo apt install git
git --version

Installing Tiki

Navigate into your html directory. If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
There is at https://tiki.org a complete installation guide
But in short, I use the git clone command to download Tiki. In my case I needed Tiki branch (version) 23.x without previous history (depth=1)

Download Tiki from the git repo
git clone --depth=1 --branch=23.x https://gitlab.com/tikiwiki/tiki.git .


Then I have to run tiki setup to install Composer files and fix the files and directories permissions.
I want to run PHP7.4 (I have several PHP version installed) so I add the path.

Tiki setup to run php7.4
sh setup.sh -p /usr/bin/php7.4


From here follow the regular Tiki install process (setup.sh (see additional notes below), database creation) and you have a Tiki ready to be installed !

Tiki Installed