This express tutorial is for intermediate IT Admin or fullstack developper that want to setup and publish a website.
We will learn how to setup and use:
- Amazon Lightsail
- Linux operating system, Debian10 and Apache2
- MariaDB (InnoDB)
- Virtualmin web hosting control panel
- PHP
- Git and the Tiki Gitlab repository
- Tiki Wiki the website builder
To follow this Tiki Tutorial, you need to know how use the shell, have root access and a minimum of knowledge about servers, mysql and hosting... or just try and learn ! As long as you don't work with real data you can aways terminate and re-install an instance till you get your Tiki to work. Amazon or Google Cloud offers tier free options so you fail, learn and retry as long as you want. (during the trial period of course).
If you don't want to experiment, if your time is precious. are in a hurry or don't want to play on live data without knowing what to do, you can always ask me to do it for you or search in the Tiki Consultants list and you'll have professional job done by... a Tiki Specialist. 😉
Server preparation
Install an Amazon Lightsail Instance
Log into your AWS Console (or create you account) and look for Lightsail in the search bar.
Select your instance location (the region you want the server to be set for... the closer to your targeted users the better) and pick your instance image: Linux/Unix.
Following our case, pick your instance image, for the platform select Linux/Unix, for the blueprint choose "OS Only" and select Debian10.x.
Note: They are other possible options if you select "Apps + OS" like LAMP, Ngnix or CPanel, etc. While I prefer to control exactly what is installed, you can choose one of them of course and "kind-of" follow this tutorial. Same for OS choice, this tutorial is about setting up a Debian Linux but you can select something else and adapt this tutorial instructions to get the same result in the end.
Below this, if you have already an SSH key linked to this account, select to use the default key created with your instance (you will need to download it into your computer, user/.ssh folder), upload an existing key. If you don't have an SSH key linked to your account you can create a new SSH key pair and there are guides available for this.
Choose your instance plan (I suggest you start with the cheapest as you can always upgrade your plan).
Identify your instance by giving it a name. While you can add tags, I suggest you be descriptive to avoid being lost later if you create other instances (for development or test).
Your instance should be running in a minute and you should be already able to use the integrated SSH console by clicking on the terminal icon ( )
Once the instance is running you can start managing it, click on the 3 vertical dots and select "Manage".
This part is done and, while we can connect and use the HTML was terminal, we want to use our own shell or terminal from our local computer.
The first thing to do is to check you can connect to your server (the public instance IP) using your own terminal (putty, terminal or any of your preferred) to have shell access.
The user set for the Debian Linux is "admin". So I need to ssh to my public instance IP using the key pair (set above) with the admin user.
SSH Key pair may be complicate story if you are not oriented IT Admin.
In very short, if you select to use the default key this is what I would do (replace "LightsailDefaultKeyPair-us-east-1.pem" with your key filename).
Download the key into my computer, move the file to my ~/.ssh directory and set the correct file permissions:
sudo chmod 600 ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem
Then I should be able to use the following to connect :
ssh -i ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem admin@xx.xx.xx.xx
You can find here more documentation about this : https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-ssh-using-terminal
You may have some warning about "locale" it is up to you to fix it now or later. (by default I use : en_US.UTF-8 UTF-8)
Once you passed this step we can continue with the install.
Lightsail Networking and security group
To allow access to your "secured" site and the Virtualmin control panel we need to go to the Lightsail instance control panel and select Networking.
Set security group and open port 80, 443, 22 and 10000.
I usually open 80 and 443 to all traffic (no IP restriction) and restrict access to 22 and 10000 to my IP only. (we are never too safe ! )
While we are here, another important thing you want to do, especially if you are going to work with a domain name is to create a static IP.
Just follow the onscreen instruction it is very easy.
Be aware that you may have to reboot the instance so your security settings are properly applied.
Set and use root login
As Lightsail allow you to login using a default admin from which you can login with root, setting external access for the root user may be discutable and it will be up to you to set this or not.
However, for me to diagnose or manage my virtual domains correctly so I usually setup an SSH root access using elaborated password and fail2ban mechanism (if someone, a bot, try too many time to connect using SSH it is blacklisted from accessing my server).
Logged as the default "admin" user. (I use nano but it is the same with VI, VIM or any editor)
sudo su
nano /etc/ssh/sshd_config
Change #PermitRootLogin prohibit-Password to PermitRootLogin yes
and PasswordAuthentication no to PasswordAuthentication yes and of course save your changes.
systemctl restart sshd
passwd root
sudo reboot
You will be disconnected, reconnect and check everything is working fine when you login as root.
Check your hostname
For VirtualMin/Webmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname file.
hostname
By default it will display the instance internal IP (later on Virtualmin won’t like it) and it should display your hostname mostly your domain name like "mydomain" (without http or https)
You can change this and set it for your host name (yourdomain.com)
sudo nano /etc/hostname
You need to check and add your host to the hosts file.
But if you do it directly (editing /etc/hosts) the changes will be reverted on the next reboot.
To make it permanent, you need to modify the template used to recreate on each reboot the hosts file.
sudo nano /etc/cloud/templates/hosts.debian.tmpl
After the "fqdn" and "hostname" variables add your yourdomain. It should look like this;
127.0.1.1 { {fqdn}} { {hostname}} yourdomain
Reboot the server and check changes are permanent.
cat /etc/hosts
After the last Lightsail IP address you should see your hostname without extension (TLD). It should look like this:
127.0.1.1 ip-172-xx-x-xxx.eu-west-3.compute.internal ip-172-x-xx-xxx yourdomain
Update your Debian server
The first thing you want to do is to log onto your server and first update/upgrade it with the following commands:
sudo apt update sudo apt upgrade
You may have to answer some questions or do some action to "continue".
Install your MySQL database (mariaDB)
It is important to install and setup MariaDB before Virtualmin.
sudo apt install mariadb-server
Then we will secure the installation to tight our defences against the "bad guys".
sudo mysql_secure_installation
You should be able to answer most of the questions without too much thinking those are my answers (explanations can be found on the web)
- Enter current password for root (enter for none) => enter
- Set root password? [Y/n] y - As it is a first install
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y
Done, let's check MariaDB is running:
sudo systemctl status mariadb
Install Webmin and Virtualmin
We will download Virtualmin automated install script and run it. It is basically a shell script that will handle rest of the installation once executed.
wget https://software.virtualmin.com/gpl/scripts/install.sh
You can do a full install but also you can do a minimal install which will spare the instance resources. For exemple where I don't need a mail server I do minimal install.
sudo sh install.sh
sudo sh install.sh --minimal
If you choose full install with the lowest memory option for your Lightsails instance you may see an error message about "Memory"
"[ERROR] Memory is below 1024 MB. A full installation may not be possible."
You will continue and create a swap file.
You should see now the different components being installed one by one.
This is taking some times... Just wait for the process to complete.
You will now have access to your control panel if the port 10000 is open else, you may need to open the port it on the server. Because by default the Virtualmin will listen to the port Virtualmin. You only have to open this port if all the incoming requests on your server are blocked by default. (check above Lightsail Networking and security group )
Lately I had to reboot one more time the server to have Virtuamin running
Use https://your_server_publicIP:10000 (you can use your a domain name if set already)
View and trust the certificate and login.
Once you are in , follow Virtualmin Post installation wizard.
It is pretty straightforward and everything is done to guide you.
For the DNS configuration parameters, it may show a mix with your hostname (the domain your registrar is pointing to) and some AWS internal address. IE : hostname.ec2.internal
Change the value for your domain and complete the process. If your domain is not already redirecting, you can check the " Skip check for resolvability" option.
The next question is... a trap ! 🤗
If you don't create a default Virtual Server, Virtualmin will load but with errors (like: missing postfix maps) so you can solve them later by creating at least one Virtual Server or create one during the installation process and restart Virtualmin (a reboot never hurt once all is set you check things are starting as they should).
Troubleshooting Virtualmin installation
Fixing Postfix virtual maps error
You may see this error: "A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration"
Applied the postfix config script for Virtuamin
virtualmin-config-system -i Postfix
DNS server error
You may see this error: "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server"
This is some false check that Virtualmin team is aware of. They planned to remove and fix the issue for Virtualmin 6.17+.
In the meantime, go to System Settings ⇾ Virtualmin Configuration / Advanced options page to set Check resolv.conf for this system to No.
Additional stuff
Install Let's encrypt certificate
You need first to use your domain name set it at the registrar properly. As long as you use your server IP you can't create the certificate and should skip.
Under Virtualmin => Server Configuration => SSL Certificate click on the "Let's Encrypt" tab and request certificate.
Install automatically for all domain or use set manually the domain for whom you want to create a certificate (Virtualmin may add domains you did set yet at this stage)
Install several versions of PHP
Allow "PHP script execution mode" under Virtualmin => Server Configuration => PHP Options
Debian 10 come by default with a PHP that may not fit your needs.
I enabled the sury.org repository and update the package list:
sudo apt install apt-transport-https lsb-release ca-certificates sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list apt update apt upgrade
This will also install the last version of PHP (php8.0).
From here you can install any PHP package (change version number for what you need) and it will be accessible for your PHP version configuration in Virtualmin
sudo apt-get install php7.4 php7.4-cgi php7.4-cli php7.4-fpm php7.4-mysql php7.4-xml php7.4-gd php7.4-intl php7.4-xsl php7.4-curl php7.4-zip php7.4-mbstring php7.4-bcmath
Once I completed the installation of the second PHP I recheck the Virtualmin configuration it by logging into Virtualmin, and clicking System Settings -> Re-Check Config
You can configure which one is the default PHP version used on new Virtual Servers. The default is to use the newest available. You can change that default in System Settings -> Server Templates -> Default -> PHP Options. To set your host or domain PHP version go to Virtualmin -> Server configuration -> PHP version and on that screen you can set the PHP version to useversion.
Quota settings
By default your Virtual Server will be limited to the default plan.
While this is enough if you install a Tiki package, you may need more memory to run composer.
Adjust the quota at Edit Virtual Server => Quotas and limits.
Installing git
Install and check git is running
sudo apt install git git --version
Installing Tiki
Navigate into your html directory. If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
There is at https://tiki.org a complete installation guide
But in short, I use the git clone command to download Tiki. In my case I needed Tiki branch (version) 23.x without previous history (depth=1)
git clone --depth=1 --branch=23.x https://gitlab.com/tikiwiki/tiki.git .
Then I have to run tiki setup to install Composer files and fix the files and directories permissions.
I want to run PHP7.4 (I have several PHP version installed) so I add the path.
sh setup.sh -p /usr/bin/php7.4
From here follow the regular Tiki install process (setup.sh (see additional notes below), database creation) and you have a Tiki ready to be installed !