How to Install Prestashop with Nginx on a Debian 10 VPS

142
Published on June 15, 2020 by

This video shows you step by step how to install Prestashop with Nginx on Debian 10 VPS.

PrestaShop is a fully scalable open source e-commerce solution that helps you sell your products online by providing the best shopping cart experience for both merchants and customers. It is based on PHP and MySQL and can be extended with free and premium plugins and themes. With features like intuitive administrative interface, multiple payment gateways, multi-lingual, analytic, and reporting, PrestaShop is a platform of choice for many online merchants.

==============================
INITIAL SERVER SETUP DEBAIN 10
==============================
Login to Server:
ssh root@your_server_ip

apt update -y && apt upgrade -y

adduser debian

usermod -a -G sudo debian

Configure SSH :
nano /etc/ssh/sshd_config

Add and change the information:
Port 22500
Protocol 2
PermitRootLogin no

Add to End of File :
UseDNS no
AllowUsers debian

Save and Close

Restart SSH service:
systemctl restart ssh.service

Logout:

Ctrl+D

Login using user with sudo privilages:
ssh -p 22500 user@ip_address

==============================
INSTALL NGINX, PHP AND MARIADB
==============================
Install Nginx, MariaDB, PHP, and other PHP modules :
sudo apt install nginx mariadb-server mariadb-client php-fpm php-common php-mysql php-gmp php-curl php-intl php-mbstring php-xmlrpc php-gd php-bcmath php-imap php-xml php-cli php-zip unzip wget git curl -y

Open the php.ini file:
sudo nano /etc/php/7.3/fpm/php.ini

Make the following changes:
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360

using sed:
sudo sed -i "s/file_uploads = .*/file_uploads = on/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/allow_url_fopen = .*/allow_url_fopen = on/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/short_open_tag = .*/short_open_tag = on/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/cgi.fix_pathinfo = .*/cgi.fix_pathinfo = 0/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.3/fpm/php.ini
sudo sed -i "s/max_execution_time = .*/max_execution_time = 360/" /etc/php/7.3/fpm/php.ini

Save and Close :
Ctrl O+X

Restart PHP-FPM service:
sudo systemctl restart php7.3-fpm.service

==============================
CONFIGURE NGINX FOR PRESTASHOP
==============================

sudo nano /etc/nginx/sites-available/linuxscoop.cc

------------------------------
server {

    # Ipv4
    listen 80;
 
    # IPv6
    listen [::]:80;

    # SSL Ipv4 & v6
    # listen 443 ssl;
    # listen [::]:443 ssl;

    # ssl_session_timeout 24h;
    # ssl_session_cache shared:SSL:10m;
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    # ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
    # ssl_prefer_server_ciphers on;
    # Do not forget to create this file before with OpenSSL : "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048"
    # ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    # Your domain names here
    server_name linuxscoop.cc  www.linuxscoop.cc;

    #Your website root location
    root /var/www/linuxscoop/;

    index index.php;

    #Log
    access_log /var/log/nginx/linuxscoop_access.log;
    error_log /var/log/nginx/linuxscoop_error.log;

    # Your admin folder
    set $admin_dir /admin730nzdtkb;

    # Gzip Settings, convert all types.
    gzip on;
    gzip_vary on;
    gzip_proxied any;

    # Can be enhance to 5, but it can slow you server
    # gzip_comp_level    5;
    # gzip_min_length    256;

    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;
        # Supposed to be the case but we never know
        # text/html;
        
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    
    # Symfony controllers
    location ~ /(international|_profiler|module|product|feature|attribute|supplier|combination|specific-price|configure)/(.*)$ {
      	try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;    	
    }


    # Redirect needed to "hide" index.php
    location / {
#        try_files $uri $uri/ /index.php$uri&$args;

        # Old image system ?
                    rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
                    rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last;
                    rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
                    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
                    rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
                    rewrite ^/c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1.jpg last;
                    rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
                    try_files $uri $uri/ /index.php?$args;  
    }
    
    error_page 404 /index.php?controller=404;

    # Static assets delivery optimisations
    add_header Strict-Transport-Security max-age=31536000;

    # Cloudflare / Max CDN fix
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

    location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
      expires max;
      log_not_found off;
      add_header Pragma public;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    # Deny access to .htaccess .DS_Store .htpasswd etc
    location ~ /\. {
        deny all;
    }

    # PHP 7 FPM part
    location ~ [^/]\.php(/|$) {

        fastcgi_index index.php;

        # Switch if needed
        include /etc/nginx/fastcgi_params;
        # include fcgi.conf;

        # Do not forget to update this part if needed
        # fastcgi_pass 127.0.0.1:9000;  
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_keep_conn on;
        fastcgi_read_timeout 30s;
        fastcgi_send_timeout 30s;

        # In case of long loading or 502 / 504 errors
        # fastcgi_buffer_size 256k;
        # fastcgi_buffers 256 16k;
        # fastcgi_busy_buffers_size 256k;
        client_max_body_size 10M;

        # Temp file tweak
        fastcgi_max_temp_file_size 0;
        fastcgi_temp_file_write_size 256k;

   }

   # Allow access to robots.txt but disable logging every access
   location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
   }


   # Prevent injection of php files in directories a user can upload stuff
   location /upload {
       location ~ \.php$ { deny all; }
   }
   location /img {
       location ~ \.php$ {  deny all;}
   }

   # Ban access to source code directories
   location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ {
      deny all;
   }

   # Banned file types
   location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ {
       deny all;
   }

}
------------------------------

sudo nginx -t

sudo ln -s /etc/nginx/sites-available/linuxscoop.cc /etc/nginx/sites-enabled/

sudo systemctl restart nginx.service

sudo systemctl restart php7.3-fpm.service

==============================
CONFIGURE A PRESTASHOP DATABASE
==============================
sudo mysql_secure_installation

mysql -u root -p

Fix when can't login as root :
https://stackoverflow.com/questions/39281594/error-1698-28000-access-denied-for-user-rootlocalhost

CREATE DATABASE dbprestashop DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

GRANT ALL ON dbprestashop.* TO 'prestashopuser'@'localhost' IDENTIFIED BY '5tR0n6p@s5WorD';

FLUSH PRIVILEGES;

EXIT;

==============================
DOWNLOAD AND INSTALL PRESTASHOP
==============================
Download prestashop
https://www.prestashop.com/en/download 

cd /tmp && wget https://download.prestashop.com/download/releases/prestashop_1.7.6.5.zip

unzip prestashop_1.7.6.5.zip

sudo unzip prestashop.zip -d /var/www/linuxscoop

sudo chown -R www-data:www-data /var/www/linuxscoop/

sudo find . -type d -exec chmod 0755 {} \;

sudo find . -type f -exec chmod 0644 {} \;

==============================
COMPLETE PRESTASHOP SETUP
==============================
Install prestashop through Web Browser

rename or remove "Installation" Folder

Delete install/ folder

sudo rm -rf /var/www/linuxscoop/install/

Copy admin url page to nginx config

sudo nano /etc/nginx/sites-available/linuxscoop.cc

Example : paste: admin712vammyg

sudo systemctl reload nginx.service 

==============================
INSTALL AND CONFIGURE
LET'S ENCRYPT SSL CERTIFICATE
==============================
sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface -y
sudo apt install python3-certbot-nginx
sudo certbot --nginx -d linuxscoop.cc -d www.linuxscoop.cc

Dashboard - Configure - Shop Parameters - General -Enable SSL = yes > save
Enable SSL on All pages = yes - save

To Renew :
sudo certbot renew --dry-run

==============================
SETTING UP FIREWALL
==============================
sudo apt install ufw
sudo ufw enable
sudo ufw app list
sudo ufw allow 22500/tcp comment 'Open port ssh tcp port 22500'
sudo ufw allow 80
sudo ufw allow 443
sudo ufw status
Category Tag