Christian WellsInstalling a content management system (CMS) is an essential step in building a powerful and flexible website. TYPO3 CMS is a popular choice due to its enterprise-grade features, scalability, and strong security implementation. In this comprehensive guide, we will walk you through the process of installing TYPO3 CMS on an AlmaLinux 9 server, using Nginx as the web server, MariaDB as the database server, and PHP-FPM for server-side scripting.
Prerequisites
Before diving into the installation process, make sure you have the following prerequisites:
- An AlmaLinux 9 server with the hostname “almalinux9”.
- A non-root user with sudo root privileges.
- A domain name pointed to the server’s IP address.
Installing Dependencies
To begin, we need to install the necessary dependencies for TYPO3 CMS. These include Nginx, MariaDB, PHP-FPM, and Composer. Follow the steps below to install these dependencies:
- Start by adding the EPEL and Remi repositories to your system. These repositories provide additional PHP packages and extensions not available in the default repository.
sudo dnf install -y epel-release sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
- Reset the default PHP repository module and enable the PHP 8.1 module from the Remi repository.
sudo dnf module reset php -y sudo dnf module enable php:remi-8.1 -y
- Install the required packages for TYPO3 CMS using the following command:
sudo dnf install nginx mariadb-server composer ImageMagick php-fpm php-mysqlnd php-gd php-curl php-json php-intl php-bcmath php-zip php-apcu php-mbstring php-fileinfo php-xml php-soap
- Start and enable the main services, including Nginx, MariaDB, and PHP-FPM:
sudo systemctl enable --now nginx mariadb php-fpm
- Verify that the services are running correctly:
sudo systemctl status nginx mariadb php-fpm
Setting Up Firewalld
Now that we have installed the necessary dependencies, let’s set up the firewall to allow HTTP and HTTPS traffic to our TYPO3 CMS installation. Follow the steps below to configure firewalld:
- Open both HTTP and HTTPS services in firewalld:
sudo firewall-cmd --add-service={http,https} --permanent
- Reload firewalld to apply the changes:
sudo firewall-cmd --reload
- Verify that the HTTP and HTTPS services are enabled:
sudo firewall-cmd --list-all
Setting Up MariaDB Server
Next, we need to secure the MariaDB server and create a new database and user for TYPO3 CMS. Follow these steps to complete the setup:
- Secure your MariaDB installation using the mariadb-secure-installation command:
sudo mariadb-secure-installation
- Follow the prompts to configure the MariaDB server. Make sure to set a strong root password and disable remote login for the root user.
- Log in to the MariaDB server using the following command:
sudo mariadb -u root -p
- Once logged in, execute the following queries to create a new database, user, and grant privileges:
CREATE DATABASE typo3db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON typo3db.* to typo3@localhost IDENTIFIED BY 'typo3password'; FLUSH PRIVILEGES;
- Verify the privileges for the MariaDB user “typo3”:
SHOW GRANTS FOR typo3@localhost;
- Exit the MariaDB server:
quit
Setting Up PHP-FPM
With the MariaDB server configured, we can now set up PHP-FPM and integrate it with Nginx. Follow the steps below to complete the setup:
- Set the default timezone for your system:
sudo timedatectl set-timezone Europe/Berlin
- Open the PHP configuration file using a text editor:
sudo vim /etc/php.ini
- Uncomment the “date.timezone” parameter and set it to your desired timezone. Additionally, adjust other PHP parameters as needed.
- Open the PHP-FPM pool configuration file:
sudo vim /etc/php-fpm.d/www.conf
- Change the values of the “user” and “group” parameters to “nginx”.
- Restart the PHP-FPM service and verify its status:
sudo systemctl restart php-fpm sudo systemctl status php-fpm
Downloading TYPO3 CMS
Now we can proceed to download TYPO3 CMS using the Composer package manager. Follow these steps to download TYPO3 CMS onto your server:
- Create a new directory named “typo3” in the “/var/www” directory:
sudo mkdir -p /var/www/typo3
- Change the ownership of the “typo3” directory to the user “nginx” and adjust the permissions:
sudo chown -R nginx:nginx /var/www/typo3 sudo chmod u+rw /var/www/typo3
- Move to the “/var/www/typo3” directory and run the Composer command to download TYPO3 CMS:
cd /var/www/typo3 sudo -u nginx composer create-project typo3/cms-base-distribution:^12.
- Verify the installation by listing the files and directories in the “/var/www/typo3” directory:
ls -lah /var/www/typo3
- Run the TYPO3 CMS setup command to complete the configuration:
sudo -u nginx./vendor/bin/typo3 setup
Configuring Nginx Server Block for TYPO3 CMS
After downloading and configuring TYPO3 CMS, we need to set up an Nginx server block to make our TYPO3 installation accessible. Follow these steps to configure the server block:
- Create a new Nginx server block configuration file:
sudo vim /etc/nginx/conf.d/typo3.conf
- Insert the following configuration, replacing “typo3.example.io” with your desired domain name:
server {
listen 80;
server_name typo3.example.io;
root /var/www/typo3/public;
index index.php;
# Load configuration typo3.conf.
include /etc/nginx/default.d/typo3-nginx.conf;
}
- Create another configuration file for TYPO3 in the “/etc/nginx/default.d” directory:
sudo vim /etc/nginx/default.d/typo3-nginx.conf
- Insert the following configuration into the file:
# Compressing resource files will save bandwidth and so improve loading speed, especially for users
# with slower internet connections. TYPO3 can compress the .js and .css files for you.
# *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
# *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
# config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
location ~ \.js\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/javascript gzip; }
}
location ~ \.css\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/css gzip; }
}
# TYPO3 - Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
if (!-e $request_filename) {
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
deny all;
}
# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
deny all;
}
# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
deny all;
}
# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt {
deny all;
}
# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql|sqlite)$ {
deny all;
}
# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
deny all;
}
# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
deny all;
}
# TYPO3 - Block access to libraries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
deny all;
}
# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location = /typo3 {
rewrite ^ /typo3/;
}
location /typo3/ {
absolute_redirect off;
try_files $uri /typo3/index.php$is_args$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
# this is the PHP-FPM upstream - see also: https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/#connecting-nginx-to-php-fpm
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
- Verify the Nginx configuration and restart the Nginx service:
sudo nginx-t
sudo systemctl restart nginx
Securing TYPO3 CMS with SSL/TLS
To enhance the security of your TYPO3 CMS installation, it is crucial to enable SSL/TLS encryption. We will use Let’s Encrypt and Certbot to generate SSL certificates. Follow these steps to secure your TYPO3 CMS installation:
- Install Certbot and the Certbot plugin for Nginx using the following command:
sudo dnf install certbot python3-certbot-nginx
- Generate SSL certificates for your TYPO3 CMS installation by running the Certbot command. Replace “typo3.example.io” with your domain name and “[email protected]” with your email address:
sudo certbot --nginx --agree-tos --no-eff-email --redirect --hsts --staple-ocsp --email test@example.io -d typo3.example.io
- Certbot will automatically configure Nginx to use the newly generated SSL certificates.
- Visit your TYPO3 CMS installation using the HTTPS protocol (i.e:https://typo3.example.io/).You should now see a secure connection to your TYPO3 CMS.
Conclusion
Congratulations! You have successfully installed TYPO3 CMS on your AlmaLinux 9 server, secured it with SSL/TLS certificates from Let’s Encrypt, and configured Nginx as the web server. TYPO3 CMS offers powerful features, scalability, and excellent security, making it an ideal choice for building flexible and reliable websites.
To make the most of your TYPO3 CMS installation, consider utilizing Shape.host’s Cloud VPS services. With their reliable and high-performance hosting solutions, you can ensure optimal performance and scalability for your TYPO3-powered websites. Visit Shape.host today to explore their hosting options and take your TYPO3 CMS to the next level.
