Wallabag is a popular read-it-later service that allows you to save webpages for later reading at your own pace. Unlike other similar services, Wallabag can be installed on a server that you own, ensuring that your saved links are always accessible and won’t disappear if the service shuts down. In this comprehensive guide, we will walk you through the step-by-step process of installing and setting up Wallabag on a server running Rocky Linux 9. We will cover all the necessary prerequisites, including configuring the firewall, installing PHP and its extensions, setting up MySQL, installing Nginx, and configuring SSL. By the end of this guide, you will have a fully functional Wallabag installation up and running on your Rocky Linux 9 server.

Prerequisites

Before we begin, let’s ensure that we have all the necessary prerequisites in place:

• A server running Rocky Linux 9.
• A non-root user with sudo privileges.
• A fully qualified domain name (FQDN) like wallabag.example.com.
• Make sure everything is updated by running the command sudo dnf update.
• Install the required packages by running sudo dnf install wget curl nano unzip yum-utils -y.

Step 1 – Configure Firewall

The first step is to configure the firewall on your Rocky Linux server. Rocky Linux uses Firewalld Firewall by default. Let’s check the status of the firewall by running the command sudo firewall-cmd --state.

Next, we need to open the HTTP and HTTPS ports that Wallabag requires to function. Run the following commands to open the ports:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Step 2 – Install PHP and its Extensions

Wallabag requires PHP and several PHP extensions to run properly. In this step, we will install PHP 8.1 and the necessary extensions.

To install PHP 8.1, we first need to add the Epel and Remi repositories. Run the following commands to add the repositories:

sudo dnf install epel-release -y
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Next, check for available PHP streams by running the command dnf module list php -y. The default version is PHP 8.1. Enable Remi’s PHP 8.1 repository by running the following commands:

sudo dnf module reset php -y
sudo dnf module enable php:remi-8.1

Now we can install PHP and the required extensions by running the command:

sudo dnf install php-fpm php-mysql php-bcmath php-xml php-zip php-curl php-mbstring php-gd php-tidy php-intl php-cli php-opcache

After the installation is complete, verify the PHP version by running the command php --version.

Step 3 – Install Composer

Composer is a dependency management tool for PHP and is required for Wallabag installation. Run the following commands to download and install Composer:

$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php composer-setup.php --2.2
$ php -r "unlink('composer-setup.php');"

Verify the installation by running the command composer --version.

Step 4 – Install MySQL

Wallabag requires a MySQL database for storing its data. To install MySQL, run the command sudo dnf install mysql-server. Once the installation is complete, enable and start the MySQL service by running the command sudo systemctl enable mysqld --now.

Step 5 – Configure MySQL

Now let’s configure MySQL for Wallabag. Start by logging in to the MySQL shell with the command sudo mysql -u root -p. Enter your root password when prompted.

Once you’re logged in to the MySQL shell, create a database for Wallabag by running the following command:

CREATE DATABASE wallabag;

Next, create a user account for Wallabag and grant it all privileges on the database:

CREATE USER 'wallabaguser'@'localhost' IDENTIFIEDBY 'Your_password2';
GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
FLUSH PRIVILEGES;

Exit the MySQL shell by running the command exit.

Step 6 – Install Nginx

Nginx is a high-performance web server that will serve as the frontend for Wallabag. Rocky Linux 9 ships with an older version of Nginx, so we need to add the official Nginx repository to install the latest version.

Create a new Nginx repository file by running the command sudo nano /etc/yum.repos.d/nginx.repo and paste the following code into the file:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Save the file and exit the text editor. Install Nginx by running the command sudo dnf install -y nginx. After the installation is complete, verify the Nginx version by running the command nginx -v.

Enable and start the Nginx service by running the command sudo systemctl enable nginx --now. Check the status of the Nginx service with the command sudo systemctl status nginx.

Step 7 – Install SSL

To secure your Wallabag installation, we need to install an SSL certificate. We will use Certbot, a tool for automatically obtaining and renewing SSL certificates from Let’s Encrypt.

Since Rocky Linux does not ship with Snapd, we need to install it first. Run the following commands to install and set up Snapd:

$ sudo ln -s /var/lib/snapd/snap /snap
$ echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' | sudo tee -a /etc/profile.d/snapd.sh

Next, install Certbot by running the command sudo snap install --classic certbot. Ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin directory:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Verify the installation by running the command certbot --version.

To generate an SSL certificate for your Wallabag installation, run the following command:

sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http-m your_email@example.com -d wallabag.example.com

This command will download a certificate to the /etc/letsencrypt/live/wallabag.example.com directory on your server. To enable secure communication with your Wallabag installation, you will need to configure Nginx to use this certificate.

Step 8 – Install Wallabag

Now it’s time to install Wallabag itself. Start by creating the necessary directories for Wallabag:

sudo mkdir /var/www/html/wallabag -p
sudo mkdir /var/www/html/wallabag/data/assets

Download the latest version of Wallabag by running the command wget https://wllbg.org/latest-v2-package. Extract the downloaded archive by running tar xzf latest-v2-package.

Move the files from the extracted directory to the /var/www/html/wallabag directory:

sudo mv wallabag-2.5.4/* /var/www/html/wallabag

Change the ownership of the Wallabag directory to the Nginx user:

sudo chown -R nginx:nginx /var/www/html/wallabag

Next, create the parameters.yml file by copying the example file:

sudo cp app/config/parameters.yml.dist app/config/parameters.yml

Generate a secret key for Wallabag by running the command openssl rand -base64 32. Make a note of the generated key, as you will need it later.

Open the parameters.yml file for editing:

sudo nano app/config/parameters.yml

In the file, find the section that contains the database credentials and fill in the appropriate values:

..........
    database_driver: pdo_mysql
    database_host: 127.0.0.1
    database_port: 3306
    database_name: wallabag
    database_user: wallabaguser
    database_password: Your_password2

Scroll down to the section that contains the server description and domain name. Fill in the appropriate values:

domain_name: https://wallabag.example.com
server_name:"Shape.host"

If you want to configure email settings for Wallabag, fill in the SMTP details. For example, if you are using Amazon SES, the settings would look like this:

 mailer_transport:  smtp
 mailer_user:       YOUR_AES_USERNAME
 mailer_password:   YOUR_AES_PASSWORD
 mailer_host:       email-smtp.us-west-2.amazonaws.com
 mailer_port:       587
 mailer_encryption: tls

Scroll further down to the section containing the secret key. Replace the existing secret key with the one you generated earlier:

secret: Your_generated_secret_key

If you want to enable two-factor authentication, make sure the twofactor_auth variable is set to true. You can also configure other settings such as user registration and confirmation.

Save the file and exit the text editor.

Now, use Composer to download and install the dependencies required by Wallabag. Run the following command:

SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist

After the installation is complete, finish the installation process by running the Wallabag command-line tool:

php bin/console wallabag:install --env=prod

During the installation, you will be prompted to reset the database and its schema. Enter no as the response both times.

Next, you will be asked if you want to create an administrator account. Type yes to proceed and enter the username, password, and email address for the account.

Once the installation is complete, set the appropriate permissions for the Wallabag directory:

sudo chown -R nginx:nginx /var/www/html/wallabag

Step 9 – Configure SELinux

If SELinux is enabled on your Rocky Linux server, you need to configure it to allow Wallabag to function properly. Run the following commands to change the file security context and apply the necessary policies:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html/wallabag(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/wallabag/data(/.*)?"
sudo semanage fcontext -a -t httpd_log_t "/var/www/html/wallabag/var/logs(/.*)?"
sudo semanage fcontext -a -t httpd_cache_t "/var/www/html/wallabag/var/cache(/.*)?"

Step 10 – Configure Nginx and PHP

In this step, we will configure Nginx and PHP-FPM to work together with Wallabag.

Configure PHP-FPM

Open the file /etc/php/8.1/fpm/pool.d/www.conf for editing:

sudo nano /etc/php/8.1/fpm/pool.d/www.conf

Find the lines that specify the user and group of the PHP processes and change them to nginx:

user = nginx
group = nginx

Uncomment the lines that specify the socket file owner, group, and default permission, and modify them as follows:

listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Save the file and exit the text editor.

Increase the execution time and memory limit for PHP-FPM by running the following commands:

sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.1/cli/php.ini

Restart the PHP-FPM service:

sudo systemctl restart php8.1-fpm

Change the group of the PHP sessions directory to Nginx:

sudo chgrp -R nginx /var/lib/php/sessions

Configure Nginx

Create a new Nginx configuration file for Wallabag:

sudo nano /etc/nginx/conf.d/wallabag.conf

Paste the following Nginx configuration code into the file:

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  wallabag.example.com;

    access_log  /var/log/nginx/wallabag.access.log;
    error_log   /var/log/nginx/wallabag.error.log;

	# SSL
    ssl_certificate      /etc/letsencrypt/live/wallabag.example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/wallabag.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/wallabag.example.com/chain.pem;
    ssl_session_timeout  5m;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    resolver 8.8.8.8;

    root /var/www/html/wallabag/web;

    location / {
        try_files $uri /app.php$is_args$args;
    }

    # Pass PHP Scripts To FastCGI Server
    location ~ ^/app\.php(/|$) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock; # Depends On The PHP Version
        fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        include fastcgi_params;
        internal;
    }

    location ~ \.php$ {
        return 404;
    }
}

# enforce HTTPS
server {
    listen       80;
    listen       [::]:80;
    server_name  wallabag.example.com;
    return 301   https://$host$request_uri;
}

Save the file and exit the text editor.

Open the main Nginx configuration file for editing:

sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;:

server_names_hash_bucket_size64;

Save the file and exit the text editor.

Verify the Nginx configuration file syntax by running the command sudo nginx -t.

If the syntax is correct, restart the Nginx service by running the command sudo systemctl restart nginx.

Step 11 – Access Wallabag

Congratulations! You have successfully installed and configured Wallabag on your Rocky Linux 9 server. Now it’s time to access your Wallabag installation and start using it.

Open your web browser and enter the URL https://wallabag.example.com. You should see the Wallabag login screen. Enter the credentials you created during the installation process and click theLOG IN button.

Once you’re logged in, you will be greeted with the Wallabag dashboard. From here, you can start saving articles for later reading, manage your saved links, and explore additional features offered by Wallabag.

Conclusion

In this comprehensive guide, we walked you through the step-by-step process of installing and setting up Wallabag on a server running Rocky Linux 9. We covered all the necessary prerequisites, including configuring the firewall, installing PHP and its extensions, setting up MySQL, installing Nginx, and configuring SSL. By following this guide, you now have a fully functional Wallabag installation that you can access and use to save and manage articles for later reading.

If you have any questions or encounter any issues during the installation process, feel free to leave a comment below. We’re here to help!

Shape.host provides reliable and scalable cloud hosting solutions, including Cloud VPS, designed to meet the needs of businesses of all sizes. With Shape.host, you can enjoy the benefits of a secure and high-performance hosting environment for your Wallabag installation. Visit Shape.host to learn more about our services and how we can empower your business with efficient cloud hosting solutions.