NEOS CMS is a powerful and versatile content management system that allows you to create complex websites without the need for coding. Whether you’re building a blog, news site, portfolio, or corporate website, NEOS CMS offers a rich set of features to help you create and manage your content effectively. In this tutorial, we will guide you through the step-by-step process of installing NEOS CMS on a server running Rocky Linux 8, along with Nginx as the web server and Let’s Encrypt SSL for secure communication.

Prerequisites

Before we dive into the installation process, let’s make sure we have all the prerequisites in place:

• A server running Rocky Linux 8
• A non-root sudo user with administrative privileges

Ensure that your server is up to date by running the following command:

sudo dnf update

To install the necessary utility packages, run the following command:

sudo dnf install wget curl nano unzip yum-utils -y

With the prerequisites in place, we can now proceed with the installation process.

Step 1 – Configure Firewall

The first step is to configure the firewall on your Rocky Linux server. Rocky Linux uses Firewalld as the default firewall management tool. To check the status of the firewall, run the following command:

sudo firewall-cmd --state

If the firewall is running, you should see the output running. Next, let’s check the active services and ports on the firewall:

sudo firewall-cmd --permanent --list-services

By default, the following services should be active: cockpit, dhcpv6-client, ssh. We need to allow HTTP and HTTPS traffic, so let’s add those services to the firewall:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

To apply the changes, reload the firewall:

sudo firewall-cmd --reload

With the firewall configured, we can move on to the next step.

Step 2 – Install Nginx

Nginx is a high-performance web server that will serve as the backbone for our NEOS CMS installation. By default, Rocky Linux ships with an older version of Nginx. To install the latest version, we’ll add the official Nginx repository.

First, create and open the Nginx repository file:

sudo nano /etc/yum.repos.d/nginx.repo

Paste the following code into the file:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Save the file and exit the editor. Now, let’s install Nginx:

sudo dnf install nginx

To verify the installation, you can check the Nginx version:

nginx -v

You should see the installed version of Nginx. Next, let’s enable and start the Nginx service:

sudo systemctl enable nginx --now

Nginx is now installed and running on your server. Let’s move on to the next step.

Step 3 – Install PHP and Extensions

NEOS CMS requires PHP to run, so let’s install PHP and its necessary extensions. We’ll be using Remi’s repository to install the latest version of PHP. First, let’s install the Epel repository:

sudo dnf install epel-release

Next, install the Remi repository:

sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

To check the available PHP streams, run the following command:

dnf module list php -y

You should see a list of available PHP streams. The default version is 7.2. However, we’ll enable Remi’s PHP 8.0 repository for our NEOS CMS installation:

sudo dnf module reset php
sudo dnf module enable php:remi-8.0

Next, let’s install PHP and its required extensions along with ImageMagick:

sudo dnf install php-fpm php-mbstring php-xml php-curl php-mysqlnd php-zip php-cli php-imagick ImageMagick php-intl

To verify the PHP installation, check the PHP version:

php --version

You should see the installed version of PHP. With PHP installed and configured, we can move on to the next step.

Step 4 – Install and Configure MySQL Server

NEOS CMS requires a database to store its data, and we’ll be using MySQL as the database server. Rocky Linux’s Appstream repository ships with the latest version of MySQL, so let’s install it:

sudo dnf install mysql-server

Once the installation is complete, enable and start the MySQL service:

sudo systemctl enable mysqld --now

To secure the MySQL installation, run the following command:

sudo mysql_secure_installation

This command will guide you through the process of setting up the root password and other security measures for your MySQL server. Follow the prompts and choose a strong password for the root user.

After securing the MySQL installation, we need to create a user and a database for NEOS CMS. Access the MySQL shell by running the following command:

mysql -u root -p

Enter the root password when prompted. In the MySQL shell, run the following commands to create a user and a database:

CREATE USER 'neos'@'localhost' IDENTIFIED BY 'Your_password2';
CREATE DATABASE neosdb CHARACTER SET utf8mb4COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON neosdb.* TO 'neos'@'localhost';

Replace 'Your_password2' with a strong password for the ‘neos’ user. Make sure to remember this password as you’ll need it during the NEOS CMS installation.

Exit the MySQL shell:

exit

With the database and user created, we can proceed to the next step.

Step 5 – Install Composer

Composer is a dependency management tool for PHP that NEOS CMS relies on. To install Composer, run the following commands:

curl -sS https://getcomposer.org/installer -o composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
echo $HASH
php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer

To verify the installation, check the Composer version:

composer --version

You should see the installed version of Composer. With Composer installed, we’re ready to proceed to the next step.

Step 6 – Install NEOS CMS

Now it’s time to install NEOS CMS using Composer. Let’s create a root directory for our NEOS installation:

sudo mkdir -p /var/www/neos

Change the ownership of the root directory to the currently logged-in user:

sudo chown -R $USER:$USER /var/www/neos

Switch to the root directory:

cd /var/www/neos

Use Composer to install NEOS CMS and its dependencies:

composer create-project --no-dev neos/neos-base-distribution.

Make sure to include the dot (.) at the end of the command, which tells Composer to install NEOS CMS in the current directory.

During the installation, you may encounter some warnings. These warnings can be safely ignored and won’t affect the installation process.

Change the ownership of the root directory to the Nginx user:

sudo ./flow core:setfilepermissions $USER nginx nginx

Add the currently logged-in user to the nginx group:

sudo usermod -a -G nginx $USER

This completes the installation of NEOS CMS. However, there are a few more configurations we need to make. Let’s continue to the next step.

Step 7 – Configure SELinux Permissions

To ensure that NEOS CMS functions properly with SELinux, we need to adjust the file security context for the web content being served from the /var/www/neos directory. Run the following commands:

sudo chcon -t httpd_sys_content_t /var/www/neos-R
sudo chcon -t httpd_sys_rw_content_t /var/www/neos-R

Next, we need to allow network connections for NEOS CMS. Run the following command:

sudo setsebool -P httpd_can_network_connect on

With SELinux permissions configured, we’re ready to move on to the next step.

Step 8 – Install and Configure SSL

To secure our NEOS CMS installation, we’ll install an SSL certificate using Let’s Encrypt. For this, we’ll need to install the Certbot tool. Fortunately, we already have the Epel repository installed, so we can skip that step.

Install Certbot:

sudo dnf install certbot

Before we proceed with the SSL certificate generation, we need to stop the Nginx server temporarily. Run the following command:

sudo systemctl stop nginx

Now, let’s generate an SSL certificate using Certbot. Replace neos.example.com with your own domain name:

sudo certbot certonly --standalone --agree-ts --no-eff-email --staple-ocsp --preferred-challenges http -m test@example.com -d neos.example.com

This command will download the SSL certificate and store it in /etc/letsencrypt/live/neos.example.com. The certificate will be valid for 90 days.

To enhance the security of our SSL configuration, let’s generate a Diffie-Hellman group certificate:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Next, let’s create a challenge web root directory for Let’s Encrypt auto-renewal:

sudo mkdir -p /var/lib/letsencrypt

Now, let’s create a cron job to automatically renew the SSL certificate. Open the renewal script file:

sudo nano /etc/cron.daily/certbot-renew

Paste the following code into the file:

#!/bin/sh
certbot renew --cert-name neos.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"

Save the file and exit the editor. Change the permissions of the script to make it executable:

sudo chmod +x /etc/cron.daily/certbot-renew

With SSL installed and configured, let’s move on to the next step.

Step 9 – Configure Nginx and PHP

In this step, we’ll configure Nginx and PHP to work together seamlessly.

Configure PHP-FPM

Open the PHP-FPM configuration file:

sudo nano /etc/php-fpm.d/www.conf

Find the user and group directives and change them to nginx:

user = nginx
group = nginx

Save the file and exit the editor. Start the PHP-FPM service:

sudo systemctl start php-fpm

Configure Nginx

Create a virtual host configuration file for NEOS CMS:

sudo nano /etc/nginx/conf.d/neos.conf

Paste the following code into the file:

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name neos.example.com;
access_log /var/log/nginx/neos.access.log;
error_log /var/log/nginx/neos.error.log;

# SSL
ssl_certificate /etc/letsencrypt/live/neos.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/neos.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/neos.example.com/chain.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 8.8.8.8;

root /var/www/neos/Web/;
index index.php;

location / {
try_files $uri $uri/ /index.php?$args;
}

# Pass PHP Scripts To FastCGI Server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php-fpm/www.sock; # Depends On The PHP Version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param FLOW_REWRITEURLS 1;
fastcgi_param FLOW_CONTEXT Production;
fastcgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
fastcgi_param X-Forwarded-Port $proxy_port;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $http_host;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
try_files $uri =404;
}

location ~ /_Resources/ {
access_log off;
log_not_found off;
expires max;

if (!-f $request_filename) {
rewrite "/_Resources/Persistent/([a-z0-9]{40})/.+\.(.+)" /_Resources/Persistent/$1.$2 break;
rewrite "/_Resources/Persistent(?>/[a-z0-9]{5}){8}/([a-f0-9]{40})/.+\.(.+)" /_Resources/Persistent/$1.$2 break;
}
}
}

# enforce HTTPS
server {
listen 80;
listen [::]:80;
server_name neos.example.com;
return 301 https://$host$request_uri;
}

Make sure to replace neos.example.com with your own domain name.

Save the file and exit the editor. Open the main Nginx configuration file:

sudo nano /etc/nginx/nginx.conf

Add the following line before the include /etc/nginx/conf.d/*.conf; line:

server_names_hash_bucket_size 64;

Save the file and exit the editor.

To verify the Nginx configuration file syntax, run the following command:

sudo nginx -t

If there are no syntax errors, you should see Configuration file /etc/nginx/nginx.conf syntax is ok and Configuration file /etc/nginx/nginx.conf test is successful.

Finally, restart the Nginx service to apply the new configuration:

sudo systemctl restart nginx

Nginx and PHP are now fully configured to work together with NEOS CMS. Let’s move on to the final step.

Step 10 – Complete NEOS Installation

Now that we have everything set up, let’s complete the NEOS CMS installation through the web interface.

In your web browser, navigate to https://neos.example.com. Replace neos.example.com with your own domain name. You should see the NEOS setup page.

Click on the “Go to setup” button to proceed to the login screen. Here, you’ll be prompted to enter the setup password. To obtain the setup password, run the following command:

cat /var/www/neos/Data/SetupPassword.txt

Enter the setup password and click “Login” to proceed. NEOS will then check for the required PHP image libraries. Click “Next” to continue.

On the next screen, you’ll be asked to enter your database credentials. Use the credentials you created earlier in Step 4. Once the credentials are verified, you’ll see a “Connection established” message.

Click “Next” to proceed. You’ll be prompted to set up an administrator account. Fill in the required details and click “Next”.

Next, you’ll have the option to import a demo site or create a new one from scratch. If you want to start fresh, leave all the fields blank. Otherwise, fill in the necessary information to import a demo site.

Click “Next” to proceed. You’ll see the setup completion screen. Click on the “Go to backend” button to open the login screen for the NEOS CMS administration panel.

Enter your username and password that you set up in the previous step, and click “Login”. You’ll be redirected to the NEOS CMS administration panel, where you can start managing your content.

Congratulations! You’ve successfully installed and configured NEOS CMS on Rocky Linux 8 with Nginx and Let’s Encrypt SSL.

Conclusion

In this tutorial, we walked you through the step-by-step process of installing NEOS CMS on a server running Rocky Linux 8. By following these instructions, you should now have a fully functional NEOS CMS installation that is secure and ready to use. NEOS CMS offers a powerful and flexible platform for building and managing websites, and with the added security of Let’s Encrypt SSL and the performance of Nginx, you can be confident in the reliability and scalability of your website.

Remember to regularly update and maintain your NEOS CMS installation to ensure optimal performance and security. Enjoy exploring the features and capabilities of NEOS CMS, and happy website building!

If you’re looking for a reliable cloud hosting provider for your NEOS CMS installation, consider Shape.host. With their Cloud VPS services, you can benefit from scalable and secure hosting solutions tailored to your specific needs. Visit Shape.host for more information.