How to Install Shopware with NGINX and Let’s Encrypt on CentOS 7

Shopware is the next generation of open source e-commerce software. Based on bleeding edge technologies like Symfony 3, Doctrine2 and Zend Framework Shopware comes as the perfect platform for your next e-commerce project. This tutorial will walk you through the Shopware Community Edition (CE) installation on CentOS 7 system by using NGINX as a web server.

Requirements

Make sure your system meets the following minimum requirements:

  • Linux-based operating system with NGINX or Apache 2.x (with mod_rewrite) web server installed.
  • PHP 5.6.4 or higher with ctype, gd, curl, dom, hash, iconv, zip, json, mbstring, openssl, session, simplexml, xml, zlib, fileinfo, and pdo/mysql extensions. PHP 7.1 or above is strongly recommended.
  • MySQL 5.5.0 or higher.
  • Possibility to set up cron jobs.
  • Minimum 4 GB available hard disk space.
  • IonCube Loader version 5.0.0 or higher (optional).

NOTE: Shopware is currently up to PHP 7.2.x compatible.

Prerequisites

  • An operating system running CentOS 7.
  • A non-root user with sudo privileges.

Initial steps

Check your CentOS version:

cat /etc/centos-release

Set up the timezone:

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo yum update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo yum install -y curl wget vim unzip socat epel-release

Step 1 – Install PHP and PHP extensions

Setup the Webtatic YUM repo:

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP, as well as the necessary PHP extensions for Shopware:

sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-mysql php72w-curl php72w-json php72w-zip php72w-gd php72w-xml php72w-mbstring php72w-opcache

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .


Check the PHP version:

php --version
# PHP 7.2.14 (cli) (built: Jan 12 2019 12:47:33) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
#     with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies

Start and enable PHP-FPM service:

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

We can move on to the next step, which is the IonCube Loader installation.

Step 2 – Install IonCube Loader (optional)

Download IonCube Loader:

cd /tmp  wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

Extract the loader:

tar xfz ioncube_loaders_lin_*.gz

Find the PHP extensions directory on the system by running the command below:

php -i | grep extension_dir
# extension_dir = /usr/lib64/php/modules = /usr/lib64/php/modules

Copy the ionCube Loader into the PHP extensions directory:

sudo cp /tmp/ioncube/ioncube_loader_lin_7.2.so /usr/lib64/php/modules

Include the loader via PHP configuration:

sudo vim /etc/php.ini

Then add a line in the file to include ionCube loader. It can be anywhere in the file below [PHP] line:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_7.2.so

Save the file and restart PHP-FPM:

sudo systemctl restart php-fpm.service

Step 3 – Install MariaDB and create a database for Shopware

Install MariaDB database server:

sudo yum install -y mariadb-server

Check the MariaDB version:

mysql --version
# mysql  Ver 14.14 Distrib 5.7.26, for Linux (x86_64) using  EditLine wrapper

Start and enable MariaDB service:

sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Run mysql_secure installation script to improve MariaDB security and set the password for MariaDB root user:

sudo mysql_secure_installation

Answer each of the questions:

Would you like to setup VALIDATE PASSWORD plugin? N
New password: your_secure_password
Re-enter new password: your_secure_password
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Connect to MariaDB shell as the root user:

sudo mysql -u root -p
# Enter password

Create an empty MariaDB database and user for Shopware and remember the credentials:

mysql CREATE DATABASE dbname;
mysql GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
mysql FLUSH PRIVILEGES;

Exit from MariaDB:

mysql exit

Replace dbname, username and password with your own names.

Step 4 – Install Acme.sh client and obtain Let’s Encrypt certificate (optional)

Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use acme.sh client. Acme.sh is a pure Unix shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.

Download and install acme.sh:

sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~

Check acme.sh version:

acme.sh --version
# v2.8.1

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256

If you want fake certificates for testing you can add –staging flag to the above commands.

After running the above commands, your certificates and keys will be in:

  • For RSA: /home/username/example.com directory.
  • For ECC/ECDSA: /home/username/example.com_ecc directory.

To list your issued certs you can run:

acme.sh --list

Create a directory to store your certs. We will use a directory /etc/letsencrypt.

mkdir -p /etc/letsecnrypt/example.com
sudo mkdir -p /etc/letsencrypt/example.com_ecc

Install/copy certificates to /etc/letsencrypt directory.

# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"

All the certificates will be automatically renewed every 60 days.

After obtaining certs exit from root user and return back to normal sudo user:

exit

Step 5 – Install and configure NGINX

Install the NGINX web server:

sudo yum install -y nginx

Check the NGINX version:

nginx -v

Start and enable Nginx service:

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure NGINX for Shopware. Run sudo vim /etc/nginx/conf.d/shopware.conf and add the following configuration:

server {
    listen 80;
    listen 443 ssl;
    
    server_name example.com;
    root /var/www/shopware;
    ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
    ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;
    index shopware.php index.php;

    location / {
        try_files $uri $uri/ /shopware.php$is_args$args;
    }

    location /recovery/install {
      index index.php;
      try_files $uri /recovery/install/index.php$is_args$args;
    }

    location ~ .php$ {
        include fastcgi.conf;
        fastcgi_pass 127.0.0.1:9000;
    }
}

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 6 – Install Shopware

Create a document root directory for Shopware:

sudo mkdir -p /var/www/shopware

Change ownership of the /var/www/shopware directory to {jour_user}:

sudo chown -R {your_user}:{your_user} /var/www/shopware

Navigate to the document root directory:

cd /var/www/shopware

Download and unzip the latest Shopware release via wget:

wget https://releases.shopware.com/install_5.5.8_d5bf50630eeaacc6679683e0ab0dcba89498be6d.zip?_ga=2.141661361.269357371.1556739808-1418008019.1556603459 -O shopware.zip
unzip shopware.zip
rm shopware.zip

NOTE: Update download URL if there is a newer release.

Change ownership of the /var/www/shopware directory to nginx.

sudo chown -R nginx:nginx /var/www/shopware

Run sudo vim /etc/php-fpm.d/www.conf and set user and group to nginx.

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Create /var/lib/php/session directory and change its ownership to a user nginx.

sudo mkdir -p /var/lib/php/session  sudo chown -R nginx:nginx /var/lib/php/session

Increase memory_limit = 256M and upload_max_filesize = 6M, and set allow_url_fopen = On if not already set in /etc/php.ini file.

sudo vim /etc/php.ini

After making changes in /etc/php.ini file, reload php-fpm.service:

sudo systemctl reload php-fpm.service

Open your domain/IP in the web browser and follow the installation wizard. The backend of Shopware is located at /backend example: http://example.com/backend.

Step 7 – Complete the Shopware setup

Start by selecting the language and click Next:

Shopware setup wizard

Next, make sure you meet all the Shopware requirements:

System requirements are met

Agree with Shopware TOS and click Next:

Accept license

Enter database credentials and click Next:

Shopware database settings

Start the installation to create database tables:

Installing database tables

After that, you will see a message about successful database import:

Database initialization successful

Choose a license and click Next:

Choose license

Fill in a few basic settings to finish up the setup and click Next:

Basic settings

Installation is complete.

Installation is complete

To access admin area append /backend to your URL.

Shopware backend login

You have successfully installed Shopware. Enjoy your new online shop!