Configuring Ubuntu 18.04 for Mautic hosting

In recent years, Mautic became one of the most promising players in the marketing automation industry. Their approach to open marketing and active community makes them unique by offering powerful tools to your disposal, without setting a price tag. Of course, you can pay for their service and additional tools that will help you manage your marketing activities at scale. The open-source nature of Mautic, allows you to use it on your servers, without additional costs. However, one of the things you need to take care by yourself is Mautic installation.

All you need to get started with Mautic is one server, preferably dedicated or VPS and a couple of hours for proper configuration.

This post will be a part of a series where I will try to explain to you how to set up and run your Mautic instance. The first part will cover preparing and configuration of the server, as well as the installation process. So let’s jump in.

To run a Mautic, you can use whatever the server stack you want, as long as it has the ability to run PHP applications and have the MySQL database server. For full requirements, you can check their website for specific versions.

In this series, I will use the following stack:

  • Fresh Ubuntu 18.04 server
  • LEMP stack (PHP 7.2, Nginx, MariaDB 10.4)
  • For queue management, I will use the RabbitMQ management system

I’ll assume that you are using a fresh install of Ubuntu 18.04 Server.

At the end of these series, you will have a complete marketing automation tool with only costs being charges for your server.

Preparing server

Before installing Mautic, we first need to install our web server and database. 

SSH to your server and get the latest updates

sudo apt update 
sudo apt upgrade -y

After the process is complete install the nginx server:

sudo apt install nginx

Next, we are installing PHP 7.2 (as of the moment of writing this article, Mautic still requirements are limited to max PHP 7.2). Alongside PHP we will install all required extensions as well. The default PHP version in Ubuntu 18.04 is 7.2 so installation is a piece of cake.

sudo apt install -y php7.2 php7.2-common php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-bcmath php7.2-gd php7.2-xml php7.2-cli php7.2-zip

Now let’s enable PHP-FPM service

sudo service php7.2-fpm enable

And make sure that the service is started 

sudo service php7.2 restart

The last part of our stack is installing MariaDB database server. First, let’s install software-properties-common package in case it’s missing

sudo apt-get install software-properties-common

Next, we’ll add the repository key to our system:

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8

Once we added the repository key, we’ll add MariaDB repository which will allow us to install our database server.

sudo add-apt-repository "deb [arch=amd64,arm64,ppc64el] http://mariadb.mirror.liquidtelecom.com/repo/10.4/ubuntu $(lsb_release -cs) main"

Last step database server configuration is installation itself

sudo apt update

sudo apt -y install mariadb-server mariadb-client

Create a database for Mautic instance

MariaDB 10.4 comes with new authentication system so you can log in to database by using a command 

sudo mysql

We are gonna create a database:

create database mautic;

Next, we will create a user:

create user ‘mautic’@’localhost’ identified by ‘StrongPassword’;

When creating a new user, I suggest that you create a strong password, you can use strongpasswordgenerator.com. However, remember that password since you will need it during Mautic installation.

We will allow all permissions on the database to the created user:

grant all permissions on ‘mautic’.*  to ‘mautic’@’localhost’;
flush privileges;
EXIT;

Congratulations, you have completed database configuration. We have three more steps to complete before installing the Mautic.

Nginx configuration

First, big shoutout to Matthew Macdonald-Wallace who created gists with for nginx and PHP-FPM configurations. I’ve modified them a bit for the needs of this tutorial.

Note: In the tutorial, I will use the domain name mautic.yourdomain.com. In order to make it work, replace this domain with your domain name in all the following files.

Create a new nginx configuration file by running the command:

sudo nano /etc/nginx/sites-available/mautic.yourdomain.com.conf

Copy the following lines to a newly created file. Don’t forget to update the domain to the one you will use!

server {
    listen 80;
    server_name   mautic.yourdomain.com; # This is the domain name you want to use for your Mautic installation
    root /var/www/mautic.yourdomain.com/htdocs; # The path where you will download your Mautic installation
    server_tokens off;
    add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

    error_log /var/www/mautic.yourdomain.com/logs/error_log; # Path for error logs if they appear, for easier debugging
    access_log /var/www/mautic.yourdomain.com/logs/access_log; # Path for access logs

    client_max_body_size 64M;

    gzip on;
    gzip_disable "msie6";
    gzip_min_length 256;

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types
        font/truetype
        font/opentype
        font/woff2
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/rss+xml
        image/svg+xml;

        error_page 404 /index.php;


    # redirect index.php to root
    rewrite ^/index.php/(.*) /$1  permanent;

    #######################################
    ##  Start Mautic Specific config #####
    #######################################

    # redirect some entire folders
    rewrite ^/(vendor|translations|build)/.* /index.php break;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to index.html
        # one option: try_files $uri $uri/ /index.php$is_args$args;
        try_files $uri /index.php$is_args$args;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

    # Deny everything else in /app folder except Assets folder in bundles
    location ~ /app/bundles/.*/Assets/ {
        allow all;
        access_log off;
    }
    location ~ /app/ { deny all; }

    # Deny everything else in /addons or /plugins folder except Assets folder in bundles
    location ~ /(addons|plugins)/.*/Assets/ {
        allow all;
        access_log off;
    }
    # location ~ /(addons|plugins)/ { deny all; }

    # Deny all php files in themes folder
    location ~* ^/themes/(.*)\.php {
        deny all;
    }

    # Don't log favicon
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # Don't log robots
    location = /robots.txt  {
        access_log off;
        log_not_found off;
    }

    # Deny yml, twig, markdown, init file access
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, composer files
    location ~* (Gruntfile|package|composer)\.(js|json)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Solve email tracking pixel not found
    location ~ email/(.*).gif {
        try_files $uri /index.php?$args;
    }

    # Solve JS Loading 404 Error
    location ~ (.*).js {
        try_files $uri /index.php?$args;
    }

    #######################################
    ##  End Mautic Specific config #####
    #######################################

    location ~*  \.(jpg|jpeg|png|ico|pdf)$ {
        expires 15d;
    }

    # Deny access to any files with a .php extension in the uploads directory
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        fastcgi_pass  127.0.0.1:9002;  # The port on which PHP-FPM process will run
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Check if your configuration file contains any errors:

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If your output matches the lines above, you should enable the created site configuration

sudo ln -s /etc/nginx/sites-available/mautic.yourdomain.com.conf /etc/nginx/sites-enabled/

and restart the nginx service

sudo service nginx restart

PHP-FPM configuration

We are getting closer to finishing the configuration of our server. What we have remaining is configuring the PHP-FPM and the last step will be adding the LetsEncrtypt SSL certificate to our Mautic installation.

Let’s create a new PHP-FPM pool for our instance.

sudo nano /etc/php/7.2/fpm/pool.d/mautic.conf

Copy and paste the following lines to the newly created file. And again, don’t forget to update the domain name. Also, don’t forget to update the timezone to the location of your server.

[mautic]
user = www-data
group = www-data
; Match the listen directive to the one from your nginx configuration
listen = 127.0.0.1:9002
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
slowlog = /var/www/mautic.yourdomain.com/logs/mautic-slow.log
php_admin_value[error_log] = /var/www/mautic.yourdomain.com/mautic-error.log
php_admin_value[open_basedir] = /var/www/mautic.yourdomain.com/htdocs      
php_admin_value[upload_tmp_dir] = /var/www/mautic.yourdomain.com/htdocs/tmp
php_admin_flag[log_errors] = on
; Change the timezone to match your servers timezone
php_admin_value[date.timezone] = Europe/Amsterdam

Let’s restart the PHP-FPM service

sudo service php7.2-fpm restart

With our nginx and php-fpm configuration complete, let’s secure our instance by adding SSL certificate. Before we proceed with the final step, make sure that you update your domain settings to point to your server. If you are using mautic.yourdomain.com to host your instance, then you must create A record for mautic.yourdomain.com that will point to the IP address of your server.

Note: If you are using Cloudflare to manage your DNS settings, you must disable CF Proxy and expose your server’s IP address in order to generate the LetsEncrypt SSL certificate.

Assuming that you created DNS records, now it’s time for the configuration of your webserver. We will enable Ubuntu’s firewall ufw and allow only SSH, HTTP and HTTPS protocols on it.

sudo ufw allow 'OpenSSH'
sudo ufw allow 'Nginx Full'
sudo ufw reload

Check the status of ufw

sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

If you get the status like the output above, you may proceed with the installation of Certbot which we will use to generate and renew the SSL certificate.

We are gonna add Certbot repository:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update

After the update is complete, let’s install the Certbot itself

sudo apt-get install python-certbot-nginx

After the installation is complete, all we have to do now is to run a command that will generate our certificate and add it to the server.

sudo certbot --agree-tos -m your@email.com --redirect -d mautic.yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:   
http-01 challenge for mautic.yourdomain.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mautic.yourdomain.com.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/mautic.yourdomain.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://mautic.yourdomain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=mautic.yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mautic.yourdomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mautic.yourdomain.com/privkey.pem
   Your cert will expire on 2020-01-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

If you receive the output like the one below, congratulations! You have successfully configured your web server and you are ready to proceed to the next step, installation of Mautic which I will cover in the next article. Thanks for reading. If you have any questions feel free to reach out to me via the comments section below or shoot me an email at goran@otb.agency

And in case you want to go for the extra mile, you can test the configuration by creating a php info file and opening it in your browser.

sudo nano /var/www/mautic.yourdomain.com/htdocs/index.php

Add the following lines

<?php phpinfo();

Save the file and exit the editor.

Now, when you open up the website on https://mautic.yourdomain.com you should see the following page:

PHP Info output
PHP Info output

And also, by clicking on the padlock on the left side of the URL in the address bar, you should see the message Connection is secure which confirms that your SSL Certificate is valid and properly installed.

Mautic SSL Confirmation
SSL Confirmation

 

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.