Skip to content

Instantly share code, notes, and snippets.

@leeuwd
Last active May 21, 2024 17:29
Show Gist options
  • Save leeuwd/8012cab4fa4e6e010b84448c584e2929 to your computer and use it in GitHub Desktop.
Save leeuwd/8012cab4fa4e6e010b84448c584e2929 to your computer and use it in GitHub Desktop.
How to setup an Ubuntu server (i.e. DigitalOcean LAMP stack droplet) Akeneo PIM server.

How to setup the Akeneo server

# date: january 2018
# author: Dick de Leeuw ([email protected], @leeuwd)
# prerequisites: LAMP droplet (>= 8GB RAM)
# environment: Ubuntu 16.04.3 LTS xenial, Apache/2.4.29 (Ubuntu), MySQL 5.7.21 & PHP 7.1

# create droplet

# login as root from local
ssh root@[IP]

# update
apt update
apt upgrade
apt dist-upgrade

# akeneo dependencies
apt install apt-transport-https
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/apache2
apt update
apt-get install upstart composer php7.1 php7.1-cli php7.1-common php7.1-json php7.1-opcache php7.1-mysql php7.1-mbstring php7.1-mcrypt php7.1-zip unzip php7.1-fpm php7.1-bcmath php7.1-curl php7.1-gd php7.1-intl php7.1-soap php7.1-xml php-xml php7.1-exif php7.1-imagick supervisor openjdk-8-jre-headless

# enable php 7.1
a2enmod proxy_fcgi setenvif
a2enconf php7.1-fpm
service apache2 restart

# elasticsearch (use v5, v6 won't work with akeneo!)
wget -O - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list
apt update
apt install elasticsearch
sudo systemctl enable elasticsearch

# elasticsearch config
nano /etc/elasticsearch/elasticsearch.yml
# uncomment and set: cluster.name: akeneo
# uncomment and set: node.name: node-1
# save and close
sudo systemctl start elasticsearch

# test elasticsearch (wait 1 min before running this, give it time to start)
curl -X GET 'http://localhost:9200'

# java heap count
sysctl -w vm.max_map_count=262144
echo "vm.max_map_count=262144" | tee /etc/sysctl.d/elasticsearch.conf
systemctl restart elasticsearch

# prevent updates, those will break akeneo
apt-mark hold php7.1
apt-mark hold elasticsearch
apt-add-repository --remove ppa:ondrej/php
apt-add-repository --remove ppa:ondrej/apache2

# firewall
sudo ufw allow in "Apache Full"

# enable apache proxy modules
a2enmod rewrite proxy_fcgi

# apache config (add line)
nano /etc/apache2/apache2.conf
ServerName [HOSTNAME]

# apache php mod
nano /etc/apache2/mods-enabled/dir.conf
# move index.php to front of line
# so: DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

# restart and check apache
systemctl restart apache2
systemctl status apache2

# set hostname
hostnamectl set-hostname '[HOSTNAME]'
# e.g. hostnamectl set-hostname 'akeneo.domain.com'

# set timezone
dpkg-reconfigure tzdata

# nodejs
curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
apt-get install -y nodejs
apt-get install -y build-essential

# yarn
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update && apt-get install yarn

# php cli config
nano /etc/php/7.1/cli/php.ini
date.timezone = [TIMEZONE]
# e.g. date.timezone = Europe/Amsterdam
# see http://php.net/manual/en/timezones.php

# php fpm config (modify lines)
nano /etc/php/7.1/fpm/php.ini
date.timezone = [TIMEZONE]
memory_limit = 1024M
post_max_size = 64M
upload_max_filesize = 64M

# swap file
sudo fallocate -l 1G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

# auto ban IPs that hack (http://denyhosts.sourceforge.net)
apt-get install denyhosts
# sudo nano /etc/denyhosts.conf for optional config

# fail2ban
sudo apt-get install fail2ban
nano /etc/fail2ban/jail.conf
# find [sshd] section
# add/set enabled  = true

# htop process viewer (http://hisham.hm/htop/)
apt-get install htop
# open/test with 'htop' command

# mysql root password
cat /root/.digitalocean_password
mysql_secure_installation
# paste password in
# run installation wizard

# mysql table and user
mysql -u root -p
CREATE DATABASE akeneo_production DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'pim_usr_prod'@'localhost' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON akeneo_production.* TO 'pim_usr_prod'@'localhost';
GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY '[ROOT_MYSQL_PASSWORD]';
FLUSH PRIVILEGES;
quit

# allow remote mysql access (comment lines)
# decide this for youself, it's a risk but eases sysops
nano /etc/mysql/mysql.conf.d/mysqld.cnf
#skip-external-locking
#bind-address=127.0.0.1
service mysql restart

# firewall whitelist mysql
sudo ufw allow 3306/tcp
sudo service ufw restart

# final upgrades & cleanup
sudo apt upgrade
rm -rf /etc/update-motd.d/99-one-click
rm -rf /root/.digitalocean_password
apt autoremove
apt autoclean

# non-root user
adduser [USERNAME]
usermod -aG sudo [USERNAME]
su - [USERNAME]
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
ssh-keygen -t rsa -C "[EMAIL_ADDRESS]" -b 4096
cat ~/.ssh/id_rsa.pub
# save this public key somewhere, you can use it as deploy key in Github/Gitlab
exit

# now add public key auth: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04#step-four-%E2%80%94-add-public-key-authentication-(recommended)
# e.g. from macOS: cat ~/.ssh/id_rsa.pub | ssh [USERNAME]@[IP] "cat >> ~/.ssh/authorized_keys"
# the latter only works when creating the droplet with ssh password access allowed (i.e. key not set when creating droplet)
# otherwise, on local, cat ~/.ssh/id_rsa.pub and copy key, paste into /home/[USERNAME]/.ssh/authorized_keys

# reboot (just to be sure all works fine)
reboot

# login as non-root
ssh [USERNAME]@[IP]

# filesystem
sudo mkdir -p /var/www/html/akeneo
sudo chown [USERNAME]:[USERNAME] /var/www/html/akeneo
chmod 775 /var/www/html/akeneo

# apache virtual host file
sudo rm -f /etc/apache2/sites-enabled/000-default.conf
sudo touch /etc/apache2/sites-available/akeneo_production.conf
sudo nano /etc/apache2/sites-available/akeneo_production.conf
# paste virtual host config in (see below), save and close
sudo a2enmod rewrite
sudo service apache2 restart
sudo apache2ctl configtest
sudo a2ensite akeneo_production
sudo systemctl reload apache2

# host file (add line)
sudo nano /etc/hosts
127.0.0.1 [HOSTNAME]

# akeneo source
cd /var/www/html/akeneo/web
wget https://download.akeneo.com/pim-community-standard-v2.1-latest.tar.gz
tar --strip-components=1 -zxvf pim-community-standard-v2.1-latest.tar.gz
rm -f pim-community-standard-v2.1-latest.tar.gz
mkdir -p /app/file_storage
mkdir -p /app/uploads
mkdir -p /var/media
chmod -R 777 ./app/file_storage/
chmod -R 777 ./app/uploads/
chmod -R 777 ./var/logs/
chmod -R 777 ./var/cache/
chmod -R 777 ./var/media/
composer install --optimize-autoloader --prefer-dist
yarn install

# set db credentials
sudo nano app/config/parameters.yml

# github token (https://github.com/settings/tokens)
composer config --global github-oauth.github.com "[GITHUB_TOKEN]"

# install
php bin/console cache:clear --no-warmup --env=prod
php bin/console pim:installer:assets --symlink --clean --env=prod
bin/console pim:install --force --symlink --clean --env=prod
yarn run webpack

# cron
*/15 * * * * php /var/www/html/akeneo/bin/console pim:completeness:calculate --env=prod > /var/www/html/akeneo/bin/console/var/logs/calculate_completeness.log 2>&1
*/15 * * * * php /var/www/html/akeneo/bin/console pim:versioning:refresh --env=prod > /var/www/html/akeneo/bin/console/var/logs/refresh_versioning.log 2>&1

# supervisor task runner
sudo touch /etc/supervisor/conf.d/akeneo_production.conf
sudo nano /etc/supervisor/conf.d/akeneo_production.conf
# paste supervisor config (see below) in it
supervisorctl reread
supervisorctl update
supervisorctl start akeneo_production

Apache virtual host config

# apache virtual host config file
# /etc/apache2/sites-available/akeneo_production.conf
# after change, restart apache with 'systemctl restart apache2'

<VirtualHost *:80>
    ServerName [HOSTNAME]
    DocumentRoot /var/www/html/akeneo/web
    
    <Directory /var/www/html/akeneo/web>
        AllowOverride None
        Require all granted

        Options -MultiViews
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ app.php [QSA,L]
    </Directory>

    <Directory /var/www/html/akeneo>
        Options FollowSymlinks
    </Directory>

    <Directory /var/www/html/akeneo/web/bundles>
        RewriteEngine Off
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.1-fpm.sock|fcgi://localhost/"
    </FilesMatch>

    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
</VirtualHost>

Supervisor config

[program:akeneo_production]
command=/usr/bin/php /var/www/html/akeneo/bin/console akeneo:batch:job-queue-consumer-daemon --env=prod
autostart=false
autorestart=true
stderr_logfile=/var/log/akeneo_daemon.err.log
stdout_logfile=/var/log/akeneo_daemon.out.log
user=[USERNAME]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment