How to Install Wallabag on Rocky Linux 9

How to Install Wallabag on Rocky Linux 9

If you are looking for a guide on how to install wallabag on Rocky Linux 9, here’s everything you need to know. 

Wallabag is a service installed on a server that allows a read-it-later feature for web pages. By using this feature, you can save web pages for reading it later in your leisure time. Some of the software that provides similar functionality as wallabag is Pocket and Instapaper. However, wallabag is different from this software as it is installed on the server end. The following are the objectives of today’s article:

  • We will discuss in detail how to install wallabag on Rocky Linux 9.
  • In addition, we will also talk about the installation of pre-requisite software such as nginx, MySQL, composer, and PHP.

In order to follow the article, you must have:

  • A computer running Rocky Linux 9.
  • Access to the root account or a user with sudo privileges.
  • A fully qualified domain name.

Before moving towards installation instructions, we will briefly discuss wallabag and its features.

What is wallabag?

It is a web application that can be used to save web pages. You can then view the saved pages later on. The amazing part is that it extracts the content. So the user will not be distracted later on through pop-ups. It is free and open source. Even though you can create an account on wallabag. To use the service, the best approach is to install wallabag on Rocky Linux 9 on your own server.

How to Install Wallabag on Rocky Linux 9

We will now discuss the process to install wallabag on Rocky Linux 9 and set up the configuration of wallabag.

Step 1 – Update your system

The very first step is to update your system. Open your Terminal and type the following command:

$ sudo dnf update

Step 2- Installation of pre-requisite packages

Some of the pre-requisite packages that we will need throughout the tutorial can be installed using the following command:

$ sudo dnf install wget curl nano unzip yum-utils –y


Step 3- Configuration of firewall

We will now configure the firewall. Note that Rocky Linux uses the firewall firewalld. Follow the steps below to configure the firewall, after which you can proceed to install wallabag on Rocky Linux 9.

Check the status of the firewall

We will first check the status of the firewall using the following command:

$ sudo firewall-cmd --state


You should see an output such as ‘running’. This implies that the firewall is running. The firewall can work on different zones; however, we will use the default public zone.

Open HTTP and HTTPS port

First, see the list of all the services running and the active port on the firewall via the following command:

$ sudo firewall-cmd --permanent --list-services


Note that wallabag needs HTTP and HTTPS to function. So, we should open these ports. Open HTTP port via the following command:

$ sudo firewall-cmd --permanent --add-service=http


Then, open HTTPS using the command below:

$ sudo firewall-cmd --permanent --add-service=https


Apply the firewall changes

Now, reload the firewall to apply the changes. Type the following command on the Terminal:

$ sudo firewall-cmd --reload


Now, list down the services again:

$ sudo firewall-cmd --permanent --list-services


You should see that HTTP and HTTPS are now on the list of services.

Step 4- Install PHP and extensions

We will now install PHP and its extensions. 

Install epel repository

Install the epel repository via the following command:

$ sudo dnf install epel-release –y


Install remi repository and enable the Remi PHP 8.1 repository

The remi repository can be installed via the following command:

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm


Check for available PHP stream using the following command:

$ dnf module list php –y


Enable Remis PHP 8.1 repository via the following command:

$ sudo dnf module reset php -y
$ sudo dnf module enable php:remi-8.


Installation of PHP

Finally, we will install PHP and its required extensions using the following command:

$ sudo dnf install php-fpm php-mysql php-bcmath php-xml php-zip php-curl php-mbstring php-gd php-tidy php-intl php-cli php-opcache


To verify the installation, check the version of PHP using the following command:

$ php --version


Edit the configuration file

Now, we will edit www.conf file. First, open it in your favorite editor as follows:

$ sudo nano /etc/php-fpm.d/www.conf


Replace user=apache and group=apache as follows:

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...


Now, edit the socket file owner, group, and default permission as follows:

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Now, comment on the following line:

;listen.acl_users = apache,nginx


Note: ‘;’ is used for commenting out the file

Save the file and then close the editor. You can close the editor by using Ctrl + X.

Setting permission for session directory

Now, set the permission for PHP session directory as follows:

$ sudo chown -R nginx:nginx /var/lib/php/session/


Finally, enable and start PHP-FPM service as follows:

$ sudo systemctl enable php-fpm --now


Step 5 – Installation of composer

We will need to install composer as it is required by Wallabag. Follow the steps below.

Download composer

The composer can be downloaded with the help of the following command:

$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php composer-setup.php --2.2
$ php -r "unlink('composer-setup.php');"


Installation of composer

Move the binary composer.phar to /usr/local/bin using the following command:

$ sudo mv composer.phar /usr/local/bin/composer


Finally, verify the installation as follows:

$ composer –version


You should see the desired version of the composer.

Step 6 – Installation of MySQL

The next step is the installation of MySQL. Follow the steps below.

Installing and verifying MySQL

The installation of MySQL is very simple. Install it using the following command:

$ sudo dnf install mysql-server


Now, check and verify the version of MySQL as follows:

$ mysql –version


Start MySQL service

The service can be started using the following command:

$ sudo systemctl enable mysqld –now


Now, run the following command:

$ sudo mysql_secure_installation


You will see the following output:

MySQL server deployment

You will also be asked to set up a new root password. Specify a new password according to the requirements. Then follow the steps below:

  • Install the validate password component by pressing ‘Y’. 
  • Set the new root password. 
  • Finally, remove the anonymous user.
  • Disallow remote root logins.
  • Remove the test database.
  • Reload the privilege table.

Step 7 – Configure MySQL

Now, we will configure MySQL. Follow the steps below.

Login to MySQL

Login to MySQL via the following command:

$ sudo mysql -u root –p

Create the database and user account

Now, run the following queries to create a database, user, and grant privileges:

mysql> CREATE DATABASE wallabag;
mysql> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'Your_password2';
mysql> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
mysql> FLUSH PRIVILEGES;


Finally, exit the shell via the following command:

mysql> exit


Step 8 – Install nginx

As a part of the process to install wallabag on Rocky Linux 9, you need to download the latest version of nginx. Follow the steps below.

Edit /etc/yum.repos.d/nginx.repo file

First, we will need to edit /etc/yum.repos.d/nginx.repo file. Type the following command:

$ sudo nano /etc/yum.repos.d/nginx.repo


Now, edit the file as follows:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Install nginx server


Finally, install the nginx server using the following command:

$ sudo dnf install -y nginx


You can verify the installation as follows:

$ nginx –v


Enable and start nginx server

You can enable and start nginx server through the following command:

$ sudo systemctl enable nginx –now

Finally, check the status using the following command:

$ sudo systemctl status nginx


You should see the following output:

systemctl status nginx output

Step 9 – Install SSL

We will also install SSL on the server. Follow the steps below.

Installation of Certbot

First, install snapd via the following command:

$ sudo dnf install -y snapd


Then, enable and start snapd as follows:

$ sudo systemctl enable snapd –now


Install snapcore package as follows:

$ sudo snap install core && sudo snap refresh core


Create necessary links for snapd as follows:

$ sudo ln -s /var/lib/snapd/snap /snap
$ echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' | sudo tee -a /etc/profile.d/snapd.sh


Finally, install Certbot as follows:

$ sudo snap install --classic certbot


Now, create a symbolic link:

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot


To verify the installation, run the following command:

$ certbot –version


Generate SSL certificate

Generate an SSL certificate as follows:

$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d wallabag.example.com


Generate a Diffie-Hellman group certificate as follows:

$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096


Check the scheduler service as follows:

$ sudo systemctl list-timers


You should see snap.certbot.renew.service in the list. Finally, run the following command to see if SSL renewal is working:

$ sudo certbot renew --dry-run


If you see no error, you are ready to go.

Step 10 – Install Wallabag

After installation and configuration of pre-requisite software, we are now ready to install wallabag.

Create HTML directory

First, create an HTML directory as follows:

$ sudo mkdir /var/www/html/wallabag –p


Download Wallabag

Using the wget command, download  the latest version of Wallabag as follows:

$ wget https://wllbg.org/latest-v2-package


Once downloaded, extract the directory as follows:

$ tar xzf latest-v2-package


Move the directory and create asset directory

Now, move the downloaded package to the directory created earlier as follows:

$ sudo mv wallabag-2.5.4/* /var/www/html/wallabag


Create an asset directory as follows:

$ sudo mkdir /var/www/html/wallabag/data/assets


Also, change the permission of /var/www/html/wallabag to the currently logged-in user as follows:

$ sudo chown -R $USER:$USER /var/www/html/wallabag


Edit parameters.yaml file

Change the current directory to wallabag as follows:

$ cd /var/www/html/wallabag


Now, create parameters.yaml file using the following command:

$ cp app/config/parameters.yml.dist app/config/parameters.yml


Generate a secret key as follows:

$ openssl rand -base64 32


Now, we will open parameters.yaml file in our favorite editor for editing:

$ nano app/config/parameters.yml


Fill in the database details as follows:

    ..........
database_driver: pdo_mysql
database_host: 127.0.0.1
database_port: 3306
database_name: wallabag
database_user: wallabaguser
database_password: Your_password2


Provide the domain name:

domain_name: https://wallabag.example.com
server_name: "Howtoforge Wallabag"


Then, provide SMTP details:

mailer_transport:  smtp
mailer_user:       YOUR_AES_USERNAME
mailer_password:   YOUR_AES_PASSWORD
mailer_host:       email-smtp.us-west-2.amazonaws.com
mailer_port:       587
mailer_encryption: tls


Provide the secret key generated previously:

# A secret key that's used to generate certain security-related tokens
secret: QLV/GpZwDobQbyQZQ15FkM1Hvt+ZFJZXw8GW9F4KR3o=
# two factor stuff
twofactor_auth: true
twofactor_sender: [email protected]
# fosuser stuff
fosuser_registration: true
fosuser_confirmation: true
.....
from_email: [email protected]
.....


You may also provide the configuration for Redis, RabbitMQ, and Sentry. Save the file and close the editor.

Install dependencies for wallabag

Now, install the dependencies for wallabag using composer:

$ SYMFONY_ENV=prod composer install --no-dev -o --prefer-dist


Finish the installation by typing the following command:

$ php bin/console wallabag:install --env=prod


Then in the next few steps, do the following:

  • When asked to reset the database and schema, press ‘no’
  • You will be asked to create an administrator account. Press ‘Yes’. Then, provide a username, password, and email ID.

Finally, change the directory permission to nginx as follows:

$ sudo chown -R nginx:nginx /var/www/html/wallabag 


Step 11 – Configuration of SELinux

The next step is the configuration of SELinux.

Change file security context

Change the file security context using the following commands:

$ sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html/wallabag(/.*)?"
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/wallabag/data(/.*)?"
$ sudo semanage fcontext -a -t httpd_log_t "/var/www/html/wallabag/var/logs(/.*)?"
$ sudo semanage fcontext -a -t httpd_cache_t "/var/www/html/wallabag/var/cache(/.*)?"


Apply policies

Apply the policy using the following command:

$ sudo restorecon -R -v /var/www/html/wallabag


Allow nginx to give the policy to MySQL as follows:

$ sudo setsebool -P httpd_can_network_connect_db 1

Step 12 – Configure nginx and PHP

The final step to install wallabag on Rocky Linux 9 is the configuration of nginx and PHP. Follow the steps below.

Edit www.conf

Edit the file /etc/php/8.1/fpm/pool.d/www.conf using your favorite editor as follows:

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Change the socket file owner, group, and default permission line as follows:

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660


Change the line with listen.acl_users as follows:

;listen.acl_users = apache,nginx


Save the file and then exit.

Change the configuration parameters of PHP-FPM and PHP-CLI

Increase the execution time for PHP-FPM and PHP-CLI as follows:

$ sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.1/fpm/php.ini
$ sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.1/cli/php.ini


Increase the memory limit for PHP-FPM as follows:

$ sudo sed -i 's/memory_limit = 128M/memory_limit = 256M/' /etc/php/8.1/fpm/php.ini


Finally, restart the PHP-FPM service as follows:

$ sudo systemctl restart php8.1-fpm


In the last step, change the group of PHP sessions directory to nginx using the command below:

$ sudo chgrp -R nginx /var/lib/php/sessions


Edit wallabag.conf for nginx

Change the /etc/nginx/conf.d/wallabag.conf file as follows using your favorite editor:

server {
listen       443 ssl http2;
listen       [::]:443 ssl http2;
server_name  wallabag.example.com;
access_log  /var/log/nginx/wallabag.access.log;
error_log   /var/log/nginx/wallabag.error.log;
# SSL
ssl_certificate      /etc/letsencrypt/live/wallabag.example.com/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/wallabag.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wallabag.example.com/chain.pem;
ssl_session_timeout  5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 8.8.8.8;
root /var/www/html/wallabag/web;
location / {
try_files $uri /app.php$is_args$args;
}
# Pass PHP Scripts To FastCGI Server
location ~ ^/app\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_pass unix:/run/php/php8.1-fpm.sock; # Depends On The PHP Version
fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
internal;
}
location ~ \.php$ {
return 404;
}
}
# enforce HTTPS
server {
listen       80;
listen       [::]:80;
server_name  wallabag.example.com;
return 301   https://$host$request_uri;
}


Save the file and close the editor.

Edit nginx.conf

Then, edit the /etc/nginx/nginx.conf file as follows:

server_names_hash_bucket_size  64;
include /etc/nginx/conf.d/*.conf;


Save the file and close the editor. Now, verify the nginx configuration via the following command:

$ sudo nginx –t


Finally, restart the nginx service using the command below:

$ sudo systemctl restart nginx


Step 13- Access the wallabag

Finally, after you install wallabag on Rocky Linux 9 and configure it, we are now ready to use the service. Point your browser to the following URL:

https://wallabag.example.com


You should see the screen below:

wallabag login

Provide your username and password to log in. You will then see the dashboard. Now, you are ready to use wallabag.

In this article, we have talked about how to install wallabag on Rocky Linux 9.  Wallbag is a server-based application that can be used to save web pages for reading later on. We have seen the essential steps for the installation of pre-requisites software and configuration of wallabag. We hope you have enjoyed the article about how to install wallabag on Rocky Linux 9. If you want more details, they can be seen here

If this guide helped you, please share it. 

Related Posts