Basierend auf der Grundinstallation des Servers (s. Nextcloud Installationsanleitung und Reverse Proxy) gehen wir von bereits installierten und konfigurierten PHP- (php-fpm) und MariaDB-Instanzen aus. Wir beginne daher direkt mit der Anlage der notwendigen Joomla!-Datenbank.
Quelle: https://www.joomla.org/
Anlegen der Joomla!–Datenbank
CREATE DATABASE joomla CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; CREATE USER joomla@localhost identified by 'joomla'; GRANT ALL PRIVILEGES on joomla.* to joomla@localhost; FLUSH privileges;
Herunterladen und Entpacken der Joomla!-Software
Bitte prüfen und ersetzen Sie die zum Zeitpunkt Ihres Downloads aktuellste Joomla-Version von hier:
wget https://downloads.joomla.org/cms/joomla3/3-9-21/Joomla_3.9.21-Stable-Full_Package.zip?format=zip -O joomla.zip
mkdir -p /var/www/joomla
unzip joomla.zip -d /var/www/joomla
chown -R www-data:www-data /var/www/
Anlegen des Joomla!-vHosts
cd /etc/nginx/conf.d/
touch joomla.conf && nano joomla.conf
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ihre.joomladaomain.de; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_trusted_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; #ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem; #ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem; #ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384'; ssl_ecdh_curve X448:secp521r1:secp384r1; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered-By; fastcgi_read_timeout 3600; fastcgi_send_timeout 3600; fastcgi_connect_timeout 3600; root /var/www/joomla; location = /robots.txt { allow all; log_not_found off; access_log off; } client_max_body_size 10240M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php?$args; } location ~* /(images|cache|media|logs|tmp)/.*.(php|pl|py|jsp|asp|sh|cgi)$ { return 403; error_page 403 /403_error.html; } location = /favicon.ico { access_log off; log_not_found off; } error_page 404 /index.php; location ~ .php$ { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ /\.(?!well-known).* { deny all; } }
Erweiterung der http.conf (Gateway)-Datei
vi http.conf
upstream php-handler {
server unix:/run/php/php7.4-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name ihre.domain.de ihre.joomladomain.de;
root /var/www;
location ^~ /.well-known/acme-challenge {
default_type text/plain;
root /var/www/letsencrypt;
}
location / {
return 301 https://$server_name$request_uri;
}
}
Erweitern der SSL-Zertifikate
Das bestehende SSL-Zertifikat wird um die neue Joomla!-Domain erweitert:
su - acmeuser
acme.sh --issue -d ihre.domain1.de -d ihre.joomladomain.de --server letsencrypt --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"
acme.sh --issue -d ihre.domain1.de -d ihre.joomladomain.de --server letsencrypt --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"
exit
sed -i '/ssl-cert-snakeoil/d' /etc/nginx/conf.d/joomla.conf sed -i s/#\ssl/\ssl/g /etc/nginx/conf.d/joomla.conf
Nun starten wir den Webserver neu:
nginx -t
service nginx restart
Installation von Joomla!
Starten Sie einen Browser und rufen zur Joomla!-Installation ihre Domain auf:
https://ihre.joomladomain.de
Folgen Sie dem Assistenten und richten Sie Joomla! abschließend ein.
Die Installation von Joomla neben Ihrer Nextcloud kann nun erfolgreich abgeschlossen werden und so wünsche ich Ihnen viel Spaß mit Ihrem CMS und ihrer Nextcloud. Über Ihre Unterstützung (diese wird ordnungsgemäß versteuert!) würden sich meine Frau, meine Zwillinge und ich sehr freuen!