Sunday , May 9 2021

How to install Bolt CMS on Debian 9

Bolt CMS is a simple and flexible open source content management system, written in PHP programming language and can be successfully implemented in Linux with Apache / Nginx Web server, PHP database management system and MySQL / MariaDB, also known as LAMP or LEMP stack.

In this tutorial, we will learn how to install and configure the latest version of Bolt CMS in the Debian 9 version, on top of a LAMP stack, in order to create dynamic websites.

With Bolt CMS, you can create and design beautiful and modern dynamic portals with the latest markup languages ​​and source libraries.


To be able to install a Bolt CMS website at your location, you need to make sure that you meet some of the following requirements:

  • You need a dedicated physical server or a virtual machine or a VPS from a cloud provider with the latest version of the minimal Debian 9 installation.
  • A static IP address configured for one of the system's network interface cards
  • Remote or direct access to the root account or to a local or remote account with sudo root privileges
  • A properly configured domain name, private or public, depending on the distribution, with the required DNS records, such as A and CNAME records to point to www. If you do not have a valid or registered domain name, you can run the installation and access the website through the server's IP address
  • To be able to use Bolt CMS e-mail registration or other CMS features, you need to set up a mail server at your premises (IMAP and SMTP services), even though this is a public mail server, like Gmail or Yahoo! it can be used to achieve the same goal.


In the first step, log in to your Debian server with root account or with an account with root privileges acquired through sudo utility and install utilities like zip, unzip (to unzip zip archives), curl and wget (download files online) and bash -completion self-completing command line. Issue the following commands to install all these utilities in one-shot.

on –

apt install bash-completion zip unzip wl wl

In the next step, configure a descriptive name for the machine to reflect the destination of this server by running the following command. Replace the variable of your hostname accordingly.

hostnamectl set-hostname

You can check the host name of the machine and the record in the system hosts file by issuing the commands below.


cat / etc / hostname

hostname -s

hostname -f

Before restarting the server, make sure the system is updated with the latest security patches, kernel updates, repositories, and software packages by sending the following command.

apt update

apt update

After the upgrade process is complete, restart the Debian machine to apply all kernel updates and the host name changes successfully.

restart of systemctl

Install Apache and PHP

As mentioned in the introduction, Bolt CMS is a web-based content management platform written in the server-side PHP programming language and must be implemented on a LAMP stack. First, we'll start by installing the Apache HTTP server and PHP interpreter along with some PHP extensions required by Bolt CMS for proper execution. To install the Web server component and the PHP programming language with all required modules, issue the following command in the server console with root privileges.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-xml php7.0-cli php7.0-curl php7. 0-zip php7.0-bcmath php-imagick php7.0-xmlrpc php7.0-intl

Then, check if all installed PHP modules are enabled on your system by running the following command.

php7.0 -m

Install MariaDB

The next component that is missing is the RDBMS database. In this tutorial, we will install Bolt CMS with the MariaDB database server as a backend. The Web Bolt CMS application uses the MariaDB database to store different website configurations, users, sessions and other different data. To install the MariaDB server and database client and the PHP MySQL extension in Debian 9, issue the following command in the server console.

apt install mariadb-server mariadb-client php7.0-mysql

At the end of the MariaDB installation, check if the database daemon is active and running on your machine and listen to incoming connections on localhost, port 3306, by running netstat or ss command.

netstat -tlpn | grep mysql


ss -tlpn | grep mysql

Self netstat The network utility is not installed by default in your Debian system, run the following command to install it.

apt install net-tools

By default, the MySQL database server is not sufficiently protected in Debian 9. You can access the database root account by providing a password. To protect the database server, first log in to the MySQL console and run the commands below to protect the MariaDB root account.

mysql -h localhost

Welcome to the MariaDB monitor. The commands end with; o  g.

Your MariaDB connection ID is 2

Server version: 10.1.26-MariaDB-0 + deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type "help"; or " h" for help. Type " c" to delete the current input instruction.

MariaDB [(none)]> use mysql;

Read table information for completing table and column names

You can disable this feature to get a faster start with -A

Change of the database

MariaDB [mysql]> update user set plugin = & # 39; & # 39; where user = & # 39; root & # 39 ;;

Query OK, 1 row concerned (0,00 seconds)

Corresponding lines: 1 Modified: 1 Alerts: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0,00 seconds)

MariaDB [mysql]> go out


After applying the database root account to use a password, you can further protect the MariaDB server by running the script mysql_secure_installation provided by the installation packages from the extended Debian repositories. During the execution of the script you will be asked a series of questions designed to protect the MariaDB database, such as: changing the MySQL root password, removing anonymous users, disabling remote root accesses and deleting the test database. Run the script by entering the following command and set a strong password for the database root account and be sure to type Yup to all the questions asked, as shown in the following excerpt.




To access MariaDB to protect it, we will need the power

password for the root user. If you have just installed MariaDB, e

you have not set the root password yet, the password will be empty,

so you should just hit enter here.

Enter the current password for root (enter for none):

OK, password used successfully, in progress ...

Setting the root password ensures that no one can access MariaDB

root user without the appropriate authorization.

You already have a root password set up, so you can easily answer "n".

Change the root password? [Y/n] y

New password:

Re-enter the new password:

Password updated correctly!

Top up the privilege tables ..

... happened!

By default, MariaDB installation has an anonymous user, allowing anyone

log in to MariaDB without having to create a user account

their. This is intended only to test and do the installation

go a little smoother. You should remove them before moving in to

production environment.

Remove anonymous users? [Y/n] y

... happened!

Normally, root should be allowed to connect only from "localhost". This

ensures that someone can not guess the root password from the network.

Do not allow root login remotely? [Y/n] y

... happened!

By default, MariaDB has a database called & # 39; test & # 39; that anyone can

access. This is also intended only for testing and should be removed

before moving to a production environment.

Remove the test database and access it? [Y/n] y

- Release of the test database ...

... happened!

- Removal of privileges on the test database ...

... happened!

Reloading the privilege tables will ensure that all changes made so far

it will take effect immediately.

Top up privilege tables now? [Y/n] y

... happened!

To clean...

All done! If you have completed all the previous steps, your MariaDB

the installation should now be safe.

Thank you for using MariaDB!

At the end of the script, access the database from the console without root password. Access to the database should be denied if no password is provided for the root account, as shown in the following excerpt of the command:

mysql -h localhost -u root

ERROR 1045 (28000): access denied by user & # 39; root & # 39; @ & # 39; localhost & # 39; (using the password: NO)

If the password is provided, the login process must be granted to the MySQL console, as shown in the command example. Type exit to exit the database console.

mysql -h localhost -u root -p

Enter the password:

Welcome to the MariaDB monitor. The commands end with; o g.

Your MariaDB connection ID is 15

Server version: 10.1.26-MariaDB-0 + deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type "help"; or " h" for help. Type " c" to delete the current input instruction.

MariaDB [(none)]> Exit


After all LAMP components have been installed, check to see if the web server is up and running and waiting for network connections on port 80 by issuing the following command with root privileges.

netstat -tlpn

By inspecting the output of the netstat command, you can see that the Apache web server is listening to incoming network connections on port 80. You can also use the same activity for the same task. ss command, which is automatically installed, by default, in Debian 9.


Configure the firewall

In case you have a firewall enabled in your system, such as UFW firewall application, you need to add a new rule to allow HTTP traffic to pass through the firewall by issuing the following command.

ufw allow WWW


ufw allow 80 / tcp

You must also allow SSH traffic to pass through the UFW firewall in case of remote connections to the server.

ufw allow 22 / tcp

Some system administrators prefer to use iptables raw rules to manage firewall rules on your Debian server. In this case, you need to add the following rules to allow inbound traffic on port 80 on the firewall so that other visitors can browse through their website.

apt-get install -y iptables-persistent

iptables -I INPUT -p tcp -destination-port 80 -j ACCEPT

netfilter: persistent rescue

systemctl restart netfilter-persistent

systemctl status netfilter-persistent

systemctl enables netfilter-persistent.service

In case you are connected to the Debian server remotely via SSH, you must first add the following rule to allow SSH traffic to pass through the iptables firewall. Otherwise you will be blocked because the firewall will start releasing all incoming traffic on port 22.

iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT

netfilter: persistent rescue

systemctl restart netfilter-persistent

After adding the required firewall rules, you need to check whether the Apache web server is reachable on the network by opening a browser and visiting the IP address of the Debian machine or the domain name or FQDN of the server via HTTP protocol . If incoming connections are allowed to port 80, the default web page should appear in client browsers. If you do not know the IP address of the machine, run ifconfig or ip a command to reveal your server's IP address.

http: //your_domain.tld

Configure Apache and PHP

In the next step, we will need to make additional changes to the default PHP configuration file and modify the following PHP variables as described below. Also, make sure that the PHP time zone The setting is configured correctly and corresponds to the geographical location of the system. Open /etc/php/7.0/apache2/php.ini file for editing after initially, make a backup of the PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}

nano /etc/php/7.0/apache2/php.ini

Search, edit and modify the following variables in php.ini configuration file:

file_uploads = active
memory_limit = 128M
post_max_size = 80M
upload_max_filesize = 80M
default_charset = UTF-8
short_open_tag = off
intl.error_level = 0
magic_quotes_gpc = off
register_globals = off
session.auto_start = off
date.timezone = Europe / London

Increase the upload_max_file_size variable as suitable to support attachments of large files, if this is the case and replace the date.timezone variable based on geographical time by consulting the list of time zones provided by PHP documents at the following link

To increase the loading speed of your website pages via the OPCache plugin available for PHP7, add the following OPCache settings at the bottom of the PHP interpreter configuration file, under [opcache] statement, as detailed here:

nano /etc/php/7.0/apache2/php.ini

opcache.enable = 1
opcache.enable_cli = 1
opcache.interned_strings_buffer = 8
opcache.max_accelerated_files = 10000
opcache.memory_consumption = 128
opcache.save_comments = 1
opcache.revalidate_freq = 1

After editing all the lines described below, close the php.ini configuration file and check if the OPCache variables were added correctly by issuing the following command.

grep opcache /etc/php/7.0/apache2/php.ini

Next, we need to enable Apache rewriting and TLS modules to force visitors to safely browse the Web site using the HTTPS protocol. The TSL module will protect the traffic between the server and client browsers with a self-signed certificate issued automatically by Apache. You should also activate the Apache SSL configuration file for the TLS module to work properly. Run the following command to activate all required configurations.

a2enmod ssl rewrite

a2ensite default-ssl.conf

After enabling rewriting and TLS modules, open the Apache default SSL site configuration file with a text editor and add lines of URL rewriting rule code after DocumentRoot directive, as shown in the following example. Furthermore, change DocumentRoot route to / Var / ww / html / public.

nano /etc/apache2/sites-enabled/default-ssl.conf

Excerpt from the SSL site configuration file:

DocumentRoot / var / www / html / public

Options + FollowSymlink
AllowOverride All
Ask for everything guaranteed

Close the Apache SSL file and open also /etc/apache2/sites-enabled/000-default.conf file for editing and adding the same URL rewriting rules as for the SSL configuration file. Enter the lines of code afterwards DocumentRoot statement as shown in the following example. Also, change DocumentRoot path to point to / Var / ww / html / public directory.

DocumentRoot / var / www / html / public

Options + FollowSymlink
AllowOverride All
Ask for everything guaranteed

After making all the changes shown above, you need to restart Apache daemon to apply all the rules.

systemctl restart apache2

Finally, open a browser and visit your domain name or the server's IP address using the HTTP protocol. Since you are using self-signed certificate pairs automatically released by Apache during installation, an untrusted certificate from the browser, an error warning should appear in the browser. Accept the warning to accept the untrusted certificate and continue to be redirected to the default Apache web page.

https: //yourdomain.tld

Apache cert error

If the UFW firewall application blocks incoming network connections to the HTTPS port, enter a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.

allow & # 39; WWW Full & # 39;


ufw allow 443 / tcp

Self iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow inbound traffic of port 443 in the firewall so that visitors can browse your domain name.

iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT

netfilter: persistent rescue

systemctl restart netfilter-persistent

Finally, create a PHP information file in the webroot path of the web server by running the following command.

eco & # 39;& # 39; | tee /var/www/html/public/info.php

Visit the PHP info script file from a browser at the following URL, as shown in the image below. Scroll to Date setting to check the PHP time zone configuration. The time zone settings should reflect the previously configured PHP geographic location.

https: //domain.tld/info.php

Setting the date in PHP

Then, log in to the MariaDB database console and create the Bolt CMS database and a user with a password that will be used to manage the Web site database from localhost, by issuing the following commands. Replace the database name, user and password accordingly.

mysql -u root -p

Welcome to the MariaDB monitor. The commands end with; o  g.

Your MariaDB connection ID is 305

Server version: 10.1.26-MariaDB-0 + deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type "help"; or " h" for help. Type " c" to delete the current input instruction.

MariaDB [(none)]> CREATE DATABASE bolt_db;

Query OK, 1 row concerned (0,00 seconds)

MariaDB [(none)]> grant all privileges on bolt_db. * a & # 39; bolt_user & # 39; @ & # 39; localhost & # 39; identified by & # 39; password1234 & # 39 ;;

Query OK, 0 rows affected (0,00 seconds)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0,00 seconds)

MariaDB [(none)]> go out


Install Bolt CMS

After satisfying all the system requirements to install the Bolt CMS application, visit the official Bolt download page at the address and take the last zip archive compressed into your system by issuing the following command.


After downloading the zip archive, extract the Bolt CMS zip archive file to the current working directory and list the extracted files by entering the commands below. Also, remove the default index.html file installed by the Apache web server on the webroot path and also delete the info.php file that you created previously.


ls bolt-[TAB]

rm /var/www/html/index.html

rm /var/www/html/public/info.php

The installation files for Bolt CMS are located in the current working directory bolt-v3.4.4 / directory. Problem ls command to list these directory files. Copy all the contents of the extracted directory to the root path of the Web server document by sending the following command. Also, be sure to copy the hidden file .htaccess to the webroot path.

cp -rf bolt-v3.4.4 / * / var / www / html /

cp -rf bolt-v3.4.4 / .bolt.yml.dist /var/www/html/bolt.yml

Next, run the following commands to grant the Apache runtime user full write permissions to the web root path. Use ls command to list permissions for installed application files, located in / var / www / html / directory.

chown -R www-data: www-data / var / www / html /

ls -al / var / www / html /

Then, open the Bolt CMS configuration file and add the connection information to the MySQL database, as shown in the following extracted file:

nano /var/www/html/app/config/config.yml

config.yml example of file:

driver: mysql
database-name: bolt_db
username: bolt_user
password: password1234


Save and close the Bolt CMS configuration file, enter the / Var / www / html directory and install the PHP Composer dependency management software by issuing the following commands.

cd / var / www / html /

mv compositore.json.dista compositore.json

curl -sS | php

All settings are correct for the use of Composer
Download in progress ...
Composer (version 1.5.5) successfully installed on: /var/www/html/composer.phar
Use it: php composer.phar

php7.0 compositer.phar install

Do not run Composer as a root / super user! See for details
Loading composer repositories with package information
Update of dependencies (including require-dev)
Package operations: 0 installations, 5 upgrades, 0 removals
- Championship update / flysystem-sftp (1.0.14 => 1.0.15): Download (100%)
- Updating doctrine / inflector (v1.1.0 => v1.2.0): Download (100%)
- Updating doctrine / collections (v1.3.0 => v1.4.0): Download (100%)
- Updating doctrine / annotations (v1.2.7 => v1.4.0): download (100%)
- Updating doctrine / common (v2.6.2 => v2.7.3): Download (100%)
Writing the lock file
Generating autoload files
> Bolt Composer ScriptHandler :: updateProject
> Bolt Composer ScriptHandler :: installAssets
Installing bolt_assets on / var / www / html / public / bolt-public

After installing Composer, open a browser and go to your IP address or domain name of the server via the HTTPS protocol. On the first installation screen, create the first Bolt CMS user name, add a strong password for this user, and provide the e-mail address and display name for the Bolt administrator account. When you finish, hit Create the first user button to save the changes.

Bolt CMS installer

After creating the username for the Bolt administrator, you will be redirected to the Bolt CMS administrator's bulletin board, from which you can start further configuration of the application or add some website content.

Bolt CMS Dashboard

To visit the Bolt CMS web page, open a browser and go to your domain name or IP address of the server using the HTTPS protocol.

https: //www.yourdomain.tld

Bolt CMS sample site

You can access the Bolt CMS backend administration panel at the following URL. To log in, provide the username and password configured for the initial account during the installation process.

https: //www.yourdomain.tld/bolt/login

Bolt Login CMS

Finally, to force visitors to navigate safely in the Bolt CMS interface via HTTPS protocol, return to the server console and change the .htaccess file located in the root path of the public directory document, by running the command below.

nano /var/www/html/public/.htaccess

Here, look for the line that starts with open the tag and add the following lines afterwards RewriteEngine on Directive.

# Redirect to HTTPS
RewriteCond% {HTTPS} disabled
RewriteRule (. *) Https: //% {SERVER_NAME} / $ 1 [R,L]

At the bottom of the file, you can tamper with the PHP server settings to match the resources and configurations of your server, as shown in the following example.

php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 50M
php_value post_max_size 50M

Congratulations! You have successfully installed the modern Bolt CMS application on the Debian 9 server. To further customize the application, visit the Bolt CMS documentation page at the following address:

Source link

Leave a Reply

Your email address will not be published.