How to Install Zulip Chat Server on Debian 9

On this tutorial, I’ll present you find out how to set up and configure the most recent Elgg model on Debian 9 to be able to create a free on-line social community.

Elgg is a free open supply social engine framework software program written in PHP programming language. The Elgg framework might help people or organizations to create highly effective social environments in Linux underneath Apache/Nginx internet servers, PHP and MySQL/MariaDB database administration system, also called LAMP or LEMP stack.  It additionally has built-in options that may energy file sharing, running a blog, social teams or instructional platforms on public or personal networks.

With a view to efficiently deploy the Elgg platform in your premises, you’ll need to fulfill the next necessities.

  • A digital machine or a digital personal server powered by Debian 9, ideally minimal set up
  • Direct entry to root account or a neighborhood consumer with root powers through server console or distant administration through SSH
  • The server wants a static IP deal with configured for the exterior community interface to be able to entry through its public IP deal with to guests
  • You may also want a public or personal area identify configured to your server so guests can entry the platform through a website identify, comparable to, though you possibly can nonetheless entry the platform through your server IP deal with.
  • With a view to use Elgg web site registration through e-mail deal with, or use different platform options, that you must deploy a mail server at your premises or use a public mail server.


As step one, login to the Debian 9 server with root privileges or with a consumer having root powers and challenge the next command to be able to replace your system with the most recent safety patches, software program and kernel updates.

apt replace

apt improve

Subsequent, be sure to configure the identify of your machine by executing the next instructions. It’s best to substitute the hostname variable used on this instance to match your individual area.

hostnamectl set-hostname

After you’ve configured the machine hostname, confirm if the host has been correctly configured by checking the hosts file with the next instructions.


cat /and so forth/hostname

hostname –s

hostname –f

Lastly, to be able to apply machine hostname and kernel updates, reboot the system by issuing the next command.

systemctl reboot

After the system reboots, login again to the console and run the next command to put in some system utilities that may assist us obtain software program over web and extract some archive information sorts

apt set up wget zip unzip curl

Set up LAMP Stack

With a view to deploy the Elgg social community framework on our server, we have to set up the LAMP stack parts. The primary part that we’ll set up is the database – MariaDB – a fork of the favored MySQL database, as database backend. The MariaDB database shall be utilized by the applying to retailer customers, periods, contacts, posts, feedback and different info. With a view to set up MariaDB database server and shopper software program in Debian 9 through the official repositories, challenge the command under in terminal.

apt set up mariadb-server mariadb-client

After the database set up completes, log in to the MySQL console and challenge the next instructions to be able to safe database root account, which will be accessed by default with out supplying a password.

mysql -h localhost

Welcome to the MariaDB monitor.  Instructions finish with ; or g.

Your MariaDB connection id is 2

Server model: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Company Ab and others.


Kind 'assist;' or 'h' for assist. Kind 'c' to clear the present enter assertion.

MariaDB [(none)]> use mysql;

Studying desk info for completion of desk and column names

You may flip off this function to get a faster startup with -A


Database modified

MariaDB [mysql]> replace consumer set plugin=” the place consumer=’root’;

Question OK, 1 row affected (0.00 sec)

Rows matched: 1  Modified: 1  Warnings: 0

MariaDB [mysql]> flush privileges;

Question OK, Zero rows affected (0.00 sec)

MariaDB [mysql]> exit


After you’ve accomplished the above step, execute the mysql_secure_installation script offered by Debian stretch repositories, to be able to additional safe MariaDB server and arrange a robust password for database root account. Primarily, reply “yes” on all requested questions by the script, comparable to: to vary MySQL root password, to take away nameless customers, to disable distant root logins and delete the take a look at database, as illustrated within the under script excerpt.





With a view to log into MariaDB to safe it, we'll want the present

password for the basis consumer.  Should you've simply put in MariaDB, and

you have not set the basis password but, the password shall be clean,

so it is best to simply press enter right here.


Enter present password for root (enter for none):

OK, efficiently used password, transferring on...


Setting the basis password ensures that no person can log into the MariaDB

root consumer with out the correct authorisation.


You have already got a root password set, so you possibly can safely reply 'n'.

Change the basis password? [Y/n] y

New password:

Re-enter new password:

Password up to date efficiently!

Reloading privilege tables..

 ... Success!


By default, a MariaDB set up has an nameless consumer, permitting anybody

to log into MariaDB with out having to have a consumer account created for

them.  That is meant just for testing, and to make the set up

go a bit smoother.  It's best to take away them earlier than transferring right into a

manufacturing setting.


Take away nameless customers? [Y/n] y

 ... Success!


Usually, root ought to solely be allowed to attach from 'localhost'.  This

ensures that somebody can not guess on the root password from the community.


Disallow root login remotely? [Y/n] y

 ... Success!


By default, MariaDB comes with a database named 'take a look at' that anybody can

entry.  That is additionally meant just for testing, and must be eliminated

earlier than transferring right into a manufacturing setting.


Take away take a look at database and entry to it? [Y/n] y

 - Dropping take a look at database...

 ... Success!

 - Eradicating privileges on take a look at database...

 ... Success!


Reloading the privilege tables will make sure that all modifications made to date

will take impact instantly.


Reload privilege tables now? [Y/n] y

 ... Success!

Cleansing up...

All executed!  Should you've accomplished all the above steps, your MariaDB

set up ought to now be safe.

Thanks for utilizing MariaDB!

With a view to take a look at MariaDB safety, strive logging in to the database from the console with no root password. The entry to the database must be denied if no password is offered for the basis account, as illustrated within the under command excerpt:

mysql -h localhost -u root

ERROR 1045 (28000): Entry denied for consumer 'root'@'localhost' (utilizing password: NO)

If the password is equipped, the login course of must be granted to MySQL console, as proven within the command pattern:

mysql -h localhost -u root -p

Enter password:

Welcome to the MariaDB monitor.  Instructions finish with ; or g.

Your MariaDB connection id is 15

Server model: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Company Ab and others.

Kind 'assist;' or 'h' for assist. Kind 'c' to clear the present enter assertion.

MariaDB [(none)]> exit


After you’ve put in and secured MariaDB database, it’s time to put in the following parts required to deploy the Elgg utility: Apache HTTP server and PHP programming language processing gateway. With a view to set up Apache internet server and the PHP interpreter alongside with all required PHP modules by means of which the server will execute the applying scripts, execute the next command in your server console.

apt set up apache2 libapache2-mod-php7.Zero php7.Zero php7.0-gd php7.0-opcache php7.0-mbstring php7.0-xml php7.0-mysql

Subsequent, open and modify PHP default configuration file by altering the next PHP variables.  Open /and so forth/php/7.0/apache2/php.ini file for modifying and alter the next traces. initially, make a backup of PHP configuration file.

cp /and so forth/php/7.0/apache2/php.ini{,.backup}

nano /and so forth/php/7.0/apache2/php.ini

Search, edit and alter the next variables in php.ini configuration file:

file_uploads = On
default_charset = UTF-8
memory_limit = 128M
upload_max_filesize = 100M
date.timezone = Europe/London

Enhance upload_max_file_size variable as appropriate to be able to assist giant file attachments to your utility. Additionally, change PHP timezone setting to your system’s geographical location by consulting the record of time zones offered by PHP docs on the following hyperlink

Allow OPCache plugin out there for PHP7 to be able to improve web site load pace by appending the next OPCache settings on the backside of the PHP interpreter configuration file, under the [opcache] assertion, as detailed under:


After you’ve made all of the above modifications, save and shut the php.ini configuration file, restart the Apache internet server to use PHP interpreter modifications by issuing the under command.

systemctl restart apache2

Configure the Firewall

So as to add the required UFW firewall utility guidelines to permit HTTP site visitors to move by means of system firewall, challenge the next instructions within the server console.

ufw enable WWW


ufw enable 80/tcp

In case you’re remotely related to your server through SSH, add the rule under to open SSH port 22 in your firewall.

ufw enable 22/tcp

Should you handle the firewall guidelines in your Debian server through iptables uncooked guidelines, add the next guidelines to permit port 80 and 22 inbound site visitors to move the firewall in order that exterior shoppers can entry the applying. Open port 22/TCP provided that you’re remotely related to the server through SSH.

apt-get set up -y iptables-persistent

iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT

iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl standing netfilter-persistent

systemctl allow netfilter-persistent.service

Configure Apache Web Server

On the following step, allow Apache rewrite module required for altering internet server configurations on the fly through .htacccess file and the TLS module required to safe HTTP transactions, by issuing the under command.

a2enmod rewrite ssl

a2ensite default-ssl.conf

Subsequent, open the Apache default SSL web site configuration file for modifying along with your favourite textual content editor, and add the next URL rewrite guidelines after DocumentRoot directive:

nano /and so forth/apache2/sites-enabled/default-ssl.conf

SSL web site configuration file excerpt:

<Listing /var/www/html>
  Choices +FollowSymlinks
  AllowOverride All
  Require all granted

Additionally, make the change proven under to the VirtualHost line to make it appear like what’s proven within the excerpt that follows:

<VirtualHost *:443>

Add the identical modifications to Apache default configuration file by opening /and so forth/apache2/sites-enabled/000-default.conf file for modifying. Insert the next traces of code after DocumentRoot assertion as proven within the instance under.

<Listing /var/www/html>
  Choices +FollowSymlinks
  AllowOverride All
  Require all granted

Lastly, restart Apache daemon to use all guidelines configured to date and go to your area or server IP deal with through HTTP protocol.

systemctl restart apache2

Since you’re utilizing the routinely Self-Signed certificates pairs issued by Apache at set up, for a certificates that’s untrusted by the browser, an error warning must be displayed within the browser. Settle for the warning to be able to settle for the untrusted certificates and proceed to be redirected to Apache default internet web page, as illustrated within the under picture.


SSL Warning

Apache default page

With a view to enable HTTPS site visitors to move by means of the UFW firewall, it is best to add the next rule to permit incoming 443/TCP site visitors by issuing the command under.

ufw enable ‘WWW Full’


ufw enable 443/tcp

If iptables is the default firewall utility put in to guard your Debian system at community stage, add the next rule to permit port 443 inbound site visitors within the firewall in order that guests can browse your area identify.

iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl standing netfilter-persistent

Lastly, create the PHP information file in your internet server doc root path by executing the next command.

echo ‘<?php phpinfo(); ?>’| tee /var/www/html/information.php

Go to the PHP information script file by opening a browser on the following URL:


Confirm PHP settings and scroll all the way down to date configuration to examine the PHP timezone configuration.

PHP date settings

Set up Elgg Software program

With a view to deploy the Elgg social community platform in your system, first go to the Elgg official obtain web page at  and seize the most recent zip bundle compressed archive by issuing the under command.

wget -O


Subsequent, extract the Elgg zip archive file to your present working listing and record the extracted information by issuing the next instructions.


ls -al elgg-2.3.5

On the following step, delete the default index.html file put in by Apache internet server to webroot path and the data.php file created earlier by issuing the under instructions.

rm /var/www/html/index.html

rm /var/www/html/information.php

Subsequent, copy all of the content material of the extracted Elgg listing, together with the hidden .htaccess file, into your internet server doc root path by issuing the next command.

cp -rf elgg-2.3.5/* /var/www/html/

cp elgg-2.3.5/.htaccess /var/www/html/

After you’ve copied Elgg set up information to your area webroot path, create a listing named knowledge for Elgg utility, one stage up your area webroot, by issuing the next command. The info listing shall be utilized by Elgg utility to retailer numerous consumer associated information. This knowledge listing will be created anyplace in your server filesystem hierarchy, with the comment that you could grant Apache runtime consumer the write permissions to this listing.

mkdir  /var/www/knowledge

chown www-data:www-data /var/www/knowledge

Subsequent, execute the under instructions to be able to grant Apache runtime consumer with full write permissions to the online root path. Use the ls command to record permissions for utility’s put in information situated within the /var/www/html/ listing.

chown -R www-data:www-data /var/www/html/

ls –al /var/www/html/

Earlier than starting with the set up course of through an online browser, log in to the MariaDB database console and create the Elgg database and a consumer with a password that shall be used to handle this database, by issuing the next instructions. Be sure you substitute the database identify, consumer and password used on this tutorial accordingly.

mysql –u root -p

Welcome to the MariaDB monitor.  Instructions finish with ; or g.

Your MariaDB connection id is 2

Server model: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Company Ab and others.


Kind 'assist;' or 'h' for assist. Kind 'c' to clear the present enter assertion.

MariaDB [(none)]> create database elgg_db;

Question OK, 1 row affected (0.00 sec) 

MariaDB [(none)]> grant all privileges on elgg_db.* to ‘elgg_user’@’localhost’ recognized by ‘password1234’;

Question OK, Zero rows affected (0.00 sec) 

MariaDB [(none)]> flush privileges;

Question OK, Zero rows affected (0.00 sec) 

MariaDB [(none)]> exit


Now, let’s proceed with Elgg set up. First open a browser and navigate to your server’s IP deal with or area identify or server FQDN through HTTPS protocol.


On the welcome display screen, the installer will show an introduction message that informs you that Elgg platform software program would require six steps to observe to be able to set up the applying. Simply hit on Subsequent button to be able to begin the set up course of, as illustrated within the under screenshot.

Welcome to Elgg

Subsequent, the Elgg installer will parse your system and examine if PHP and internet server necessities are met for putting in the applying. Hit on Subsequent button, to proceed the set up course of, as proven within the under screenshot.

Elgg Requirements

Within the subsequent set up display screen, configure the MySQL database settings by supplying MySQL database identify, server host (use localhost if the database is put in on the identical node), the database username and the password created earlier for putting in Elgg. Use the database desk prefix as default or change it if you wish to add an additional layer of safety to your utility. Lastly, choose your default timezone setting for the applying and hit on Subsequent button to maneuver to the following set up display screen. Use the under screenshot as a information to configuring this step.

Database settings

On the following step, configure the Elgg web site by including a reputation for the positioning and an electronic mail deal with for consumer communication. Additionally, change the positioning URL deal with if it was not appropriately detected and add the complete path to web site knowledge listing. Lastly, setup your default web site entry stage for newbies and hit on Subsequent button to proceed the set up course of.

Configure site in Elgg

Subsequent, create the primary admin account to your web site, by filling the Show Title area with the identify of your admin account. Additionally, add the admin account electronic mail deal with, username and password, as illustrated within the under picture. Once you full this step, hit on Subsequent button to proceed and end the set up course of.

Create admin account

After the set up course of completes, hit on “Go to site” button to be able to be redirected to the Elgg admin dashboard.

Elgg Installation is finished

After you’ve been logged in to Elgg dashboard, navigate to Configure -> Plugins menu from proper panel and begin enabling your required Elgg plugins by hitting on the Activate button for the chosen plugin.

Elgg admin panel

You can even go to Elgg utility by navigating to your server IP deal with or area identify through HTTPS protocol. Use the credentials configured for admin account throughout the set up course of to be able to log in to Elgg social engine utility, as proven within the under screenshot.


Elgg Social network

As the ultimate step, if you wish to power guests to securely browse the Elgg web site through HTTPS protocol that encrypts the site visitors between the server and shopper browsers, return to the Debian server console and edit the .htaccess file situated in your web site doc root path, by issuing the under command.

nano /var/www/html/.htaccess

In .htaccess file, seek for the <IfModule mod_rewrite.c> line and add the under guidelines after RewriteEngine On assertion to be able to routinely redirect all of your area site visitors to HTTPS.

RewriteEngine On
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

Right here, it’s also possible to change some PHP variables to your web site. Seek for <IfModule mod_php7.c> directive and underneath this line add your individual PHP settings comparable to: improve the file add measurement for the area or disable some server default PHP configurations, as proven within the under excerpt:

# Alter internet server PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

To ensure that the Elgg utility to ship out queued notifications, rotate system logs in database and accumulate rubbish within the database (compacting the database by eradicating entries which might be now not required),  create a crontab file for with the under configurations.  Additionally, this crontab job should be owned and executed by Apache runtime consumer.

crontab -u www-data –e

Crontab file excerpt. The cron job output of every job shall be discarded to Linux /dev/null blackhole file. Substitute the area identify variable ($ELGG) used on this script accordingly.

GET="curl -k"

OUT=" > /dev/null 2>&1"

* * * * * $GET ${ELGG}cron/minute/${OUT}
*/5 * * * * $GET ${ELGG}cron/fiveminute/${OUT}
15,30,45,59 * * * * $GET ${ELGG}cron/fifteenmin/${OUT}
30,59 * * * * $GET ${ELGG}cron/halfhour/${OUT}
@hourly $GET ${ELGG}cron/hourly/${OUT}
@every day $GET ${ELGG}cron/every day/${OUT}
@weekly $GET ${ELGG}cron/weekly/${OUT}
@month-to-month $GET ${ELGG}cron/month-to-month/${OUT}
@yearly $GET ${ELGG}cron/yearly/${OUT}
@reboot $GET ${ELGG}cron/reboot/${OUT}

Congratulations! The Elgg social media platform has been efficiently put in and configured at your premises in a Debian 9 server. In case you’re utilizing a registered public area identify to show Elgg utility to public-facing guests, it is best to take into account shopping for an SSL certificates issued by a trusted Certificates Authority or get a free certificates pair from Let’s Encrypt CA.

With a view to additional administer the Elgg utility, go to the documentation pages on the following deal with:

How To Create a Self-Signed SSL Cert for Apache in Ubuntu 18.04

Previous article

Netflix is killing off consumer opinions

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in Apache