Setting up mautic at DigitalOcean

Create a Droplet

Create a regular ubuntu 18.04 droplet for USD 5 / mo. It's important to use 18.04 since mautic does not yet support PHP 7.4.

Droplet Configuration

Install requiremed software: apache2 composer, mysql and unzip

apt install apache2 composer mysql-server unzip -y

Configure mysql securely:

mysql_secure_installation

Configure mysql password for root - don't forget to replace <password> with the password you want to use:

mysql -uroot
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<password>';

Install PHP 7.2 (FPM):

apt install php7.2 php7.2-fpm php7.2-curl php7.2-mysql php7.2-xml php7.2-mbstring php7.2-opcache php7.2-zip php7.2-intl php7.2-bcmath php7.2-imap -y

Configure PHP 7.2 (FPM)

vi /etc/php/7.2/fpm/php.ini

and add the following lines in php.ini

upload_max_filesize = 1G 
post_max_size = 1G 
memory_limit = 1G 
max_execution_time = 1800 
max_input_vars = 9000 
max_input_time = 9000

# set to your timezone
date.timezone = Europe/Berlin

Install apache modules and restart apache

a2enmod proxy_fcgi;a2enmod ssl;a2enmod rewrite;service apache2 restart

Change 000-default.conf to handle certbot certificates

vi /etc/apache2/sites-available/000-default.conf

Replace the content with this configuration. It will take care that requests for certificate challenges are always answered correctly:

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^/.well-known/

        RewriteRule (.*) %{HTTP_HOST}%{REQUEST_URI} [L,R=301]

        <FilesMatch ".php$">
                SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
        </FilesMatch>
</VirtualHost>

Restart Apache

service apache2 restart

Install certbot for SSL certificates

apt install certbot -y

Provision a certificate. Replace "domain.tld" with your domain

letsencrypt certonly --webroot -w /var/www/html -d domain.tld

If everything goes smooth you'll see a "Congratulations" message.

Add a cronjob to periodically renew the certificate

crontab -e

Add the following line to crontab:

15 4 * * 1 letsencrypt renew && service apache graceful

Mautic setup

Get the latest version of mautic /ZIP) at GitHub: https://github.com/mautic/mautic

wget github.com/mautic/mautic/archive/master.zip

Unzip the file

unzip master.zip

Rename the directory

mv mautic-master mautic

Change to directory and compose it

cd mautic
composer install

Set the correct permissions

cd /var/www/mautic
chown -R www-data:www-data .
find . -type d -not -perm 755 -exec chmod 755 {} +
find . -type f -not -perm 644 -exec chmod 644 {} +
chmod -R g+w app/cache/ app/logs/ app/config/
chmod -R g+w media/files/ media/images/ translations/

Create an apache configuration file for mautic

vi /etc/apache2/sites-available/001-mautic.conf

With the following content (replace mautic.citysports.de with your domain)

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName mautic.citysports.de
                ServerAdmin [email protected]

                DocumentRoot /var/www/mautic

                ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: %M"
                ErrorLog ${APACHE_LOG_DIR}/mautic-error.log
                CustomLog ${APACHE_LOG_DIR}/mautic-access.log "%u %t \"%r\" %>s %b"

                SSLEngine on
                SSLCertificateFile      /etc/letsencrypt/live/mautic.citysports.de/cert.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/mautic.citysports.de/privkey.pem
                SSLCertificateChainFile /etc/letsencrypt/live/mautic.citysports.de/chain.pem

                <Directory /var/www/mautic>
                        AllowOverride All
                        Options Includes FollowSymLinks MultiViews
                </Directory>



                <FilesMatch \.php$>
                        SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
                </FilesMatch>
        </VirtualHost>
</IfModule>

Activate the configuration and restart the server:

a2ensite 001-mautic.conf
service apache2 graceful

Prepare the database for mautic

mysql -uroot -p

execute the following command

CREATE USER 'mautic'@'%' IDENTIFIED WITH mysql_native_password BY '<password>';GRANT USAGE ON *.* TO 'mautic'@'%';ALTER USER 'mautic'@'%' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;CREATE DATABASE IF NOT EXISTS `mautic`;GRANT ALL PRIVILEGES ON `mautic`.* TO 'mautic'@'%';