Install Polr with a LEMP Stack on Ubuntu 20.04

Published on August 2, 2021•Updated on July 25, 2024

Introduction

Polr is a free and open-source link shortener written in PHP and powered by the Lumen framework. It allows you to host your URL shortener and to gain control over your data. Its significant features include a management dashboard, detailed link analytics, and a robust API.

This tutorial guides you through the process of installing Polr on Ubuntu 20.04 LTS and setting up HTTPS with a free Let's Encrypt TLS certificate.

Prerequisites

A Ubuntu 20.04 server.
Follow Vultr's best practices guides to create a sudo user and update the Ubuntu server.
(Optional) Configure the Ubuntu firewall with ports 80, 443, and 22 open.

This tutorial assumes you own a domain name such as example.com, and you have pointed it to the server IP address. If not, replace example.com with the server IP address.

Make sure to replace example.com in the code examples with your domain name or IP address.

1. Install PHP

At the time of this writing, the latest version of PHP compatible with Polr is 7.3. But, the official Ubuntu 20.04 repositories only offer PHP 7.4. Therefore, you must use another 3rd-party repository to install PHP 7.3.

ppa:ondrej/php is an Ubuntu repository developed by Ondřej Surý, a long-time Debian developer. It offers both PHP 5.6, PHP 7.0 – 7.4, and PHP 8.0. You can install PHP 7.3 now, and when Polr supports newer PHP versions, you can also install them.

Add the ppa:ondrej/php repository.

 $ sudo LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php

Install PHP-FPM and other necessary PHP extensions.

 $ sudo apt -y install php7.3-cli php7.3-common php7.3-curl php7.3-fpm php7.3-json php7.3-mbstring php7.3-mysql php7.3-xml

List all the time zones that your Ubuntu system supports. Use the Up / Down keys to move through the list, and press Q to exit.
```
 $ timedatectl list-timezones
```
Copy an appropriate time zone from the list, for example, America/New_York. Then update your Ubuntu system with that time zone.
```
 $ sudo timedatectl set-timezone America/New_York
```
Edit the main PHP configuration file to tell PHP to use the new time zone. This tutorial uses nano as the editor, but you can use another editor such as vim.
```
 $ sudo nano /etc/php/7.3/fpm/php.ini
```
Find the line ;date.timezone =. Remove the semicolon and add your time zone. For example:
```
 date.timezone = America/New_York
```
Save the configuration file and exit.
To enhance the security of your server, create a dedicated user named polr as the user/group of PHP-FPM processes for Polr. This user also owns the Polr source code files/folders.
```
 $ sudo adduser polr
```
Every time you want to add, delete, or update the source code files/folders, you need to switch to this user.

Create the PHP-FPM configuration file from the default one.

 $ sudo cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/polr.conf

Rename the default file to disable it and keep it as a backup.

 $ sudo mv /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.default

Edit the PHP-FPM configuration file.
```
 $ sudo nano /etc/php/7.3/fpm/pool.d/polr.conf
```
In the configuration file, any line starting with ; is a comment.
Search for the following settings, then:
- Replace [www] with [polr]
- Replace user = www-data with user = polr
- Replace group = www-data with group = polr (do not touch the listen.group = www-data setting)
Make sure the listen = /run/php/php7.3-fpm.sock setting does not start with ;. This setting makes PHP-FPM listen on a Unix socket specified by the /run/php/php7.3-fpm.sock file.
Copy and paste the following settings to the end of the file.
```
 catch_workers_output = yes
 php_flag[display_errors] = off
 php_admin_value[error_log] = /var/log/fpm-php/polr/error.log
 php_admin_flag[log_errors] = on

 php_admin_value[session.save_path] = /var/lib/php/session.polr
```
Those settings make PHP-FPM log error messages to the /var/log/fpm-php/polr/error.log file instead of displaying them to website users and store session data in the /var/lib/php/session.polr folder.
Save the configuration file and exit.

Create two folders to store PHP logs and session data.

 $ sudo mkdir -p /var/log/fpm-php/polr
 $ sudo mkdir -p /var/lib/php/session.polr

Update the ownership and permissions of the two folders so that only the PHP-FPM processes of Polr can write to them.

 $ sudo chown polr:polr /var/log/fpm-php/polr
 $ sudo chmod 700 /var/log/fpm-php/polr
 $ sudo chown polr:polr /var/lib/php/session.polr
 $ sudo chmod 700 /var/lib/php/session.polr

Check the new configuration.
```
 $ sudo php-fpm7.3 -t
```
Restart the PHP-FPM service for the changes to take effect.
```
 $ sudo systemctl restart php7.3-fpm.service
```

2. Install MySQL

The minimum version of MySQL supported by Polr is 5.5. However, you can install MySQL version 8.0 from the official Ubuntu 20.04 repositories to fulfill this requirement.
```
 $ sudo apt -y install mysql-server
```
Run the mysql_secure_installation script to enhance the security of MySQL.
```
 $ sudo mysql_secure_installation
```
To enforce strong passwords, press Y and Enter to set up the VALIDATE PASSWORD component. Then press 1 and Enter to select the MEDIUM password policy, which is secure enough.

With this policy, MySQL requires all passwords to includes numeric, mixed case, and special characters. You can use a free password manager like KeePassXC or an online tool such as Random Password Generator to generate strong passwords.

Enter a strong password twice for the MySQL root user. Then press Y and Enter to confirm.

Press Y and Enter for any remaining questions to accept the recommended options.
Connect to the MySQL command line as the MySQL root user.
```
 $ sudo mysql -u root
```

Create a MySQL database named polr for Polr.

 mysql> CREATE DATABASE polr CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Create a MySQL user named polr for Polr. Replace password with a strong password.

 mysql> CREATE USER 'polr'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
 mysql> GRANT ALL PRIVILEGES ON polr.* TO 'polr'@'localhost';
 mysql> FLUSH PRIVILEGES;

Exit the MySQL command line.
```
 mysql> exit
```

3. Install Polr

Download the Source Code

Retrieve the code from GitHub.
```
 $ cd ~ && wget https://github.com/cydrobolt/polr/archive/refs/tags/2.3.0b.zip
```
At the time of this writing, the latest stable version of Polr is 2.3.0b. Of course, you can always visit the Polr releases page on GitHub to get the latest version.
Install the unzip package to extract the archive.
```
 $ sudo apt -y install unzip
```
Extract the archive.
```
 $ unzip 2.3.0b.zip
```
Set polr as the owner of the source code folder.
```
 $ sudo chown -R polr:polr polr*
```
Move the source code folder to /var/www/polr because, traditionally, the source code folders of websites are in the /var/www folder.
```
 $ sudo mkdir /var/www
 $ sudo mv polr* /var/www/polr
```

Install Dependencies

Polr requires Composer, the PHP dependency manager, to manage its dependencies.

Install Composer with the following command.

 $ cd ~ && curl -sS https://getcomposer.org/installer | php

Make the composer command globally available.

 $ sudo mv composer.phar /usr/local/bin/composer

Switch to the polr user before installing Polr dependencies.
```
 $ sudo su polr
```

Install dependencies with Composer.

 $ cd /var/www/polr && composer install --no-dev -o

Copy the provided configuration file to enable the web-based installer.
```
 $ cp .env.setup .env
```
Switch back to the sudo user to continue with the setup.
```
 $ exit
```

4. Install Nginx

Install Nginx with the following command.
```
 $ sudo apt -y install nginx
```

Disable the default configuration.

 $ sudo rm /etc/nginx/sites-enabled/default

Create a new configuration file for Polr.

 $ sudo nano /etc/nginx/sites-available/polr-http.conf

Paste the following contents:

 server {
   listen 80;
   listen [::]:80;

   server_name example.com;

   root  /var/www/polr/public;
   index index.html index.php;

   # All URLs are processed by index.php
   location / {
     try_files $uri $uri/ /index.php$is_args$args;
   }

   # Pass PHP files to PHP-FPM listening on /run/php/php7.3-fpm.sock
   location ~ \.php$ {
     try_files $uri =404;

     # Mitigate https://httpoxy.org/ vulnerabilities
     fastcgi_param HTTP_PROXY "";

     fastcgi_pass unix:/run/php/php7.3-fpm.sock;
     fastcgi_index index.php;
     include fastcgi.conf;
   }

   # Set expiration of assets to MAX for caching
   location ~* \.(jpg|jpeg|gif|png|css|js|ico|svg|eot|ttf|woff|woff2|otf)$ {
     expires max;
     log_not_found off;
   }
 }

Save the configuration file and exit.

Enable the new configuration.

 $ sudo ln -s /etc/nginx/sites-available/polr-http.conf /etc/nginx/sites-enabled/polr-http.conf

Add the www-data user to the polr group so that Nginx processes can access the Polr source code folder.
```
 $ sudo usermod -aG polr www-data
```
Check the new configuration.
```
 $ sudo nginx -t
```
Reload the Nginx service for the changes to take effect.
```
 $ sudo systemctl reload nginx.service
```

5. (Optional) Configure HTTPS

If you own a valid domain name, you can set up HTTPS for your Polr at no cost. Using the Certbot program, you can get a free TLS certificate from Let's Encrypt, a certificate authority.

Install Certbot with Snap

Snap Store is an app store for Linux with millions of users. Ubuntu has built-in Snap Store support that makes it easy to get the latest version of Certbot with features like automatic certificate renewal.

$ sudo snap install --classic certbot

Make the certbot command globally available.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Get a Let's Encrypt Certificate

Rename the HTTP configuration file to make it the template for the HTTPS configuration file.

 $ sudo mv /etc/nginx/sites-available/polr-http.conf /etc/nginx/sites-available/polr-https.conf

Create a new configuration file to serve HTTP requests.

 $ sudo nano /etc/nginx/sites-available/polr-http.conf

Paste the following contents:

 server {
   listen 80;
   listen [::]:80;

   server_name example.com;

   root /var/www/polr/public;

   location / {
       return 301 https://$server_name$request_uri;
   }

   location /.well-known/acme-challenge/ {}
 }

This configuration makes Nginx redirect all HTTP requests, except those from Let's Encrypt, to corresponding HTTPS requests.

Save the configuration file and exit. Then check the Nginx configuration.
```
 $ sudo nginx -t
```
Apply the new configuration.
```
 $ sudo systemctl reload nginx.service
```
Run the following command to get the Let's Encrypt certificate.
```
 $ sudo certbot certonly --webroot -w /var/www/polr/public -d example.com -m admin@example.com --agree-tos
```
You may need to answer a question about sharing your email with the Electronic Frontier Foundation.

When finished, certbot tells you the path of your certificate file and key file:

/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem

Another critical file, located in the same folder, also needed for the next step, is chain.pem.

Install the Certificate with Nginx

Generate a file with DH parameters for DHE ciphers.
```
 $ sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
```
2048 is the recommended size of DH parameters. This process may take a while, so please be patient.

Update the HTTPS configuration file.

 $ sudo nano /etc/nginx/sites-available/polr-https.conf

Find the following lines:

   listen 80;
   listen [::]:80;

Replace them with:

   listen 443 ssl http2;
   listen [::]:443 ssl http2;

   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

   ssl_session_timeout 1d;
   ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

   # DH parameters file
   ssl_dhparam /etc/nginx/dhparam.pem;

   # intermediate configuration
   ssl_protocols TLSv1.2;
   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;

   # HSTS (ngx_http_headers_module is required) (63072000 seconds)
   #
   # Uncomment the following line only if your website fully supports HTTPS
   # and you have no intention of going back to HTTP, otherwise, it will
   # break your site.
   #
   # add_header Strict-Transport-Security "max-age=63072000" always;

   # OCSP stapling
   ssl_stapling on;
   ssl_stapling_verify on;

   # verify chain of trust of OCSP response using Root CA and Intermediate certs
   ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

   # Use Cloudflare DNS resolver
   resolver 1.1.1.1;

Save the configuration file and exit.

Enable the new configuration.

 $ sudo ln -s /etc/nginx/sites-available/polr-https.conf /etc/nginx/sites-enabled/polr-https.conf

Check the Nginx configuration.
```
 $ sudo nginx -t
```
Apply the new configuration.
```
 $ sudo systemctl reload nginx.service
```

Automate Renewal

Let's Encrypt certificates are valid for 90 days, so you must renew your TLS certificate at least once every three months. The Certbot installation automatically created a systemd timer unit to automate this task.

Run the following command to verify the timer is active.
```
 $ sudo systemctl list-timers | grep 'certbot\|ACTIVATES'
```
After renewing the certificate, Certbot will not automatically reload Nginx, so Nginx still uses the old certificate. Instead, you must write a script inside the /etc/letsencrypt/renewal-hooks/deploy folder to reload Nginx.

Open your text editor.

 $ sudo nano /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh

Paste the following contents:

 #!/bin/bash

 /usr/bin/systemctl reload nginx.service

Save and exit.

Make the script executable.

 $ sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh

Test the renewal process with a dry run.
```
 $ sudo certbot renew --dry-run
```

This Vultr article explains all the above steps in more detail. This kind of TLS setup gives you an A on the SSL Labs test.

6. Complete the Polr Setup

Restart the server.
```
 $ sudo reboot
```
Wait a moment for the system to boot, then open the http://example.com link in your browser.

The Setup screen appears with many settings. Here are the fundamental ones:
- Database Username: enter polr
- Database Password: enter the database password you created in step 2
- Database Name: enter polr
- Application Protocol: enter https:// if you have set up HTTPS in step 5. If not, enter http://
- Application URL: enter example.com
- Shortening Permissions: choose between Anyone can shorten URLs and Only logged in users may shorten URLs
- Admin Username: enter a desired name
- Admin Password: enter a strong password
For the remaining settings, customize them to fit your specific needs or accept their default values.
Click the Install button at the bottom of the screen to start the installation. When finished, Polr redirects you to the Setup Complete screen.

Behind the scenes, Polr has just saved all the settings in the /var/www/polr/.env configuration file. If you have programming experience, you can edit this file to change the settings as needed.

Your Polr website is now ready. You may log in or access the home page to create shortened links.

Install Polr with a LEMP Stack on Ubuntu 20.04

Introduction

Prerequisites

1. Install PHP

2. Install MySQL

3. Install Polr

Download the Source Code

Install Dependencies

4. Install Nginx

5. (Optional) Configure HTTPS

Install Certbot with Snap

Get a Let's Encrypt Certificate

Install the Certificate with Nginx

Automate Renewal

6. Complete the Polr Setup

Products

Features

Marketplace

Resources

Company