Tiki Manager
Starting in Tiki25, Tiki Manager can be added as a Package to any Tiki instance. A Tiki Wiki install script has been added to the Pro version of Virtualmin.


This express tutorial is for intermediate IT Admin or fullstack developper that want to setup and publish a website.
We will learn how to setup and use:


To follow this Tiki Tutorial, you need to know how use the shell and a minimum of knowledge about servers, mysql and hosting... or just try and learn ! As long as you don't work with real data you can aways terminate and re-install an instance till you get your Tiki to work. Amazon or Google Cloud offers tier free options so you can fail, learn and retry as long as you want. (during the trial period of course).

If you don't want to experiment, if your time is precious. are in a hurry or don't want to play on live data without knowing what to do, you can always ask me to do it for you or search in the Tiki Consultants list and you'll have professional job done by... a Tiki Specialist. 😉

Server preparation

Install an Amazon Lightsail Instance

Log into your AWS Console (or create you account) and look for Lightsail in the search bar.
Select your instance location (the region you want the server to be set for... the closer to your targeted users the better) and pick your instance image by selecting a platform.
Following our case, pick your instance image by clicking on "Linux/Unix" blueprint choose "OS Only" and select Debian11.x.
Note: They are other possible options if you select "Apps + OS" like LAMP, Ngnix or CPanel, etc. While I prefer to control exactly what is installed, you may prefer one of them and "kind-of" follow this tutorial. Same for OS choice, this tutorial is about setting up a Debian Linux but you can select something else and adapt this tutorial instructions to get the same result in the end.

Install Tiki On Lightsail Tutorial Select OS

Below those selectors, you will be asked to use a new default SSH key or to change the SSH key linked to this account if one exist already.
Depending your case, select to use the default key created with your instance (you will need to download it into your computer, user/.ssh folder), upload an existing key or use an existing one for this account.
If you don't have an SSH key linked to your account you will be guide to create a new SSH key pair and help will be provided.

Choose your instance plan (I suggest you start with the cheapest as you can always upgrade your plan).
Identify your instance by giving it a name. While you can add tags, I suggest you be descriptive to avoid being lost later if you create other instances (for development or test).
Click on the orange buttons "Create instance". Your instance should be running in a minute and you should be already able to use the integrated SSH console by clicking on the terminal icon ( )

First connection to your server/instance

Once the instance is running you can start managing it. While we can connect and use the HTML was terminal, we want to use our own shell or terminal from our local computer.

The first thing to do is to check you can connect to your server (the public instance IP) using your own terminal (putty, terminal or any of your preferred) to have shell access.
The user set for the Debian Linux is "admin". So I need to ssh to my public instance IP using the key pair (set above) with the admin user.

If you didn't set the SSH key during the instance creation

SSH Key pair may be complicate story if you are not oriented IT Admin.
In very short, if you select to use the default key this is what I would do (replace "LightsailDefaultKeyPair-us-east-1.pem" with your key filename).
Download the key into my computer, move the file to my ~/.ssh directory and set the correct file permissions:

Set per file permissions
Copy to clipboard
sudo chmod 600 ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem

Then I should be able to use the following to connect :

SSH using the stored default key
Copy to clipboard
ssh -i ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem admin@xx.xx.xx.xx

You can find here more documentation about this : https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-ssh-using-terminal

Your environment specifies an invalid locale.

You may have some warning about "locale" it is up to you to fix it now or later. (by default I use : en_US.UTF-8 UTF-8)

Fix locale warning

You need to connect as "admin" and run the following command to skip the locale check:

Skip local check
Copy to clipboard
sudo touch /var/lib/cloud/instance/locale-check.skip


Eventually you may prefer to dive a little deeper and fix the issue and not just skip the check.
Log as the root user.

Switch for the Super user (root)
Copy to clipboard
sudo su
select your locales, recommended: en_US.UTF-8
Copy to clipboard
sudo dpkg-reconfigure locales

Select the local needed (I always work in English therefor select so I select en_US UTF-8.

re-generate the locale on your server
Copy to clipboard
sudo locale-gen


To tight it up, enter those two shell command: LC_CTYPE=en_US.UTF-8 and LC_ALL=en_US.UTF-8
(export LC_CTYPE=en_US.UTF-8, export LC_ALL=en_US.UTF-8 in some case)


Once you passed this step we can continue with the install.

Lightsail Networking and security group

To allow access to your "secured" site and the Virtualmin control panel we need to go to the Lightsail instance control panel and select "Networking".
By default port 22 and 80 should be already open.
Set security group and "Add rule" to open additional ports 443 (ssl) and 10000 (virtualmin).
I usually open 80 and 443 to all traffic (no IP restriction) and restrict access to 22 and 10000 to my IP only. (we are never too safe ! )

While we are here, another important thing you want to do, especially if you are going to work with a domain name is to create a static IP.
Just follow the onscreen instruction it is very easy.

Be aware that you may have to reboot the instance so your security settings are properly applied.

Set and use root login

As Lightsail allow you to login using a default admin from which you can login with root, setting external access for the root user may be discutable and it will be up to you to set this or not.
However, for me to diagnose or manage my virtual domains correctly so I usually setup an SSH root access using elaborated password and fail2ban mechanism (if someone, a bot, try too many time to connect using SSH it is blacklisted from accessing my server).

Logged as the default "admin" user. (I use nano but it is the same with VI, VIM or any editor)

Switch for the Super user (root)
Copy to clipboard
sudo su
Edit ssh configuration file
Copy to clipboard
nano /etc/ssh/sshd_config

Change #PermitRootLogin prohibit-Password to PermitRootLogin yes
and #PasswordAuthentication no to PasswordAuthentication yes and of course save your changes.
You will need to remove a small script that forbid root to use his SSH key

Edit the authorized_keys file
Copy to clipboard
nano ~/.ssh/authorized_keys

The script begins with "no-port-fowarding..." you need to remove this script up to the ssh key itself that starts with "ssh-rsa...".
That way the ssh key will be accessible to the ssh login.

Restart SSHD to validate changes
Copy to clipboard
systemctl restart sshd
Set the root password
Copy to clipboard
passwd root
Reboot your instance
Copy to clipboard
sudo reboot

You will be disconnected, reconnect and check everything is working fine when you login as root.

Login as root
Copy to clipboard
ssh root@xx.xx.xx.xx (your instance IP)

 The following depend of the status of your domain name
There are cases, like when you are transferring a domain, your final production domain is set to another Name Server. You may use a temporary (but real) domain name, like a subdomain or anything else and change the following settings later.

Check your hostname

For VirtualMin/Webmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname file.

Copy to clipboard
hostname

By default it will display the instance internal IP (later on Virtualmin won’t like it) and it should display your hostname mostly your domain name like "mydomain" (without http or https)

You need to change this and set it for your host name (yourdomain.com)

Copy to clipboard
sudo nano /etc/hostname


You need also to check and add your host to the hosts file.
But if you do it directly (editing /etc/hosts) the changes will be reverted on the next reboot.
To make it permanent, you need to modify the template used to recreate on each reboot the hosts file.

Edit hosts.debian.tmpl
Copy to clipboard
sudo nano /etc/cloud/templates/hosts.debian.tmpl

After the "fqdn" and "hostname" variables add your yourdomain. It should look like this;
127.0.1.1 { {fqdn}} { {hostname}} yourdomain

Reboot the server and check changes are permanent.

Copy to clipboard
cat /etc/hosts


After the last Lightsail IP address you should see your hostname without extension (TLD). It should look like this:
127.0.1.1 ip-172-xx-x-xxx.eu-west-3.compute.internal ip-172-x-xx-xxx yourdomain

Update your Debian server

We want to work on the last version of the dozens of software and library your server will depend on. Log onto your server and update/upgrade it with the following commands:

Copy to clipboard
sudo apt update sudo apt upgrade


You may have to answer some questions or do some action to "continue".

Install Webmin and Virtualmin

We will download Virtualmin automated install script and run it. It is basically a shell script that will handle rest of the installation once executed.

Download Virtualmin install script
Copy to clipboard
wget https://software.virtualmin.com/gpl/scripts/install.sh

You can do a full install but also you can do a minimal install which will spare the instance resources. For exemple where I don't need a mail server I do minimal install.

Full install of Virtualmin
Copy to clipboard
sudo sh install.sh
Minimal install of Virtualmin
Copy to clipboard
sudo sh install.sh --minimal


You may see a low memory notice:
"ERROR Memory is below 1024 MB. A full installation may not be possible."

I believe that this will come as the cheapest LightSail has only 512M or 1GB memory available. Just continue, create a swap file and accept Virtualmin request to use disk space. ("y" twice)
You should see now the different components being installed one by one.
This is taking some times... Just wait for the process to complete.

It should end with:
"SUCCESS to configure at https://ip-xxx-xxx-xxx-xxx.ap-somewher-2.compute.internal:10000 (or https://xxx.xxx.xxx.xxx:10000)."
Replace the last with your external IP and login to your Virtualmin panel using your root access.

Troubleshooting completing Virtualmin install

 Postinstall configuration returned an error.
I encountered the following error "Postinstall configuration returned an error" once, but it doesn't seems it halt the installation and the Virtualmin control panel was working just fine.


You will now have access to your control panel if the port 10000 is open else, you may need to open the port it on the server. Because by default the Virtualmin will listen to the port Virtualmin. You only have to open this port if all the incoming requests on your server are blocked by default. (check above Lightsail Networking and security group )

Lately I had to reboot one more time the server to have Virtuamin running

Virtualmin setup

Use https://your_server_publicIP:10000 (you can use your a domain name if set already)
View and trust the certificate and login.
Once you are in , follow Virtualmin Post installation wizard.
It is pretty straightforward and everything is done to guide you.

It is ok to use default proposed settings.
Of course we will keep for Tiki Wiki "Run MariaDB database server?" on yes.
You will receive the MariaDB password, wrote it down somewhere if needed later.

For the DNS configuration parameters, it may show a mix with your hostname (the domain your registrar is pointing to) and some AWS internal address. IE : hostname.ec2.internal
Change the value for your domain and complete the process. If your domain is not already redirecting, you can check the " Skip check for resolvability" option.

From here you can end the setup or set additional features.
I always decide to set additional features, especially for security reasons.

Virtualmin post-installation optional features.

Those are the additional options and features settings.
Password storage mode
I don't want to store in clear the passwords used on the server so I select "Only store hashed passwords".
One drawback is that you can't view again a password once set. So each time you create a password you will note it in your password storage application.

MariaDB configuration size
This depend of your usage of the Tiki Wiki instance of course but assuming we are on the smallest LightSail plan we are setting a small instance.
I follow the suggested option: "Small system with 1G of RAM with infrequent MariaDB use"
If needed later I can change this setting.

Location for SSL certificates
Unless you know what you do keep the default.

The next question is... a trap ! 🤗
Setup default virtual server?

If you don't create a default Virtual Server, Virtualmin may load with errors (like: missing postfix maps) so you can solve them later by creating at least one Virtual Server or create one during the installation process and restart Virtualmin (a reboot never hurt once all is set you check things are starting as they should).

If you create one you won't be able to set a few parameters. (SSH key for exemple).
I choose to answer "no" so I can set manually all the parameters for my domain.

Troubleshooting Virtualmin setup

Fixing Postfix virtual maps error

You may see this error: "A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration"
Applied the postfix config script for Virtuamin

Configure postfix for Virtualmin
Copy to clipboard
virtualmin-config-system -i Postfix

DNS server error

You may see this error: "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server"
This is some false check that Virtualmin team is aware of. They planned to remove and fix the issue for Virtualmin 6.17+.
In the meantime, go to System Settings ⇾ Virtualmin Configuration / Advanced options page to set Check resolv.conf for this system to No.

Create your first Virtual Server (your website)

Set your domain name.

The credential... I experienced issues creating a password without SSH public key and I experienced adding an SSH public key without password.
Therefor I'm creating a user password that will be require in a few cases and I add my SSH public key for day to day operation.

In some cases (temporary domain name) I set my "Administration username" same for the "Default database name" as I like to keep track of the Tiki used for a database. (I don't reuse db I clone)

I keep the features as is but disable "Accept mail for domain" if I don't want to use mail for this domain.

I click on create the virtual server and it ends with errors.
This is because Virtualmin, by default, want to request several certificates for domains I won't use and are not set. Things like "admin.mydomain.com" or "webmail.mydomain.com".

To complete properly, return to the Virtual Server List, select your Virtual Server and on the left menu under "Server Configuration", "SSL Certificate" and select the tab "Let's Encrypt".
On the form "Request certificate for" use "Domain names listed here " field and set the domains for whom you will need a certificate. Keep the "Automatically renew certificate?" option to yes and click on the button "Request Certificate".

Additional stuff

Install Let's encrypt certificate


You need first to use your domain name set it at the registrar properly. As long as you use your server IP you can't create the certificate and should skip.
Under Virtualmin => Server Configuration => SSL Certificate click on the "Let's Encrypt" tab and request certificate.
Note that by default Virtualmin want to setup several automatically domains the "Domains associated with this server" list. You may not have set all of them and the process will verify them and fail if they are not accessible. You can use the "Domain names listed here" list and Install you certificate only for the domain you are really using.

 Administrator's mailbox
It may happen that your certificate request fail because Let's Encrypt don't accept your contact email address (check your logs, xxx is an invalid email address. Please ensure it is a valid email and attempt registration again). In this case from the left menu click on "Edit Virtual Server" and set manually the "Contact email" for the "Administrator's mailbox " field.

Checking servers running

On your dashboard you have a panel where you can check servers status. We can see the PHP version running and we need to look (again) at the mail and mailbox application.
Keep Postfix running that is useful for sending email from apps or system notifications.
You can turn off Dovecot and SpamAssassin that do not need to be running on a system that is not receiving or processing mail.
But this will not be permanent. To make it permanent, on the left menu click on "Webmin", "System" and "Bootup and Shutdown".
Select anything "Dovecot" and at the bottom of the page click on "Disable On Boot".

Install several versions of PHP

The following information was valid at the time I wrote this tutorial

Allow "PHP script execution mode" under Virtualmin => Server Configuration => PHP Options
Debian 11 and the installation we've done will will come with one PHP version that may or may not fit your needs.

For exemple at the time I wrote this tutorial, PHP 7.4.x was installed using FMP. This is just fine for your Tiki instance.

Previous information about installing different PHP version

sudo apt install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt update
apt upgrade
{CODE}
This will also install the last version of PHP (php8.0).
From here you can install any PHP package (change version number for what you need) and it will be accessible for your PHP version configuration in Virtualmin

Copy to clipboard
sudo apt-get install php7.4 php7.4-cgi php7.4-cli php7.4-fpm php7.4-mysql php7.4-xml php7.4-gd php7.4-intl php7.4-xsl php7.4-curl php7.4-zip php7.4-mbstring php7.4-bcmath


You can configure which one is the default PHP version used on your new Virtual Servers. You can change that default in System Settings -> Server Templates -> Default -> PHP Options. To set your host or domain PHP version go to Virtualmin -> Server configuration -> PHP version and on that screen you can set the PHP version for your domain.


It is the required version PHP version you should use to run the last Tiki LTS version but it does not include some required library to run Composer

You have to install a few additional libraries and they will be accessible to complete the setup.

Copy to clipboard
sudo apt-get install php7.4-gd php7.4-intl php7.4-curl php7.4-zip php7.4-bcmath

Quota settings

By default your Virtual Server will be limited to the default plan.
While this is enough if you install a Tiki package, you may need more memory to run composer.
Adjust the quota at Edit Virtual Server => Quotas and limits.

Installing git

Install and check git is running

Copy to clipboard
sudo apt install git git --version

Installing Tiki from Tiki repo (anonymous)

Navigate into your html directory. If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
There is at https://tiki.org a complete installation guide
But in short, I use the git clone command to download Tiki. In my case I needed Tiki branch (version) 24.x without previous history (depth=1)

Download Tiki from the git repo
Copy to clipboard
git clone --depth=1 --branch=24.x https://gitlab.com/tikiwiki/tiki.git .

Installing Tiki using ssh (your repo)

To use the SSH key used on your Gitlab account you need to create a config file at your_home/.ssh
For exemple bsfez/.ssh copy the following inside "config" file.

Content of the ssh config file
Copy to clipboard
# GitLab.com Host gitlab.com # User git PreferredAuthentications publickey IdentityFile ~/.ssh/id_rsa

Replace "id_rsa" with your SSH key file and set ownership to your virtual server user and permission to 400 (chmod).

Navigate into your html directory (public_html). If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
There is at https://tiki.org a complete installation guide

Download Tiki from your git repo
Copy to clipboard
git clone --branch=your_branch --depth=1 git@gitlab.com:bsfez/your_repo .


It happen that for the first download you have to point your key file. 🤷🏻‍♂️
You can do it using the following command. (again replace "id_rsa" with you key filename)

Download Tiki from your git repo
Copy to clipboard
git clone --branch=your_branch --depth=1 git@gitlab.com:bsfez/your_repo --config core.sshCommand="ssh -i ../.ssh/id_rsa" .



Then I have to run tiki setup to install Composer files and fix the files and directories permissions.
I want to run PHP7.4 (I have several PHP version installed) so I add the path.

Tiki setup to run php7.4
Copy to clipboard
sh setup.sh -p /usr/bin/php7.4


From here follow the regular Tiki install process (setup.sh (see additional notes below), database creation) and you have a Tiki ready to be installed !

Tiki Installed