CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F12 Apache/MySQL/PHP Services & Applications Joomla

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
Forums
Wiki
F12 Joomla

"Joomla! is a free, open source content management system for publishing content on the world wide web and intranets. Joomla! includes features such as page caching to improve performance, RSS feeds, printable versions of pages, news flashes, blogs, polls, website searching, and language internationalization. Joomla! is licensed under the GPL, and is the result of a fork of Mambo. It is written with the PHP programming language and uses the MySQL database." (Wikipedia Joomla Article)


I first came across Joomla via one of my Graduate Students late Spring 2007, and during the summer decided to test it out since I had been thinking about performing an upgrade to my web server to provide it with some additional functionality. After installation, testing, and evaluation of Joomla, I decided put it into "production", so to speak, by integrating it into the main component of my web server. It is not without its problems, but I enjoy the fact that I now have an ability to easily embed sound, video, a calendar, and news into my site without too much difficulty. A number of bridges have also been developed which also increases its attractiveness 
the biggest being that I can display forum content from phpBB3 on the front page of my website, which gives me a quick way of looking at recent forum activity. I also enjoy the fact that there are third party extensions and modules that can easily installed to increase its flexibility and functionality as well. However, the main reservation (and drawback) that I still have with Joomla is that the back end (i.e., Administrator Panel) is extremely cantankerous to use. Still, the advantages do outweigh the disadvantages, and so I continue to use it.

Be forewarned! If you want to use Joomla, there is a significant learning curve involved, especially if you are not overly familiar with PHP, CSS, or web Content Management Systems in general. I'll cover the basics of getting it installed and up and running here, but that is the easiest step in the entire process. Be prepared to take a couple of weeks (at least )to learn the basics of how to use it 
especially if this is your first time installing it.

Note:  Installing Joomla requires the use of Apache, MySQL, and PHP. Make sure that you have them up and running on your system before trying to install Joomla. See my Apache Web Server, MySQL  Server, and phpMyAdmin pages in particular.

1. Install Joomla

Installation of Joomla requires first heading over to their website:

http://www.joomla.org/

Look for the Download Joomla link
section on the right side of their page. At the time of this writing, the current version of Joomla is 1.0.15. Under the Joomla!1.5.x section click on the Zip file to download it. Once it downloads, create a /var/www/html/joomla subdirectory:
~> sudo mkdir /var/www/html/joomla
Then copy the source tarball to the /var/www/html/joomla directory:
~> sudo cp ~/Download/Joomla_1.5.*-Stable-Full_Package.zip /var/www/html/joomla/.
Change into the /var/www/html/joomla directory:
~> cd /var/www/html/joomla
Then unzip the source:
~> sudo unzip Joomla_1.5.*-Stable-Full_Package.zip
Once the package has been decompressed, delete the source file, and change the ownership of the directory:
~> sudo rm Joomla_1.0.*-Stable-Full_Package.zip
~> cd ..
~> sudo chown -R apache.apache joomla

2. Pre-Installation Installation Tasks

There are a couple of packages that need to be installed before Joomla can be setup:
~> sudo yum install php-gd php-xml php-xmlrpc
Then edit the /etc/php.ini file and look for the date.timezone field. Change it to your local timezone. In my case, I used:
date.timezone = "America/Los_Angeles"
Save and exit, and restart your httpd server:
~> sudo service httpd restart
You should see httpd successfully restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

3. Joomla Installation

Next, open up Firefox and go to:
http://[host].[domain].[name]/joomla/

Select Language


Installation of Joomla starts with selecting the appropriate language. For me, this is en-US - English (US). When you have chosen your language, click Next.

You will be then presented with a Pre-Installation checklist. Since we changed the ownership of the directory to Apache, you should see that configuration.php in the root directory of Joomla (under Required Settings Check), along with all of its subdirectories (under Directory and File Permissions Check), are writable. Assuming you installed Fedora with all available packages, you should automatically have PHP, zlib, XML and MySQL support as well:

PHP Version >= 4.3.10                YES
-Zlib Compression Support           
YES
-XML Support                         YES
-MySQL Support                       YES
MB Language is Default               YES
MB String Overload Off               YES
configuration.php Writable           YES
Under the Recommended Settings Check, you should also see the following:
Directive                Recommended            Actual
Safe Mode:               OFF:                   OFF
Display Errors:          OFF:                  
OFF
File Uploads:            ON:                    ON
Magic Quotes Runtime:    OFF:                   OFF
Register Globals:        OFF:                   OFF
Output Buffering:        OFF:                   OFF
Session auto start:      OFF:                   OFF
Every check at this point should show Green. If not, fix the problem(s) before proceeding further. When ready, click Next at the top of the page.


License Agreement

Assuming that you agree with the license, which uses either the GPL or Lesser GPL, click Next.


MySQL Database Configuration

Since we have already setup MySQL, we can allow Joomla to automatically create a new database. Under the following fields add the appropriate information:
Database Type
mysql

Host Name
localhost

User Name
root

Password
[MySQL's root password]

MySQL Database Name
joomla15

Advanced Settings
Table Prefix:   jos_
Click Next to continue.


FTP Configuration

I do not want to enable FTP on my server, so I chose No. Then click Next.


Enter your Joomla! Site Name and Administration Information

If your database is created correctly, you will be prompted to enter your Site name:
Site Name
Site Name:                [Enter Your Site Name]

Confirm the Admin E-mail and Password
Your E-mail:              [Enter Your Admin E-Mail Address]
Admin Password:           [Enter Your Admin Password]
Confirm Admin Password:   [Confirm Admin Password]
Before clicking Next, decide whether or not you wish to Install Sample Data. If you do, Joomla will create a default home page, which you can then later edit yourself. However, I wanted to start from scratch, and apply a specific template to my site, so I chose not to install the sample data. I was also not migrating from Joomla 1.0.x, so I just clicked Next.

Afterward, you will be given a final warning whether or not you want to accept your settings. Click OK to proceed.



Remove the Installation Directory

The last step is to delete the installation directory:
~> sudo rm -r /var/www/html/joomla/installation/
When you are finished you can either go directly to the Joomla site, or the Administration Panel by clicking on the appropriate button. Be sure to remember your password! Regardless of where you go, there are two directories that you will need to remember:

Base Joomla Page:

http://[host].[domain].[name]/joomla
Administration Panel:
http://[host].[domain].[name]/joomla/administrator
Joomla is now installed, but we are far from done.


4. Password Protect your Administrator Directory

I prefer not to let the world have access directly to my Administrator Login Page. Therefore, I decided to further password protect the directory. To do this, change into the /var/www/html/joomla/administrator/joomla directory and create a .htaccess file with the following information:
AuthUserFile /var/www/html/joomla/administrator/.htpasswd
AuthName "Joomla Administration"
AuthType Basic
Require valid-user
Save the file as .htaccess, and exit. Then create a username and password with the following command:
~> sudo htpasswd .htpasswd [user]
Type in your username for [user] and when prompted for a password, type one in (you will have to re-type it to verify).

Next edit your /etc/httpd/conf/httpd.conf file using sudo and add the following in the <Directory /></Directory> section:
<Directory "/var/www/html/joomla/administrator">
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>
Save and exit, and restart your httpd server:
~> sudo service httpd restart
You should see httpd successfully restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
Now you can open a web browser and go to:
http://[host].[domain].[name]/joomla/administrator/
where [host].[domain].[name] is the name of your web site. You will be prompted for a user name and password. Type in your username and the password you generated with the htpasswd command. This will allow you then access the Joomla Administrator Login Page. Type in "admin" in the Username: box and your Joomla password in the Password: box. Click the Login button, and you should see Administrator Control Panel for Joomla.


5. Setup a .htaccess file and rewrite the /joomla subdirectory to /


Under my Global Configuration settings in the Administration Panel, I decided chose the Serach Engine Friendly URLs, Use Apache mod_rewrite, and Add suffix to URLs options. This necessitates the use of a .htaccess file, which needs to be placed in your root directory (/var/www/html/). Joomla has a base htaccess.txt file that you can use.  First copy it over to your base directory:
~> sudo cp /var/www/html/htaccess.txt /var/www/html/.htaccess
The next step is to add some Rewrite Conditions so that it appears that http://optics.csufresno.edu/joomla is coming from http://optics.csufresno.edu/ instead. Scroll down to the RewriteBase / option and uncomment it. Directly underneath it, add the following:
RewriteBase /

# Add trailing slash if path does not contain a period or end with a slash
RewriteCond %{REQUEST_URI} !(\.|/$)
RewriteRule (.*) http://[host].[domain].[name]/$1/ [R=301,L]
#Change http://yoursite.com to http://www.yoursite.com (Optional)
#RewriteCond %{HTTP_HOST} ^yoursite.com$
#RewriteRule ^/?(.*)$ http://www.yoursite.com/$1 [R=301,L]
#Rewrites http://www.yoursite.com/subdir to http://www.yoursite.com/
RewriteCond %{REQUEST_URI} !^/joomla
RewriteCond %{REQUEST_URI} !^(/[any]|/[directories]|/[not]|/[to]|/[be]|/[re-written])
#RewriteRule index\.html index.php [NC,R]
RewriteRule ^(.*)$ joomla/$1

Redirect 301 /index.html http://[host].[domain].[name]/
Replace [host].[domain].[name] everywhere you see it with your website address. Also, if you have any directories that you do not want to be re-directed, add them under the RewriteCond %{REQUEST_URI} !^(/[any]|/[directories]|/[not]|/[to]|/[be]|/[re-written]) line. For instance, my /fedora directory is actually located in /var/www/html/fedora, not /var/www/html/joomla/fedora, so I do not want the directory re-directed. There are a few other directories that I have as well, so my line looks like:
RewriteCond %{REQUEST_URI} !^(/fedora|/files|/music|/teaching|/testing)
Save and exit. Next open the /var/www/html/joomla/configuration.php file and look for the var $live_site option. Type in your site:
        var $live_site = 'http://[host].[domain].[name]';
Save and exit. Your Joomla site should more or less be ready for testing.

Reference:  http://www.drichproductions.com/random-knowledge/rewrite-root-directory-subdirectory.php


6. Edit ModSecurity to Loosen up PHP Restrictions

PHP injection attacks seem to be on the rise, so Fedora can be installed with ModSecurity, which is an Open Source Web Application Firewall. Unfortunately, it is a bit too restrictive for Joomla, and tends to prevent you from doing some legitimate things  especially in the Administrator's Control Panel. As a result of this, we are going to disable a couple of specific rules to allow Joomla to work correctly. This is an extremely important, and it took me almost a full day and a half of searching and learning about ModSecurity before I was able to track down all of the problems associated with Joomla.

I am going to present all of the modifications now, but not bother to explain them a whole lot, simply because a discussion of ModSecurity is pretty complicated. But if you are using Joomla (especially on the back end under the Administrator's Control Panel) and it does not like it is updating your site correctly, chances are it is related to ModSecurity. The best thing that I can tell you to do use Google to track down the problem.  But I would like to provide a couple of links as background information and references.

References

http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/html-multipage/04-processing-phases.html
http://www.modsecurity.org/blog/archives/2007/02/handling_false.html
http://article.gmane.org/gmane.comp.apache.mod-security.user/3222
http://osdir.com/ml/apache.mod-security.user/2006-11/msg00135.html

E
dit the /etc/httpd/modsecurity.d/modsecurity_localrules.conf file and add the following:
# Exceptions for Joomla
<LocationMatch '^/joomla/'>
SecRuleRemoveById 950013
</LocationMatch>


# Exceptions for Joomla Component Expose
<LocationMatch '^/components/com_expose/expose/manager/amfphp/gateway.php'>
SecRuleRemoveById 960010
</LocationMatch>


# Exceptions for Joomla Administration Panel
SecRule REQUEST_FILENAME "/administrator/index2.php" \
"allow,phase:1,nolog,ctl:ruleEngine=Off"

# Exceptions for Joomla Administrator
<LocationMatch '^/administrator/index.php'>
SecRuleRemoveByID 950107
SecRuleRemoveByID 950006
SecRuleRemoveByID 950911
SecRuleRemoveByID 970902
SecRuleRemoveByID 960903
SecRuleRemoveByID 970903
</LocationMatch>

<LocationMatch '^/administrator/index2.php'>
SecRuleRemoveByID 960903
</LocationMatch>
Save and exit. The second rule is only necessary if you plan on using Expose, which is a third-party extension to Joomla. See below for more information.

Restart 
your httpd server:
~> sudo service httpd restart
You should see httpd successfully restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
ModSecurity should now allow for Joomla to operate correctly. If another problem crops up, check /var/log/httpd/error_log for details.

5. Install a Joomla Template

If you have the patience to hunt around a bit on the web, there are actually quite a few free templates that are available for Joomla. I do not particularly care for the default Joomla Template, so I ended up heading over to Joomla!Shack to download one of theirs:

http://www.joomlashack.com/

Under the Joomla Downloads tab, click on their Free Joomla Downloads link. From there, click on the template that interests you the most. I chose the JS Education template, simply because its color scheme perfectly matched my own, including what I am using for phpBB. To download it, you will have to provide an e-mail address, and some additional information, so I just used one of my throw away e-mail accounts that I do not care about to get the template. Once you agree to be spammed by them, they will eventually provide another e-mail which will provide a Download link for the free templates. In this case, I downloaded the JS_Education[UNZIPME_1ST].zip file. I also found out that they provide a help manual for using the Template and getting Joomla up and running. The relevant information can be found at:

http://www.joomlashack.com/community/index.php/topic,4412.0.html

(You may have to create an account to look at the forum, however.) The file of interest is Creating-school-website-with-Joomla.pdf.

To install your particular template, unzip the file you downloaded:

~> unzip ~/Download/JS_Education[UNZIPME_1ST].zip
The file ended up unzipping into 4 zipped template files. But instead of unzipping the appropriate template file, the zipped template can be installed directly under the Administrator's Control Panel. To do this, go to:
http://[host].[domain].[name]/joomla/administrator
and login. Then click on the Installers -> Templates - Site link. Just follow the directions, and when ready, click on the Upload File & Install button, followed by Continue. Then click on the Radio Button for js_education, followed by Default. You are now using the new template.

It is at this point where the learning curve hits in force. Providing you information about how to use Joomla is way beyond the scope of this web page, but as a basis for my initial learning, I used the
Creating-school-website-with-Joomla.pdf file to help me with the process. I would give their a manual a "C" in terms of its usefulness, as there are a number of issues that are very poorly explained in the manual. But it did provide me with enough guidance that I was able to learn everything else on my own after spending enough time with it. Even as I write this I am still getting a feel for Joomla, so be prepared for a lengthy learning process.

6. Install Third-Party Components, Modules, and Mambots

I have added a number of additional Components, Modules, and Mambots to my base Joomla installation. More for my records more than anything else, I am going to provide a summary of what I chose to install here. You can search for Third-Party Extensions at:

http://extensions.joomla.org/

In this list, the first link takes you to the Background Page on Joomla's Extension Section, and the second link takes you to the actual Download Page of the Third-Party Extension.

Installed Components
    Expose Flash Gallery
        http://joomlacode.org/gf/project/expose/frs/

    *GCalendar Component, Modules, and Plugin
        http://g4j.laoneo.net/content/extensions/download.html

    JCE Admin
        http://www.joomlacontenteditor.net/downloads


    XMAP Component and Plugin
        http://joomla.vargas.co.cr/downloads/cat_view/1-xmap

    Mass Content
        http://www.baticore.com/Mass-content/View-category.html

*GCalendar requires an exception to the password protected /administrator subdirectory. Place a .htaccess file in /var/www/html/joomla/administrator/components/com_gcalendar/libraries with the following information:
Allow from all
Satisfy any



Installed Modules
    Extended Menu
        http://joomlacode.org/gf/project/extended_menu/frs/

    GCalendar Module
        http://g4j.laoneo.net/content/extensions/download.html

    GCalendar Upcoming Module
        http://g4j.laoneo.net/content/extensions/download.html


    JSN ImageShow Pro ($29 License Fee)
        http://www.joomlashine.com/shop/client/more_information.php?product_id=2

    phpbb3 Last Topics Module
        http://www.oc666.net/uploads/mod_phpbb3_last_topics.zip
       
    PremiumBeat Player
        http://joomlacode.org/gf/project/premiumbplayer/frs

    Time Zone Clock
        http://www.stroz.us/php/index.php?option=com_docman&task=cat_view&gid=16

    Vinaora Visitors Counter
        http://joomlacode.org/gf/project/vvisit_counter/frs/



  
Installed Mambots/Plugins
    Easiertube - YouTube and Google Video Plugin
        http://joomlacode.org/gf/project/easiertube/frs/

    GCalendar Plugin
        http://g4j.laoneo.net/content/extensions/download.html


    JCE Editor Plugin
        http://www.joomlacontenteditor.net/downloads


    moseasymedia (Registration Required)
        http://wiki.brilaps.com/wikka.php?wakka=moseasymedia

    WikiBot2
        http://www.theinevitabledossier.com/wiki_joomlabot2.zip

    XMAP Plugin
        http://joomla.vargas.co.cr/downloads/cat_view/1-xmap