"Joomla! is a free, open source content management system for publishing content on the world wide web and intranets. Joomla! includes features such as page caching to improve performance, RSS feeds, printable versions of pages, news flashes, blogs, polls, website searching, and language internationalization. Joomla! is licensed under the GPL, and is the result of a fork of Mambo.
It is written with the PHP programming language and uses the MySQL database." (Wikipedia Joomla Article)
I first came across Joomla via one of my Graduate Students late Spring 2007, and during the summer decided to test it out since I had been thinking about performing an upgrade to my web server to provide it with some additional functionality. After installation, testing, and evaluation of Joomla, I decided put it into "production", so to speak, by integrating it into the main component of my web server. It is not without its problems, but I enjoy the fact that I now have an ability to easily embed sound, video, a calendar, and news into my site without too much difficulty. A number of bridges have also been developed which also increases its attractiveness — the biggest being that I can display forum content from phpBB2 on the front page of my website, which gives me a quick way of looking at recent forum activity. I also enjoy the fact that there are third party extensions and modules that can easily installed to increase its flexibility and functionality as well. However, the main reservation (and drawback) that I still have with Joomla is that the back end (i.e., Administrator Panel) is extremely cantankerous to use. Still, the advantages do outweigh the disadvantages, and I am hoping that when Joomla 1.5 is finally released (2008?) that some of the current problems that I have with it will begin to disappear.
Be forewarned! If you want to use Joomla, there is a significant learning curve involved, especially if you are not overly familiar with PHP, CSS, or web Content Management Systems in general. I'll cover the basics of getting it installed and up and running here, but that is the easiest step in the entire process. Be prepared to take a couple of weeks (at least )to learn the basics of how to use it — especially if this is your first time installing it.
Note: Installing Joomla requires the use of Apache, MySQL, and PHP. Make sure that you have them up and running on your system before trying to install Joomla. See my Apache Web Server, MySQL Server, and phpMyAdmin pages in particular.
1. Install Joomla
Installation of Joomla requires first heading over to their website:
Look for the Download link or the Download Latest section on the left hand side of their page. Click on the appropriate link, which will take you to their Downloads page. At the time of this writing, the current version of Joomla is 1.0.13. Under the Joomla!1.0 section click on the Joomla_1.0.13-Stable-Full_Package.tar.gz file to download it. I have chosen not to install the 1.5 beta version of their code, even though it is available, primarily because I wanted something stable for my website. Once it downloads, move the file to /var/www/html/joomla, since you may wish to test it before moving it into the main component of your website. To do this, first create the joomla subdirectory:
~> sudo mkdir /var/www/html/joomla
Then copy the source tarball to the /var/www/html/joomla
directory: ~>
sudo cp ~/Download/Joomla_1.0.13-Stable-Full_Package.tar.gz /var/www/html/joomla/.
Change into the /var/www/html/joomla
directory:
~> cd /var/www/html/joomla
Then decompress the source: ~>
sudo tar vfzx Joomla_1.0.13-Stable-Full_Package.tar.gz
Once the package has been
decompressed, delete the source file, and change the owndership of the directory: ~>
sudo rm Joomla_1.0.13-Stable-Full_Package.tar.gz
~> cd ..
~> sudo chown -R apache.apache joomla
Next, open up Firefox and go
to:~> cd ..
~> sudo chown -R apache.apache joomla
http://[host].[domain].[name]/joomla/
Pre-Installation ChecksYou will be presented with a Pre-Installation checklist. Since we changed the ownership of the directory to Apache, you should see that configuration.php in the root directory of Joomla (under Required Settings Check), along with all of its subdirectories (under Directory and File Permissions Check), are writable. Assuming you installed Fedora 7 with all available packages, you should automatically have PHP, zlib, XML and MySQL support as well. But under the Recommended Settings Check, you will probably see two errors.
Directive
Recommended
Actual
Safe Mode: OFF: OFF
Display Errors: ON: OFF
File Uploads: ON: ON
Magic Quotes GPC: ON: OFF
Magic Quotes Runtime: OFF: OFF
Register Globals: OFF: OFF
Output Buffering: OFF: OFF
Session auto start: OFF: OFF
The
first error we are not going to worry about, since I feel that allowing
Apache to display PHP errors to anyone and everyone on the web is a
huge security hole. But we can turn on Magic Quotes GPC by editing
the /etc/php.ini file using sudo. Open the file and perform a search for the magic_quotes_gpc field. Change it to:Safe Mode: OFF: OFF
Display Errors: ON: OFF
File Uploads: ON: ON
Magic Quotes GPC: ON: OFF
Magic Quotes Runtime: OFF: OFF
Register Globals: OFF: OFF
Output Buffering: OFF: OFF
Session auto start: OFF: OFF
magic_quotes_gpc = On
Save and exit, and restart Apache:~> sudo
service httpd restart
You should see
the daemon successfully stop and restart:Stopping
httpd:
[ OK
]
Starting httpd: [ OK ]
Next, hit the refresh button on your browser, and you should see the Recommended Settings Check now show:Starting httpd: [ OK ]
Directive
Recommended
Actual
Safe Mode: OFF: OFF
Display Errors: ON: OFF
File Uploads: ON: ON
Magic Quotes GPC: ON: ON
Magic Quotes Runtime: OFF: OFF
Register Globals: OFF: OFF
Output Buffering: OFF: OFF
Session auto start: OFF: OFF
Again, the only Red
error that you should see is with regard to Display Errors. And
since it is just a "Recommended Setting", and not a required one, we
are going to leave it at that. Every other check at this point
should show Green. If not, fix the problem(s) before proceeding further. When ready, click Next >> at the top of the page.Safe Mode: OFF: OFF
Display Errors: ON: OFF
File Uploads: ON: ON
Magic Quotes GPC: ON: ON
Magic Quotes Runtime: OFF: OFF
Register Globals: OFF: OFF
Output Buffering: OFF: OFF
Session auto start: OFF: OFF
License Agreement
Assuming that you agree with the license, which uses either the GPL or Lesser GPL, click Next >>.
MySQL Database Configuration
Since we have already setup MySQL, we can allow Joomla to automatically create a new database. Under the following fields add the appropriate information:
Host Name: localhost
MySQL User Name: root
MySQL Password: [MySQL's root password]
MySQL Database Name: joomla
MySQL Table Prefix: jos_
Before clicking Next, decide whether or not you wish to Install Sample Data.
If you do, Joomla will create a default home page, which you can then
later edit yourself. However, I wanted to start from scratch, and apply
a specific template to my site, so I chose not to install the sample
data and unclicked the option. When you are ready, click Next >>.MySQL User Name: root
MySQL Password: [MySQL's root password]
MySQL Database Name: joomla
MySQL Table Prefix: jos_
Afterward, you will be given a final warning whether or not you want to accept your settings. Click OK to proceed.
Enter your Joomla! Site Name:
If your database is created correctly, you will be prompted to enter your Site name:
Site name: [Enter Your Site Name]
When you are finished, click Next >>.Confirmation of the URL, Path, Admin E-Mail, and Directory Permissions
Verify the paths of your URL and Path, and enter Your E-mail address. If you want, also change the Admin password:
URL:
http://[host].[domain].[name]/joomla
Path: /var/www/html/joomla
Your E-mail: [e-mail]@[address]
Admin password: [password]
Since we have already changed the directory ownership to Apache, we do not need to adjust the File or Directory Permissions. When finished, click Next >>.Path: /var/www/html/joomla
Your E-mail: [e-mail]@[address]
Admin password: [password]
Remove the Installation Directory
The last step is to delete the installation directory:
~> sudo rm -r /var/www/html/joomla/installation/
When
you are finished you can either go directly to the Joomla site, or the
Administration Panel by clicking on the appropriate button. Be sure to
remember your password! Regardless of where you go, there are two
directories that you will need to remember:Base Joomla Page:
http://[host].[domain].[name]/joomla
Administration Panel:http://[host].[domain].[name]/joomla/administrator
Joomla is now installed, but we are far from done.2. Password Protect your Administrator Directory
I prefer not to let the world have access directly to my Administrator Login Page. Therefore, I decided to further password protect the directory. To do this, change into the /var/www/html/joomla/administrator/joomla directory and create a .htaccess file with the following information:
AuthUserFile /var/www/html/joomla/administrator/.htpasswd
AuthName "Joomla Login Page"
AuthType Basic
Require valid-user
Save the file as .htaccess, and exit. Then create a username and password with the following
command:AuthName "Joomla Login Page"
AuthType Basic
Require valid-user
~>
sudo htpasswd .htpasswd [user]
Type in your username for [user] and
when prompted for a password, type one in (you will have to re-type it
to verify).Next edit your /etc/httpd/conf/httpd.conf file using sudo and add the following in the <Directory /></Directory> section:
<Directory "/var/www/html/joomla/administrator">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Save and exit, and restart your httpd server:AllowOverride All
Order allow,deny
Allow from all
</Directory>
~>
sudo service httpd restart
You should see httpd
successfully restart:Stopping
httpd:
[ OK ]
Starting httpd: [ OK ]
Now you
can open a web browser and go to:Starting httpd: [ OK ]
http://[host].[domain].[name]/joomla/administrator/
where [host].[domain].[name]
is the name of your web site. You will be prompted for a user
name and password. Type in your username and the password you
generated with the htpasswd
command. This will allow you then access the Joomla Administrator Login Page.
Type in "admin"
in the Username:
box and your Joomla password in the Password:
box. Click the Login
button, and you should see Administrator Control Panel for Joomla.3. Edit ModSecurity to Loosen up PHP Restrictions
PHP injection attacks seem to be on the rise, so Fedora 7 comes bundled with ModSecurity, which is an Open Source Web Application Firewall. Unfortunately, it is a bit too restrictive for Joomla, and tends to prevent you from doing some legitimate things — especially in the Administrator's Control Panel. As a result of this, we are going to disable a couple of specific rules to allow Joomla to work correctly. This is an extremely important, and it took me almost a full day and a half of searching and learning about ModSecurity before I was able to track down all of the problems associated with Joomla. As a result of this, I am going to present all of the modifications now, but not bother to explain them a whole lot, simply because a discussion of ModSecurity is pretty complicated. But if you are using Joomla (especially on the back end under the Administrator's Control Panel) and it does not like it is updating your site correctly, chances are it is related to ModSecurity. The best thing that I can tell you to do use Google to track down the problem. But I would like to provide a couple of links as background information and references.
References:
http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/html-multipage/04-processing-phases.html
http://www.modsecurity.org/blog/archives/2007/02/handling_false.html
http://article.gmane.org/gmane.comp.apache.mod-security.user/3222
http://osdir.com/ml/apache.mod-security.user/2006-11/msg00135.html
At any rate, edit the /etc/httpd/modsecurity.d/modsecurity_localrules.conf file and add the following:
SecRule REQUEST_FILENAME "/joomla/administrator/index2.php" \
"allow,phase:1,nolog,ctl:ruleEngine=Off"
<LocationMatch '^/joomla'>
SecRuleRemoveById 950013
</LocationMatch>
<LocationMatch '^/joomla/components/com_expose/expose/manager/amfphp/gateway.php'>
SecRuleRemoveById 960010
</LocationMatch>
Save
and exit. The first two exceptions that we have added to
ModSecurity allows the Administrator's Control Panel to update content
on the website directly. The third rule is only necessary if you plan
on using Expose, which is a third-party extension to Joomla. See below
for more information."allow,phase:1,nolog,ctl:ruleEngine=Off"
<LocationMatch '^/joomla'>
SecRuleRemoveById 950013
</LocationMatch>
<LocationMatch '^/joomla/components/com_expose/expose/manager/amfphp/gateway.php'>
SecRuleRemoveById 960010
</LocationMatch>
Restart your httpd server:
~>
sudo service httpd restart
You should see httpd
successfully restart:Stopping
httpd:
[ OK ]
Starting httpd: [ OK ]
ModSecurity should now allow for Joomla to operate correctly. If another problem crops up, check /var/log/httpd/error_log for details.Starting httpd: [ OK ]
4. Install a Joomla Template
If you have the patience to hunt around a bit on the web, there are actually quite a few free templates that are available for Joomla. I do not particularly care for the default Joomla Template, so I ended up heading over to Joomla!Shack to download one of theirs:
Under the Joomla Downloads tab, click on their Free Joomla Downloads link. From there, click on the template that interests you the most. I chose the JS Education template, simply because its color scheme perfectly matched my own, including what I am using for phpBB. To download it, you will have to provide an e-mail address, and some additional information, so I just used one of my throw away e-mail accounts that I do not care about to get the template. Once you agree to be spammed by them, they will eventually provide another e-mail which will provide a Download link for the free templates. In this case, I downloaded the JS_Education[UNZIPME_1ST].zip file. I also found out that they provide a help manual for using the Template and getting Joomla up and running. The relevant information can be found at:
(You may have to create an account to look at the forum, however.) The file of interest is Creating-school-website-with-Joomla.pdf.
To install your particular template, unzip the file you downloaded:
~> unzip ~/Download/JS_Education[UNZIPME_1ST].zip
The file ended up unzipping into 4 zipped template
files. But instead of unzipping the appropriate template file, the
zipped template can be installed directly under the Administrator's
Control Panel. To do this, go to:http://[host].[domain].[name]/joomla/administrator
and login. Then click on the Installers -> Templates - Site link. Just follow the directions, and when ready, click on the Upload File & Install button, followed by Continue. Then click on the Radio Button for js_education, followed by Default. You are now using the new template.It is at this point where the learning curve hits in force. Providing you information about how to use Joomla is way beyond the scope of this web page, but as a basis for my initial learning, I used the Creating-school-website-with-Joomla.pdf file to help me with the process. I would give their a manual a "C" in terms of its usefulness, as there are a number of issues that are very poorly explained in the manual. But it did provide me with enough guidance that I was able to learn everything else on my own after spending enough time with it. Even as I write this I am still getting a feel for Joomla, so be prepared for a lengthy learning process.
5. Install Third-Party Components, Modules, and Mambots
I have added a number of additional Components, Modules, and Mambots to my base Joomla installation. More for my records more than anything else, I am going to provide a summary of what I chose to install here. You can search for Third-Party Extensions at:
In this list, the first link takes you to the Background Page on Joomla's Extension Section, and the second link takes you to the actual Download Page of the Third-Party Extension.
Installed Components
Expose Flash Gallery
http://joomlacode.org/gf/project/expose/frs/
JCal Pro (Registration and $5 Donation Now Required)
http://dev.anything-digital.com/component/option,com_docman/task,cat_view/gid,25/Itemid,53/
JCE Admin
http://www.cellardoor.za.net/index.php?option=com_docman&task=cat_view&gid=1&Itemid=6
Joomap - Google SiteMap Extended Version
http://www.kangainternet.com/remository/joomap.html
Mass Content
http://www.webtotalservice.no/developed-extensions.html
Installed Modules
Advanced Flash MP3 Player (Registration Required)
http://www.webmaster-tips.net/index.php?option=com_remository&Itemid=134&func=fileinfo&id=117
Extended Menu
http://joomlacode.org/gf/project/extended_menu/frs/
JCal Pro Latest Events Calendar Module (Registration and $5 Donation Now Required)
http://dev.anything-digital.com/component/option,com_docman/task,cat_view/gid,25/Itemid,53/
JCal Pro Mini-Calendar Module(Registration and $5 Donation Now Required)
http://dev.anything-digital.com/component/option,com_docman/task,cat_view/gid,25/Itemid,53/
phpBB Activity
http://smartshitter.com/index.php?option=com_docman&task=cat_view&gid=23&Itemid=58
Time Zone Clock
http://www.stroz.us/php/index.php?option=com_docman&task=cat_view&gid=16
Installed Mambots
EasyTube - YouTube and Google Video Plugin
http://www.paulbain.co.uk/files/mambo/easytube-joomla-0.2.zip
JCalPro Latest Events Mambot
http://dev.anything-digital.com/component/option,com_docman/task,cat_view/gid,25/Itemid,53/
JCal Pro Search mambot
http://dev.anything-digital.com/component/option,com_docman/task,cat_view/gid,25/Itemid,53/
JCE Editor Mambot
http://www.cellardoor.za.net/index.php?option=com_docman&task=cat_view&gid=2&Itemid=6
JCE Joomla Plugin
http://www.cellardoor.za.net/index.php?option=com_docman&task=cat_view&gid=17&Itemid=6
moseasymedia (Registration Required)
http://www.ocszone.com/index.php?option=com_virtuemart&Itemid=129&vmcchk=1&Itemid=129
WikiBot
http://www.theinevitabledossier.com/wiki_joomlabot.zip