In this article, we will install all the necessary server software (Apache2, MariaDB, PHP, FFmpeg, Postfix, etc.) for VIMP and configure web hosting on RHEL 9 / AlmaLinux 9.
In the following, we assume that you are working directly as root on the server. If that is not the case, you must prefix all commands with sudo.
Since VIMP is not yet compatible with PHP 8.4 at the time of this article’s publication, we will first install PHP 8.3.
Note for RHEL 9: EPEL, Remi, and RPM Fusion are third-party repositories and are not covered by official Red Hat support. They are required for certain VIMP dependencies, such as PHP 8.3, PECL extensions, and FFmpeg. In environments with strict support or compliance requirements, this should be coordinated with the system administrator in advance.
dnf update
dnf install -y dnf-plugins-core
To enable CRB for AlmaLinux 9, follow these steps:
dnf config-manager --set-enabled crb
For RHEL 9, we enable CRB as follows:
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
After that, proceed as follows:
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf module reset php -y
dnf module enable php:remi-8.3 -y
RPM Fusion is also required for FFmpeg:
dnf install -y distribution-gpg-keys
rpmkeys --import /usr/share/distribution-gpg-keys/rpmfusion/RPM-GPG-KEY-rpmfusion-free-el-$(rpm -E %rhel)
dnf --setopt=localpkg_gpgcheck=1 install -y \
https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm
With RHEL 9, the system usually needs to be registered with Red Hat for the official RHEL repositories to work. To do this, we run the following command on RHEL:
subscription-manager register
subscription-manager refresh
subscription-manager identity
dnf repolist
Or, optionally, if BaseOS/AppStream are not enabled:
subscription-manager repos --enable rhel-9-for-$(arch)-baseos-rpms
subscription-manager repos --enable rhel-9-for-$(arch)-appstream-rpms
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
Next, we'll install the remaining packages and extensions:
dnf install mariadb-server httpd php-mysqlnd php php-fpm php-gd php-cli php-xml php-curl php-mbstring php-pecl-zip php-pecl-xmlrpc php-pecl-imagick-im7 php-ldap php-pdo perl-Image-ExifTool ffmpeg nano openssl time golang
As an MTA (Mail Transport Agent), you can install postfix, for example, provided that emails are not to be sent via an SMTP server (which is, however, the recommended method). Other MTAs, such as Sendmail and Exim, can of course also be used. Make sure that the MTA is configured so that PHP can send emails.
dnf install postfix
Now let's enable the services:
systemctl enable --now mariadb
systemctl enable --now php-fpm
And restart Apache:
systemctl restart httpd
Next, we'll create the necessary folders on the server:
mkdir -p /var/www/vimp/web mkdir /var/www/logs
and adjust the directory permissions:
chown -R apache:apache /var/www/vimp chown root:apache /var/www/logs
chmod 775 /var/www/vimp/web
chmod 775 /var/www/logs
getenforce
If the output shows Enforcing we'll first install semanage if it's not already installed:
dnf install -y policycoreutils-python-utils
Next, we set up the basic context for VIMP (read/execute):
semanage fcontext -a -t httpd_sys_content_t "/var/www/vimp(/.*)?"
restorecon -Rv /var/www/vimp
and the log directory:
semanage fcontext -a -t httpd_log_t "/var/www/logs(/.*)?"
restorecon -Rv /var/www/logs
And define the writable directories:
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/vimp/cache(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/vimp/log(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/vimp/userdata(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/vimp/web(/.*)?"
restorecon -Rv /var/www/vimp
If VIMP accesses MySQL/MariaDB via TCP rather than a local socket, e.g., 127.0.0.1:3306 or a remote database:
setsebool -P httpd_can_network_connect_db on
If VIMP generally requires outbound network access, such as LDAP, SSO, SMTP, or external APIs:
setsebool -P httpd_can_network_connect on
The following may also be relevant for LDAP:
setsebool -P httpd_can_connect_ldap on
And finally, we'll configure the firewall if necessary:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload(If you do not want to allow access via HTTP, you should only allow HTTPS in the firewall.)
For Apache2, we create a separate virtual host for VIMP.
nano /etc/httpd/conf.d/vimp.conf
In the configuration file we created, we insert the following code and update the server name, email address, and, if necessary, the DocumentRoot path:
<VirtualHost *:80>
# enter your server name/domain in the following line
ServerName my.vimp.domain
# enter your webmaster's e-mail address in the following line
ServerAdmin my@email.address
# replace /var/www/vimp/ with your actual VIMP installation folder path in the following line
DocumentRoot /var/www/vimp/web
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
# replace /var/www/vimp/ with your actual VIMP installation folder path in the following line
<Directory "/var/www/vimp/web/">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride all
Require all granted
</Directory>
<IfModule mod_xsendfile.c>
XSendFile on
SetEnv MOD_X_SENDFILE_ENABLED 1
# Absolute path to the VIMP Installation-Directory (the directory containing web - not web itself)
XSendFilePath /var/www/vimp
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers *
</IfModule>
<IfModule http2_module>
H2WindowSize 1048576
Protocols h2c http/1.1
</IfModule>
LimitRequestBody 0
ErrorLog /var/www/logs/vimp_error.log
CustomLog /var/www/logs/vimp_access.log combined
</VirtualHost>
Important:
LimitRequestBody value to your desired upload limit (in our example, 4096 MB, as described in the “Configuring PHP” section).Protocols h2c http/1.1 specifies the protocol for unencrypted connections (without SSL). In your SSL vHost configuration, please specify Protocols h2 http/1.1 instead so that VIMP serves the website via HTTP2.H2WindowSize if necessary. It is only required when HTTP2 is enabled (in your SSL vHost configuration).LimitRequestBody 0) must also be set appropriately there. Otherwise, PHP will function correctly, but the upload will be blocked beforehand.
Next, we'll install the necessary modules, enable PHP-FPM, and select PHP 8.3 in the CLI:
dnf install mod_ssl mod_http2
systemctl enable --now php-fpm
alternatives --config php
Select the PHP 8.3 entry from the list that appears.
At this point, we will restart Apache2:
systemctl enable --now httpd
systemctl restart httpd
In AlmaLinux 9 / Red Hat Enterprise Linux 9, the PHP configuration is loaded centrally via the following file:
/etc/php.ini
Additional PHP configuration files are included from the following directory:
/etc/php.d/
For VIMP, it is recommended that you do not make PHP adjustments directly in /etc/php.ini, but instead store them in a separate configuration file. This keeps the changes organized and prevents them from being accidentally overwritten during package updates.
To do this, create the following file:
nano /etc/php.d/99-vimp.ini
Enter the following values there:
upload_max_filesize = 4096M post_max_size = 4200M register_argc_argv = On memory_limit = 1024M max_execution_time = 60 max_input_time = 120
Note: post_max_size should be slightly larger than upload_max_filesize, as file uploads can generate additional overhead due to HTTP POST data. For larger upload limits, increase both values accordingly, keeping post_max_size larger than upload_max_filesize.
Save the file and restart PHP-FPM:
systemctl restart php-fpm
Let's restart Apache again:
systemctl restart httpd
Then check whether the values are active:
php --ini php -i | egrep 'upload_max_filesize|post_max_size|register_argc_argv|memory_limit|max_execution_time|max_input_time'
For PHP-FPM, you can also check the following:
php-fpm -i | egrep 'upload_max_filesize|post_max_size|register_argc_argv|memory_limit|max_execution_time|max_input_time'
Now let's create the database for VIMP:
# mysql
The MySQL client displays the mysql prompt:
create database DATABASENAME default character set utf8mb4 collate utf8mb4_unicode_ci; create user 'DATABASEUSER'@'%' identified by 'PASSWORD'; grant all privileges on DATABASENAME.* to 'DATABASEUSER'@'%' with grant option; flush privileges; exit;
Finally, you need to install the SourceGuardian PHP extension at this point. You can find instructions on how to do this here.
The upload and installation of the VIMP installer is described in this article.
The installation is now complete. Now call up your portal in the browser.
During installation, three users are created to represent the three user roles:
Please change all passwords as soon as possible. If you don't need a user anymore, you can delete him in the admin area. Just be sure to keep the admin user!