To follow this Tiki Tutorial, you need to know how access and use the shell (Putty or Terminal) and a minimum of knowledge about servers, mysql and hosting... or you want to experiment and learn how to setup your own server!
As long as you don't work with real data you can aways terminate and re-install a your server till you get your Tiki or hosting solution to work.
Another alternative is to experiment using a Virtual Instance on your computer or any free service or offer on the Cloud (AWS, Google, Digital Ocean, etc). All have some kind of free offer limited in time so you are free to play.

If you don't want to experiment and want prefer to hire a well experimented developer you can always ask me to do it for you or search in the Tiki Consultants list and you'll have professional job done by a Tiki Specialist. 😉

Server preparation

Download and boot on the Debian11 Network Install

We will use a Network Installation to benefit from the last release of this Linux Operating system.

You can use a CD a DVD or (recommended) a USB stick.
Check and follow : https://www.debian.org/distrib/netinst

You will need to download the version relevant to your server architecture.
There is plenty of documentation online and with the model you should be able to find the information on the internet.
Alternatively if your server is running or you voluntary make a false start (a destroyable first install to test and review the process) you can use the following command to check the specification of the machine you are working on:

Check your server architecture
lscpu


In my case it is Architecture: x86_64 so the relevant version for my Debian11 install is "amd64"
Once you media is ready plugin in the server (or place the CD in the reader) and reboot the server.
At some point you should see a way to enter into the boot menu, enter it and select the boot device where is your network install.

Run the installer

You will see the Debian installer splash screen where you can choose Install or Graphical install.
Both do the same the graphical is nicer but there is no real differences if you have descent connectivity or the server on your desk.
I would say that you can use the non-graphical install when you install it remotely through another remote machine like in a data center at the other side of the planet.

The first screen will ask you to select your language. While it is possible to use your installer in many language I recommend to stick with English. You will have less chance to find a weird translation of terms and you will be able to find plenty of online help in case things goes wrong or you have an unexpected behaviour. With the same idea in mind and knowing that the Debian developers have spend hours to make the installation easy as possible we will keep as much as possible the default as they are proposed. When a parameter must be set ti will be signaled in italic.
So it is "English" language, "Your country", keyboard mapping "American English".
With that the installer will detect and read from the device you set and check your network.

You will be asked for a hostname.
While you can choose anything I recommend using your domain name like "mydomain" (without http or https and without .com or .something) or if you plan to install several servers think ahead of some kind of logic to name them (numbered, by country, by hosting company, etc).

checking/editing the hostname

You can change it later by editing the /etc/hostname file.

check your hostname
hostname


To change this and set it for your host name (yourdomain.com)

sudo nano /etc/hostname


You will be asked for a domain name.
Well... use a domain name you own and can point to the server's IP.

root and users setup

The next screen will asking you to enter your root user password.
root can do anything and you should enter a complicate and impossible to find password.

We will tweak our root access after the installer complete to allow ssh access from a remote location.

For the user selected any username. In my case, relying on the Virtualmin control panel user management system I just set a user that I won't be using anyway.
Same enter a password.

Select the time zone

It should be set automatically based on the country you selected previously, if your are not satisfied with this you can go back (as it is explained on screen) and change your country settings.

Partitioning

We will use the default, Guided - use entire disk
Select the volume where we want to install the server. Note that you will erase your volume and delete everything on it if it was previously used.
Select the disk, select the number of partition (again all default) all files in one partition.
One last time you will be asked to validate your choices and to select "Yes" to proceed with the install.

Mirror and Software selection (and finishing)

The next screen ask if we want to check another volumes for files. Obviously no, we want the installer to use the Network Install and keep the default answer.
Then It will suggest to find a mirror close to the select country you set previously. (default)
We asked to choose a Debian Mirror Archive server. Again default works best (mine was deb.debian.org).
Unless you use a proxy insert it on the next screen else go on with default (blank).

Install goes on and after a few minutes, you will asked if you want to share statistics "the popularity contest".
I usually don't share statistics and monitor communication between computers on the network so my answer is no.

Next screen is software selection.
We keep SSH and Standard system utilities and check "web server"
Continue

The last screen is about the GRUB loader.
The default is yes and we need to select the disk it will be installed (the same volume you selected previously for your install), continue.

Installation completes and it will reboot.
You have a server !

First login and server parameters

After it reboots, your screen will show a prompt waiting for you to login.
Let's use "root" and "yourrootpasword" to make some essential settings.

root remote access

While setting external access for the root user may be discutable and it will be up to you to set this or not this is how I do to diagnose or manage my virtual domains correctly so I setup an SSH root access using elaborated password and fail2ban mechanism (if someone, a bot, try too many time to connect using SSH it is blacklisted from accessing my server).

To allow remote root access I edit the ssh_config file

Edit ssh configuration file
nano /etc/ssh/sshd_config

Change #PermitRootLogin prohibit-Password to PermitRootLogin yes
and #PasswordAuthentication no to PasswordAuthentication yes and of course save your changes.

Restart SSHD to validate changes
systemctl restart sshd


Go to a remote computer on your network and log from an external station to your server

Login as root
ssh root@xx.xx.xx.xx (your instance IP)


If you are not sure of your server internal IP address you can check it with the following command

Confirm the server Ip
ip addr


{FADE(label="Missing privilege separation directory" icon="y")}
During 2 or 3 setup I ran into an error restarting sshd; Missing privilege separation directory: /var/run/sshd.
To overcome the issue I first confirmed the diagnosis using ssh test mode

Confirm the server Ip
sshd -t

It is an issue that pops-up from time to time and is documented online.
My solution was to do the following:

ssh directory missing
mkdir -p /var/run/sshd
echo "mkdir -p /var/run/sshd" >> /etc/rc.local

Hostname

We check the hostname and that the domain name is properly configured (it will be important for Virtualmin)

cat /etc/hosts

After the local IP address you should see your hostname without extension (TLD). It should look like this:
127.0.1.1 yourdomain

Review the hostname (see above how to edit it)

check your hostname
hostname

Update your Debian server

We check that everything is up to date with the following commands:

sudo apt update
sudo apt upgrade


From a network install you should have nothing to update but...

Locale settings warning


You may have some warning about "locale" it is up to you to fix it now or later. (by default I use : en_US.UTF-8 UTF-8)

Fix locale warning
select your locales, recommended: en_US.UTF-8
sudo dpkg-reconfigure locales

Select the local needed (I always work in English therefor select so I select en_US UTF-8.

re-generate the locale on your server
sudo locale-gen


To tight it up, enter those two shell command: LC_CTYPE=en_US.UTF-8 and LC_ALL=en_US.UTF-8
(export LC_CTYPE=en_US.UTF-8, export LC_ALL=en_US.UTF-8 in some case)


At this point I suggest to reboot the server and confirm everything is as expected.
During the sample installation it kept coming back even after a reboot. After a few hours I had no warnings anymore. 🤔

Install Webmin and Virtualmin

We will download Virtualmin automated install script and run it. It is basically a shell script that will handle rest of the installation once executed.

Download Virtualmin install script
wget https://software.virtualmin.com/gpl/scripts/install.sh

You can do a full install but also you can do a minimal install which will spare the instance resources. For exemple where I don't need a mail server I do minimal install.

Full install of Virtualmin
sudo sh install.sh
Minimal install of Virtualmin
sudo sh install.sh --minimal


Some questions about memory and swap can popup on small system, going with the default and suggested work just fine.
The installation is quite long but you got all installed and have now access to your control panel if the port 10000 is open.

Use https://your_server_publicIP:10000 (you can use your a domain name if set already)
View and trust the certificate and login.
Once you are in , follow Virtualmin Post installation wizard.
It is pretty straightforward and everything is done to guide you.

  1. For the DNS configuration parameters, make sure it shows your domain and continue the process. If your domain is not already redirecting, you can check the " Skip check for resolvability" option.
  2. Do you want to create a default Virtual Server, if you have a designated candidate for a default website, answer yes, else....

You can change this setting later: Server Configuration => Website options => Default website for IP address

The installer will do his stuff and after a few second you will have your Virtualmin control panel running.

You will be asked if you want to create a default Virtual Server for your server.
If you don't create a default Virtual Server, Virtualmin may load with errors (like: missing postfix maps) that can be solves later by creating at least one Virtual Server.

If you create one you won't be able to set a few parameters. (SSH key for exemple).
I usually answered no so I can set all the parameters for my default domain without interference.

Additional stuff

Installing several versions of PHP

The installation we've done will will come with one PHP version that may or may not fit your needs.

For exemple at the time I wrote this tutorial, PHP 7.4.x was installed.
You can install additional version through the command line:
From here you can install any PHP package (change version number for what you need) and it will be accessible for your PHP version configuration in Virtualmin

sudo apt-get install php7.4 php7.4-cgi php7.4-cli php7.4-fpm php7.4-mysql php7.4-xml php7.4-gd php7.4-intl php7.4-xsl php7.4-curl php7.4-zip php7.4-mbstring php7.4-bcmath php7.4-bz2


You can configure which one is the default PHP version used on your new Virtual Servers. You can change that default in System Settings -> Server Templates -> Default -> PHP Options. To set your host or domain PHP version go to Virtualmin -> Server configuration -> PHP version and on that screen you can set the PHP version for your domain.

It is the required version PHP version you should use to run the last Tiki LTS version but it does not include some required library to run Composer
You have to be sure a few additional libraries are installed and they will be accessible to complete the setup.

sudo apt-get install php7.4-gd php7.4-intl php7.4-curl php7.4-zip php7.4-bcmath php7.4-bz2

Git installed by default

Git should be installed by default, check it is there

git --version


If it is not install git using:

sudo apt install git

Configuring minimum and maximum word length in MySQL

By default MySQL's full-text search will search search for a thing of 4 characters.
Using generally multilingual environment where I need to filter data based on the 2 letter language preferences in Tiki I usually change this parameter.
In Webmin => Servers => MySQL Database Server => Edit Config Files (my.cnf) and at the bottom of the file I add the following:

Set the minimum word length in MySQL for InnoDB
[mysqld]
innodb_ft_min_token_size=2
ft_min_word_len=2

Install ElasticSearch

Tiki allows advanced search using (up to Tiki25) ElasticSearch
They provide a good official guide, I followed and here you can find in short how I enabled ElasticSearch on my new server:

Setup ElasticSearch 8.x on Debian 11
apt-get update
apt-get install elasticsearch
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
apt-get install apt-transport-https
systemctl start elasticsearch.service
systemctl enable elasticsearch.service --now
curl -X GET "http://localhost:9200/?pretty"

Notes: You can change the version number for the ElasticSearch you want to install.

Additional security settings on ElasticSearch

As states in the documentation: When installing Elasticsearch, security features are enabled and configured by default.
You have to complete your setup accordingly or if you are on a local and development environment by disabling ElasticSearch xpack.security. It is strongly suggested to have this setting enable if your ElasticSearch server is web accessible.

Disable Security XPack on ElasticSearch
nano /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: false

Your first Virtual Server

On Virtualmin go to "Create a Virtual Server"
Give it a name (your domain), generate a password (mandatory) insert your SSH public key or generate them.
Set or use the a "suggested" username for the administrator of this VS
In the advanced option I usually set the name of my database (myproject_tiki24)

If I want subdomains or aliases I check Setup DNS zone is enable (default), Setup Apache website (default), enable Setup Apache SSL website (so I will be able to setup a let's encrypt ssl certificate), enable Create MariaDB database, disable Accept mail for domain (mail server is time and resources consuming), enable Create Webmin login (so a user can log and manage this VS only).

Once created let's complete !

Quota settings

By default your Virtual Server will be limited to the default plan.
While this is enough if you install a Tiki package, you may need more memory to run composer.
You can adjust the quota at Edit Virtual Server => Quotas and limits.

Install Let's encrypt certificate


You need first to use your domain name set it at the registrar properly. As long as you use your server IP you can't create the certificate and should skip.
Under Virtualmin => Server Configuration => SSL Certificate click on the "Let's Encrypt" tab and request certificate.
Note that by default Virtualmin want to setup several automatically domains the "Domains associated with this server" list. You may not have set all of them and the process will verify them and fail if they are not accessible. You can use the "Domain names listed here" list and Install you certificate only for the domain you are really using.

Once this is done, we have a VS, the domain is set with an SSL and we can start the software installation.

Installing Tiki

Installing Tiki from Tiki repo (anonymous)

From the command line, on the server let's go to our VS directory.
Navigate into your public_html directory. If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
Your domains are located inside /home

There is at https://tiki.org a complete installation guide to install Tiki, but in short, I use the git clone command to download Tiki. In my case I needed Tiki branch (version) 24.x without previous history (depth=1)

Download Tiki from the git repo
git clone --depth=1 --branch=24.x https://gitlab.com/tikiwiki/tiki.git .

Installing Tiki using ssh (your repo)

To use the SSH key used on your Gitlab account you need to create a config file at your_home/.ssh
For exemple bsfez/.ssh copy the following inside

Content of the ssh config file
# GitLab.com
Host gitlab.com
#  User git
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_rsa

Replace "id_rsa" with your SSH key file and set ownership to your virtual server user and permission to 400 (chmod).

Navigate into your html directory (public_html).

Download Tiki from your git repo
git clone --branch=your_branch --depth=1 git@gitlab.com: YOURUSER/your_repo .


It happen that for the first download you have to point your key file. 🤷🏻‍♂️
You can do it using the following command. (again replace "id_rsa" with you key filename)

Download Tiki from your git repo
git clone --branch=your_branch --depth=1 git@gitlab.com:YOURUSER/your_repo --config core.sshCommand="ssh -i ../.ssh/id_rsa" .


Then I have to run tiki setup to install Composer files and fix the files and directories permissions.
If I want to run PHP7.4 (I have several PHP version installed) you can point to the correct PHP version for your Tiki version.

Tiki setup to run php7.4
sh setup.sh 
or, if you have multiple PHP version you can point directly to PHP7.4
sh setup.sh -p /usr/bin/php7.4


From here follow the regular Tiki install process (setup.sh (see additional notes below), database creation) and you have a Tiki ready to be installed !

Tiki Installed

Links of interest

https://www.debian.org/download
https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html#deb-security-configuration
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html