Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/emmanueljarquin-sys/GrupoMecsaCMS/llms.txt

Use this file to discover all available pages before exploring further.

Overview

This guide covers deploying Grupo Mecsa CMS from local development (XAMPP/Apache) to production servers, including environment configuration and server setup.

System Requirements

Minimum Requirements

ComponentVersionNotes
PHP7.4+8.0+ recommended
Apache2.4+With mod_rewrite enabled
Composer2.0+For dependency management
cURLLatestRequired for Supabase API calls
MySQL/PostgreSQLN/AUses Supabase (cloud-hosted)
The CMS uses Supabase as a cloud database, so you don’t need a local database server

PHP Extensions

Ensure these extensions are enabled in php.ini: 
extension=curl
extension=json
extension=mbstring
extension=openssl
extension=fileinfo

Apache Modules

Required Apache modules: 
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so

Development Setup (XAMPP)

1

Install XAMPP

Download and install XAMPP for your operating system
  • Windows: Use installer
  • macOS: Use DMG package
  • Linux: Use run file or package manager
2

Clone Repository

Clone the CMS to your XAMPP htdocs directory:
cd C:/xampp/htdocs  # Windows
# or
cd /opt/lampp/htdocs  # Linux

git clone <repository-url> GrupoMecsaCMS
cd GrupoMecsaCMS
3

Install Dependencies

Install PHP dependencies with Composer:
composer install
If you don’t have Composer installed, download it from getcomposer.org
4

Configure Supabase

Create a local configuration file:
# Create local.supabase.php in the root directory
touch local.supabase.php
Add your development credentials:
local.supabase.php
<?php
$supabase_url = 'https://your-dev-project.supabase.co';
$supabase_key = 'your-dev-anon-key';
$supabase_service_role = 'your-dev-service-role-key';
?>
Add local.supabase.php to .gitignore to prevent committing credentials
5

Start Apache

Start Apache from the XAMPP control panel:
  • Open XAMPP Control Panel
  • Click “Start” next to Apache
  • Verify it’s running (port 80 or 443)
6

Access the Application

Open your browser and navigate to:
http://localhost/GrupoMecsaCMS/login.php
You should see the login page.

Production Deployment

Pre-Deployment Checklist

Complete all items before deploying to production
  • All code tested in development environment
  • Production Supabase project created and configured
  • Environment variables prepared
  • SSL certificate obtained
  • Domain DNS configured
  • Backup plan established
  • Security audit completed
  • .gitignore configured properly

Deployment Steps

1

Prepare Production Server

Install required software on your production server:Ubuntu/Debian:
sudo apt update
sudo apt install apache2 php php-curl php-json php-mbstring php-xml
sudo apt install composer
CentOS/RHEL:
sudo yum install httpd php php-curl php-json php-mbstring php-xml
sudo yum install composer
2

Clone Repository to Server

SSH into your server and clone the repository:
cd /var/www
sudo git clone <repository-url> grupomecsa-cms
cd grupomecsa-cms

# Install dependencies
sudo composer install --no-dev --optimize-autoloader
The --no-dev flag excludes development dependencies for a leaner production deployment
3

Configure Environment Variables

Set production environment variables:Option 1: Apache Virtual HostCreate /etc/apache2/sites-available/grupomecsa.conf:
<VirtualHost *:443>
    ServerName cms.grupomecsa.net
    DocumentRoot /var/www/grupomecsa-cms
    
    # Set environment variables
    SetEnv SUPABASE_URL "https://prod.supabase.co"
    SetEnv SUPABASE_KEY "prod-anon-key"
    SetEnv SUPABASE_SERVICE_ROLE "prod-service-role-key"
    
    <Directory /var/www/grupomecsa-cms>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    
    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    SSLCertificateChainFile /path/to/chain.pem
    
    # Security Headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
Option 2: .htaccess FileCreate/edit .htaccess in the root directory:
SetEnv SUPABASE_URL "https://prod.supabase.co"
SetEnv SUPABASE_KEY "prod-anon-key"
SetEnv SUPABASE_SERVICE_ROLE "prod-service-role-key"

# Enable rewrite engine
RewriteEngine On

# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Option 3: Server EnvironmentAdd to /etc/environment or server startup scripts:
export SUPABASE_URL="https://prod.supabase.co"
export SUPABASE_KEY="prod-anon-key"
export SUPABASE_SERVICE_ROLE="prod-service-role-key"
4

Configure Apache Virtual Host

Enable the site and required modules:
# Enable site
sudo a2ensite grupomecsa

# Enable modules
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers

# Test configuration
sudo apache2ctl configtest

# Restart Apache
sudo systemctl restart apache2
5

Set File Permissions

Configure proper ownership and permissions:
# Set owner to Apache user
sudo chown -R www-data:www-data /var/www/grupomecsa-cms

# Set directory permissions
sudo find /var/www/grupomecsa-cms -type d -exec chmod 755 {} \;

# Set file permissions
sudo find /var/www/grupomecsa-cms -type f -exec chmod 644 {} \;

# Make specific directories writable (if needed for logs/uploads)
sudo chmod -R 775 /var/www/grupomecsa-cms/logs
6

Configure SSL Certificate

Install SSL certificate using Let’s Encrypt:
# Install Certbot
sudo apt install certbot python3-certbot-apache

# Obtain certificate
sudo certbot --apache -d cms.grupomecsa.net

# Auto-renewal is configured automatically
sudo certbot renew --dry-run
Let’s Encrypt certificates are free and auto-renew every 90 days
7

Verify Deployment

Test the production deployment:
  1. Access your domain: https://cms.grupomecsa.net
  2. Verify SSL certificate is valid
  3. Test login functionality
  4. Check all modules load correctly
  5. Review browser console for errors
  6. Test CRUD operations

Environment Configuration

Environment Detection

The CMS automatically detects the environment based on the hostname
Production is detected when hostname contains grupomecsa.net: 
$is_production = (isset($_SERVER['HTTP_HOST']) && 
                  strpos($_SERVER['HTTP_HOST'], 'grupomecsa.net') !== false);
Production Hostnames (auto-detected):
  • cms.grupomecsa.net
  • www.grupomecsa.net
  • grupomecsa.net
Development Hostnames:
  • localhost
  • 127.0.0.1
  • Any custom local domain

Configuration Priority

The system loads configuration in this order:
  1. Environment Variables (highest priority) 
    SUPABASE_URL
SUPABASE_KEY
SUPABASE_SERVICE_ROLE
  2. Local Configuration File (development only) 
    local.supabase.php
  3. Default Values (fallback) 
    'https://awhuzekjpoapamijlvua.supabase.co'
Never rely on default values in production - always set environment variables

Server Optimization

PHP Configuration

Recommended php.ini settings for production: 
; Performance
memory_limit = 256M
max_execution_time = 60
upload_max_filesize = 20M
post_max_size = 25M

; Security
expose_php = Off
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log

; Sessions
session.cookie_httponly = 1
session.cookie_secure = 1
session.cookie_samesite = Strict
session.use_strict_mode = 1

; Opcache (recommended)
opcache.enable = 1
opcache.memory_consumption = 128
opcache.interned_strings_buffer = 8
opcache.max_accelerated_files = 4000
opcache.revalidate_freq = 60

Apache Configuration

Optimize Apache for better performance: 
# Enable compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE application/javascript application/json
</IfModule>

# Browser caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Security headers
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"

Monitoring and Maintenance

Server Monitoring

Set up monitoring for:
  • Uptime: Use tools like UptimeRobot or Pingdom
  • Server Resources: Monitor CPU, RAM, disk usage
  • Error Logs: Regularly check Apache and PHP error logs
  • Security Logs: Review security_audit.log for unauthorized access attempts

Log Locations

# Apache access log
/var/log/apache2/access.log

# Apache error log
/var/log/apache2/error.log

# PHP error log
/var/log/php/error.log

# CMS security audit log
/var/www/grupomecsa-cms/security_audit.log

Regular Maintenance Tasks

1

Weekly Tasks

  • Review error logs for issues
  • Check security audit log for unauthorized access
  • Verify backups completed successfully
  • Monitor disk space usage
2

Monthly Tasks

  • Update Composer dependencies: 
    composer update
  • Review and rotate logs
  • Test backup restoration
  • Security audit of user accounts
3

Quarterly Tasks

  • Update PHP and Apache to latest stable versions
  • Review and update SSL certificates (if not using auto-renewal)
  • Performance optimization review
  • Security penetration testing

Backup Strategy

What to Back Up

Regular backups are critical for disaster recovery
  1. Application Files 
    /var/www/grupomecsa-cms/
  2. Configuration Files 
    /etc/apache2/sites-available/grupomecsa.conf
/etc/php/*/apache2/php.ini
  3. Supabase Data
    • Use Supabase’s built-in backup features
    • Export database regularly via SQL dumps
  4. SSL Certificates 
    /etc/letsencrypt/

Automated Backup Script

backup.sh
#!/bin/bash

# Configuration
BACKUP_DIR="/backups/grupomecsa-cms"
APP_DIR="/var/www/grupomecsa-cms"
DATE=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p "$BACKUP_DIR"

# Backup application files
tar -czf "$BACKUP_DIR/app_$DATE.tar.gz" "$APP_DIR"

# Backup Apache config
cp /etc/apache2/sites-available/grupomecsa.conf "$BACKUP_DIR/apache_$DATE.conf"

# Keep only last 30 days of backups
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +30 -delete
find "$BACKUP_DIR" -name "*.conf" -mtime +30 -delete

echo "Backup completed: $DATE"
Schedule with cron: 
# Edit crontab
sudo crontab -e

# Add daily backup at 2 AM
0 2 * * * /usr/local/bin/backup.sh

Troubleshooting

Common Issues

500 Internal Server Error

  1. Check Apache error log: 
    sudo tail -f /var/log/apache2/error.log
  2. Verify file permissions: 
    sudo chmod -R 755 /var/www/grupomecsa-cms
  3. Check PHP syntax: 
    php -l /var/www/grupomecsa-cms/index.php

Cannot Connect to Supabase

  1. Verify environment variables are set: 
    echo $SUPABASE_URL
  2. Test cURL to Supabase: 
    curl -I https://your-project.supabase.co
  3. Check firewall rules allow outbound HTTPS

SSL Certificate Errors

  1. Verify certificate is valid: 
    sudo certbot certificates
  2. Test SSL configuration: 
    openssl s_client -connect cms.grupomecsa.net:443
  3. Force certificate renewal: 
    sudo certbot renew --force-renewal

Session Issues

  1. Check session directory permissions: 
    ls -la /var/lib/php/sessions
  2. Verify session settings in php.ini: 
    session.save_path = "/var/lib/php/sessions"
session.gc_maxlifetime = 1440

Next Steps

Supabase Configuration

Set up database credentials and connection

Security Guide

Implement security best practices

Build docs developers (and LLMs) love

Get started for freeTalk to us