Please rate how useful you found this document: 
Average: 2.3 (3 votes)


Stack N225 provides detailed information about the database and application server configurations needed to correctly install the following versions of ProcessMaker on the platform CentOS/RHEL 7.x under NGINX web server.

ProcessMaker 3.3.x ProcessMaker 3.4.x

Stack N225 is supported by ProcessMaker, meaning that it has been tested by the Quality Control team.


Platform Database PHP
CentOS/RHEL 7.x (Latest version) MySQL 5.6.x 7.1.x
Web Server Filesystem Architecture
NGINX 1.x.x (Latest version) ext4 64-bit


The stack procedure and references described below are used by ProcessMaker in its cloud environment and it works appropriately in cloud configurations. If this stack is implemented on-premises, ProcessMaker Inc. does not guarantee the stack functions correctly.


Assuming you already have a CentOS 7.2.x Core or Desktop installed and has the proper permissions by typing the comand sudo su and entered the administrator password you can execute the following commands in order to have the stack ready to install ProcessMaker.

Step 1: Update your Server

Make sure that your server is in the latest version.

yum -y update

Warning: Depending on your CentOS version, the server update should take a long time to complete the update.

Step 2: Remove MariaDB

By default CentOS 7.2 comes with some modules of maria DB installed. So we need to uninstall them.

yum -y remove mariadb*

Step 3: Install MySQL 5.6.XX

Warning: ProcessMaker is not compatible with MySQL STRICT mode, which is enabled by default as of MySQL 5.6.6. Read the Turning Off MySQL STRICT Mode section to learn how to disable it.

In order to install MySQL 5.6.x, use the following steps:

1. Run the command lines to download the repositories:

yum install -y yum-utils yum localinstall -y

2. Use these command lines to configure the repository and install MySQL 5.6.x:

yum-config-manager --disable mysql57-community yum-config-manager --enable mysql56-community yum install -y mysql-community-server

3. Start the MySQL service and set it to start automatically at boot.

service mysql start chkconfig mysql on

4. Make sure the mysql service is running by checking its status with the following command:

systemctl status mysql

The status of the mysql service should be "active (running)":

MySQL Configuration

Before using MySQL, use the mysql_secure_installation command to set up a secure database environment. Log in as the root user and issue the following command:


Note: In some cases the password is already defined so you need to check which is before you run the mysql_secure_installation and change it, to do this use the following command: cat /root/.mysql_secret

Then follow the wizard's instructions to secure MySQL like follows:

1. Enter the root password.

2. Change the root password.

Warning: ProcessMaker does NOT support special characters (such as: @ # $ % ^ & ( /) in the root password. For more information, please read this section.

3. Confirm to remove anonymous users.

4. Confirm to disable the root login.

In the case MySQL is in other server, you must create a new user and give this user the permissions to access.

5. Confirm to remove the test database.

6. Reload privilege tables.

The MySQL installation is now secure.

7. Restart the mysql service.

service mysql restart

Step 4: Install NGINX

To install NGINX follow these steps:

1. Add the NGINX repository file.

nano /etc/yum.repos.d/nginx.repo

2. Add the next lines in the repository file.

name=nginx repo
#####rhel/6 should be changed to rhel/7 for RHEL/CentOS 7

3. Install NGINX and start the service.

yum clean all && yum -y install nginx
service nginx start
chkconfig nginx on

Step 5: Install PHP 7

Add the EPEL (CentOS 7.x) repositories or RedHat ones to install php. In this guide we will use EPEL, follow these steps:

1. Add the repositories.

rpm -Uvh
rpm -Uvh

2. Install PHP and its modules.

yum -y install php71w php71w-cli php71w-opcache php71w-fpm php71w-gd php71w-mysqlnd php71w-soap php71w-mbstring php71w-ldap php71w-mcrypt php71w-xml

Start php-fpm

Execute the following steps to start php-fpm:

1. Start the service.

service php-fpm start
chkconfig php-fpm on

2. Set the standard ProcessMaker configurations.

sed -i '/short_open_tag = Off/c\short_open_tag = On' /etc/php.ini
sed -i '/post_max_size = 8M/c\post_max_size = 24M' /etc/php.ini
sed -i '/upload_max_filesize = 2M/c\upload_max_filesize = 24M' /etc/php.ini
sed -i '/;date.timezone =/c\date.timezone = America/New_York' /etc/php.ini

Install and Configure OpCache

Execute the following steps:

1. Set OpCache pre-configurations.

sed -i '/expose_php = On/c\expose_php = Off' /etc/php.ini

2. Set OpCache configurations.

sed -i '/;opcache.enable_cli=0/c\opcache.enable_cli=1' /etc/php.d/opcache.ini

sed -i '/opcache.max_accelerated_files=4000/c\opcache.max_accelerated_files=10000' /etc/php.d/opcache.ini

sed -i '/;opcache.max_wasted_percentage=5/c\opcache.max_wasted_percentage=5' /etc/php.d/opcache.ini

sed -i '/;opcache.use_cwd=1/c\opcache.use_cwd=1' /etc/php.d/opcache.ini

sed -i '/;opcache.validate_timestamps=1/c\opcache.validate_timestamps=1' /etc/php.d/opcache.ini

sed -i '/;opcache.fast_shutdown=0/c\opcache.fast_shutdown=1' /etc/php.d/opcache.ini

Configure php-fpm File

To configure php-fpm follow these steps:

1. Open the php-fpm configuration file.

nano /etc/php-fpm.d/processmaker.conf

2. Include the following to the configuration file:

user = nginx
group = nginx
listen = /var/run/php-fpm/processmaker.sock
listen.mode = 0664
listen.owner = nginx = nginx
pm = dynamic
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 50
pm.max_requests = 500
php_admin_value[error_log] = /var/log/php-fpm/processmaker-error.log
php_admin_flag[log_errors] = on

3. Move the Nginx Configuration to work with ProcessMaker.

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bk

4. Create a new file.

nano /etc/nginx/nginx.conf

5. The Nginx server configuration file needs to have:

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log warn;

pid /var/run/;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
log_format combined_ssl '$remote_addr - $remote_user [$time_local] '
'$ssl_protocol/$ssl_cipher '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
keepalive_requests 100;
types_hash_max_size 2048;

#Enable Compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/xml application/xhtml+xml application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/ font/ttf font/eot font/otf font/opentype;

include /etc/nginx/conf.d/*.conf;

#Comment out ServerTokens OS
server_tokens off;

#Prevent ClickJacking Attacks
add_header X-Frame-Options SAMEORIGIN;

#Load Balancer/Reverse Proxy Header
real_ip_header X-Forwarded-For;

6. Restart NGINX.

service nginx restart

Step 8: SELinux Configurations

Regardless of which web server application your ProcessMaker stack uses, if ProcessMaker is installed in the /opt directory, it is necessary to either configure SELinux to allow the web server to read/write the directory where ProcessMaker is installed. Alternatively, you can disable SELinux temporarily or permanently. Refer to the sections below that describe how to perform each of these options.

Configuring SELinux

To configure SELinux so the web server can read/write to the /opt/processmaker directory, follow these steps:

1. Log in as the root user and issue the following commands from the terminal:

semanage fcontext -a -t httpd_sys_content_rw_t '/opt/processmaker(/.*)?' restorecon -R -v /opt/processmaker

2. Configure the web server to send emails:

setsebool -P httpd_can_sendmail 1

3. To run ProcessMaker on any port other than the default ports of 80, 443, 488, 8008, 8009 and 8443, SELinux needs to be configured to allow another port to be used. For example, to use port 8080:

semanage port -a -t http_port_t -p tcp 8080

Disabling SELinux

Disabling SELinux causes so many problems that it is often easier to disable it. Follow these steps to disable SELinux:

1. Run the following commands to disable SELinux:

echo "SELINUX=disabled" > /etc/selinux/config echo "SELINUXTYPE=targeted" >> /etc/selinux/config

2. Do NOT forget to restart the server to permanently disable SELinux.

Temporarily Disabling SELinux

To temporarily disable SELinux to debug a problem, log in as the root user and issue the command:

setenforce 0

The changes will take place immediately.

If need to go back only need to run the following command or reboot the server:

setenforce 1

Step 9: Install Firewall and Open ProcessMaker's Port

By default, CentOS 7 can not work without firewall, therefore it is recommended to install Firewalld so it can be easily configured. Firewalld is a dynamic daemon that manages a firewall with support for networks zones. To install it run the following steps:

1. Install Firewalld.

yum -y install firewalld

2. Set the service to start automatically.

service firewalld start chkconfig firewalld on

3. Open the port where ProcessMaker will run, which is port 80 by default or port 443. To use a port other than port 80 or 443, it is necessary to change the port number using the following command.

firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload

Step 10: Install and Configure Supervisor

Available Version: As of ProcessMaker 3.4.0.

Follow the next steps to install and configure a Supervisor:

  1. Open a terminal and run as a supervisor user by writing the following.

    su or sudo -i
  2. Install and enable the Supervisor.

    yum -y install supervisor systemctl start supervisord systemctl enable supervisord
  3. Create the laravel-worker-workflow.ini file in the /etc/supervisord.d/ folder.

    nano /etc/supervisord.d/laravel-worker-workflow.ini
  4. Add the following lines, and save the file.

    [program:laravel-worker-workflow] process_name=%(program_name)s_%(process_num)02d directory=/opt/processmaker/ command=/opt/processmaker/processmaker artisan queue:work --workspace=workflow --sleep=3 --tries=3 --daemon autostart=true autorestart=true user=nginx numprocs=8 redirect_stderr=true stdout_logfile=/opt/processmaker/worker-workflow.log
  5. Enable the laravel-worker-workflow configuration.

    supervisorctl reread supervisorctl update supervisorctl start laravel-worker-workflow:*

The queue work is ready to run.

Take into account:

  • Depending on the distribution, the directory route must maintain order. This will specify the processmaker workspace.
  • Verify that the configured log file has permissions in the stdout_logfile route. It is recommended that the log file (stdout_logfile) be located within the shared folder of processmaker: /shared/worker.log. This may not be advisable if your environment has many workspaces that have a large workload, your log would be lost in time.
  • The parameters of the command route must be valid according to the workload. For more information consult the Laravel documentation.
  • Each workspace must have a similar configuration, use the [program: {workspace}] route.
  • For {workspace} try to use a format that gives enough information to associate with the installation. For example, [processmaker-workspace instance-domain];. This will allow you to have readability at the supervisor's exit.
  • Try using different configuration files for different processmaker environments, with a suitable name for it, you can take the example from the previous point.
  • If a failure is present, launch an alert by an email to the administrator.
  • If the supervisor run correctly and depending on the distribution of his operating system; You can see the 8 processes configured in the numprocs directive.
  • Important: Laravel Queue makes ProcessMaker works heavily. An erroneous configuration can have a considerable impact on performance. Then, be careful and analyze each option referring to the documentation before applying it.

Step 11: Reboot the Server

After all these installations the server needs to be rebooted.

Configuration and ProcessMaker Installation

To learn how to install and configure ProcessMaker, read Configuration and ProcessMaker Installation.