Installing and Configuring Pico

Installing Pico couldn’t be easier.
This guide will cover everything you need to know to get Pico up and running.

Found a typo? Something is wrong in this documentation? Just fork and edit it!

Installing Pico is as simple as uploading it to your webserver. Seriously. But while we could just leave it there, this guide will dive much deeper, covering all you’d ever need to know on the subject.

Pico’s only system requirement is a webserver with PHP 5.3.6 or greater, with the dom and mbstring extensions enabled.

Incredible Install Options

Pick your poison! Pico has quite a few supported installation methods. Pick whichever strategy that works for you best.

Composer

Do you have shell access to your webserver? If so, try Composer!

Using Composer to install Pico provides a great user experience. Composer makes maintaining and updating your Pico install a breeze.

We’d really recommend you try it!

Simply run the following commands to install Composer, then use Composer to install Pico for you.

$ curl -sSL https://getcomposer.org/installer | php
$ php composer.phar create-project picocms/pico-composer pico

That’s it! You’ll thank us (and Composer) when it’s time to update!

(It’s as simple as running php composer.phar update in your Pico folder.)

Pre-Bundled Release

Not interested in an automated solution? That’s okay, you can install Pico manually too.

Download Pico

You can always find Pico’s Latest Release on our GitHub Page.

This pre-bundled release comes with all the dependencies necessary for Pico to run.

Simply upload the extracted files to the httpdocs directory (e.g. /var/www/html) of your server.

If you’re using Apache, there’s also an included .htaccess file provided for automatic configuration. If you’re running Linux or macOS, double check that you’ve uploaded this file, as it likes to hide!

Git

Using Pico together with Git, you can create a powerful, version controlled, and perhaps even collaborative workflow. The possibilities are endless!

To get you started, Pico has a ready to go Composer starter project you can fork right on on GitHub!

Our recommended Git workflow is:

Fork the starter project on GitHub. (If you’d rather not use GitHub, just clone it locally and manually add your new remote to the repo.)
Clone the fork to your local computer. Add whatever assets, content, plugins, and themes you’d like and commit them to the repo. Push the changes back to GitHub (or your own remote).
On your webserver, navigate to your httpdocs folder. Simply run the following commands to install Composer, then use Composer to install Pico’s dependencies for you (substituting your own Git remote if applicable).
```
 $ curl -sSL https://getcomposer.org/installer | php
 $ git clone https://github.com/<YOUR_USERNAME>/<YOUR_REPOSITORY> pico
 $ php composer.phar --working-dir=pico install
```
Next time you commit updates your Pico site repo, just run git pull in this folder on your webserver to update it. You can even update Pico and its dependencies with a simple php composer.phar update.

Git (Development)

Our recommended development workflow is to start with Pico’s Composer starter project and use Git to pull in all of Pico’s components as “local packages” for Composer.

This is a bit more involved than any other installation method, and of course also implies you’ll be using the current development version of Pico, which is likely unstable and not ready for production use!

On your webserver, navigate to your httpdocs directory and make a new folder for Pico (e.g. /var/www/html/pico). Download and extract Pico’s Composer starter project into the workspace directory:
```
 $ curl -sSL https://github.com/picocms/pico-composer/archive/master.tar.gz | tar xz
 $ mv pico-composer-master workspace
```

Clone the Git repositories for all Pico components (Pico’s core, Pico’s Default Theme and the PicoDeprecated plugin) into the components directory:

 $ mkdir components
 $ git clone https://github.com/picocms/Pico.git components/pico
 $ git clone https://github.com/picocms/pico-theme.git components/pico-theme
 $ git clone https://github.com/picocms/pico-deprecated.git components/pico-deprecated

Update the composer.json of your development workspace (i.e. workspace/composer.json) to instruct Composer to use the local Git repositories as replacement for the picocms/pico (Pico’s core), picocms/pico-theme (Pico’s Default Theme) and picocms/pico-deprecated (the PicoDeprecated plugin) packages.

 {
     "repositories": [
         {
             "type": "path",
             "url": "../components/pico",
             "options": { "symlink": true }
         },
         {
             "type": "path",
             "url": "../components/pico-theme",
             "options": { "symlink": true }
         },
         {
             "type": "path",
             "url": "../components/pico-deprecated",
             "options": { "symlink": true }
         }
     ],
     "require": {
         "picocms/pico": "dev-master",
         "picocms/pico-theme": "dev-master",
         "picocms/pico-deprecated": "dev-master",
         "picocms/composer-installer": "^1.0"
     }
 }

Download Composer and run it with the install option:

 $ curl -sSL https://getcomposer.org/installer | php
 $ php composer.phar --working-dir=workspace install

That’s it! You’re now running the development version of Pico.

By the way, you can also find all of Pico’s components on Packagist.org: Pico’s core, Pico’s Default Theme, the PicoDeprecated plugin and Pico’s Composer starter project.

Nextcloud

Pico for Nextcloud offers a powerful combination of admin features, like those you’d find in a traditional CMS.

If you’re already running Nextcloud on your webserver, you can install Pico as a Nextcloud App and take advantage of their combined features.

Just look for Pico CMS in Nextcloud’s App Store. Hit the “Download and Enable” button and you’re done!

You can then configure Pico within Nextcloud’s settings.

You’ll find Pico’s configuration divided between Nextcloud’s “Personal” and “Administration” sections.

Administration allows you to add custom themes, plugins, and templates to Pico, as well as tweak some advanced settings.

Each Nextcloud users also has their own Personal section, where they can configure their own personal Pico website.

Web Server Configuration

While Pico generally works out-of-the-box, there are a few things we can tighten up with some additional configuration.

First, we absolutely recommend that you tighten up security by restricting visitor access to Pico’s folder structure. There’s no reason we need our visitors peeking around at our config.yml or raw content files, among other things (even if no real harm would likely come of it).

Second, you may have noticed that out-of-the-box, Pico’s urls have an odd question mark ? in them.

By default, Pico’s URLs look like this: http://example.com/pico/?sub/page. It’s not horrible, but some might find this question mark a little bit “unsightly” on a production website.

That is where Pico’s optional URL Rewriting comes in. It takes the ? out of the URL, turning http://example.com/pico/?sub/page into http://example.com/pico/sub/page.

Server Specific Instructions

How you accomplish these things varies a lot between web servers, so we’ve included instructions for most of the popular options out there.

As always, if you need some additional assistance, please refer to our “Getting Help” page.

Apache

If you’re using Apache, you’re in luck: Our included .htaccess file will take care of the configuration for you automatically.

If you have any issues, just make sure that both mod_rewrite and .htaccess overrides are enabled.

Troubleshooting (Tentative heading)

If you’re getting 404 Errors or if Pico’s still adding ? to your URLs, you’ll want to make sure Apache is configured right. The location of Apache’s config file (or files) depends on your Linux Distribution (for example, /etc/httpd/httpd.conf, /etc/httpd/conf/httpd.conf, or /etc/apache2/httpd.conf).

Your config file should have a line similar to LoadModule rewrite_module modules/mod_rewrite.so in it enabling mod_rewrite. Make sure this line isn’t commented out!

You’ll also want to make sure that .htaccess overrides are allowed, by setting AllowOverride All in either your global Apache config or in your virtual host config file (often located in a subfolder of your Apache config, such as vhosts or sites-available).

If you get a 500 Internal Sever Error, try removing the last line of .htaccess, which declares some extra Options. For security reasons, this declaration disables Indexes and MultiViews to prevent visitors from being able to browse your raw files. However, if your web host has configured Apache to not allow option setting, this line will cause it to throw a 500 Error.

In rare cases where you have URL Rewriting working, but Pico is still adding ? to your URLs, you can manually override Pico’s behavior by setting rewrite_url: true in your config.yml.

Nginx Learn more…

If you’re using Nginx, configuration is a little more involved than Apache. We have an entire Nginx Guide to help walk you through the process.

The following configuration excerpt is somewhat of a “tl;dr” version of a very extensive topic. It should provide the bare minimum configuration you need for Pico. If you have any trouble, please read all of the aforementioned Nginx Guide. For additional assistance, please refer to our “Getting Help” page.

location ~ ^/pico/((config|content|vendor|composer\.(json|lock|phar))(/|$)|(.+/)?\.(?!well-known(/|$))) {
    try_files /pico/index.php$is_args$args =404;
}

location /pico/ {
    index index.php;
    try_files $uri $uri/ /pico/index.php$is_args$args;
}

The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess for our Apache users.

The second block provides the URL rewriting scheme.

You’ll need to adjust the path of /pico in this example to match your own Pico installation directory.

Additionally, you’ll need to either add fastcgi_param PICO_URL_REWRITING 1; to your PHP location block or specify rewrite_url: true in your config.yml.

Lighttpd

Pico runs great on Lighttpd. The following config should provide the bare minimum configuration you need for Pico.

url.rewrite-once = (
    "^/pico/(config|content|vendor|composer\.(json|lock|phar))(/|$)" => "/pico/index.php",
    "^/pico/(.+/)?\.(?!well-known(/|$))" => "/pico/index.php"
)

url.rewrite-if-not-file = (
    "^/pico(/|$)" => "/pico/index.php"
)

The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess for our Apache users.

The second block provides the URL rewriting scheme.

You’ll need to adjust the path of /pico in this example to match your own Pico installation directory.

Additionally, you’ll need to specify rewrite_url: true in your config.yml.

Caddy

Pico runs great on Caddy. The automatic SSL capabilities of Caddy make it a great choice for your Pico site. The following config should provide the bare minimum configuration you need for Pico.

# Caddy Config go here. ;P

The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess for our Apache users.

The second block provides the URL rewriting scheme.

You’ll need to adjust the path of /pico in this example to match your own Pico installation directory.

Additionally, you’ll need to specify rewrite_url: true in your config.yml.

Configuring Pico

Pico is ready to go, right out of the box. However, unless you want your website to be called “Pico”, there’s at least one configuration option you’ll want to set.

Configuring Pico is easy. Start by creating a new file at config/config.yml.

Next, take a look at Pico’s included config.yml.template file for a brief overview of the available settings and their defaults. You’ll find this template is pretty well documented inline, so we won’t go into detail about all the options here.

To override a setting, simply copy that line from config.yml.template to your new config.yml and change the value as desired.

That’s it.

Flexible configuration (Modular configuration?)

Pico is able to load multiple config files, giving you extra flexibility.

After loading config.yml, Pico will go through the rest of the config/ folder and load all .yml files, in alphabetical order.

Be mindful of this when naming your files though. Once a config option has been set, it can’t be changed in a later file!

Security

Since YAML files are plain text files, you should configure your webserver to deny access to the config/ folder. You wouldn’t want your website visitors to be able to read them!

It’s not necessarily a security issue, as nothing confidential is stored in config.yml. However, it’s possible that a third party plugin could decide to store sensitive information here.

Overall, it’s just a best practice to keep the config/ folder private. See the Web Server Configuration section above for instructions specific to your choice of software.

Up Next…

So, we’ve shown you everything you need to setup Pico on your server. Now it’s time for the fun stuff. In the next guide, you’ll learn how to create some content. Click through to proceed to the next article.

Creating Content