Installing Pico couldn’t be easier.
This guide will cover everything you need to know to get Pico up and running.
Found a typo? Something is wrong in this documentation? Just fork and edit it!
Installing Pico is as simple as uploading it to your webserver. Seriously. But while we could just leave it there, this guide will dive much deeper, covering all you’d ever need to know on the subject.
Pico’s only system requirement is a webserver with PHP 5.3.6 or greater, with the dom
and mbstring
extensions enabled.
Pick your poison! Pico has quite a few supported installation methods. Pick whichever strategy that works for you best.
Do you have shell access to your webserver? If so, try Composer!
Using Composer to install Pico provides a great user experience. Composer makes maintaining and updating your Pico install a breeze.
We’d really recommend you try it!
Simply run the following commands to install Composer, then use Composer to install Pico for you.
$ curl -sSL https://getcomposer.org/installer | php
$ php composer.phar create-project picocms/pico-composer pico
That’s it! You’ll thank us (and Composer) when it’s time to update!
(It’s as simple as running php composer.phar update
in your Pico folder.)
Not interested in an automated solution? That’s okay, you can install Pico manually too.
You can always find Pico’s Latest Release on our GitHub Page.
This pre-bundled release comes with all the dependencies necessary for Pico to run.
Simply upload the extracted files to the httpdocs
directory (e.g. /var/www/html
) of your server.
If you’re using Apache, there’s also an included .htaccess
file provided for automatic configuration. If you’re running Linux or macOS, double check that you’ve uploaded this file, as it likes to hide!
Using Pico together with Git, you can create a powerful, version controlled, and perhaps even collaborative workflow. The possibilities are endless!
To get you started, Pico has a ready to go Composer starter project you can fork right on on GitHub!
Our recommended Git workflow is:
Fork the starter project on GitHub. (If you’d rather not use GitHub, just clone it locally and manually add your new remote to the repo.)
Clone the fork to your local computer. Add whatever assets, content, plugins, and themes you’d like and commit them to the repo. Push the changes back to GitHub (or your own remote).
On your webserver, navigate to your httpdocs
folder. Simply run the following commands to install Composer, then use Composer to install Pico’s dependencies for you (substituting your own Git remote if applicable).
$ curl -sSL https://getcomposer.org/installer | php
$ git clone https://github.com/<YOUR_USERNAME>/<YOUR_REPOSITORY> pico
$ php composer.phar --working-dir=pico install
Next time you commit updates your Pico site repo, just run git pull
in this folder on your webserver to update it. You can even update Pico and its dependencies with a simple php composer.phar update
.
Our recommended development workflow is to start with Pico’s Composer starter project and use Git to pull in all of Pico’s components as “local packages” for Composer.
This is a bit more involved than any other installation method, and of course also implies you’ll be using the current development version of Pico, which is likely unstable and not ready for production use!
On your webserver, navigate to your httpdocs
directory and make a new folder for Pico (e.g. /var/www/html/pico
). Download and extract Pico’s Composer starter project into the workspace
directory:
$ curl -sSL https://github.com/picocms/pico-composer/archive/master.tar.gz | tar xz
$ mv pico-composer-master workspace
Clone the Git repositories for all Pico components (Pico’s core, Pico’s Default Theme and the PicoDeprecated
plugin) into the components
directory:
$ mkdir components
$ git clone https://github.com/picocms/Pico.git components/pico
$ git clone https://github.com/picocms/pico-theme.git components/pico-theme
$ git clone https://github.com/picocms/pico-deprecated.git components/pico-deprecated
Update the composer.json
of your development workspace (i.e. workspace/composer.json
) to instruct Composer to use the local Git repositories as replacement for the picocms/pico
(Pico’s core), picocms/pico-theme
(Pico’s Default Theme) and picocms/pico-deprecated
(the PicoDeprecated
plugin) packages.
{
"repositories": [
{
"type": "path",
"url": "../components/pico",
"options": { "symlink": true }
},
{
"type": "path",
"url": "../components/pico-theme",
"options": { "symlink": true }
},
{
"type": "path",
"url": "../components/pico-deprecated",
"options": { "symlink": true }
}
],
"require": {
"picocms/pico": "dev-master",
"picocms/pico-theme": "dev-master",
"picocms/pico-deprecated": "dev-master",
"picocms/composer-installer": "^1.0"
}
}
Download Composer and run it with the install
option:
$ curl -sSL https://getcomposer.org/installer | php
$ php composer.phar --working-dir=workspace install
That’s it! You’re now running the development version of Pico.
By the way, you can also find all of Pico’s components on Packagist.org: Pico’s core, Pico’s Default Theme, the PicoDeprecated
plugin and Pico’s Composer starter project.
Pico for Nextcloud offers a powerful combination of admin features, like those you’d find in a traditional CMS.
If you’re already running Nextcloud on your webserver, you can install Pico as a Nextcloud App and take advantage of their combined features.
Just look for Pico CMS in Nextcloud’s App Store. Hit the “Download and Enable” button and you’re done!
You can then configure Pico within Nextcloud’s settings.
You’ll find Pico’s configuration divided between Nextcloud’s “Personal” and “Administration” sections.
Administration allows you to add custom themes, plugins, and templates to Pico, as well as tweak some advanced settings.
Each Nextcloud users also has their own Personal section, where they can configure their own personal Pico website.
While Pico generally works out-of-the-box, there are a few things we can tighten up with some additional configuration.
First, we absolutely recommend that you tighten up security by restricting visitor access to Pico’s folder structure. There’s no reason we need our visitors peeking around at our config.yml
or raw content
files, among other things (even if no real harm would likely come of it).
Second, you may have noticed that out-of-the-box, Pico’s urls have an odd question mark ?
in them.
By default, Pico’s URLs look like this: http://example.com/pico/?sub/page
. It’s not horrible, but some might find this question mark a little bit “unsightly” on a production website.
That is where Pico’s optional URL Rewriting comes in. It takes the ?
out of the URL, turning http://example.com/pico/?sub/page
into http://example.com/pico/sub/page
.
How you accomplish these things varies a lot between web servers, so we’ve included instructions for most of the popular options out there.
As always, if you need some additional assistance, please refer to our “Getting Help” page.
If you’re using Apache, you’re in luck: Our included .htaccess
file will take care of the configuration for you automatically.
If you have any issues, just make sure that both mod_rewrite
and .htaccess
overrides are enabled.
If you’re getting 404 Errors
or if Pico’s still adding ?
to your URLs, you’ll want to make sure Apache is configured right. The location of Apache’s config file (or files) depends on your Linux Distribution (for example, /etc/httpd/httpd.conf
, /etc/httpd/conf/httpd.conf
, or /etc/apache2/httpd.conf
).
Your config file should have a line similar to LoadModule rewrite_module modules/mod_rewrite.so
in it enabling mod_rewrite
. Make sure this line isn’t commented out!
You’ll also want to make sure that .htaccess
overrides are allowed, by setting AllowOverride All
in either your global Apache config or in your virtual host config file (often located in a subfolder of your Apache config, such as vhosts
or sites-available
).
If you get a 500 Internal Sever Error
, try removing the last line of .htaccess
, which declares some extra Options
. For security reasons, this declaration disables Indexes
and MultiViews
to prevent visitors from being able to browse your raw files. However, if your web host has configured Apache to not allow option setting, this line will cause it to throw a 500 Error
.
In rare cases where you have URL Rewriting working, but Pico is still adding ?
to your URLs, you can manually override Pico’s behavior by setting rewrite_url: true
in your config.yml
.
If you’re using Nginx, configuration is a little more involved than Apache. We have an entire Nginx Guide to help walk you through the process.
The following configuration excerpt is somewhat of a “tl;dr” version of a very extensive topic. It should provide the bare minimum configuration you need for Pico. If you have any trouble, please read all of the aforementioned Nginx Guide. For additional assistance, please refer to our “Getting Help” page.
location ~ ^/pico/((config|content|vendor|composer\.(json|lock|phar))(/|$)|(.+/)?\.(?!well-known(/|$))) {
try_files /pico/index.php$is_args$args =404;
}
location /pico/ {
index index.php;
try_files $uri $uri/ /pico/index.php$is_args$args;
}
The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess
for our Apache users.
The second block provides the URL rewriting scheme.
You’ll need to adjust the path of /pico
in this example to match your own Pico installation directory.
Additionally, you’ll need to either add fastcgi_param PICO_URL_REWRITING 1;
to your PHP location block or specify rewrite_url: true
in your config.yml
.
Pico runs great on Lighttpd. The following config should provide the bare minimum configuration you need for Pico.
url.rewrite-once = (
"^/pico/(config|content|vendor|composer\.(json|lock|phar))(/|$)" => "/pico/index.php",
"^/pico/(.+/)?\.(?!well-known(/|$))" => "/pico/index.php"
)
url.rewrite-if-not-file = (
"^/pico(/|$)" => "/pico/index.php"
)
The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess
for our Apache users.
The second block provides the URL rewriting scheme.
You’ll need to adjust the path of /pico
in this example to match your own Pico installation directory.
Additionally, you’ll need to specify rewrite_url: true
in your config.yml
.
Pico runs great on Caddy. The automatic SSL capabilities of Caddy make it a great choice for your Pico site. The following config should provide the bare minimum configuration you need for Pico.
# Caddy Config go here. ;P
The first block of this example is for denying access to Pico’s internal files. This is recommend for security reasons, and is included in .htaccess
for our Apache users.
The second block provides the URL rewriting scheme.
You’ll need to adjust the path of /pico
in this example to match your own Pico installation directory.
Additionally, you’ll need to specify rewrite_url: true
in your config.yml
.
Pico is ready to go, right out of the box. However, unless you want your website to be called “Pico”, there’s at least one configuration option you’ll want to set.
Configuring Pico is easy. Start by creating a new file at config/config.yml
.
Next, take a look at Pico’s included config.yml.template
file for a brief overview of the available settings and their defaults. You’ll find this template is pretty well documented inline, so we won’t go into detail about all the options here.
To override a setting, simply copy that line from config.yml.template
to your new config.yml
and change the value as desired.
That’s it.
Pico is able to load multiple config files, giving you extra flexibility.
After loading config.yml
, Pico will go through the rest of the config/
folder and load all .yml
files, in alphabetical order.
Be mindful of this when naming your files though. Once a config option has been set, it can’t be changed in a later file!
Since YAML files are plain text files, you should configure your webserver to deny access to the config/
folder. You wouldn’t want your website visitors to be able to read them!
It’s not necessarily a security issue, as nothing confidential is stored in config.yml
. However, it’s possible that a third party plugin could decide to store sensitive information here.
Overall, it’s just a best practice to keep the config/
folder private. See the Web Server Configuration section above for instructions specific to your choice of software.
So, we’ve shown you everything you need to setup Pico on your server. Now it’s time for the fun stuff. In the next guide, you’ll learn how to create some content. Click through to proceed to the next article.