This is an old revision of the document!
- selfhostedwp
- Jonathan Haack
- Haack's Networking
- netcmnd@jonathanhaack.com
selfhostedwp
This tutorial is for users of Debian GNU/Linux using the LAMP stack, who are self-hosting two or more websites, have already set up TLS, directory authentication, etc., and are ready to build a self-hosted WordPress (WP) site for one of those virtual hosts. We need to begin by doing some ground work for the content management system WP gives us, by setting up an sftp server so we can add plug-ins, etc.
sudo apt install proftpd ftp ftp-ssl <sudo apt install ftpd-ssl> (not sure if this is needed any longer) cd /etc/proftpd sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem sudo nano /etc/proftpd/proftpd.conf <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd-tls.log TLSProtocol TLSv1 # Are clients required to use FTP over TLS when talking to this server? TLSRequired off TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem # Authenticate clients that want to use FTP over TLS? TLSVerifyClient off </IfModule>
You can technically put this snippet anywhere, but its proper location is under “#Include /etc/proftpd/tls.conf” in the configuration, a space designated for small TLS configurations. Now, restart the service:
sudo systemctl restart proftpd.service
I do not change the TLSRequired setting above, because my apache configuration already redirects it, and having two can cause an HSTS error. Depending on your configuration, you might toggle that parameter above to “on.” Okay, now to mysql-server set up and making index.php default.
sudo apt install mysql-server php7.0 phpmyadmin apache2-utils php libapache2-mod-php php-mcrypt php-mysql
If this is the first time you installed mysql-server, then you should run:
sudo mysql_secure_installation
Once that is done, let's prioritize the web server's interpretation of the index.php file by moving it to the first position as follows. First, open the config:
sudo nano /etc/apache2/mods-enabled/dir.conf
Now, you should have a similar config to the one below, only you need to move index.php to the front as depicted below:
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
Ok, let's restart the service for mysql-server:
sudo systemctl restart mysqld.service
Secure phpmyadmin with user phpmyadmin and .htaccess file .phpmyadmin for security.
sudo htpasswd -c /etc/apache2/.phpmyadmin phpmyadmin sudo nano /usr/share/phpmyadmin/.htaccess AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/apache2/.phpmyadmin Require valid-user sudo systemctl restart apache2.service
Now, the MySQL - more here than neeeded in case of trouble:
sudo mysql -u root -p mysql> CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; mysql> GRANT ALL ON databasename.* TO 'databaseuser'@'localhost' IDENTIFIED BY 'passwordhere'; mysql> FLUSH PRIVILEGES; mysql> EXIT;
Trust me, do not use fancy database names and passwords. Use 'wordpress' and 'wordpressuser' so as to distinguish from your other databases you may have for other purposes. For example, I have a 'moodle' database, and a 'moodleuser.' If you are setting up more than one WP site, then perhaps 'wpdomain' and 'wpdomainuser.' The point is that you need consistent naming because if you use something obtuse and then need to fix it a year down the road, these naming conventions will help! Ok, time to install php, configure .htaccess to allow overrides, and then enable some apache modules:
sudo apt update sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc sudo nano /etc/apache2/apache2.conf
You need to search for “AllowOverride” and then change the 'None' paramter to 'All.' Only change this for the root of your webserver, and possibly any other mount points that are linked to on the website (if required). But do not change this parameter on the “<Directory />” field - only the server roots or server mount points that are in use and require .htaccess files for various reasons, i.e., WP parameters, directory authentication, or what have you. You may have more or less lines in your config, but anyway, make sure that part looks like this:
<Directory /var/www/html/>
other stuff
AllowOverride __All__
other stuff
other stuff
</Directory>
Now, restart the webserver service, enable the rewrite mod, and check your config.
sudo systemctl restart apache2 sudo a2enmod rewrite sudo apache2ctl configtest
If you have not set the fully qualified domain name, you may get an error - that can safely be ignored unless you desire it.
cd ~/Downloads mkdir wpdownload cd wpdownload curl -O https://wordpress.org/latest.tar.gz tar xzvf latest.tar.gz touch ~/Downloads/wpdownload/wordpress/.htaccess sudo chmod 660 ~/Downloads/wpdownload/wordpress/.htaccess cp ~/Downloads/wpdownload/wordpress/wp-config-sample.php ~/Downloads/wpdownload/wordpress/wp-config.php mkdir ~/Downloads/wpdownload/wordpress/wp-content/upgrade
Okay, we will need the files and directories I created once we get it running. Now, let's move the wordpress directory to the proper location for self-hosting.
sudo cp -ar ~/Downloads/wpdownload/wordpress/* /var/www/site1.com/public_html/ sudo cp -ar ~/Downloads/wpdownload/wordpress/.htaccess /var/www/site1.com/public_html/
Now, let's set up permissions:
sudo chown -R username:www-data /var/www/site1.com/public_html
sudo find /var/www/site1.com/public_html -type d -exec chmod g+s {} \;
sudo chmod g+w /var/www/site1.com/public_html/wp-content
sudo chmod -R g+w /var/www/site1.com/public_html/wp-content/themes
sudo chmod -R g+w /var/www/site1.com/public_html/wp-content/plugins
Ok, time to grab 'secure values' from WP.com and then set up wp-config.php for the installation:
curl -s https://api.wordpress.org/secret-key/1.1/salt/ sudo nano /var/www/site1.com/public_html/wp-config.php <swap the defined values that were obtained from curl with the empty fields in the wp-config.php file>
Enter user name and password for database in wp-config.php:
sudo nano /var/www/site1.com/public_html/wp-config.php
It looks something like this:
/** The name of the database for WordPress */
define('DB_NAME', 'database1name');
/** MySQL database username */
define('DB_USER', 'databaseuser');
/** MySQL database password */
define('DB_PASSWORD', 'passwdhere');
Once that is done, restart the service:
sudo systemctl restart apache2
Plug-ins and other WP services can mess with the .htaccess file often, so use this default configuration below when that happens; more templates can be found here: WP Codex
sudo nano /var/www/site1.com/public_html/.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. Follow the instructions it provides, especially if you do not have a publicly writeable wp-config.php file (which is a good thing).
localhost
Add Joomla, symlinks, directory permissions for low hanging fruit on WP,
Addenda on web roots outside of /var/www/
This tutorial is a designated “Invariant Section” of the “Technotronic” section of Haack's Wiki as described on the Start Page.
— oemb1905 2019/01/13 19:20
