Haack's Wiki

User Tools

Site Tools

Trace:
computing:selfhostedwp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:selfhostedwp [2023/06/29 04:58] oemb1905computing:selfhostedwp [2023/12/16 20:33] (current) oemb1905
Line 13: Line 13:
 This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survival]]. Alright, let's install our LAMP stack and required/optional php modules. //Make sure to review what your instance requires and don't install or configure modules you don't need.// This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survival]]. Alright, let's install our LAMP stack and required/optional php modules. //Make sure to review what your instance requires and don't install or configure modules you don't need.//
  
-  sudo apt install apache2 mariadb-server php8.php-common php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-imagick php-xml php-xmlrpc php-soap php-opcache php-apcu php-bcmath memcached wget unzip+  sudo apt install apache2 mariadb-server php8.php-common php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-imagick php-xml php-xmlrpc php-soap php-opcache php-apcu php-bcmath memcached wget unzip
      
-Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need as follows:+Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need. Some packages are only available as ''php-xx'' so run the above command first and then the command below when those situations arise:
      
-  sudo apt-get install php8.2-{common,cgi,cli,zip,mysql,mbstring,intl,fpm,curl,gd,imagick,xml,xmlrpc,gpm,soap,opcache,apcu,bcmath}+  sudo apt-get install php8.2-{common,cgi,cli,zip,mysql,mbstring,intl,fpm,curl,gd,imagick,xml,xmlrpc,soap,opcache,apcu,bcmath}
      
 Apache2 will set up a 000-default.conf automatically and your host should now resolve. Be sure to set up TLS with certbot. Here's my preferred method: Apache2 will set up a 000-default.conf automatically and your host should now resolve. Be sure to set up TLS with certbot. Here's my preferred method:
  
   sudo apt install certbot letsencrypt python3-certbot-apache   sudo apt install certbot letsencrypt python3-certbot-apache
-  sudo certbot --authenticator standalone --installer apache -d wordpress.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"+  sudo certbot --authenticator standalone --installer apache -d site1.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
   crontab -e   crontab -e
   <30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log>   <30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log>
Line 28: Line 28:
 Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler and your apache2 multi-processing module (mpm). There's extensive debate on this which you can read up on [[https://www.datadoghq.com/blog/monitoring-apache-web-server-performance/#prefork-mpm|here]]. In this tutorial, I've chosen not to use mpm_prefork and libapache2-mod-php. Instead I am using mpm_event and php-fpm. This is not necessary for many smaller instances or self-hosted scenarios. If you are new to self-hosting, simply run ''sudo apt install libapache2-mod-php8.x'' and remove the php-fpm and mpm_event steps below. Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler and your apache2 multi-processing module (mpm). There's extensive debate on this which you can read up on [[https://www.datadoghq.com/blog/monitoring-apache-web-server-performance/#prefork-mpm|here]]. In this tutorial, I've chosen not to use mpm_prefork and libapache2-mod-php. Instead I am using mpm_event and php-fpm. This is not necessary for many smaller instances or self-hosted scenarios. If you are new to self-hosting, simply run ''sudo apt install libapache2-mod-php8.x'' and remove the php-fpm and mpm_event steps below.
      
-  sudo apt remove libapache2-mod-php --purge+  sudo apt remove libapache2-mod-php--purge 
 +  sudo apt install php8.3-fpm php8.3-cgi
   sudo a2enmod ssl   sudo a2enmod ssl
   sudo a2enmod headers   sudo a2enmod headers
   sudo a2enmod cache   sudo a2enmod cache
   sudo a2enmod rewrite   sudo a2enmod rewrite
-  sudo a2enmod setenvif +  sudo a2enmod setenvif 
 +  sudo a2dismod php8.1
   sudo a2dismod php8.2   sudo a2dismod php8.2
 +  sudo a2dismod php8.3
   sudo a2dismod mpm_prefork   sudo a2dismod mpm_prefork
   sudo a2enmod mpm_event   sudo a2enmod mpm_event
   sudo a2enmod proxy   sudo a2enmod proxy
   sudo a2enmod proxy_fcgi   sudo a2enmod proxy_fcgi
-  sudo a2enconf php8.2-fpm +  sudo a2enconf php8.3-fpm 
-  sudo a2enconf php8.2-cgi+  sudo a2enconf php8.3-cgi
   sudo apache2ctl configtest     sudo apache2ctl configtest  
   sudo systemctl restart apache2   sudo systemctl restart apache2
-  sudo systemctl restart php8.2-fpm+  sudo systemctl restart php8.3-fpm
  
 There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, however, this will disable the use of .htaccess in your WordPress root which is not ideal. The next common way which I prefer and use here, is to add a FilesMatch condition to your virtual host as follows. Within the <Include> and </Include> portion of your default-ssl.conf virtual host, add something like: There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, however, this will disable the use of .htaccess in your WordPress root which is not ideal. The next common way which I prefer and use here, is to add a FilesMatch condition to your virtual host as follows. Within the <Include> and </Include> portion of your default-ssl.conf virtual host, add something like:
Line 51: Line 54:
   </FilesMatch>   </FilesMatch>
  
-That takes care of configuring php-fpm and mpm_event. Before proceeding, navigate to your tld.domain in a web browser and make sure that your site resolves properly. If it does not, then you should debug your setup. To do that, there's three tools that can help: phpmyadmin, phpinfo page, and configuration checking. Since you might optionally desire phpadmin later, let'set that up first.+That takes care of configuring php-fpm and mpm_event. Before proceeding, navigate to your tld.domain in a web browser and make sure that your site resolves properly. If it does not, then you should debug your setup. To do that, there's three tools that can help: phpmyadmin, phpinfo page, and configuration checking. If your page does not even resolve, your first recourse should be to check the php handler, multi-processing modules, and your apache config files: 
 + 
 +  sudo apachectl -M | grep 'mpm' 
 +  sudo apachectl -M | grep 'proxy' 
 +  sudo apache2ctl configtest 
 + 
 +The output of mpm should show mpm_event and the output of proxy grep should show proxy_module and proxy_fcgi_module in use. If not, trace back over the steps above and see what went wrong. As for configtest, it should either tell you what's wrong or return "Syntax OK". If the output of the above commands is incorrect and/or you simply want a graphical way to check your handler and mult-processing module, then you can either create a phpinfo page or install phpadmin. There are many additional benefits to using phpmyadminso let'review how to install that first:
  
   sudo apt install phpmyadmin   sudo apt install phpmyadmin
Line 61: Line 70:
   <Require valid-user>   <Require valid-user>
  
-If you don't need phpmyadmin, you can optionally make a phpinfo page instead:+If you don't need something as heavy as phpmyadmin, you can optionally create a phpinfo page instead:
  
   sudo nano /var/www/wordpress.com/public_html/info.php   sudo nano /var/www/wordpress.com/public_html/info.php
Line 71: Line 80:
   <Require valid-user>   <Require valid-user>
  
-Now, to make sure that your WordPress index.php file resolves properly to display your home page, make sure to move index.php to the top priority as follows:+Use these tools to make sure your handler and multi-processing module are configured to your preference and functional. After that's all workinglet'make sure that your WordPress index.php is set to top priority as follows:
      
   sudo nano /etc/apache2/mods-enabled/dir.conf   sudo nano /etc/apache2/mods-enabled/dir.conf
-  <DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm>+  <DirectoryIndex //index.php// index.html index.cgi index.pl index.xhtml index.htm>
  
-Close and save the file.  Let's set up a database now for the WordPress instance:+Close and save the file. Let'now set up a database now for the WordPress instance as follows:
  
   sudo mysql -u root -p   sudo mysql -u root -p
Line 84: Line 93:
   EXIT;   EXIT;
  
-Next up, it is time to allow overrides in your primary apache configuration:+Next up, it is time to allow overrides in your primary apache configuration. This is optional but/and it allows WordPress extensions to make configuration changes to .htaccess and/or other changes to the web server. It's often helpful, but you can leave it off if you prefer and configure everything manually.
  
   sudo nano /etc/apache2/apache2.conf   sudo nano /etc/apache2/apache2.conf
-  <Directory /var/www/> 
   <AllowOverride All>   <AllowOverride All>
      
-If you have not set the fully qualified domain name, you may get an error - that can safely be ignored unless you desire it.  If you want to get rid of that, navigate to ''/etc/apache2/apache.conf'' and enter a ''ServerName'' Otherwise, time to download Word Press:+Let's now shell into our instance and set up WordPress.
  
-  cd ~/Downloads +  ssh root@site1.com
-  mkdir wpdownload +
-  cd wpdownload+
   curl -O https://wordpress.org/latest.tar.gz   curl -O https://wordpress.org/latest.tar.gz
   tar xzvf latest.tar.gz   tar xzvf latest.tar.gz
-  touch ~/Downloads/wpdownload/wordpress/.htaccess +  mv wordpress /var/www/site1.com/public_html 
-  sudo chmod 640 ~/Downloads/wpdownload/wordpress/.htaccess +  
-  cp ~/Downloads/wpdownload/wordpress/wp-config-sample.php ~/Downloads/wpdownload/wordpress/wp-config.php +
-  mkdir ~/Downloads/wpdownload/wordpress/wp-content/upgrade +
 Okay, we will need the files and directories I created once we get it running.  Now, let's move the wordpress directory to the proper location for self-hosting. Okay, we will need the files and directories I created once we get it running.  Now, let's move the wordpress directory to the proper location for self-hosting.
  
   sudo mv ~/Downloads/wpdownload/wordpress /var/www/site1.com/public_html   sudo mv ~/Downloads/wpdownload/wordpress /var/www/site1.com/public_html
  
-Now, let's set up permissions and ownership:+Now, create proper permissions for your Word Press directories and files:
  
   sudo chown -R www-data:www-data /var/www/site1.com/public_html   sudo chown -R www-data:www-data /var/www/site1.com/public_html
Line 114: Line 117:
   sudo chmod -R 755 /var/www/site1.com/public_html/wp-content/plugins   sudo chmod -R 755 /var/www/site1.com/public_html/wp-content/plugins
  
-Ok, time to grab 'secure values' from WP.com and then set up ''wp-config.php'' for the installationand also enter in the database credentials from above:+It's now time to configure your ''wp-config.php'' file. To do thathowever, we need to replace the example salts in the configuration file with random ones from WordPress. They have an API tool that does that for us automatically:
      
   curl -s https://api.wordpress.org/secret-key/1.1/salt/   curl -s https://api.wordpress.org/secret-key/1.1/salt/
   sudo nano /var/www/site1.com/public_html/wp-config.php   sudo nano /var/www/site1.com/public_html/wp-config.php
 +  <Replace the example salts with those you just downloaded using copy/paste>
      
-Let's also add the following line to the ''wp-config.php'' file for updatesNote: //This only needs to be added if you are not using libapachemod sfaik.//+Sometimes, for reasons I am not sure about, WordPress does not allow users direct uploading. If/when that happens, add the entry to wp-config.php. If anyone knows why this is needed, please let me know!
  
   sudo nano /var/www/site1.com/public_html/wp-config.php   sudo nano /var/www/site1.com/public_html/wp-config.php
   <define('FS_METHOD','direct');>   <define('FS_METHOD','direct');>
  
-Visit wordpress site and configure by opening a web browser of your choice and entering site1.comIf you need more than one site, but do not want to set up a separate virtual hostfor example using ''subdomain.site1.com''then you should read [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]]. Optimizing WP is a different matterfor caching and header security, and other best practices, consider the following.+Let's now visit site1.com in a web browser. Enter the credentials that you created for the database aboveChoose the settings you prefer and set up an admin account and record your credentials securely. You should now have proper WordPress site! Now that you have a WordPresscheck the SiteHealth tab and follow its advice and/or know why you don'tIn my caseI typically adjust cacherewrites, and headers.
  
   apt install memcached   apt install memcached
   nano /etc/default/memcached   nano /etc/default/memcached
 +  <ENABLE_MEMCACHED=yes>
   a2enmod cache   a2enmod cache
-   +  a2enmod expires 
-Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:   +  a2enmod headers 
-   +  a2enmod rewrite
-  sudo systemctl restart proftpd.service+
  
-Optimizing and securing WordPress usually boils down to some cache and header settingsCache and/or page expiry settings: +After isntalling memcached and enabling those modules, navigate to your web root and adjust your .htaccess as follows:
- +
-  apt install memcached +
-  nano /etc/default/memcached +
-  a2enmod cache +
-  a2enmod expires+
  
   <IfModule mod_expires.c>   <IfModule mod_expires.c>
Line 153: Line 152:
   </IfModule>   </IfModule>
  
-Enable re-writes: 
- 
-  a2enmod rewrite 
   <IfModule mod_rewrite.c>   <IfModule mod_rewrite.c>
           RewriteEngine On           RewriteEngine On
Line 169: Line 165:
   </IfModule>   </IfModule>
  
-Enable headers: 
- 
-  a2enmod headers 
   <IfModule mod_headers.c>   <IfModule mod_headers.c>
           Header always set X-Content-Type-Options "nosniff"           Header always set X-Content-Type-Options "nosniff"
Line 199: Line 192:
   </IfModule>   </IfModule>
  
-Personally, I don't think anyone should be using ftp or even sftp right now, but many still doIf so, here'how to make an sftp server for updating WordPress that way: +Personally, I don't think anyone should be using ftp. Sftp is fine, and if someone needs that, here's an example of a simple sftp server using proftp:
- +
-You can optionally require an sftp server instead of using the default installer.  Here's an example using proftp, which is still maintained:+
  
   sudo apt install proftpd ftp ftp-ssl    sudo apt install proftpd ftp ftp-ssl 
 +  sudo a2enmod tls
   cd /etc/proftpd   cd /etc/proftpd
   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem
   sudo nano /etc/proftpd/proftpd.conf   sudo nano /etc/proftpd/proftpd.conf
-  a2enmod tls+  <enter parameters>
      
 +Next, enter the TLS module in tls.conf underneath ''#Include /etc/proftpd/tls.conf'' and then restart the service: 
 +
 +  sudo nano /etc/proftpd/tls.conf
   <IfModule mod_tls.c>   <IfModule mod_tls.c>
      TLSEngine on      TLSEngine on
Line 221: Line 216:
      TLSOptions NoSessionReuseRequired      TLSOptions NoSessionReuseRequired
   </IfModule>   </IfModule>
 +  sudo systemctl restart proftpd.service
 +  
 +Refresh WordPress and it should see the sftp server and allow you to make changes that way. Note: The sftp server is public and anyone can access this with proper credentials even if it not for WordPress so use a proper password and make sure your TLS configuration is working. Your instance should now be pretty solid. The only other thing you might want is more than one WordPress site subdomain, for example, site1.cooldomain.com, site2.cooldomain.com, etc. If that's the case, then hop on over to my [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]] tutorial. 
  
- --- //[[jonathan@haacksnetworking.org|oemb1905]] 2023/06/29 04:29//+ --- //[[jonathan@haacksnetworking.org|oemb1905]] 2023/06/30 03:23//
computing/selfhostedwp.1688014684.txt.gz · Last modified: 2023/06/29 04:58 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki