This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computing:selfhostedwp [2023/06/29 05:11] – oemb1905 | computing:selfhostedwp [2023/12/16 20:33] (current) – oemb1905 | ||
---|---|---|---|
Line 13: | Line 13: | ||
This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https:// | This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https:// | ||
- | sudo apt install apache2 mariadb-server php8.x php-common php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-imagick php-xml php-xmlrpc php-soap php-opcache php-apcu php-bcmath memcached wget unzip | + | sudo apt install apache2 mariadb-server php8.2 php-common php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-imagick php-xml php-xmlrpc php-soap php-opcache php-apcu php-bcmath memcached wget unzip |
| | ||
- | Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need as follows: | + | Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need. Some packages are only available |
| | ||
- | sudo apt-get install php8.2-{common, | + | sudo apt-get install php8.2-{common, |
| | ||
Apache2 will set up a 000-default.conf automatically and your host should now resolve. Be sure to set up TLS with certbot. Here's my preferred method: | Apache2 will set up a 000-default.conf automatically and your host should now resolve. Be sure to set up TLS with certbot. Here's my preferred method: | ||
sudo apt install certbot letsencrypt python3-certbot-apache | sudo apt install certbot letsencrypt python3-certbot-apache | ||
- | sudo certbot --authenticator standalone --installer apache -d wordpress.com --pre-hook " | + | sudo certbot --authenticator standalone --installer apache -d site1.com --pre-hook " |
crontab -e | crontab -e | ||
<30 2 * * 1 / | <30 2 * * 1 / | ||
Line 28: | Line 28: | ||
Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler and your apache2 multi-processing module (mpm). There' | Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler and your apache2 multi-processing module (mpm). There' | ||
| | ||
- | sudo apt remove libapache2-mod-php --purge | + | sudo apt remove libapache2-mod-php* --purge |
+ | sudo apt install php8.3-fpm php8.3-cgi | ||
sudo a2enmod ssl | sudo a2enmod ssl | ||
sudo a2enmod headers | sudo a2enmod headers | ||
sudo a2enmod cache | sudo a2enmod cache | ||
sudo a2enmod rewrite | sudo a2enmod rewrite | ||
- | sudo a2enmod setenvif | + | sudo a2enmod setenvif |
+ | sudo a2dismod php8.1 | ||
sudo a2dismod php8.2 | sudo a2dismod php8.2 | ||
+ | sudo a2dismod php8.3 | ||
sudo a2dismod mpm_prefork | sudo a2dismod mpm_prefork | ||
sudo a2enmod mpm_event | sudo a2enmod mpm_event | ||
sudo a2enmod proxy | sudo a2enmod proxy | ||
sudo a2enmod proxy_fcgi | sudo a2enmod proxy_fcgi | ||
- | sudo a2enconf php8.2-fpm | + | sudo a2enconf php8.3-fpm |
- | sudo a2enconf php8.2-cgi | + | sudo a2enconf php8.3-cgi |
sudo apache2ctl configtest | sudo apache2ctl configtest | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
- | sudo systemctl restart php8.2-fpm | + | sudo systemctl restart php8.3-fpm |
There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, | There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, | ||
Line 90: | Line 93: | ||
EXIT; | EXIT; | ||
- | Next up, it is time to allow overrides in your primary apache configuration: | + | Next up, it is time to allow overrides in your primary apache configuration. This is optional but/and it allows WordPress extensions to make configuration changes to .htaccess and/or other changes to the web server. It's often helpful, but you can leave it off if you prefer and configure everything manually. |
sudo nano / | sudo nano / | ||
- | < | ||
< | < | ||
| | ||
- | If you have not set the fully qualified domain name, you may get an error - that can safely be ignored unless you desire it. If you want to get rid of that, navigate to ''/ | + | Let's now shell into our instance |
- | | + | |
- | mkdir wpdownload | + | |
- | cd wpdownload | + | |
curl -O https:// | curl -O https:// | ||
tar xzvf latest.tar.gz | tar xzvf latest.tar.gz | ||
- | | + | |
- | sudo chmod 640 ~/Downloads/ | + | |
- | cp ~/Downloads/ | + | |
- | | + | |
Okay, we will need the files and directories I created once we get it running. | Okay, we will need the files and directories I created once we get it running. | ||
sudo mv ~/ | sudo mv ~/ | ||
- | Now, let's set up permissions and ownership: | + | Now, create proper |
sudo chown -R www-data: | sudo chown -R www-data: | ||
Line 120: | Line 117: | ||
sudo chmod -R 755 / | sudo chmod -R 755 / | ||
- | Ok, time to grab ' | + | It's now time to configure your '' |
| | ||
curl -s https:// | curl -s https:// | ||
sudo nano / | sudo nano / | ||
+ | <Replace the example salts with those you just downloaded using copy/ | ||
| | ||
- | Let's also add the following line to the '' | + | Sometimes, for reasons I am not sure about, WordPress does not allow users direct uploading. If/when that happens, |
sudo nano / | sudo nano / | ||
< | < | ||
- | Visit wordpress site and configure by opening | + | Let's now visit site1.com in a web browser. |
apt install memcached | apt install memcached | ||
nano / | nano / | ||
+ | < | ||
a2enmod cache | a2enmod cache | ||
- | + | | |
- | Put this snippet under ''# | + | |
- | | + | |
- | sudo systemctl restart proftpd.service | + | |
- | Optimizing | + | After isntalling memcached |
- | + | ||
- | apt install memcached | + | |
- | nano / | + | |
- | a2enmod cache | + | |
- | a2enmod expires | + | |
< | < | ||
Line 159: | Line 152: | ||
</ | </ | ||
- | Enable re-writes: | ||
- | |||
- | a2enmod rewrite | ||
< | < | ||
RewriteEngine On | RewriteEngine On | ||
Line 175: | Line 165: | ||
</ | </ | ||
- | Enable headers: | ||
- | |||
- | a2enmod headers | ||
< | < | ||
Header always set X-Content-Type-Options " | Header always set X-Content-Type-Options " | ||
Line 205: | Line 192: | ||
</ | </ | ||
- | Personally, I don't think anyone should be using ftp or even sftp right now, but many still do. If so, here' | + | Personally, I don't think anyone should be using ftp. Sftp is fine, and if someone needs that, here's an example of a simple |
- | + | ||
- | You can optionally require an sftp server instead of using the default installer. | + | |
sudo apt install proftpd ftp ftp-ssl | sudo apt install proftpd ftp ftp-ssl | ||
+ | sudo a2enmod tls | ||
cd / | cd / | ||
sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | ||
sudo nano / | sudo nano / | ||
- | | + | |
| | ||
+ | Next, enter the TLS module in tls.conf underneath ''# | ||
+ | |||
+ | sudo nano / | ||
< | < | ||
| | ||
Line 227: | Line 216: | ||
| | ||
</ | </ | ||
+ | sudo systemctl restart proftpd.service | ||
+ | | ||
+ | Refresh WordPress and it should see the sftp server and allow you to make changes that way. Note: The sftp server is public and anyone can access this with proper credentials even if it not for WordPress so use a proper password and make sure your TLS configuration is working. Your instance should now be pretty solid. The only other thing you might want is more than one WordPress site subdomain, for example, site1.cooldomain.com, | ||
- | --- // | + | --- // |