Fj Graf

Debian + Apache + mariadb + letsencrypt + wordpress

Written by

fjgraf

in

, ,

Step 1: Update Your System

First, make sure your system is up-to-date.

sudo apt update
sudo apt upgrade -y

Step 2: Install Apache

Install Apache web server.

sudo apt install apache2 -y

Enable and start the Apache service.

sudo systemctl enable apache2
sudo systemctl start apache2

Step 3: Install MariaDB

Install MariaDB server.

sudo apt install mariadb-server mariadb-client -y

Secure the MariaDB installation.

sudo mysql_secure_installation

Follow the prompts to:

  • Set a root password
  • Remove anonymous users
  • Disallow root login remotely
  • Remove test databases
  • Reload privilege tables

Step 4: Create a Database for WordPress

Log into MariaDB.

sudo mysql -u root -p

Run the following SQL commands to create a database and a user for WordPress.

CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 5: Install PHP

Install PHP and necessary extensions.

sudo apt install php libapache2-mod-php php-mysql php-mbstring php-xml php-zip php-gd php-curl -y

Step 6: Configure PHP for Large File Uploads

Edit the PHP configuration file.

sudo nano /etc/php/*/apache2/php.ini

Change the following settings:

upload_max_filesize = 128M
post_max_size = 128M
max_execution_time = 300
max_input_time = 300

Step 7: Restart Apache

After making changes to the PHP configuration, restart Apache.

sudo systemctl restart apache2

Step 8: Download and Install WordPress

Navigate to the web directory /var/www/

Download the latest version of WordPress.

wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
Or if it's a zip file
unzip latest.zip
rename the wordpress site with the domain of your wabsite
mv wordpress mysite.com

You might want to keep the wordpress compressed file untill next version comes up.

From here you should be ready to go to the local ip address in your browser and finish the installation process of wordpress. If the wordpress installation opens and after putting the information to access to the database you just created for wordpress it does not connect, you will have to enter that information manually like is shown in the next step.

Step 9: Configure WordPress

Navigate to folder /var/www/mysite.com and create a WordPress configuration file from the sample file. Make a copy of the sample file and edit the new copy as shown below:

cp wp-config-sample.php wp-config.php

Edit the wp-config.php file.

sudo nano wp-config.php

Add your database details with the details you chose when you created the database in step 4:

define('DB_NAME', 'wordpress_db');
define('DB_USER', 'wordpress_user');
define('DB_PASSWORD', 'strong_password');
define('DB_HOST', 'localhost');

Step 10: Set Permissions

Set proper permissions for the WordPress files or better yet for this purpose to the www directory.

sudo chown -R www-data:www-data /var/www/
sudo find /var/www/ -type d -exec chmod 750 {} \;
sudo find /var/www/ -type f -exec chmod 644 {} \;

Step 11: Enable Apache Rewrite Module

Enable the rewrite module.

sudo a2enmod rewrite

Step 11: Disable the default apache website

sudo a2dissite 000-default.conf

Step 12: Restart Apache Again

Restart Apache to apply all changes.

sudo systemctl restart apache2

Step 13: Complete WordPress Installation

Open a web browser and navigate to your server’s IP address. Follow the on-screen instructions to complete the WordPress installation.

Step 14: Secure Your Server

  1. Install UFW (Uncomplicated Firewall)
sudo apt install ufw -y
sudo ufw allow 22
sudo ufw allow 80sudo ufw allow 443sudo ufw enable
  1. Configure SSL with Let’s Encrypt

If you have a domain name purchased or one for free, here is how to get the certificates from letsencrypt but first make sure to map your public ip address to the server running apache. Also you need to create at least a basic configuration file for mysite.com.

Navigate to /etc/apache2/sites-available. Create and edit the configuration for mysite.com file by copying the following lines:

nano mysite.com.conf

<VirtualHost *:80>
       ServerName mysite.com
       Redirect permanent / https://mysite.com/
       RewriteEngine on
       RewriteCond %{SERVER_NAME} =mysite.com
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
       ServerName mysite.com

       DocumentRoot /var/www/mysite.com

       <Directory /var/www/mysite.com>
           Options Indexes FollowSymLinks
           AllowOverride All
           Require all granted
       </Directory>

 #      SSLEngine on
 #          SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
 #          SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
 #          Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

NOTE: I’ve left commented the lines corresponding to SSL because when you reload the apache service in the next step it will fail because the certificates are not yet present. Using the command certbot –apache will automatically add the necessary lines in the configuration file.

Enable the site:

sudo a2ensite mysite.com.conf

Reload apache

sudo systemctl reload apache2.service

Install Certbot.

sudo apt install certbot python3-certbot-apache -y

Obtain an SSL certificate.

sudo certbot --apache
Or

sudo certbot certonly --apache -d mywebsite.com

Follow the prompts to set up HTTPS.

  1. Regular Updates and Backups

Set up a cron job for automatic updates.

sudo crontab -e

Add the following line for daily updates:

@daily apt update && apt upgrade -y

Happy Blogging!

More posts