Category: Debian

Setup apache – wordpress (CLI only) for LAN
sudo apt install apache2 mariadb-server php libapache2-mod-php php-mysql

sudo apt-get install php php-mysql php-gd php-curl php-mbstring php-xml

After installation, Apache should start automatically. To verify its status, use:

sudo systemctl status apache2

Secure MySQL/MariaDB: Run the security script to harden the database setup:

sudo mysql_secure_installation

And do not forget to save the root password for mariadb in a secure place!

Create WordPress Database and User:

Log in to the MySQL/MariaDB shell:

sudo mysql -u root -p

Create a new database, user, and grant privileges (replace placeholders with your preferred values):

CREATE DATABASE wp_database; CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON wp_database.* TO 'wp_user'@'localhost'; FLUSH PRIVILEGES; EXIT;

Download and Extract WordPress: Navigate to Apache’s web root directory: cd /var/www/html and extract the “wordpress” folder.

sudo wget https://wordpress.org/latest.tar.gz sudo tar -xzvf latest.tar.gz sudo mv wordpress/* . sudo rm -rf wordpress latest.tar.gz

Configure WordPress:
Make a copy of the sample config file in the root directory of wordpress and set it up by typing the details of wordPress database you previously configured.

sudo cp wp-config-sample.php wp-config.php

sudo nano wp-config.php

Fill in the database details (DB_NAME, DB_USER, DB_PASSWORD), and save the file.

Ensure proper file permissions for WordPress:

sudo chown -R www-data:www-data /var/www/wordpress sudo chmod -R 755 /var/www/wordpress

We can use the default apache file to manage incoming connections to port 80. Lets edit the contents to fit our purpose. You can create a new file if you wish to do so.

sudo nano /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80> ServerName LAN-WP ServerAdmin webmaster@localhost DocumentRoot /var/www/wordpress ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

Ensure that the DocumentRoot directive points to the WordPress directory.

Lets enable the site by typing:

sudo a2ensite 000-default.conf

Restart the apache server

sudo systemctl reload apache2

Open a web browser and navigate to your server’s IP address or domain.
Follow the WordPress installation prompts to complete the setup (e.g., select language, set up admin user, etc.).

Complete Installation:

Log in to the WordPress admin dashboard and start configuring your site. That should get WordPress up and running on your Debian server with Apache and MariaDB. Adjust configurations as needed and follow WordPress best practices for security and optimization.
December 12, 2023
Send your public IP to your email – MSTP-MTA
For those of us having a server at home with a basic home internet connection, the issue is how to easily bypass the problem of having port 25 blocked by our ISP. To quickly go around it you can setup an msmtp client to login to your personal email to send useful information from your running server. In this case is sending the public IP address just in case the IP address gets renewed so you can promptly update your DNS records for example if no automatic alternative is present. As far as I know wordpress DNS configuration does not have a way to be updated by an API so there you go…

Manual Configuration

For manual ip/dns public ip configuration and update, set up a msmtp client in your server and configure it using your external email provider credentials. This is in the scenario where you are unable to auto update your ip in your dns records. We’ll use msmtp-mta to setup an email event reminder so you can always be aware of any changes to act accordingly.

sudo apt-get install msmtp-mta

Create or edit the config file for msmtp. msmtp will look for a file named .msmtprc in your home folder by default (.file means it is an occult file and wont be displayed with ls unless specified). This file must contain the instructions and your personal credentials so that msmtp can use them to send your ip address to your own email securely with tls. This file creates an “account” readable by msmtp to be used to send email. In thiis example we will be storing the password in plain text inside the configuration file so it must be in a secure account only accessible to the owner of the external email service used to send emails. TLS will be enabled.

nano /home/user/.msmtprc

Edit with the following template:

account admin host #EMAIL_DOMAIN E.g. google.com port 587 # verify port functionality. Port 25 is usually blocked by your ISP. auth on user admin@google.com #Try with username@yourmailserver.com first password TYPE_YOUR_EMAIL_PASSWORD_FOR_USER_ADMIN from admin@google.com tls on tls_starttls on tls_fingerprint #Get the SHA256 fingerprint from your email provider tls_trust_file /etc/ssl/certs/ca-certificates.crt #verify this location on your system.

Be aware that if the information is not correctly typed, msmtp might give you misleading error codes which will make troubleshooting very hard. Check the correct details of our email provider before. An example of this is the real root server of your email provider might not be the .net or .com domain extension but rather a .us or pl or any other extemsion if they have the root email services in a foreign country. Next, create and configure a script to be used by msmtp in your home folder. Install curl if is not installed already.

If problems arise with permissions, make sure to set permissions 600 for your user to the .msmtp file.

sudo apt-get install curl

sudo nano /home/user/.msmtprc_email_new_pub_ip.sh

The following script will ask your public ip to ifconfig.me using the curl command and be stored in the variable IP_ADDRESS. This value will be in the subject of your email and passed to msmtp. msmtp will load the account details and send the email wherever you want to receive it. To make further comparisons the old ip address will be saved to a file to be compared the next time this script is executed.

#!/bin/bash # Get current IP address IP_ADDRESS=$(curl -s ifconfig.me) # Define variables MSMTP_ACCOUNT=john RECIPIENT_EMAIL=john@gmail.com MSMTP_CONFIG_FILE=/home/john/.msmtprc IP_HISTORY_FILE=/home/john/.msmtprc_ip # Check if the IP history file exists; if not, create it if [[ ! -f $IP_HISTORY_FILE ]]; then echo "$IP_ADDRESS" > "$IP_HISTORY_FILE" exit 0 # Exit since there's no previous IP to compare fi # Read the historic IP address IP_HISTORIC=$(cat "$IP_HISTORY_FILE") # Compare the current IP address with the historic one if [[ "$IP_HISTORIC" != "$IP_ADDRESS" ]]; then # Send the email echo "Subject: UPDATE $IP_ADDRESS" | msmtp -a "$MSMTP_ACCOUNT" "$RECIPIENT_EMAIL" # Update the historic IP address echo "$IP_ADDRESS" > "$IP_HISTORY_FILE" else echo "IP address has not changed. No email sent." fi

Save the file, make it executable and test if is working correctly.

sudo chmod +x .msmtprc_email_new_pub_ip.sh

sudo ./home/user/.msmtprc_email_new_pub_ip_update.sh

Automate the task to send your public ip by email every 12 hours

If all went well, continue creating a msmtprc_email_new_pub_ip.service and a msmtprc_email_new_pub_ip.timer files to run them as systemd services to automate sending emails right after system boot and every 12 hours.

sudo nano /etc/systemd/system/msmtprc_email_new_pub_ip.service

[Unit] Description=Runs a script to send public ip address via email. [Service] Type=simple User=admin WorkingDirectory=/home/admin/ ExecStart=/home/user/.msmtprc_email_new_pub_ip.sh [Install] WantedBy=multi-user.target

Save and exit.

sudo nano /etc/systemd/system/msmtprc_email_new_pub_ip.timer

[Unit] Description=Timer for msmtprc_email_new_pub.service file [Timer] OnCalendar=--* 5,18:00 RandomizedDelaySec=12h Persistent=true [Install] WantedBy=timers.target

Save file and exit.

Reload the daemon

sudo systemctl daemon-reload

Enable both services

sudo systemctl enable msmtprc_email_new_pub_ip.service msmtprc_email_new_pub_ip.timer

Verify both services are running correctly with “sudo status name_of_service”

Reboot your system and verify again.

Check your email. If it’s successful, wait 12 hours for the next email.

Another better option is using only one service file to manage the execution of the script and the timer. The timer here is going to trigger the execution of the script every hour and right after boot. I’m doing this now just because I can 🙂

[Unit] Description=Sends public ip address to specified email address using msmtp. After=network-online.target [Service] Type=simple User=user WorkingDirectory=/home/user ExecStart=/home/user/.msmtprc_email_new_pub_ip.sh Restart=always RestartSec=3600 StartLimitInterval=0 [Install] WantedBy=multi-user.target
December 12, 2023
IP address autoupdate – Cloudflare
Create an API token in Cloudflare

Log in to your cloudflare’s dashboard and enter the domain you want to manage.

Copy your “Zone ID”

Click to “Get your API token”

Create two permissions:

Zone | DNS | Read

Zone | DNS | Edit

Edit Zone resources

Include | Specific zone | YOUR_DOMAIN

Save your API key token and save the number generated. Once you exit the page you won’t be able to get it again.

apt install git

Choose a good location to save the following git folder. It contains the script to update your ip.

git clone https://github.com/K0p1-Git/cloudflare-ddns-updater.git

Cd into folder, copy the template file, rename it and make a copy. Edit your new copy with your own details like so (I’m not using the global API):

auth_email="YOUR_EMAIL" # The email used to login 'https://dash.cloudflare.com' auth_method="token" # Set to "global" for Global API Key or "token" for Scoped API Token auth_key="YOUR_API_TOKEN" # Your API Token or Global API Key zone_identifier="YOUR_ZONE_ID" # Can be found in the "Overview" tab of your domain record_name="YOUR_ROOT_DOMAIN" # Which record you want to be synced ttl="3600" # Set the DNS TTL (seconds) proxy="false" # Set the proxy to true or false sitename="SITE_TITLE" # Title of site "Example Site" slackchannel="" # Slack Channel #example slackuri="" # URI for Slack WebHook "https://hooks.slack.com/services/xxxxx" discorduri="" # URI for Discord WebHook "https://discordapp.com/api/webhooks/xxxxx"

Give executable permission to the script file

sudo chmod +x [path_to_your_script]

Schedule automatic verification and update of your public IP

After that a cron job can be created to run the script periodically. Create it with sudo so it is run by root and not by your admin user. Reason if that if the system restarts and you are not around to log in, the cron job for your user won’t start until you log in. This is undesirable if your server is meant o run partially supervised.

sudo crontab -e

Example of adding a cron job to be executed every 15 mins everyday.

*/15 * * * * /home/user/cloudflare-ddns-updater/cloudflare-template.sh

Save and exit.

Update cron service.

systemctl restart cron.service

Using a systemd service file

Instead of a cron job you can create a service file in /etc/systemd/system and save it with the following directives. This might be more advantageous because if the service stops for whatever reason you can be easily be notified to solve the problem. Here is an example of a service file where is defined the path to the script and the time interval (every 12 hours):

[Unit] Description=Public IP address verification and update for cloudflare dns records. After=network-online.target [Service] Type=simple ExecStart=/home/user/cloudflare-ddns-updater/cloudflare-template.sh Restart=always RestartSec=43200 StartLimitInterval=0 [Install] WantedBy=multi-user.target

sudo systemctl daemon-reload

sudo systemctl restart [name_of_your_service_file]

Credits to Jason K. and collaborators
https://github.com/K0p1-Git/cloudflare-ddns-updater/tree/main
December 12, 2023