Fj Graf

Category: Wordpress

  • Debian + Apache + mariadb + letsencrypt + wordpress

    Step 1: Update Your System

    First, make sure your system is up-to-date.

    sudo apt update
sudo apt upgrade -y

    Step 2: Install Apache

    Install Apache web server.

    sudo apt install apache2 -y

    Enable and start the Apache service.

    sudo systemctl enable apache2
sudo systemctl start apache2

    Step 3: Install MariaDB

    Install MariaDB server.

    sudo apt install mariadb-server mariadb-client -y

    Secure the MariaDB installation.

    sudo mysql_secure_installation

    Follow the prompts to:

    • Set a root password
    • Remove anonymous users
    • Disallow root login remotely
    • Remove test databases
    • Reload privilege tables

    Step 4: Create a Database for WordPress

    Log into MariaDB.

    sudo mysql -u root -p

    Run the following SQL commands to create a database and a user for WordPress.

    CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

    Step 5: Install PHP

    Install PHP and necessary extensions.

    sudo apt install php libapache2-mod-php php-mysql php-mbstring php-xml php-zip php-gd php-curl -y

    Step 6: Configure PHP for Large File Uploads

    Edit the PHP configuration file.

    sudo nano /etc/php/*/apache2/php.ini

    Change the following settings:

    upload_max_filesize = 128M
post_max_size = 128M
max_execution_time = 300
max_input_time = 300

    Step 7: Restart Apache

    After making changes to the PHP configuration, restart Apache.

    sudo systemctl restart apache2

    Step 8: Download and Install WordPress

    Navigate to the web directory /var/www/

    Download the latest version of WordPress.

    wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
Or if it's a zip file
unzip latest.zip
rename the wordpress site with the domain of your wabsite
mv wordpress mysite.com

    You might want to keep the wordpress compressed file untill next version comes up.

    From here you should be ready to go to the local ip address in your browser and finish the installation process of wordpress. If the wordpress installation opens and after putting the information to access to the database you just created for wordpress it does not connect, you will have to enter that information manually like is shown in the next step.

    Step 9: Configure WordPress

    Navigate to folder /var/www/mysite.com and create a WordPress configuration file from the sample file. Make a copy of the sample file and edit the new copy as shown below:

    cp wp-config-sample.php wp-config.php

    Edit the wp-config.php file.

    sudo nano wp-config.php

    Add your database details with the details you chose when you created the database in step 4:

    define('DB_NAME', 'wordpress_db');
define('DB_USER', 'wordpress_user');
define('DB_PASSWORD', 'strong_password');
define('DB_HOST', 'localhost');

    Step 10: Set Permissions

    Set proper permissions for the WordPress files or better yet for this purpose to the www directory.

    sudo chown -R www-data:www-data /var/www/
sudo find /var/www/ -type d -exec chmod 750 {} \;
sudo find /var/www/ -type f -exec chmod 644 {} \;

    Step 11: Enable Apache Rewrite Module

    Enable the rewrite module.

    sudo a2enmod rewrite

    Step 11: Disable the default apache website

    sudo a2dissite 000-default.conf

    Step 12: Restart Apache Again

    Restart Apache to apply all changes.

    sudo systemctl restart apache2

    Step 13: Complete WordPress Installation

    Open a web browser and navigate to your server’s IP address. Follow the on-screen instructions to complete the WordPress installation.

    Step 14: Secure Your Server

    1. Install UFW (Uncomplicated Firewall)
    sudo apt install ufw -y
sudo ufw allow 22
sudo ufw allow 80sudo ufw allow 443sudo ufw enable
    1. Configure SSL with Let’s Encrypt

    If you have a domain name purchased or one for free, here is how to get the certificates from letsencrypt but first make sure to map your public ip address to the server running apache. Also you need to create at least a basic configuration file for mysite.com.

    Navigate to /etc/apache2/sites-available. Create and edit the configuration for mysite.com file by copying the following lines:

    nano mysite.com.conf

    <VirtualHost *:80>
       ServerName mysite.com
       Redirect permanent / https://mysite.com/
       RewriteEngine on
       RewriteCond %{SERVER_NAME} =mysite.com
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
       ServerName mysite.com

       DocumentRoot /var/www/mysite.com

       <Directory /var/www/mysite.com>
           Options Indexes FollowSymLinks
           AllowOverride All
           Require all granted
       </Directory>

 #      SSLEngine on
 #          SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
 #          SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
 #          Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

    NOTE: I’ve left commented the lines corresponding to SSL because when you reload the apache service in the next step it will fail because the certificates are not yet present. Using the command certbot –apache will automatically add the necessary lines in the configuration file.

    Enable the site:

    sudo a2ensite mysite.com.conf

    Reload apache

    sudo systemctl reload apache2.service

    Install Certbot.

    sudo apt install certbot python3-certbot-apache -y

    Obtain an SSL certificate.

    sudo certbot --apache
Or

sudo certbot certonly --apache -d mywebsite.com

    Follow the prompts to set up HTTPS.

    1. Regular Updates and Backups

    Set up a cron job for automatic updates.

    sudo crontab -e

    Add the following line for daily updates:

    @daily apt update && apt upgrade -y

    Happy Blogging!

  • Setup apache – wordpress (CLI only) for LAN

    Setup apache – wordpress (CLI only) for LAN

    sudo apt install apache2 mariadb-server php libapache2-mod-php php-mysql
    sudo apt-get install php php-mysql php-gd php-curl php-mbstring php-xml

    After installation, Apache should start automatically. To verify its status, use:

    sudo systemctl status apache2

    Secure MySQL/MariaDB: Run the security script to harden the database setup:

    sudo mysql_secure_installation

    And do not forget to save the root password for mariadb in a secure place!

    Create WordPress Database and User:

    Log in to the MySQL/MariaDB shell:

    sudo mysql -u root -p

    Create a new database, user, and grant privileges (replace placeholders with your preferred values):

    CREATE DATABASE wp_database;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wp_database.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

    Download and Extract WordPress: Navigate to Apache’s web root directory: cd /var/www/html and extract the “wordpress” folder.

    sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz
sudo mv wordpress/* .
sudo rm -rf wordpress latest.tar.gz

    Configure WordPress:
    Make a copy of the sample config file in the root directory of wordpress and set it up by typing the details of wordPress database you previously configured. 

    sudo cp wp-config-sample.php wp-config.php
    sudo nano wp-config.php

    Fill in the database details (DB_NAME, DB_USER, DB_PASSWORD), and save the file.

    Ensure proper file permissions for WordPress:

    sudo chown -R www-data:www-data /var/www/wordpress
sudo chmod -R 755 /var/www/wordpress

    We can use the default apache file to manage incoming connections to port 80. Lets edit the contents to fit our purpose. You can create a new file if you wish to do so.

    sudo nano /etc/apache2/sites-available/000-default.conf
    <VirtualHost *:80>
	ServerName LAN-WP

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/wordpress

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

    Ensure that the DocumentRoot directive points to the WordPress directory.

    Lets enable the site by typing:

    sudo a2ensite 000-default.conf

    Restart the apache server

    sudo systemctl reload apache2

    Open a web browser and navigate to your server’s IP address or domain.
    Follow the WordPress installation prompts to complete the setup (e.g., select language, set up admin user, etc.).

    Complete Installation:

    Log in to the WordPress admin dashboard and start configuring your site. That should get WordPress up and running on your Debian server with Apache and MariaDB. Adjust configurations as needed and follow WordPress best practices for security and optimization.