Word Press Installation on Ubuntu Server 20.04 with MariaDB

0 Comments

This is a compact installation guide of WordPress on a Linux Server. It covers full server configuration and the installation of WordPress.

Requrements:

  1. Ubuntu Server 20.04 installed.
  2. Static external IP
  3. Manageable Gateway/Router. (You should be able to forward/open ports)

What will we be installing?

  • Apache
  • PHP
  • Mysql
  • MariaDB Database
  • Word Press (Stable Release)

Installation of Apache, PHP, and MySQL

Before we proceed lets update the repositories to the newest version

$ sudo apt update

Install apache, Mysql (DBMaria variant) and Php

$ sudo apt install apache2 php libapache2-mod-php mariadb-server mariadb-client php-mysql

Configure MySQL

Install Mysql

$ sudo mysql_secure_installation

Start mysql

$ sudo mysql

Create a new database for WordPress:

MariaDB [(none)]> CREATE DATABASE wordpress_db;

Create a user for the data base and set a password.

MariaDB [(none)]> CREATE USER ‘wordpress_user’@’localhost’ IDENTIFIED BY ‘my_password’;

Grant the newly created user all permissions for the database.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress_db.* to wordpress_user@'localhost';

Reload the permissions so that they can take effect.

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

Apache Configuration

Firstly, copy the default config file and rename it.

$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/wordpress.conf

Now open the file for editing

$ sudo nano /etc/apache2/sites-available/wordpress.conf

Update these lines within the document. Enter the adequate information.

DocumentRoot /var/www/wordpress
ServerName your-site.com
ServerAlias www.your-site.com

Save changes by pressing CTRL+X

Enable the new site in Apache and disable the default site.

$ sudo a2ensite wordpress.conf
$ sudo a2dissite 000-default.conf

Restart the apache server

$ sudo systemctl reload apache2

WordPress Installation

Download WordPress to temp folder and excract it

$ cd /tmp
$ curl -O https://wordpress.org/latest.tar.gz
$ tar xzvf latest.tar.gz

Create .htaccess file

$ touch /tmp/wordpress/.htaccess

Create a WP configuration file from a sample file

$ cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

Create an upgrade folder for future WP upgrades

$ mkdir /tmp/wordpress/wp-content/upgrade

Move the installation to destination folder

$ sudo cp -a /tmp/wordpress/. /var/www/your_domain_name

WordPress Directory Configuration

Lets assinng the appropriate folder permissions

$ sudo chown -R www-data:www-data /var/www/your_domain
$ sudo find /var/www/your_domain/ -type d -exec chmod 750 {} \;
$ sudo find /var/www/your_domain/ -type f -exec chmod 640 {} \;

Les us generate the secret keys for wp-config.php file

$ curl -s https://api.wordpress.org/secret-key/1.1/salt/

Generated key need to pasted into the wp-config.php file. Also specify all the neccesssary infos for Database name, Hostname, Database Username and Passwords

$ sudo nano /var/www/your_domain/wp-config.php

SLS Configuration

There are two possibilities for your new site to be able to redirect its traffic to https protocol.

1. Via self signed Certificate

2. Via open source Certbot

I will describe both ways but strongly recommend using Certbot because its certificate will be trusted by most browsers. Check this link to find out more.

SLS Certificate via Certbot

First, make sure that any previously installed version of Certbot is removed. It probably is not installed, but just double check

$ sudo apt-get remove certbot

Install cerbot

$ sudo snap install --classic certbot

Run the cerbot configuration wizzard.

$ sudo certbot --apache

The created certificate is valid for 3 months. It will automatically be prolonged via certbot service running on the server. In order to prove the validation status run the command.

$ sudo certbot renew --dry-run

SLS Certificate with Self-Signature

As mentioned above I recommend using a self-signed certificate only for local websites e.g. intranet or testing purposes.

Let us create a certificate and a certificate key

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Now let’s edit the sls-configuration file in order to tell apache where the 2 created files (certificate and the key) are found.

DocumentRoot /var/www/wordpress
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

Enable SLS mod and restart Apache

$ sudo a2enmod ssl
$ sudo systemctl restart apache2

Enable the default SLS-config (the one you have just edited above) and tell apache to reload it

$ sudo a2ensite default-ssl
$ sudo systemctl reload apache

SLS Redirect

Now that we have our SLS Certificate up and running we must tell any traffic to be actually redirected over the HTTPS Protocol. If you type for example www.your-site.com it will open as http per default. When it does so, the browser will tell that the site is in an unsecure mode. This might, in many cases cause people to leave the website before even entering it. In order to avoid this we must tell apache to redirect all the traffic to https protocol using your newly created SLS certificate and key.

Here comes the .htaccess file in play. It is found inside the wordpress folder and is invisable by default

/var/www/wordpress/.htaccess

This file has got to be modified with the right entry.

There are two ways of achieving this:

  1. Manually editing the .htaccess file
  2. Using a plugin

Using method 1: 

$ sudo nano /var/www/wordpress/.htaccess

Add this entry before the “# BEGIN WordPress” line.. It’s importan to add it before!

# BEGIN HTTPS Redirection Plugin
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END HTTPS Redirection

Save the file with Ctrl+x

You don’t need to restart apache here. “.htaccess” file is being read upon each time of refreshing a webpage.

Using Method 2:

Go into the plugin menu and search for Easy HTTP SLS Redirect. This plugin does the same without u needing to modify the .htaccess file manually. 

Website Health Status

At this stage we are almost done. There are still a few small steps to undertake in order to have WordPress be able to use all of its features.

For this go into the Site Health Status page and check which modules still need to be installed onto the PHP server. You will most likely see this:

Website Health status

Please run the following commands in order to install the missing modules:

$ sudo apt-get install php7.4-curl
$ sudo apt-get install -y php-dom
$ sudo apt-get install -y php-mbstring
$ sudo apt install imagemagick
$ sudo apt install php-imagick
$ sudo apt-get install php7.4-zip
Restart Apache 
$ sudo /etc/init.d/apache2 restart

Conclusion

This concludes the tutorial. Now you have installed and fully configured linux server to be able to host a wordpress website. Should you have questions or suggestion don’t hesitate to contact me via email, or post a comment in the comments section.

Update: phpmyadmin installation & Firwall rules

Previously I have not mantioned how to install PHP MyAdmin for graphical database management. Additinally we are going to enable ufw Firewall and set the right rules.

Let’s look into this:

Let us install PHP Tools

$ sudo apt install php php-zip php-json php-mbstring php-mysql

Restart Apache Server

$ sudo systemctl enable apache2 && sudo systemctl start apache2

Download and install the phpmyadmin package

$ wget https://files.phpmyadmin.net/phpMyAdmin/5.0.3/phpMyAdmin-5.0.3-all-languages.zip

$ unzip phpMyAdmin-5.0.3-all-languages.zip
$ mv phpMyAdmin-5.0.3-all-languages /usr/share/phpmyadmin

Create a temp directory with the following permissions.

$ sudo mkdir /usr/share/phpmyadmin/tmp 
$ sudo chown -R www-data:www-data /usr/share/phpmyadmin 
$ sudo chmod 777 /usr/share/phpmyadmin/tmp

Let us now configure PhpMyAdmin. For this we are going to have to create a new file inside ” /etc/apache2/conf-available/ ” folder and call it phpmyadmin.conf

$ cd /etc/apache2/conf-available/
$ sudo touch phpmyadmin.conf
$ sudo nano phpmyadmin.conf

now add this configuration code to the file and save the file.

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
 
<Directory /usr/share/phpmyadmin/>
   AddDefaultCharset UTF-8
   <IfModule mod_authz_core.c>
      <RequireAny>
      Require all granted
     </RequireAny>
   </IfModule>
</Directory>
 
<Directory /usr/share/phpmyadmin/setup/>
   <IfModule mod_authz_core.c>
     <RequireAny>
       Require all granted
     </RequireAny>
   </IfModule>
</Directory>

Firewall Configuration

If your firewall ist not enabled yet we should do this now.

$ sudo ufw enable

Let us add rules for the following protocols: http, https which obviously correspond to port 80 and 443. Both are needed to access the website and and http to access phpmyadmin

$ sudo ufw allow http
$ sudo ufw allow https

If you wish to create more sofisticated rules with ufw you can follow this post

You may now access your PhpMyAdmin portal by simply typing:

http://Your-Internal-Server-IP/phpmyadmin

Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *