This is a compact installation guide of WordPress on a Linux Server. It covers full server configuration and the installation of WordPress.
Requrements:
- Ubuntu Server 20.04 installed.
- Static external IP
- Manageable Gateway/Router. (You should be able to forward/open ports)
What will we be installing?
- Apache
- PHP
- Mysql
- MariaDB Database
- Word Press (Stable Release)
Installation of Apache, PHP, and MySQL
Before we proceed lets update the repositories to the newest version
$ sudo apt update
Install apache, Mysql (DBMaria variant) and Php
$ sudo apt install apache2 php libapache2-mod-php mariadb-server mariadb-client php-mysql
Configure MySQL
Install Mysql
$ sudo mysql_secure_installation
Start mysql
$ sudo mysql
Create a new database for WordPress:
MariaDB [(none)]> CREATE DATABASE wordpress_db;
Create a user for the data base and set a password.
MariaDB [(none)]> CREATE USER ‘wordpress_user’@’localhost’ IDENTIFIED BY ‘my_password’;
Grant the newly created user all permissions for the database.
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress_db.* to wordpress_user@'localhost';
Reload the permissions so that they can take effect.
MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit
Apache Configuration
Firstly, copy the default config file and rename it.
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/wordpress.conf
Now open the file for editing
$ sudo nano /etc/apache2/sites-available/wordpress.conf
Update these lines within the document. Enter the adequate information.
DocumentRoot /var/www/wordpress ServerName your-site.com ServerAlias www.your-site.com
Save changes by pressing CTRL+X
Enable the new site in Apache and disable the default site.
$ sudo a2ensite wordpress.conf $ sudo a2dissite 000-default.conf
Restart the apache server
$ sudo systemctl reload apache2
WordPress Installation
Download WordPress to temp folder and excract it
$ cd /tmp $ curl -O https://wordpress.org/latest.tar.gz $ tar xzvf latest.tar.gz
Create .htaccess file
$ touch /tmp/wordpress/.htaccess
Create a WP configuration file from a sample file
$ cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
Create an upgrade folder for future WP upgrades
$ mkdir /tmp/wordpress/wp-content/upgrade
Move the installation to destination folder
$ sudo cp -a /tmp/wordpress/. /var/www/your_domain_name
WordPress Directory Configuration
Lets assinng the appropriate folder permissions
$ sudo chown -R www-data:www-data /var/www/your_domain $ sudo find /var/www/your_domain/ -type d -exec chmod 750 {} \; $ sudo find /var/www/your_domain/ -type f -exec chmod 640 {} \;
Les us generate the secret keys for wp-config.php file
$ curl -s https://api.wordpress.org/secret-key/1.1/salt/
Generated key need to pasted into the wp-config.php file. Also specify all the neccesssary infos for Database name, Hostname, Database Username and Passwords
$ sudo nano /var/www/your_domain/wp-config.php
SLS Configuration
There are two possibilities for your new site to be able to redirect its traffic to https protocol.
1. Via self signed Certificate
2. Via open source Certbot
I will describe both ways but strongly recommend using Certbot because its certificate will be trusted by most browsers. Check this link to find out more.
SLS Certificate via Certbot
First, make sure that any previously installed version of Certbot is removed. It probably is not installed, but just double check
$ sudo apt-get remove certbot
Install cerbot
$ sudo snap install --classic certbot
Run the cerbot configuration wizzard.
$ sudo certbot --apache
The created certificate is valid for 3 months. It will automatically be prolonged via certbot service running on the server. In order to prove the validation status run the command.
$ sudo certbot renew --dry-run
SLS Certificate with Self-Signature
As mentioned above I recommend using a self-signed certificate only for local websites e.g. intranet or testing purposes.
Let us create a certificate and a certificate key
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Now let’s edit the sls-configuration file in order to tell apache where the 2 created files (certificate and the key) are found.
DocumentRoot /var/www/wordpress SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
Enable SLS mod and restart Apache
$ sudo a2enmod ssl $ sudo systemctl restart apache2
Enable the default SLS-config (the one you have just edited above) and tell apache to reload it
$ sudo a2ensite default-ssl $ sudo systemctl reload apache
SLS Redirect
Now that we have our SLS Certificate up and running we must tell any traffic to be actually redirected over the HTTPS Protocol. If you type for example www.your-site.com it will open as http per default. When it does so, the browser will tell that the site is in an unsecure mode. This might, in many cases cause people to leave the website before even entering it. In order to avoid this we must tell apache to redirect all the traffic to https protocol using your newly created SLS certificate and key.
Here comes the .htaccess file in play. It is found inside the wordpress folder and is invisable by default
/var/www/wordpress/.htaccess
This file has got to be modified with the right entry.
There are two ways of achieving this:
- Manually editing the .htaccess file
- Using a plugin
Using method 1:
$ sudo nano /var/www/wordpress/.htaccess
Add this entry before the “# BEGIN WordPress” line.. It’s importan to add it before!
# BEGIN HTTPS Redirection Plugin
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END HTTPS Redirection
Save the file with Ctrl+x
You don’t need to restart apache here. “.htaccess” file is being read upon each time of refreshing a webpage.
Using Method 2:
Go into the plugin menu and search for Easy HTTP SLS Redirect. This plugin does the same without u needing to modify the .htaccess file manually.
Website Health Status
At this stage we are almost done. There are still a few small steps to undertake in order to have WordPress be able to use all of its features.
For this go into the Site Health Status page and check which modules still need to be installed onto the PHP server. You will most likely see this:
Please run the following commands in order to install the missing modules:
$ sudo apt-get install php7.4-curl $ sudo apt-get install -y php-dom $ sudo apt-get install -y php-mbstring $ sudo apt install imagemagick $ sudo apt install php-imagick $ sudo apt-get install php7.4-zip Restart Apache $ sudo /etc/init.d/apache2 restart
Conclusion
This concludes the tutorial. Now you have installed and fully configured linux server to be able to host a wordpress website. Should you have questions or suggestion don’t hesitate to contact me via email, or post a comment in the comments section.
Update: phpmyadmin installation & Firwall rules
Previously I have not mantioned how to install PHP MyAdmin for graphical database management. Additinally we are going to enable ufw Firewall and set the right rules.
Let’s look into this:
Let us install PHP Tools
$ sudo apt install php php-zip php-json php-mbstring php-mysql
Restart Apache Server
$ sudo systemctl enable apache2 && sudo systemctl start apache2
Download and install the phpmyadmin package
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.0.3/phpMyAdmin-5.0.3-all-languages.zip $ unzip phpMyAdmin-5.0.3-all-languages.zip $ mv phpMyAdmin-5.0.3-all-languages /usr/share/phpmyadmin
Create a temp directory with the following permissions.
$ sudo mkdir /usr/share/phpmyadmin/tmp $ sudo chown -R www-data:www-data /usr/share/phpmyadmin $ sudo chmod 777 /usr/share/phpmyadmin/tmp
Let us now configure PhpMyAdmin. For this we are going to have to create a new file inside ” /etc/apache2/conf-available/ ” folder and call it phpmyadmin.conf
$ cd /etc/apache2/conf-available/ $ sudo touch phpmyadmin.conf $ sudo nano phpmyadmin.conf
now add this configuration code to the file and save the file.
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
</Directory>
<Directory /usr/share/phpmyadmin/setup/>
<IfModule mod_authz_core.c>
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
</Directory>
Firewall Configuration
If your firewall ist not enabled yet we should do this now.
$ sudo ufw enable
Let us add rules for the following protocols: http, https which obviously correspond to port 80 and 443. Both are needed to access the website and and http to access phpmyadmin
$ sudo ufw allow http $ sudo ufw allow https
If you wish to create more sofisticated rules with ufw you can follow this post
You may now access your PhpMyAdmin portal by simply typing:
http://Your-Internal-Server-IP/phpmyadmin