Versions Compared

Old Version 3

changes.mady.by.user Mike Tango Bravo

Saved on

compared with

New Version 4

changes.mady.by.user Mike Tango Bravo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
sudo unzip latest.zip -d /usr/share/nginx/html/

Create HTML file permissions

24. You must set the directory owner permissions to WWWsomething consistent, or else you will have trouble with WordPress write permissions. We first need to create a user and group that owns HTML content (web2), and also that is not a user with a shell or sudo permissions.

Code Block
[mtb@sierra ~]$ sudo groupadd -g 2222 webtwo
[mtb@sierra ~]$ sudo useradd -u 2222 -g 2222 -d /usr/share/nginx/html -s /sbin/nologin -c "webtwo files" webtwo
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[mtb@sierra ~]$ sudo usermod -G webtwo nginx

25. Add nginx user support to the webtwo group created in the previous step:

Code Block
[mtb@sierra ~]$ sudo usermod -G webtwo nginx

26. Change ownership on the HTML directories:

Code Block
[mtb@sierra html]$ sudo chown -R webtwo:webtwo /usr/share/nginx/html
[sudo] password for mtb: 
[mtb@sierra html]$ ls -la
total 8
drwxrwxr-x. 13 webtwo webtwo  236 Jun 13 15:05 .
drwxr-xr-x.  4 root   root     33 Mar 31 14:03 ..
drwxr-xr-x   2 webtwo webtwo    6 May 26 16:00 4m3.bio
drwxr-xr-x   2 webtwo webtwo    6 Jun 13 15:05 costaflores.com
drwxr-xr-x   4 webtwo webtwo   57 May 26 15:57 martianwinefederation.org
drwxr-xr-x   2 webtwo webtwo    6 Jun 13 15:05 moss.law
drwxrwxr-x   4 webtwo webtwo  292 Jun 13 15:03 nft.openvino.org
drwxr-xr-x   3 webtwo webtwo  229 Jun 13 15:04 old
drwxr-xr-x   2 webtwo webtwo    6 Jun 13 15:05 openvino.exchange
drwxr-xr-x   2 webtwo webtwo    6 Jun 13 15:05 openvino.org
drwxrwxr-x  16 webtwo webtwo 4096 Jun 10 16:12 postfixadmin
drwxr-xr-x   8 webtwo webtwo  123 May  4  2020 theluckhunters.com
drwxr-xr-x   5 webtwo webtwo 4096 May 29 02:14 wordpress

27. Allow group write content (for nginx) into wp-content

Code Block
sudo chmod 775 wordpress/wp-content

Create Database for WordPress

Code Block
[mtb@sierra html]$ sudo mariadb -u root
[sudo] password for mtb: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.5.13-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE WORDPRESSDB;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.004 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> EXIT;
Bye

Configure WordPress Configuration Files

Code Block
[mtb@sierra wordpress]$ pwd
/usr/share/nginx/html/wordpress

[mtb@sierra wordpress]$ sudo cp wp-config-sample.php wp-config.php
[mtb@sierra wordpress]$ vi wp-config.php

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WORDPRESSDB' );

/** Database username */
define( 'DB_USER', 'WPUSER' );

/** Database password */
define( 'DB_PASSWORD', 'CHANGEONINSTALL' );

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

/**
 * Save files direct 
 */
define( 'FS_METHOD', 'direct' );

/**
 * Increase memory limit
 */
define('WP_MEMORY_LIMIT', '256M');

File Permissions for WordPress Files/Folders

In general, the correct file permissions for WordPress should be as follows:

  • Files: 644

  • Folders: 755

However, there are a few specific exemptions that are important to note:

  • wp-config.php file

  • .htaccess file

  • nginx.conf file

Note

You might have noticed that wp-config.php has the database password in cleartext.

wp-config.php Permissions

A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.

Code Block
[mtb@sierra wordpress]$ sudo chown webtwo:webtwo wp-config.php
[mtb@sierra wordpress]$ sudo chmod 640 wp-config.php

Set WordPress Security Salt Keys

It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at https://api.wordpress.org/secret-key/1.1/salt/. Replace the example lines with the codes from the generator.

Code Block
define('AUTH_KEY',         '<3yfS7/>%m.Tl^8Wx-Y8-|T77WRK[p>(PtH6V]Dl69^<8|K86[_Z},+THZ25+nJG');
define('SECURE_AUTH_KEY',  'bN#Qy#ChBX#Y`PE/_0N42zxgLD|5XpU[mu.n&:t4q~hg<UP/b8+xFTly_b}f]M;!');
define('LOGGED_IN_KEY',    'owpvIO-+WLG|,1)CQl*%gP1uDp}s(jUbYQ[Wm){O(x@sJ#T}tOTP&UOfk|wYsj5$');
define('NONCE_KEY',        '8=Vh|V{D<>`CLoP0$H!Z3gEqf@])){L+6eGi`GAjV(Mu0YULL@sagx&cgb.QVCbi');
define('AUTH_SALT',        '%TX*X$GE-;|?<-^(+K1Un!_Y<hk-Ne2;&{c[-v!{q4&OiJjQon /SHcc/:MB}y#(');
define('SECURE_AUTH_SALT', '=zkDT_%}J4ivjjN+F}:A+s6e64[^uQ<qNO]TfHS>G0elz2B~7Nk.vRcL00cJoo7*');
define('LOGGED_IN_SALT',   '{$-o_ull4|qQ?f=8vP>Vvq8~v>g(2w12`h65ztPM(xo!Fr()5xrqy^k[E~TwI!xn');
define('NONCE_SALT',       'a1G(Q|X`eX$p%6>K:Cba!]/5MAqX+L<A4yU_&CI)*w+#ZB+*yK*u-|]X_9V;:++6');

Nginx server block configuration

Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.

Info

The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress.

First, edit the http block in /etc/nginx/nginix.conf file to include domain specific files in /etc/ngingx/conf.d:

Code Block
http {
    include /etc/nginx/conf.d/*.conf;

Next, edit a domain specific file (i.e. moss.law.conf):

Code Block
[mtb@sierra conf.d]$ cat moss.law.conf 
server {

  listen 80;
  listen [::]:80;
  server_name www.moss.law moss.law;

  root /usr/share/nginx/html/wordpress;
  index index.php index.html index.htm;

  location / {
  try_files $uri $uri/ /index.php?$args;
 }

  location ~* /wp-sitemap.*\.xml {
  try_files $uri $uri/ /index.php$is_args$args;
  }

  client_max_body_size 100M;

# Pass the php scripts to FastCGI server specified in upstream declaration.

 location ~ \.php$ {
  try_files $uri =404;
  fastcgi_pass unix:/run/php-fpm/www.sock;
  fastcgi_index   index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include fastcgi_params;

  fastcgi_buffer_size 128k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_buffers 4 128k;

  fastcgi_intercept_errors on;
  fastcgi_connect_timeout 40;
  fastcgi_send_timeout 60;
  fastcgi_read_timeout 60;

 gzip on;
 gzip_comp_level 6;
 gzip_min_length 1000;
 gzip_proxied any;
 gzip_disable "msie6";
 gzip_types
    application/atom+xml
    application/geo+json
    application/javascript
    application/x-javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rdf+xml
    application/rss+xml
    application/xhtml+xml
    application/xml
    font/eot
    font/otf
    font/ttf
    image/svg+xml
    text/css
    text/javascript
    text/plain
    text/xml;

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
     expires    90d;
     access_log off;
  }

  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
     add_header Access-Control-Allow-Origin "*";
     expires    90d;
     access_log off;
  }

  location ~ /\.ht {
     access_log off;
     log_not_found off;
     deny all;
  }
 } 
}