Wordpress is used for https://openvino.org and other project sites.
| Info |
|---|
This is how wordpress is configured and installed. Much of the contents for this document were copied from the excellent tutorial https://www.linuxcapable.com/how-to-install-wordpress-with-lemp-nginx-mariadb-and-php-on-rocky-linux-8/, though some additions and changes have been made. |
Install unzip
Code Block [mtb@sierra ~]$ sudo dnf install unzip -y
In this setup, nginx is already installed and enabled as a service on boot:
Code Block [mtb@sierra ~]$ nginx -v nginx version: nginx/1.14.1 [mtb@sierra ~]$ systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 15:47:48 UTC; 7h ago Process: 170448 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 170387 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 170385 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 170383 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 170390 (nginx) Tasks: 5 (limit: 49268) Memory: 23.2M CGroup: /system.slice/nginx.service ├─170390 nginx: master process /usr/sbin/nginx ├─170449 nginx: worker process ├─170450 nginx: worker process ├─170451 nginx: worker process └─170452 nginx: worker process May 26 15:47:48 sierra systemd[1]: Starting The nginx HTTP and reverse proxy server... May 26 15:47:48 sierra nginx[170385]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok May 26 15:47:48 sierra nginx[170385]: nginx: configuration file /etc/nginx/nginx.conf test is successful May 26 15:47:48 sierra systemd[1]: Started The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloading The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloaded The nginx HTTP and reverse proxy server.Install MariaDB (LEMP STACK)
Optional. Change to MariaDB 10.5
...
| Code Block |
|---|
[mtb@sierra ~]$ sudo dnf module enable php:remi-8.1 Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC. Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Enabling module streams: php remi-8.1 Transaction Summary ======================================================================================================= Is this ok [y/N]: y Complete! [mtb@sierra ~]$ sudo dnf install php [sudo] password for mtb: DigitalOcean Agent 122 kB/s | 3.3 kB 00:00 DigitalOcean Droplet Agent 67 kB/s | 3.3 kB 00:00 Dependencies resolved. ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Installing: php x86_64 8.1.6-1.el8.remi remi-modular 1.7 M Installing dependencies: apr x86_64 1.6.3-12.el8 appstream 128 k apr-util x86_64 1.6.1-6.el8.1 appstream 104 k httpd x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 1.4 M httpd-filesystem noarch 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 40 k httpd-tools x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 107 k libsodium x86_64 1.0.18-2.el8 epel 162 k mailcap noarch 2.1.48-3.el8 baseos 38 k mod_http2 x86_64 1.15.7-5.module+el8.6.0+823+f143cee1 appstream 153 k oniguruma5php x86_64 6.9.8-1.el8.remi remi-safe 212 k php-common x86_64 8.1.6-1.el8.remi remi-modular 1.2 M rocky-logos-httpd noarch 85.0-4.el8 baseos 22 k Installing weak dependencies: apr-util-bdb x86_64 1.6.1-6.el8.1 appstream 23 k apr-util-openssl x86_64 1.6.1-6.el8.1 appstream 26 k php-cli x86_64 8.1.6-1.el8.remi remi-modular 5.3 M php-fpm x86_64 8.1.6-1.el8.remi remi-modular 1.8 M php-mbstring x86_64 8.1.6-1.el8.remi remi-modular 521 k php-opcache x86_64 8.1.6-1.el8.remi remi-modular 628 k php-pdo x86_64 8.1.6-1.el8.remi remi-modular 161 k php-sodium x86_64 8.1.6-1.el8.remi remi-modular 101 k php-xml x86_64 8.1.6-1.el8.remi remi-modular 251 k Enabling module streams: httpd 2.4 Transaction Summary ======================================================================================================= Install 21 Packages Total download size: 14 M Installed size: 57 M Is this ok [y/N]: y Downloading Packages: (1/21): apr-util-bdb-1.6.1-6.el8.1.x86_64.rpm 121 kB/s | 23 kB 00:00 (2/21): apr-util-openssl-1.6.1-6.el8.1.x86_64.rpm 400 kB/s | 26 kB 00:00 (3/21): apr-util-1.6.1-6.el8.1.x86_64.rpm 327 kB/s | 104 kB 00:00 (4/21): apr-1.6.3-12.el8.x86_64.rpm 399 kB/s | 128 kB 00:00 (5/21): httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarc 616 kB/s | 40 kB 00:00 (6/21): httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 1.6 MB/s | 107 kB 00:00 (7/21): mailcap-2.1.48-3.el8.noarch.rpm 454 kB/s | 38 kB 00:00 (8/21): rocky-logos-httpd-85.0-4.el8.noarch.rpm 1.3 MB/s | 22 kB 00:00 (9/21): mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm 1.2 MB/s | 153 kB 00:00 (10/21): httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 4.3 MB/s | 1.4 MB 00:00 (11/21): libsodium-1.0.18-2.el8.x86_64.rpm 1.5 MB/s | 162 kB 00:00 (12/21): php-8.1.6-1.el8.remi.x86_64.rpm 2.3 MB/s | 1.7 MB 00:00 (13/21): php-common-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 1.2 MB 00:00 (14/21): php-mbstring-8.1.6-1.el8.remi.x86_64.rpm 5.5 MB/s | 521 kB 00:00 (15/21): php-fpm-8.1.6-1.el8.remi.x86_64.rpm 10 MB/s | 1.8 MB 00:00 (16/21): php-cli-8.1.6-1.el8.remi.x86_64.rpm 5.9 MB/s | 5.3 MB 00:00 (17/21): php-opcache-8.1.6-1.el8.remi.x86_64.rpm 5.8 MB/s | 628 kB 00:00 (18/21): php-pdo-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 161 kB 00:00 (19/21): php-sodium-8.1.6-1.el8.remi.x86_64.rpm 1.2 MB/s | 101 kB 00:00 (20/21): php-xml-8.1.6-1.el8.remi.x86_64.rpm 2.8 MB/s | 251 kB 00:00 (21/21): oniguruma5php-6.9.8-1.el8.remi.x86_64.rpm 2.5 MB/s | 212 kB 00:00 ------------------------------------------------------------------------------------------------------- Total 6.4 MB/s | 14 MB 00:02 Remi's Modular repository for Enterprise Linux 8 - x86_64 3.0 MB/s | 3.1 kB 00:00 Importing GPG key 0x5F11735A: Userid : "Remi's RPM repository <remi@remirepo.net>" Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8 Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: php-common-8.1.6-1.el8.remi.x86_64 1/21 Installing : php-common-8.1.6-1.el8.remi.x86_64 1/21 Running scriptlet: httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21 Installing : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21 Installing : apr-1.6.3-12.el8.x86_64 3/21 Running scriptlet: apr-1.6.3-12.el8.x86_64 3/21 Installing : apr-util-bdb-1.6.1-6.el8.1.x86_64 4/21 Installing : apr-util-openssl-1.6.1-6.el8.1.x86_64 5/21 Installing : apr-util-1.6.1-6.el8.1.x86_64 6/21 Running scriptlet: apr-util-1.6.1-6.el8.1.x86_64 6/21 Installing : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21 Installing : php-fpm-8.1.6-1.el8.remi.x86_64 8/21 Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 8/21 Installing : php-cli-8.1.6-1.el8.remi.x86_64 9/21 Installing : php-opcache-8.1.6-1.el8.remi.x86_64 10/21 Installing : php-pdo-8.1.6-1.el8.remi.x86_64 11/21 Installing : php-xml-8.1.6-1.el8.remi.x86_64 12/21 Installing : oniguruma5php-6.9.8-1.el8.remi.x86_64 13/21 Installing : php-mbstring-8.1.6-1.el8.remi.x86_64 14/21 Installing : libsodium-1.0.18-2.el8.x86_64 15/21 Installing : php-sodium-8.1.6-1.el8.remi.x86_64 16/21 Installing : rocky-logos-httpd-85.0-4.el8.noarch 17/21 Installing : mailcap-2.1.48-3.el8.noarch 18/21 Installing : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 19/21 Installing : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21 Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21 Installing : php-8.1.6-1.el8.remi.x86_64 21/21 Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 21/21 Running scriptlet: php-8.1.6-1.el8.remi.x86_64 21/21 Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 21/21 Verifying : apr-1.6.3-12.el8.x86_64 1/21 Verifying : apr-util-1.6.1-6.el8.1.x86_64 2/21 Verifying : apr-util-bdb-1.6.1-6.el8.1.x86_64 3/21 Verifying : apr-util-openssl-1.6.1-6.el8.1.x86_64 4/21 Verifying : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 5/21 Verifying : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 6/21 Verifying : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21 Verifying : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 8/21 Verifying : mailcap-2.1.48-3.el8.noarch 9/21 Verifying : rocky-logos-httpd-85.0-4.el8.noarch 10/21 Verifying : libsodium-1.0.18-2.el8.x86_64 11/21 Verifying : php-8.1.6-1.el8.remi.x86_64 12/21 Verifying : php-cli-8.1.6-1.el8.remi.x86_64 13/21 Verifying : php-common-8.1.6-1.el8.remi.x86_64 14/21 Verifying : php-fpm-8.1.6-1.el8.remi.x86_64 15/21 Verifying : php-mbstring-8.1.6-1.el8.remi.x86_64 16/21 Verifying : php-opcache-8.1.6-1.el8.remi.x86_64 17/21 Verifying : php-pdo-8.1.6-1.el8.remi.x86_64 18/21 Verifying : php-sodium-8.1.6-1.el8.remi.x86_64 19/21 Verifying : php-xml-8.1.6-1.el8.remi.x86_64 20/21 Verifying : oniguruma5php-6.9.8-1.el8.remi.x86_64 21/21 Installed: apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8.1.x86_64 apr-util-bdb-1.6.1-6.el8.1.x86_64 apr-util-openssl-1.6.1-6.el8.1.x86_64 httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 libsodium-1.0.18-2.el8.x86_64 mailcap-2.1.48-3.el8.noarch mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 oniguruma5php-6.9.8-1.el8.remi.x86_64 php-8.1.6-1.el8.remi.x86_64 php-cli-8.1.6-1.el8.remi.x86_64 php-common-8.1.6-1.el8.remi.x86_64 php-fpm-8.1.6-1.el8.remi.x86_64 php-mbstring-8.1.6-1.el8.remi.x86_64 php-opcache-8.1.6-1.el8.remi.x86_64 php-pdo-8.1.6-1.el8.remi.x86_64 php-sodium-8.1.6-1.el8.remi.x86_64 php-xml-8.1.6-1.el8.remi.x86_64 rocky-logos-httpd-85.0-4.el8.noarch Complete! |
17b. Add the PHP MySQL extension!
| Code Block |
|---|
sudo dnf install php-mysqlnd |
18. Verify the installation and check the version and build:
...
| Code Block |
|---|
sudo unzip latest.zip -d /usr/share/nginx/html/ |
Create HTML file permissions
24. You must set the directory owner permissions to WWWsomething consistent, or else you will have trouble with WordPress write permissions. We first need to create a user and group that owns HTML content (web2), and also that is not a user with a shell or sudo permissions.
| Code Block |
|---|
[mtb@sierra ~]$ sudo groupadd -g 2222 webtwo
[mtb@sierra ~]$ sudo useradd -u 2222 -g 2222 -d /usr/share/nginx/html -s /sbin/nologin -c "webtwo files" webtwo
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[mtb@sierra ~]$ sudo usermod -G webtwo nginx |
25. Add nginx user support to the webtwo group created in the previous step:
| Code Block |
|---|
[mtb@sierra ~]$ sudo usermod -G webtwo nginx |
26. Change ownership on the HTML directories:
| Code Block |
|---|
[mtb@sierra html]$ sudo chown -R webtwo:webtwo /usr/share/nginx/html
[sudo] password for mtb:
[mtb@sierra html]$ ls -la
total 8
drwxrwxr-x. 13 webtwo webtwo 236 Jun 13 15:05 .
drwxr-xr-x. 4 root root 33 Mar 31 14:03 ..
drwxr-xr-x 2 webtwo webtwo 6 May 26 16:00 4m3.bio
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 costaflores.com
drwxr-xr-x 4 webtwo webtwo 57 May 26 15:57 martianwinefederation.org
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 moss.law
drwxrwxr-x 4 webtwo webtwo 292 Jun 13 15:03 nft.openvino.org
drwxr-xr-x 3 webtwo webtwo 229 Jun 13 15:04 old
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.exchange
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.org
drwxrwxr-x 16 webtwo webtwo 4096 Jun 10 16:12 postfixadmin
drwxr-xr-x 8 webtwo webtwo 123 May 4 2020 theluckhunters.com
drwxr-xr-x 5 webtwo webtwo 4096 May 29 02:14 wordpress |
27. Allow group write content (for nginx) into wp-content
| Code Block |
|---|
sudo chmod 775 wordpress/wp-content |
Create Database for WordPress
28. Create the Wordpress DB’s and username:
| Code Block |
|---|
[mtb@sierra html]$ sudo mariadb -u root
[sudo] password for mtb:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.5.13-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE WORDPRESSDB;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.004 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> EXIT;
Bye |
Configure WordPress Configuration Files
29. Configure wp-config.php
| Code Block |
|---|
[mtb@sierra wordpress]$ pwd
/usr/share/nginx/html/wordpress
[mtb@sierra wordpress]$ sudo cp wp-config-sample.php wp-config.php
[mtb@sierra wordpress]$ vi wp-config.php
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WORDPRESSDB' );
/** Database username */
define( 'DB_USER', 'WPUSER' );
/** Database password */
define( 'DB_PASSWORD', 'CHANGEONINSTALL' );
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* Save files direct
*/
define( 'FS_METHOD', 'direct' );
/**
* Increase memory limit
*/
define('WP_MEMORY_LIMIT', '256M');
|
File Permissions for WordPress Files/Folders
In general, the correct file permissions for WordPress should be as follows:
Files: 664
Folders: 775
However, there are a few specific exemptions that are important to note:
wp-config.php file
.htaccess file
nginx.conf file
| Note |
|---|
You might have noticed that wp-config.php has the database password in cleartext. |
wp-config.php Permissions
30. Set file permissions.
A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.
| Code Block |
|---|
[mtb@sierra wordpress]$ sudo chown webtwo:webtwo wp-config.php
[mtb@sierra wordpress]$ sudo chmod 640 wp-config.php |
Set WordPress Security Salt Keys
It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at https://api.wordpress.org/secret-key/1.1/salt/. Replace the example lines with the codes from the generator.
| Code Block |
|---|
define('AUTH_KEY', '<3yfS7/>%m.Tl^8Wx-Y8-|T77WRK[p>(PtH6V]Dl69^<8|K86[_Z},+THZ25+nJG');
define('SECURE_AUTH_KEY', 'bN#Qy#ChBX#Y`PE/_0N42zxgLD|5XpU[mu.n&:t4q~hg<UP/b8+xFTly_b}f]M;!');
define('LOGGED_IN_KEY', 'owpvIO-+WLG|,1)CQl*%gP1uDp}s(jUbYQ[Wm){O(x@sJ#T}tOTP&UOfk|wYsj5$');
define('NONCE_KEY', '8=Vh|V{D<>`CLoP0$H!Z3gEqf@])){L+6eGi`GAjV(Mu0YULL@sagx&cgb.QVCbi');
define('AUTH_SALT', '%TX*X$GE-;|?<-^(+K1Un!_Y<hk-Ne2;&{c[-v!{q4&OiJjQon /SHcc/:MB}y#(');
define('SECURE_AUTH_SALT', '=zkDT_%}J4ivjjN+F}:A+s6e64[^uQ<qNO]TfHS>G0elz2B~7Nk.vRcL00cJoo7*');
define('LOGGED_IN_SALT', '{$-o_ull4|qQ?f=8vP>Vvq8~v>g(2w12`h65ztPM(xo!Fr()5xrqy^k[E~TwI!xn');
define('NONCE_SALT', 'a1G(Q|X`eX$p%6>K:Cba!]/5MAqX+L<A4yU_&CI)*w+#ZB+*yK*u-|]X_9V;:++6'); |
Nginx server block configuration
31. Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.
| Info |
|---|
The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress. |
Next, edit a domain specific file in /etc/nginx/conf.d (i.e. moss.law.conf):
| Code Block |
|---|
[mtb@sierra conf.d]$ cat moss.law.conf
server {
listen 80;
listen [::]:80;
server_name www.moss.law moss.law;
root /usr/share/nginx/html/wordpress;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /wp-sitemap.*\.xml {
try_files $uri $uri/ /index.php$is_args$args;
}
client_max_body_size 64M;
# Pass the php scripts to FastCGI server specified in upstream declaration.
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_buffers 4 128k;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 40;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 90d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 90d;
access_log off;
}
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}
}
} |
PHP.ini configuration
To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
Firstly, open the php.ini file:To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
32. Firstly, edit the php.ini file, and make the following changes:
| Code Block |
|---|
max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846) |
By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.
Firstly, open following (www.conf) configuration file:
33. Edit www.conf and replace user apache with nginx
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo vi /etc/php-fpm.d/www.conf
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx |
34. Restart PHP
| Code Block |
|---|
sudo systemctl restart php-fpm |
35. Fix path for fastcgi_pass in /etc/ngninx/default.d/php.conf
| Code Block |
|---|
fastcgi_pass unix:/var/run/php-fpm/www.sock; |
36. Test to see if the configuration files load correctly:
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful |
37. After checking and everything is ok with your Nginx dry run test, restart the Nginx service.
| Code Block |
|---|
sudo systemctl restart nginx |
SElinux configuration
Before proceeding any further, a few adjustments must be made to SELinux.
38. First, allow webserver network connections.
| Code Block |
|---|
sudo setsebool -P httpd_can_network_connect 1 |
39. Next, set the SELinux contexts WordPress directory.
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html(/.*)?"
ValueError: File context for /usr/share/nginx/html(/.*)? already defined
[mtb@sierra conf.d]$ sudo restorecon -Rv /usr/share/nginx/html
[mtb@sierra conf.d]$ sudo systemctl restart php-fpm |
| Note |
|---|
Not sure why the “ValueError: … already defined” message appears. It should exit 0, even if these flags are already set. |
40. Restart PHP-FPM for good practice
| Code Block |
|---|
sudo systemctl restart php-fpm |
Install WordPress frontend
Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.
41. Go to mydomain.com/wp-admin/install.php
If it works, you should see this screen:
...
Once you have created an initial admin user, WordPress is setup. Now we need to enable WordPress to manage multiple domains.
Configure WordPress multi-site feature for multiple domains
In this setup, we are using one WordPress installation to manage different domains:
WordPress multisite functionality comes built-in with WordPress, but it is turned off by default. You’ll need to enable it in order to set up your WordPress multisite.
For that, we need to add multisite support in /usr/share/nginx/html/wordpress/wp-config.php
| Code Block |
|---|
/** Add multi-site support */
define( 'WP_ALLOW_MULTISITE', true ); |
Now we need to switch back to the WordPress admin dashboard and reload the admin dashboard page. After that, visit the Tools » Network Setup page to configure your WordPress multisite network.
...
Choose the Sub-domains option, modify the Network Title as desired, and then click Install.
You will be presented with two blocks of code to be added in the wp-config.php and .htaccess files. Copy the wp-config.php code which looks similar to the following:
| Code Block |
|---|
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'moss.law');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1); |
Edit the wp-config.php file.
| Code Block |
|---|
sudo vi /usr/share/nginx/wordpress/wp-config.php |
Add these lines before the comment /* That's all, stop editing! Happy blogging. */ and save it.
...
Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.
...
Configure SSL certificates with Let’s Encrypt
To configure SSL certificates with Let’s Encrypt, first:
Install the EPEL repository and the mod_ssl package for better-updated packages and security.
| Code Block |
|---|
sudo dnf install epel-release mod_ssl -y
DigitalOcean Agent 128 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 55 kB/s | 3.3 kB 00:00
Package epel-release-8-15.el8.noarch is already installed.
Dependencies resolved.
=======================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 136 k
Transaction Summary
=======================================================================================================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 957 kB/s | 136 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------
Total 706 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Installed:
mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
Complete! |
Next, install the certbot package as follows:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo dnf install python3-certbot-nginx -y
Last metadata expiration check: 0:01:00 ago on Thu 16 Jun 2022 09:48:43 PM UTC.
Package python3-certbot-nginx-1.22.0-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete! |
Once installed, run the following command to start the creation of your certificate:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email mtb@costaflores.com -d moss.law
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for moss.law
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/moss.law/fullchain.pem
Key is saved at: /etc/letsencrypt/live/moss.law/privkey.pem
This certificate expires on 2022-09-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for moss.law to /etc/nginx/conf.d/moss.law.conf
Congratulations! You have successfully enabled HTTPS on https://moss.law
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
Now the site should respond to HTTPS connections with the new certificate!
...
Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.
| Code Block |
|---|
sudo certbot renew --dry-run |
Next install the cronjob (crontab -e):
| Code Block |
|---|
00 00 */1 * * /usr/sbin/certbot-auto renew |