Wordpress is used for https://openvino.org and other project sites.
| Info |
|---|
This is how wordpress is configured and installed. Much of the contents for this document were copied from the excellent tutorial https://www.linuxcapable.com/how-to-install-wordpress-with-lemp-nginx-mariadb-and-php-on-rocky-linux-8/, though some additions and changes have been made. |
Install unzip
Code Block [mtb@sierra ~]$ sudo dnf install unzip -y
In this setup, nginx is already installed and enabled as a service on boot:
Code Block [mtb@sierra ~]$ nginx -v nginx version: nginx/1.14.1 [mtb@sierra ~]$ systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 15:47:48 UTC; 7h ago Process: 170448 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 170387 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 170385 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 170383 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 170390 (nginx) Tasks: 5 (limit: 49268) Memory: 23.2M CGroup: /system.slice/nginx.service ├─170390 nginx: master process /usr/sbin/nginx ├─170449 nginx: worker process ├─170450 nginx: worker process ├─170451 nginx: worker process └─170452 nginx: worker process May 26 15:47:48 sierra systemd[1]: Starting The nginx HTTP and reverse proxy server... May 26 15:47:48 sierra nginx[170385]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok May 26 15:47:48 sierra nginx[170385]: nginx: configuration file /etc/nginx/nginx.conf test is successful May 26 15:47:48 sierra systemd[1]: Started The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloading The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloaded The nginx HTTP and reverse proxy server.Install MariaDB (LEMP STACK)
Optional. Change to MariaDB 10.5
...
| Code Block |
|---|
[mtb@sierra ~]$ sudo dnf module enable php:remi-8.1
Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC.
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Enabling module streams:
php remi-8.1
Transaction Summary
=======================================================================================================
Is this ok [y/N]: y
Complete!
[mtb@sierra ~]$ sudo dnf install php
[sudo] password for mtb:
DigitalOcean Agent 122 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 67 kB/s | 3.3 kB 00:00
Dependencies resolved.
=======================================================================================================
Package Arch Version Repository Size
=======================================================================================================
Installing:
php x86_64 8.1.6-1.el8.remi remi-modular 1.7 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 appstream 128 k
apr-util x86_64 1.6.1-6.el8.1 appstream 104 k
httpd x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 1.4 M
httpd-filesystem noarch 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 40 k
httpd-tools x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 107 k
libsodium x86_64 1.0.18-2.el8 epel 162 k
mailcap noarch 2.1.48-3.el8 baseos 38 k
mod_http2 x86_64 1.15.7-5.module+el8.6.0+823+f143cee1 appstream 153 k
oniguruma5php x86_64 6.9.8-1.el8.remi remi-safe 212 k
php-common x86_64 8.1.6-1.el8.remi remi-modular 1.2 M
rocky-logos-httpd noarch 85.0-4.el8 baseos 22 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8.1 appstream 23 k
apr-util-openssl x86_64 1.6.1-6.el8.1 appstream 26 k
php-cli x86_64 8.1.6-1.el8.remi remi-modular 5.3 M
php-fpm x86_64 8.1.6-1.el8.remi remi-modular 1.8 M
php-mbstring x86_64 8.1.6-1.el8.remi remi-modular 521 k
php-opcache x86_64 8.1.6-1.el8.remi remi-modular 628 k
php-pdo x86_64 8.1.6-1.el8.remi remi-modular 161 k
php-sodium x86_64 8.1.6-1.el8.remi remi-modular 101 k
php-xml x86_64 8.1.6-1.el8.remi remi-modular 251 k
Enabling module streams:
httpd 2.4
Transaction Summary
=======================================================================================================
Install 21 Packages
Total download size: 14 M
Installed size: 57 M
Is this ok [y/N]: y
Downloading Packages:
(1/21): apr-util-bdb-1.6.1-6.el8.1.x86_64.rpm 121 kB/s | 23 kB 00:00
(2/21): apr-util-openssl-1.6.1-6.el8.1.x86_64.rpm 400 kB/s | 26 kB 00:00
(3/21): apr-util-1.6.1-6.el8.1.x86_64.rpm 327 kB/s | 104 kB 00:00
(4/21): apr-1.6.3-12.el8.x86_64.rpm 399 kB/s | 128 kB 00:00
(5/21): httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarc 616 kB/s | 40 kB 00:00
(6/21): httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 1.6 MB/s | 107 kB 00:00
(7/21): mailcap-2.1.48-3.el8.noarch.rpm 454 kB/s | 38 kB 00:00
(8/21): rocky-logos-httpd-85.0-4.el8.noarch.rpm 1.3 MB/s | 22 kB 00:00
(9/21): mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm 1.2 MB/s | 153 kB 00:00
(10/21): httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 4.3 MB/s | 1.4 MB 00:00
(11/21): libsodium-1.0.18-2.el8.x86_64.rpm 1.5 MB/s | 162 kB 00:00
(12/21): php-8.1.6-1.el8.remi.x86_64.rpm 2.3 MB/s | 1.7 MB 00:00
(13/21): php-common-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 1.2 MB 00:00
(14/21): php-mbstring-8.1.6-1.el8.remi.x86_64.rpm 5.5 MB/s | 521 kB 00:00
(15/21): php-fpm-8.1.6-1.el8.remi.x86_64.rpm 10 MB/s | 1.8 MB 00:00
(16/21): php-cli-8.1.6-1.el8.remi.x86_64.rpm 5.9 MB/s | 5.3 MB 00:00
(17/21): php-opcache-8.1.6-1.el8.remi.x86_64.rpm 5.8 MB/s | 628 kB 00:00
(18/21): php-pdo-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 161 kB 00:00
(19/21): php-sodium-8.1.6-1.el8.remi.x86_64.rpm 1.2 MB/s | 101 kB 00:00
(20/21): php-xml-8.1.6-1.el8.remi.x86_64.rpm 2.8 MB/s | 251 kB 00:00
(21/21): oniguruma5php-6.9.8-1.el8.remi.x86_64.rpm 2.5 MB/s | 212 kB 00:00
-------------------------------------------------------------------------------------------------------
Total 6.4 MB/s | 14 MB 00:02
Remi's Modular repository for Enterprise Linux 8 - x86_64 3.0 MB/s | 3.1 kB 00:00
Importing GPG key 0x5F11735A:
Userid : "Remi's RPM repository <remi@remirepo.net>"
Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: php-common-8.1.6-1.el8.remi.x86_64 1/21
Installing : php-common-8.1.6-1.el8.remi.x86_64 1/21
Running scriptlet: httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21
Installing : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21
Installing : apr-1.6.3-12.el8.x86_64 3/21
Running scriptlet: apr-1.6.3-12.el8.x86_64 3/21
Installing : apr-util-bdb-1.6.1-6.el8.1.x86_64 4/21
Installing : apr-util-openssl-1.6.1-6.el8.1.x86_64 5/21
Installing : apr-util-1.6.1-6.el8.1.x86_64 6/21
Running scriptlet: apr-util-1.6.1-6.el8.1.x86_64 6/21
Installing : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21
Installing : php-fpm-8.1.6-1.el8.remi.x86_64 8/21
Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 8/21
Installing : php-cli-8.1.6-1.el8.remi.x86_64 9/21
Installing : php-opcache-8.1.6-1.el8.remi.x86_64 10/21
Installing : php-pdo-8.1.6-1.el8.remi.x86_64 11/21
Installing : php-xml-8.1.6-1.el8.remi.x86_64 12/21
Installing : oniguruma5php-6.9.8-1.el8.remi.x86_64 13/21
Installing : php-mbstring-8.1.6-1.el8.remi.x86_64 14/21
Installing : libsodium-1.0.18-2.el8.x86_64 15/21
Installing : php-sodium-8.1.6-1.el8.remi.x86_64 16/21
Installing : rocky-logos-httpd-85.0-4.el8.noarch 17/21
Installing : mailcap-2.1.48-3.el8.noarch 18/21
Installing : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 19/21
Installing : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21
Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21
Installing : php-8.1.6-1.el8.remi.x86_64 21/21
Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 21/21
Running scriptlet: php-8.1.6-1.el8.remi.x86_64 21/21
Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 21/21
Verifying : apr-1.6.3-12.el8.x86_64 1/21
Verifying : apr-util-1.6.1-6.el8.1.x86_64 2/21
Verifying : apr-util-bdb-1.6.1-6.el8.1.x86_64 3/21
Verifying : apr-util-openssl-1.6.1-6.el8.1.x86_64 4/21
Verifying : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 5/21
Verifying : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 6/21
Verifying : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21
Verifying : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 8/21
Verifying : mailcap-2.1.48-3.el8.noarch 9/21
Verifying : rocky-logos-httpd-85.0-4.el8.noarch 10/21
Verifying : libsodium-1.0.18-2.el8.x86_64 11/21
Verifying : php-8.1.6-1.el8.remi.x86_64 12/21
Verifying : php-cli-8.1.6-1.el8.remi.x86_64 13/21
Verifying : php-common-8.1.6-1.el8.remi.x86_64 14/21
Verifying : php-fpm-8.1.6-1.el8.remi.x86_64 15/21
Verifying : php-mbstring-8.1.6-1.el8.remi.x86_64 16/21
Verifying : php-opcache-8.1.6-1.el8.remi.x86_64 17/21
Verifying : php-pdo-8.1.6-1.el8.remi.x86_64 18/21
Verifying : php-sodium-8.1.6-1.el8.remi.x86_64 19/21
Verifying : php-xml-8.1.6-1.el8.remi.x86_64 20/21
Verifying : oniguruma5php-6.9.8-1.el8.remi.x86_64 21/21
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8.1.x86_64
apr-util-bdb-1.6.1-6.el8.1.x86_64
apr-util-openssl-1.6.1-6.el8.1.x86_64
httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch
httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
libsodium-1.0.18-2.el8.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64
oniguruma5php-6.9.8-1.el8.remi.x86_64
php-8.1.6-1.el8.remi.x86_64
php-cli-8.1.6-1.el8.remi.x86_64
php-common-8.1.6-1.el8.remi.x86_64
php-fpm-8.1.6-1.el8.remi.x86_64
php-mbstring-8.1.6-1.el8.remi.x86_64
php-opcache-8.1.6-1.el8.remi.x86_64
php-pdo-8.1.6-1.el8.remi.x86_64
php-sodium-8.1.6-1.el8.remi.x86_64
php-xml-8.1.6-1.el8.remi.x86_64
rocky-logos-httpd-85.0-4.el8.noarch
Complete! |
17b. Add the PHP MySQL extension!
| Code Block |
|---|
sudo dnf install php-mysqlnd |
18. Verify the installation and check the version and build:
...
Create Database for WordPress
28. Create the Wordpress DB’s and username:
| Code Block |
|---|
[mtb@sierra html]$ sudo mariadb -u root [sudo] password for mtb: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.5.13-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE WORDPRESSDB; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'CHANGEONINSTALL'; Query OK, 0 rows affected (0.004 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'CHANGEONINSTALL'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> EXIT; Bye |
Configure WordPress Configuration Files
29. Configure wp-config.php
| Code Block |
|---|
[mtb@sierra wordpress]$ pwd
/usr/share/nginx/html/wordpress
[mtb@sierra wordpress]$ sudo cp wp-config-sample.php wp-config.php
[mtb@sierra wordpress]$ vi wp-config.php
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WORDPRESSDB' );
/** Database username */
define( 'DB_USER', 'WPUSER' );
/** Database password */
define( 'DB_PASSWORD', 'CHANGEONINSTALL' );
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* Save files direct
*/
define( 'FS_METHOD', 'direct' );
/**
* Increase memory limit
*/
define('WP_MEMORY_LIMIT', '256M');
|
...
In general, the correct file permissions for WordPress should be as follows:
Files: 644 664
Folders: 755 775
However, there are a few specific exemptions that are important to note:
...
wp-config.php Permissions
30. Set file permissions.
A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.
...
Nginx server block configuration
31. Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.
| Info |
|---|
The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress. |
FirstNext, edit the http block in /etc/nginx/nginix.conf file to include a domain specific files file in /etc/ngingx/conf.d:
...
nginx/conf.d
...
Next, edit a domain specific file (i.e. moss.law.conf):
| Code Block |
|---|
[mtb@sierra conf.d]$ cat moss.law.conf
server {
listen 80;
listen [::]:80;
server_name www.moss.law moss.law;
root /usr/share/nginx/html/wordpress;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /wp-sitemap.*\.xml {
try_files $uri $uri/ /index.php$is_args$args;
}
client_max_body_size 100M64M;
# Pass the php scripts to FastCGI server specified in upstream declaration.
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_buffers 4 128k;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 40;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 90d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 90d;
access_log off;
}
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}
}
} |
PHP.ini configuration
To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
Firstly, open the php.ini file:To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
32. Firstly, edit the php.ini file, and make the following changes:
| Code Block |
|---|
max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846) |
By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.
Firstly, open following (www.conf) configuration file:
33. Edit www.conf and replace user apache with nginx
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo vi /etc/php-fpm.d/www.conf
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx |
34. Restart PHP
| Code Block |
|---|
sudo systemctl restart php-fpm |
35. Fix path for fastcgi_pass in /etc/ngninx/default.d/php.conf
| Code Block |
|---|
fastcgi_pass unix:/var/run/php-fpm/www.sock; |
36. Test to see if the configuration files load correctly:
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful |
37. After checking and everything is ok with your Nginx dry run test, restart the Nginx service.
| Code Block |
|---|
sudo systemctl restart nginx |
SElinux configuration
Before proceeding any further, a few adjustments must be made to SELinux.
38. First, allow webserver network connections.
| Code Block |
|---|
sudo setsebool -P httpd_can_network_connect 1 |
39. Next, set the SELinux contexts WordPress directory.
| Code Block |
|---|
[mtb@sierra conf.d]$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html(/.*)?"
ValueError: File context for /usr/share/nginx/html(/.*)? already defined
[mtb@sierra conf.d]$ sudo restorecon -Rv /usr/share/nginx/html
[mtb@sierra conf.d]$ sudo systemctl restart php-fpm |
| Note |
|---|
Not sure why the “ValueError: … already defined” message appears. It should exit 0, even if these flags are already set. |
40. Restart PHP-FPM for good practice
| Code Block |
|---|
sudo systemctl restart php-fpm |
Install WordPress frontend
Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.
41. Go to mydomain.com/wp-admin/install.php
If it works, you should see this screen:
...
Once you have created an initial admin user, WordPress is setup. Now we need to enable WordPress to manage multiple domains.
Configure WordPress multi-site feature for multiple domains
In this setup, we are using one WordPress installation to manage different domains:
WordPress multisite functionality comes built-in with WordPress, but it is turned off by default. You’ll need to enable it in order to set up your WordPress multisite.
For that, we need to add multisite support in /usr/share/nginx/html/wordpress/wp-config.php
| Code Block |
|---|
/** Add multi-site support */
define( 'WP_ALLOW_MULTISITE', true ); |
Now we need to switch back to the WordPress admin dashboard and reload the admin dashboard page. After that, visit the Tools » Network Setup page to configure your WordPress multisite network.
...
Choose the Sub-domains option, modify the Network Title as desired, and then click Install.
You will be presented with two blocks of code to be added in the wp-config.php and .htaccess files. Copy the wp-config.php code which looks similar to the following:
| Code Block |
|---|
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'moss.law');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1); |
Edit the wp-config.php file.
| Code Block |
|---|
sudo vi /usr/share/nginx/wordpress/wp-config.php |
Add these lines before the comment /* That's all, stop editing! Happy blogging. */ and save it.
...
Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.
...
Configure SSL certificates with Let’s Encrypt
To configure SSL certificates with Let’s Encrypt, first:
Install the EPEL repository and the mod_ssl package for better-updated packages and security.
| Code Block |
|---|
sudo dnf install epel-release mod_ssl -y
DigitalOcean Agent 128 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 55 kB/s | 3.3 kB 00:00
Package epel-release-8-15.el8.noarch is already installed.
Dependencies resolved.
=======================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 136 k
Transaction Summary
=======================================================================================================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 957 kB/s | 136 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------
Total 706 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Installed:
mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
Complete! |
Next, install the certbot package as follows:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo dnf install python3-certbot-nginx -y
Last metadata expiration check: 0:01:00 ago on Thu 16 Jun 2022 09:48:43 PM UTC.
Package python3-certbot-nginx-1.22.0-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete! |
Once installed, run the following command to start the creation of your certificate:
| Code Block |
|---|
[mtb@sierra updraft]$ sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email mtb@costaflores.com -d moss.law
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for moss.law
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/moss.law/fullchain.pem
Key is saved at: /etc/letsencrypt/live/moss.law/privkey.pem
This certificate expires on 2022-09-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for moss.law to /etc/nginx/conf.d/moss.law.conf
Congratulations! You have successfully enabled HTTPS on https://moss.law
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
Now the site should respond to HTTPS connections with the new certificate!
...
Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.
| Code Block |
|---|
sudo certbot renew --dry-run |
Next install the cronjob (crontab -e):
| Code Block |
|---|
00 00 */1 * * /usr/sbin/certbot-auto renew |