Configuring wordpress
Wordpress is used for https://openvino.org and other project sites.
This is how wordpress is configured and installed. Much of the contents for this document were copied from the excellent tutorial https://www.linuxcapable.com/how-to-install-wordpress-with-lemp-nginx-mariadb-and-php-on-rocky-linux-8/, though some additions and changes have been made.
Install unzip
[mtb@sierra ~]$ sudo dnf install unzip -y
In this setup, nginx is already installed and enabled as a service on boot:
[mtb@sierra ~]$ nginx -v nginx version: nginx/1.14.1 [mtb@sierra ~]$ systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 15:47:48 UTC; 7h ago Process: 170448 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 170387 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 170385 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 170383 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 170390 (nginx) Tasks: 5 (limit: 49268) Memory: 23.2M CGroup: /system.slice/nginx.service ├─170390 nginx: master process /usr/sbin/nginx ├─170449 nginx: worker process ├─170450 nginx: worker process ├─170451 nginx: worker process └─170452 nginx: worker process May 26 15:47:48 sierra systemd[1]: Starting The nginx HTTP and reverse proxy server... May 26 15:47:48 sierra nginx[170385]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok May 26 15:47:48 sierra nginx[170385]: nginx: configuration file /etc/nginx/nginx.conf test is successful May 26 15:47:48 sierra systemd[1]: Started The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloading The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloaded The nginx HTTP and reverse proxy server.
Install MariaDB (LEMP STACK)
Optional. Change to MariaDB 10.5
Rocky Linux App stream by default installs MariaDB 10.3, an older but incredibly stable version. However, the latest build of MariaDB at the time of this tutorial that is classed as a stable release is MariaDB 10.7, with MariaDB 10.8 being the RC candidate.
As you can imagine, the difference is pretty significant; however, as most users of Rocky Linux prefer using stability over cutting edge, a solution will be to use MariaDB 10.5 that is newer while at the same time being incredibly stable and still receiving bug fixes and security updates.
First, reset the MariaDB module list:
sudo dnf module reset mariadb
[mtb@sierra ~]$ sudo dnf module enable mariadb:10.5
Last metadata expiration check: 0:01:11 ago on Thu 26 May 2022 11:05:48 PM UTC.
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Enabling module streams:
mariadb 10.5
Transaction Summary
=======================================================================================================
Is this ok [y/N]: y
Complete!
4. Install MariaDB
[mtb@sierra ~]$ sudo dnf install mariadb-server mariadb
Last metadata expiration check: 0:03:01 ago on Thu 26 May 2022 11:05:48 PM UTC.
Dependencies resolved.
=======================================================================================================
Package Arch Version Repository Size
=======================================================================================================
Installing:
mariadb x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 6.2 M
mariadb-server x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 18 M
Upgrading:
libsemanage x86_64 2.9-8.el8 baseos 167 k
policycoreutils x86_64 2.9-19.el8 baseos 373 k
policycoreutils-python-utils noarch 2.9-19.el8 baseos 252 k
python3-libsemanage x86_64 2.9-8.el8 baseos 127 k
python3-policycoreutils noarch 2.9-19.el8 baseos 2.2 M
selinux-policy noarch 3.14.3-95.el8 baseos 644 k
selinux-policy-targeted noarch 3.14.3-95.el8 baseos 15 M
Installing dependencies:
libaio x86_64 0.3.112-1.el8 baseos 31 k
mariadb-common x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 67 k
mariadb-connector-c x86_64 3.1.11-2.el8_3 appstream 199 k
mariadb-connector-c-config noarch 3.1.11-2.el8_3 appstream 14 k
mariadb-errmsg x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 239 k
mysql-selinux noarch 1.0.2-6.el8 appstream 36 k
perl-DBD-MySQL x86_64 4.046-3.module+el8.6.0+904+ef468285 appstream 155 k
perl-DBI x86_64 1.641-4.module+el8.6.0+891+677074cb appstream 739 k
perl-Math-BigInt noarch 1:1.9998.11-7.el8 baseos 194 k
perl-Math-Complex noarch 1.59-421.el8 baseos 108 k
Installing weak dependencies:
mariadb-backup x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 6.9 M
mariadb-gssapi-server x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 55 k
mariadb-server-utils x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 1.2 M
Enabling module streams:
perl-DBD-MySQL 4.046
perl-DBI 1.641
Transaction Summary
=======================================================================================================
Install 15 Packages
Upgrade 7 Packages
Total download size: 53 M
Is this ok [y/N]:
5. Check the MariaDB version:
[mtb@sierra ~]$ mysql --version
mysql Ver 15.1 Distrib 10.5.13-MariaDB, for Linux (x86_64) using EditLine wrapper
6. Check MariaDB server status
Verify the status of the database software by using the following systemctl command:
[mtb@sierra ~]$ mysql --version
mysql Ver 15.1 Distrib 10.5.13-MariaDB, for Linux (x86_64) using EditLine wrapper
[mtb@sierra ~]$ sudo systemctl enable mariadb --now
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
7. Recheck the status:
[mtb@sierra ~]$ systemctl status mariadb
● mariadb.service - MariaDB 10.5 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-05-26 23:13:37 UTC; 51s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 187209 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 18 (limit: 49268)
Memory: 77.5M
CGroup: /system.slice/mariadb.service
└─187209 /usr/libexec/mysqld --basedir=/usr
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: See the MariaDB Knowledgebase at https://mariadb.>
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: MySQL manual for more instructions.
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: Please report any problems at https://mariadb.org>
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: The latest information about MariaDB is available>
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: You can find additional information about the MyS>
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: https://dev.mysql.com
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: Consider joining MariaDB's strong and vibrant com>
May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: https://mariadb.org/get-involved/
May 26 23:13:37 sierra mysqld[187209]: 2022-05-26 23:13:37 0 [Note] /usr/libexec/mysqld (mysqld 10.5.1>
May 26 23:13:37 sierra systemd[1]: Started MariaDB 10.5 database server.
8. To stop MariaDB:
[mtb@sierra ~]$ sudo systemctl stop mariadb
9. To enable MariaDB on system startup
[mtb@sierra ~]$ sudo systemctl enable mariadb
10. To restart the MariaDB service:
[mtb@sierra ~]$ sudo systemctl restart mariadb
11. Secure MariaDB with Security Script
When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script that comes with the MariaDB installation.
First, use the following command to launch the (mysql_secure_installation):
[mtb@sierra ~]$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Install PHP & PHP-FPM (LEMP STACK)
The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the Rhel family for those unaware.
For the tutorial, we will install the newest PHP 8.0. However, it must be noted while WordPress works well with PHP 8.0 and higher, some of the plugins may face issues, so make sure you are only installing active and updated plugins which should be the standard in any CMS. If you encounter problems, uninstall PHP 8.0, and use PHP 7.4.
To install PHP from Remi’s repository, you will need to have installed the EPEL repository at the start of the tutorial. By default, PHP 7.2 is the default PHP choice for standard installation on Rocky Linux. A quick tip is to use the (list php) command to see the options available and the default.
12. enable (Remi repository) with the following:
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
Last metadata expiration check: 0:00:50 ago on Sun 29 May 2022 01:35:45 AM UTC.
remi-release-8.rpm 110 kB/s | 29 kB 00:00
Package yum-utils-4.0.21-3.el8.noarch is already installed.
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Installing:
remi-release noarch 8.6-1.el8.remi @commandline 29 k
Upgrading:
dnf noarch 4.7.0-8.el8 baseos 540 k
dnf-data noarch 4.7.0-8.el8 baseos 154 k
dnf-plugins-core noarch 4.0.21-11.el8 baseos 70 k
json-c x86_64 0.13.1-3.el8 baseos 40 k
libdnf x86_64 0.63.0-8.el8 baseos 704 k
python3-dnf noarch 4.7.0-8.el8 baseos 544 k
python3-dnf-plugins-core noarch 4.0.21-11.el8 baseos 239 k
python3-hawkey x86_64 0.63.0-8.el8 baseos 115 k
python3-libdnf x86_64 0.63.0-8.el8 baseos 777 k
rocky-release noarch 8.6-3.el8 baseos 21 k
rocky-repos noarch 8.6-3.el8 baseos 14 k
yum noarch 4.7.0-8.el8 baseos 205 k
yum-utils noarch 4.0.21-11.el8 baseos 72 k
Transaction Summary
=======================================================================================================
Install 1 Package
Upgrade 13 Packages
Total size: 3.4 M
Total download size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/13): dnf-plugins-core-4.0.21-11.el8.noarch.rpm 298 kB/s | 70 kB 00:00
(2/13): dnf-data-4.7.0-8.el8.noarch.rpm 627 kB/s | 154 kB 00:00
(3/13): json-c-0.13.1-3.el8.x86_64.rpm 728 kB/s | 40 kB 00:00
(4/13): dnf-4.7.0-8.el8.noarch.rpm 1.5 MB/s | 540 kB 00:00
(5/13): libdnf-0.63.0-8.el8.x86_64.rpm 4.4 MB/s | 704 kB 00:00
(6/13): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm 3.0 MB/s | 239 kB 00:00
(7/13): python3-dnf-4.7.0-8.el8.noarch.rpm 3.8 MB/s | 544 kB 00:00
(8/13): python3-hawkey-0.63.0-8.el8.x86_64.rpm 2.1 MB/s | 115 kB 00:00
(9/13): rocky-release-8.6-3.el8.noarch.rpm 309 kB/s | 21 kB 00:00
(10/13): rocky-repos-8.6-3.el8.noarch.rpm 318 kB/s | 14 kB 00:00
(11/13): python3-libdnf-0.63.0-8.el8.x86_64.rpm 7.1 MB/s | 777 kB 00:00
(12/13): yum-4.7.0-8.el8.noarch.rpm 3.5 MB/s | 205 kB 00:00
(13/13): yum-utils-4.0.21-11.el8.noarch.rpm 1.3 MB/s | 72 kB 00:00
-------------------------------------------------------------------------------------------------------
Total 5.4 MB/s | 3.4 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: json-c-0.13.1-3.el8.x86_64 1/1
Upgrading : json-c-0.13.1-3.el8.x86_64 1/27
Upgrading : libdnf-0.63.0-8.el8.x86_64 2/27
Upgrading : python3-libdnf-0.63.0-8.el8.x86_64 3/27
Upgrading : python3-hawkey-0.63.0-8.el8.x86_64 4/27
Upgrading : rocky-repos-8.6-3.el8.noarch 5/27
Upgrading : rocky-release-8.6-3.el8.noarch 6/27
Upgrading : dnf-data-4.7.0-8.el8.noarch 7/27
Upgrading : python3-dnf-4.7.0-8.el8.noarch 8/27
Upgrading : dnf-4.7.0-8.el8.noarch 9/27
Running scriptlet: dnf-4.7.0-8.el8.noarch 9/27
Upgrading : python3-dnf-plugins-core-4.0.21-11.el8.noarch 10/27
Upgrading : dnf-plugins-core-4.0.21-11.el8.noarch 11/27
Upgrading : yum-utils-4.0.21-11.el8.noarch 12/27
Upgrading : yum-4.7.0-8.el8.noarch 13/27
Installing : remi-release-8.6-1.el8.remi.noarch 14/27
Cleanup : yum-utils-4.0.21-3.el8.noarch 15/27
Cleanup : dnf-plugins-core-4.0.21-3.el8.noarch 16/27
Cleanup : python3-dnf-plugins-core-4.0.21-3.el8.noarch 17/27
Cleanup : yum-4.7.0-4.el8.noarch 18/27
Running scriptlet: dnf-4.7.0-4.el8.noarch 19/27
Cleanup : dnf-4.7.0-4.el8.noarch 19/27
Running scriptlet: dnf-4.7.0-4.el8.noarch 19/27
Cleanup : python3-dnf-4.7.0-4.el8.noarch 20/27
Cleanup : rocky-release-8.5-1.el8.noarch 21/27
Cleanup : python3-hawkey-0.63.0-3.el8.x86_64 22/27
Cleanup : rocky-repos-8.5-1.el8.noarch 23/27
Cleanup : dnf-data-4.7.0-4.el8.noarch 24/27
Cleanup : python3-libdnf-0.63.0-3.el8.x86_64 25/27
Cleanup : libdnf-0.63.0-3.el8.x86_64 26/27
Cleanup : json-c-0.13.1-2.el8.x86_64 27/27
Running scriptlet: json-c-0.13.1-2.el8.x86_64 27/27
Verifying : remi-release-8.6-1.el8.remi.noarch 1/27
Verifying : dnf-4.7.0-8.el8.noarch 2/27
Verifying : dnf-4.7.0-4.el8.noarch 3/27
Verifying : dnf-data-4.7.0-8.el8.noarch 4/27
Verifying : dnf-data-4.7.0-4.el8.noarch 5/27
Verifying : dnf-plugins-core-4.0.21-11.el8.noarch 6/27
Verifying : dnf-plugins-core-4.0.21-3.el8.noarch 7/27
Verifying : json-c-0.13.1-3.el8.x86_64 8/27
Verifying : json-c-0.13.1-2.el8.x86_64 9/27
Verifying : libdnf-0.63.0-8.el8.x86_64 10/27
Verifying : libdnf-0.63.0-3.el8.x86_64 11/27
Verifying : python3-dnf-4.7.0-8.el8.noarch 12/27
Verifying : python3-dnf-4.7.0-4.el8.noarch 13/27
Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch 14/27
Verifying : python3-dnf-plugins-core-4.0.21-3.el8.noarch 15/27
Verifying : python3-hawkey-0.63.0-8.el8.x86_64 16/27
Verifying : python3-hawkey-0.63.0-3.el8.x86_64 17/27
Verifying : python3-libdnf-0.63.0-8.el8.x86_64 18/27
Verifying : python3-libdnf-0.63.0-3.el8.x86_64 19/27
Verifying : rocky-release-8.6-3.el8.noarch 20/27
Verifying : rocky-release-8.5-1.el8.noarch 21/27
Verifying : rocky-repos-8.6-3.el8.noarch 22/27
Verifying : rocky-repos-8.5-1.el8.noarch 23/27
Verifying : yum-4.7.0-8.el8.noarch 24/27
Verifying : yum-4.7.0-4.el8.noarch 25/27
Verifying : yum-utils-4.0.21-11.el8.noarch 26/27
Verifying : yum-utils-4.0.21-3.el8.noarch 27/27
Upgraded:
dnf-4.7.0-8.el8.noarch dnf-data-4.7.0-8.el8.noarch
dnf-plugins-core-4.0.21-11.el8.noarch json-c-0.13.1-3.el8.x86_64
libdnf-0.63.0-8.el8.x86_64 python3-dnf-4.7.0-8.el8.noarch
python3-dnf-plugins-core-4.0.21-11.el8.noarch python3-hawkey-0.63.0-8.el8.x86_64
python3-libdnf-0.63.0-8.el8.x86_64 rocky-release-8.6-3.el8.noarch
rocky-repos-8.6-3.el8.noarch yum-4.7.0-8.el8.noarch
yum-utils-4.0.21-11.el8.noarch
Installed:
remi-release-8.6-1.el8.remi.noarch
Complete!
13. Next, use the (dnf) command to update your repository list:
sudo dnf update
14. Now list the modules available for PHP using the following command:
sudo dnf module list php
DigitalOcean Agent 109 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 71 kB/s | 3.3 kB 00:00
Rocky Linux 8 - AppStream
Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 common [d], devel, minimal PHP scripting language
php 7.4 common [d], devel, minimal PHP scripting language
php 8.0 common [d], devel, minimal PHP scripting language
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
php remi-7.2 common [d], devel, minimal PHP scripting language
php remi-7.3 common [d], devel, minimal PHP scripting language
php remi-7.4 common [d], devel, minimal PHP scripting language
php remi-8.0 common [d], devel, minimal PHP scripting language
php remi-8.1 common [d], devel, minimal PHP scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
As you can see above, the (d) tag is next to PHP 7.2, which you will need to reset and change to install PHP 8.0 on Rocky Linux.
15. To reset the PHP list is easy with the following command:
sudo dnf module list reset php
16. Next, enable PHP 8.1 with the following command:
sudo dnf module enable php:remi-8.1
Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC.
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Enabling module streams:
php remi-8.1
Transaction Summary
=======================================================================================================
Is this ok [y/N]: y
Complete!
Install PHP & PHP-FPM
17. Install PHP on your server:
[mtb@sierra ~]$ sudo dnf module enable php:remi-8.1
Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC.
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Enabling module streams:
php remi-8.1
Transaction Summary
=======================================================================================================
Is this ok [y/N]: y
Complete!
[mtb@sierra ~]$ sudo dnf install php
[sudo] password for mtb:
DigitalOcean Agent 122 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 67 kB/s | 3.3 kB 00:00
Dependencies resolved.
=======================================================================================================
Package Arch Version Repository Size
=======================================================================================================
Installing:
php x86_64 8.1.6-1.el8.remi remi-modular 1.7 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 appstream 128 k
apr-util x86_64 1.6.1-6.el8.1 appstream 104 k
httpd x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 1.4 M
httpd-filesystem noarch 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 40 k
httpd-tools x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 107 k
libsodium x86_64 1.0.18-2.el8 epel 162 k
mailcap noarch 2.1.48-3.el8 baseos 38 k
mod_http2 x86_64 1.15.7-5.module+el8.6.0+823+f143cee1 appstream 153 k
oniguruma5php x86_64 6.9.8-1.el8.remi remi-safe 212 k
php-common x86_64 8.1.6-1.el8.remi remi-modular 1.2 M
rocky-logos-httpd noarch 85.0-4.el8 baseos 22 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8.1 appstream 23 k
apr-util-openssl x86_64 1.6.1-6.el8.1 appstream 26 k
php-cli x86_64 8.1.6-1.el8.remi remi-modular 5.3 M
php-fpm x86_64 8.1.6-1.el8.remi remi-modular 1.8 M
php-mbstring x86_64 8.1.6-1.el8.remi remi-modular 521 k
php-opcache x86_64 8.1.6-1.el8.remi remi-modular 628 k
php-pdo x86_64 8.1.6-1.el8.remi remi-modular 161 k
php-sodium x86_64 8.1.6-1.el8.remi remi-modular 101 k
php-xml x86_64 8.1.6-1.el8.remi remi-modular 251 k
Enabling module streams:
httpd 2.4
Transaction Summary
=======================================================================================================
Install 21 Packages
Total download size: 14 M
Installed size: 57 M
Is this ok [y/N]: y
Downloading Packages:
(1/21): apr-util-bdb-1.6.1-6.el8.1.x86_64.rpm 121 kB/s | 23 kB 00:00
(2/21): apr-util-openssl-1.6.1-6.el8.1.x86_64.rpm 400 kB/s | 26 kB 00:00
(3/21): apr-util-1.6.1-6.el8.1.x86_64.rpm 327 kB/s | 104 kB 00:00
(4/21): apr-1.6.3-12.el8.x86_64.rpm 399 kB/s | 128 kB 00:00
(5/21): httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarc 616 kB/s | 40 kB 00:00
(6/21): httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 1.6 MB/s | 107 kB 00:00
(7/21): mailcap-2.1.48-3.el8.noarch.rpm 454 kB/s | 38 kB 00:00
(8/21): rocky-logos-httpd-85.0-4.el8.noarch.rpm 1.3 MB/s | 22 kB 00:00
(9/21): mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm 1.2 MB/s | 153 kB 00:00
(10/21): httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 4.3 MB/s | 1.4 MB 00:00
(11/21): libsodium-1.0.18-2.el8.x86_64.rpm 1.5 MB/s | 162 kB 00:00
(12/21): php-8.1.6-1.el8.remi.x86_64.rpm 2.3 MB/s | 1.7 MB 00:00
(13/21): php-common-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 1.2 MB 00:00
(14/21): php-mbstring-8.1.6-1.el8.remi.x86_64.rpm 5.5 MB/s | 521 kB 00:00
(15/21): php-fpm-8.1.6-1.el8.remi.x86_64.rpm 10 MB/s | 1.8 MB 00:00
(16/21): php-cli-8.1.6-1.el8.remi.x86_64.rpm 5.9 MB/s | 5.3 MB 00:00
(17/21): php-opcache-8.1.6-1.el8.remi.x86_64.rpm 5.8 MB/s | 628 kB 00:00
(18/21): php-pdo-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 161 kB 00:00
(19/21): php-sodium-8.1.6-1.el8.remi.x86_64.rpm 1.2 MB/s | 101 kB 00:00
(20/21): php-xml-8.1.6-1.el8.remi.x86_64.rpm 2.8 MB/s | 251 kB 00:00
(21/21): oniguruma5php-6.9.8-1.el8.remi.x86_64.rpm 2.5 MB/s | 212 kB 00:00
-------------------------------------------------------------------------------------------------------
Total 6.4 MB/s | 14 MB 00:02
Remi's Modular repository for Enterprise Linux 8 - x86_64 3.0 MB/s | 3.1 kB 00:00
Importing GPG key 0x5F11735A:
Userid : "Remi's RPM repository <remi@remirepo.net>"
Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: php-common-8.1.6-1.el8.remi.x86_64 1/21
Installing : php-common-8.1.6-1.el8.remi.x86_64 1/21
Running scriptlet: httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21
Installing : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21
Installing : apr-1.6.3-12.el8.x86_64 3/21
Running scriptlet: apr-1.6.3-12.el8.x86_64 3/21
Installing : apr-util-bdb-1.6.1-6.el8.1.x86_64 4/21
Installing : apr-util-openssl-1.6.1-6.el8.1.x86_64 5/21
Installing : apr-util-1.6.1-6.el8.1.x86_64 6/21
Running scriptlet: apr-util-1.6.1-6.el8.1.x86_64 6/21
Installing : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21
Installing : php-fpm-8.1.6-1.el8.remi.x86_64 8/21
Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 8/21
Installing : php-cli-8.1.6-1.el8.remi.x86_64 9/21
Installing : php-opcache-8.1.6-1.el8.remi.x86_64 10/21
Installing : php-pdo-8.1.6-1.el8.remi.x86_64 11/21
Installing : php-xml-8.1.6-1.el8.remi.x86_64 12/21
Installing : oniguruma5php-6.9.8-1.el8.remi.x86_64 13/21
Installing : php-mbstring-8.1.6-1.el8.remi.x86_64 14/21
Installing : libsodium-1.0.18-2.el8.x86_64 15/21
Installing : php-sodium-8.1.6-1.el8.remi.x86_64 16/21
Installing : rocky-logos-httpd-85.0-4.el8.noarch 17/21
Installing : mailcap-2.1.48-3.el8.noarch 18/21
Installing : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 19/21
Installing : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21
Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21
Installing : php-8.1.6-1.el8.remi.x86_64 21/21
Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 21/21
Running scriptlet: php-8.1.6-1.el8.remi.x86_64 21/21
Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 21/21
Verifying : apr-1.6.3-12.el8.x86_64 1/21
Verifying : apr-util-1.6.1-6.el8.1.x86_64 2/21
Verifying : apr-util-bdb-1.6.1-6.el8.1.x86_64 3/21
Verifying : apr-util-openssl-1.6.1-6.el8.1.x86_64 4/21
Verifying : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 5/21
Verifying : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 6/21
Verifying : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21
Verifying : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 8/21
Verifying : mailcap-2.1.48-3.el8.noarch 9/21
Verifying : rocky-logos-httpd-85.0-4.el8.noarch 10/21
Verifying : libsodium-1.0.18-2.el8.x86_64 11/21
Verifying : php-8.1.6-1.el8.remi.x86_64 12/21
Verifying : php-cli-8.1.6-1.el8.remi.x86_64 13/21
Verifying : php-common-8.1.6-1.el8.remi.x86_64 14/21
Verifying : php-fpm-8.1.6-1.el8.remi.x86_64 15/21
Verifying : php-mbstring-8.1.6-1.el8.remi.x86_64 16/21
Verifying : php-opcache-8.1.6-1.el8.remi.x86_64 17/21
Verifying : php-pdo-8.1.6-1.el8.remi.x86_64 18/21
Verifying : php-sodium-8.1.6-1.el8.remi.x86_64 19/21
Verifying : php-xml-8.1.6-1.el8.remi.x86_64 20/21
Verifying : oniguruma5php-6.9.8-1.el8.remi.x86_64 21/21
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8.1.x86_64
apr-util-bdb-1.6.1-6.el8.1.x86_64
apr-util-openssl-1.6.1-6.el8.1.x86_64
httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch
httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
libsodium-1.0.18-2.el8.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64
oniguruma5php-6.9.8-1.el8.remi.x86_64
php-8.1.6-1.el8.remi.x86_64
php-cli-8.1.6-1.el8.remi.x86_64
php-common-8.1.6-1.el8.remi.x86_64
php-fpm-8.1.6-1.el8.remi.x86_64
php-mbstring-8.1.6-1.el8.remi.x86_64
php-opcache-8.1.6-1.el8.remi.x86_64
php-pdo-8.1.6-1.el8.remi.x86_64
php-sodium-8.1.6-1.el8.remi.x86_64
php-xml-8.1.6-1.el8.remi.x86_64
rocky-logos-httpd-85.0-4.el8.noarch
Complete!
17b. Add the PHP MySQL extension!
sudo dnf install php-mysqlnd
18. Verify the installation and check the version and build:
[mtb@sierra ~]$ php -v
PHP 8.1.6 (cli) (built: May 11 2022 01:14:18) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.1.6, Copyright (c) Zend Technologies
with Zend OPcache v8.1.6, Copyright (c), by Zend Technologies
Now, by default, PHP-FPM is off and not enabled on boot.
19. Enable on boot and start the service, use the following systemctl commands:
[mtb@sierra ~]$ sudo systemctl enable php-fpm --now
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
[mtb@sierra ~]$ sudo systemctl status php
Unit php.service could not be found.
[mtb@sierra ~]$ sudo systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-05-29 02:03:19 UTC; 59s ago
Main PID: 260101 (php-fpm)
Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 6 (limit: 49268)
Memory: 13.1M
CGroup: /system.slice/php-fpm.service
├─260101 php-fpm: master process (/etc/php-fpm.conf)
├─260102 php-fpm: pool www
├─260103 php-fpm: pool www
├─260104 php-fpm: pool www
├─260105 php-fpm: pool www
└─260106 php-fpm: pool www
May 29 02:03:19 sierra systemd[1]: Starting The PHP FastCGI Process Manager...
May 29 02:03:19 sierra systemd[1]: Started The PHP FastCGI Process Manager.
Install WordPress Backend
Download WordPress
Visit the WordPress.org download page and scroll down to find the “latest.zip” download link or use the wget command to download.
20. Install wget:
[mtb@sierra ~]$ sudo dnf install wget
DigitalOcean Agent 142 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 83 kB/s | 3.3 kB 00:00
Dependencies resolved.
=======================================================================================================
Package Architecture Version Repository Size
=======================================================================================================
Installing:
wget x86_64 1.19.5-10.el8 appstream 733 k
Installing dependencies:
libmetalink x86_64 0.1.3-7.el8 baseos 31 k
Transaction Summary
=======================================================================================================
Install 2 Packages
Total download size: 763 k
Installed size: 2.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): wget-1.19.5-10.el8.x86_64.rpm 11 MB/s | 733 kB 00:00
(2/2): libmetalink-0.1.3-7.el8.x86_64.rpm 359 kB/s | 31 kB 00:00
-------------------------------------------------------------------------------------------------------
Total 3.8 MB/s | 763 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libmetalink-0.1.3-7.el8.x86_64 1/2
Installing : wget-1.19.5-10.el8.x86_64 2/2
Running scriptlet: wget-1.19.5-10.el8.x86_64 2/2
Verifying : wget-1.19.5-10.el8.x86_64 1/2
Verifying : libmetalink-0.1.3-7.el8.x86_64 2/2
Installed:
libmetalink-0.1.3-7.el8.x86_64 wget-1.19.5-10.el8.x86_64
Complete!
21. Download the latest version of wordpress:
[mtb@sierra ~]$ wget https://wordpress.org/latest.zip
--2022-05-29 02:07:52-- https://wordpress.org/latest.zip
Resolving wordpress.org (wordpress.org)... 198.143.164.252
Connecting to wordpress.org (wordpress.org)|198.143.164.252|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22766944 (22M) [application/zip]
Saving to: 'latest.zip'
latest.zip 100%[====================================>] 21.71M 85.8MB/s in 0.3s
2022-05-29 02:07:52 (85.8 MB/s) - 'latest.zip' saved [22766944/22766944]
22. Create Folder Structure for WordPress
sudo mkdir -p /usr/share/nginx/html/wordpress
23. Unzip WordPress to the www directory:
sudo unzip latest.zip -d /usr/share/nginx/html/
Create HTML file permissions
24. You must set the directory owner permissions to something consistent, or else you will have trouble with WordPress write permissions. We first need to create a user and group that owns HTML content (web2), and also that is not a user with a shell or sudo permissions.
[mtb@sierra ~]$ sudo groupadd -g 2222 webtwo
[mtb@sierra ~]$ sudo useradd -u 2222 -g 2222 -d /usr/share/nginx/html -s /sbin/nologin -c "webtwo files" webtwo
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[mtb@sierra ~]$ sudo usermod -G webtwo nginx
25. Add nginx user support to the webtwo group created in the previous step:
[mtb@sierra ~]$ sudo usermod -G webtwo nginx
26. Change ownership on the HTML directories:
[mtb@sierra html]$ sudo chown -R webtwo:webtwo /usr/share/nginx/html
[sudo] password for mtb:
[mtb@sierra html]$ ls -la
total 8
drwxrwxr-x. 13 webtwo webtwo 236 Jun 13 15:05 .
drwxr-xr-x. 4 root root 33 Mar 31 14:03 ..
drwxr-xr-x 2 webtwo webtwo 6 May 26 16:00 4m3.bio
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 costaflores.com
drwxr-xr-x 4 webtwo webtwo 57 May 26 15:57 martianwinefederation.org
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 moss.law
drwxrwxr-x 4 webtwo webtwo 292 Jun 13 15:03 nft.openvino.org
drwxr-xr-x 3 webtwo webtwo 229 Jun 13 15:04 old
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.exchange
drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.org
drwxrwxr-x 16 webtwo webtwo 4096 Jun 10 16:12 postfixadmin
drwxr-xr-x 8 webtwo webtwo 123 May 4 2020 theluckhunters.com
drwxr-xr-x 5 webtwo webtwo 4096 May 29 02:14 wordpress
27. Allow group write content (for nginx) into wp-content
sudo chmod 775 wordpress/wp-content
Create Database for WordPress
28. Create the Wordpress DB’s and username:
[mtb@sierra html]$ sudo mariadb -u root
[sudo] password for mtb:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.5.13-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE WORDPRESSDB;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.004 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'CHANGEONINSTALL';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> EXIT;
Bye
Configure WordPress Configuration Files
29. Configure wp-config.php
[mtb@sierra wordpress]$ pwd
/usr/share/nginx/html/wordpress
[mtb@sierra wordpress]$ sudo cp wp-config-sample.php wp-config.php
[mtb@sierra wordpress]$ vi wp-config.php
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WORDPRESSDB' );
/** Database username */
define( 'DB_USER', 'WPUSER' );
/** Database password */
define( 'DB_PASSWORD', 'CHANGEONINSTALL' );
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* Save files direct
*/
define( 'FS_METHOD', 'direct' );
/**
* Increase memory limit
*/
define('WP_MEMORY_LIMIT', '256M');
File Permissions for WordPress Files/Folders
In general, the correct file permissions for WordPress should be as follows:
Files: 664
Folders: 775
However, there are a few specific exemptions that are important to note:
wp-config.php file
.htaccess file
nginx.conf file
You might have noticed that wp-config.php has the database password in cleartext.
wp-config.php Permissions
30. Set file permissions.
A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.
[mtb@sierra wordpress]$ sudo chown webtwo:webtwo wp-config.php
[mtb@sierra wordpress]$ sudo chmod 640 wp-config.php
Set WordPress Security Salt Keys
It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at https://api.wordpress.org/secret-key/1.1/salt/. Replace the example lines with the codes from the generator.
define('AUTH_KEY', '<3yfS7/>%m.Tl^8Wx-Y8-|T77WRK[p>(PtH6V]Dl69^<8|K86[_Z},+THZ25+nJG');
define('SECURE_AUTH_KEY', 'bN#Qy#ChBX#Y`PE/_0N42zxgLD|5XpU[mu.n&:t4q~hg<UP/b8+xFTly_b}f]M;!');
define('LOGGED_IN_KEY', 'owpvIO-+WLG|,1)CQl*%gP1uDp}s(jUbYQ[Wm){O(x@sJ#T}tOTP&UOfk|wYsj5$');
define('NONCE_KEY', '8=Vh|V{D<>`CLoP0$H!Z3gEqf@])){L+6eGi`GAjV(Mu0YULL@sagx&cgb.QVCbi');
define('AUTH_SALT', '%TX*X$GE-;|?<-^(+K1Un!_Y<hk-Ne2;&{c[-v!{q4&OiJjQon /SHcc/:MB}y#(');
define('SECURE_AUTH_SALT', '=zkDT_%}J4ivjjN+F}:A+s6e64[^uQ<qNO]TfHS>G0elz2B~7Nk.vRcL00cJoo7*');
define('LOGGED_IN_SALT', '{$-o_ull4|qQ?f=8vP>Vvq8~v>g(2w12`h65ztPM(xo!Fr()5xrqy^k[E~TwI!xn');
define('NONCE_SALT', 'a1G(Q|X`eX$p%6>K:Cba!]/5MAqX+L<A4yU_&CI)*w+#ZB+*yK*u-|]X_9V;:++6');
Nginx server block configuration
31. Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.
The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress.
Next, edit a domain specific file in /etc/nginx/conf.d (i.e. moss.law.conf):
[mtb@sierra conf.d]$ cat moss.law.conf
server {
listen 80;
listen [::]:80;
server_name www.moss.law moss.law;
root /usr/share/nginx/html/wordpress;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /wp-sitemap.*\.xml {
try_files $uri $uri/ /index.php$is_args$args;
}
client_max_body_size 64M;
# Pass the php scripts to FastCGI server specified in upstream declaration.
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_buffers 4 128k;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 40;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 90d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 90d;
access_log off;
}
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}
}
}
PHP.ini configuration
To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
Firstly, open the php.ini file:To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.
32. Firstly, edit the php.ini file, and make the following changes:
max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846)
By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.
Firstly, open following (www.conf) configuration file:
33. Edit www.conf and replace user apache with nginx
[mtb@sierra conf.d]$ sudo vi /etc/php-fpm.d/www.conf
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
34. Restart PHP
sudo systemctl restart php-fpm
35. Fix path for fastcgi_pass in /etc/ngninx/default.d/php.conf
fastcgi_pass unix:/var/run/php-fpm/www.sock;
36. Test to see if the configuration files load correctly:
[mtb@sierra conf.d]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
37. After checking and everything is ok with your Nginx dry run test, restart the Nginx service.
sudo systemctl restart nginx
SElinux configuration
Before proceeding any further, a few adjustments must be made to SELinux.
38. First, allow webserver network connections.
sudo setsebool -P httpd_can_network_connect 1
39. Next, set the SELinux contexts WordPress directory.
[mtb@sierra conf.d]$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html(/.*)?"
ValueError: File context for /usr/share/nginx/html(/.*)? already defined
[mtb@sierra conf.d]$ sudo restorecon -Rv /usr/share/nginx/html
[mtb@sierra conf.d]$ sudo systemctl restart php-fpm
Not sure why the “ValueError: … already defined” message appears. It should exit 0, even if these flags are already set.
40. Restart PHP-FPM for good practice
sudo systemctl restart php-fpm
Install WordPress frontend
Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.
41. Go to mydomain.com/wp-admin/install.php
If it works, you should see this screen:
Once you have created an initial admin user, WordPress is setup. Now we need to enable WordPress to manage multiple domains.
Configure WordPress multi-site feature for multiple domains
In this setup, we are using one WordPress installation to manage different domains:
WordPress multisite functionality comes built-in with WordPress, but it is turned off by default. You’ll need to enable it in order to set up your WordPress multisite.
For that, we need to add multisite support in /usr/share/nginx/html/wordpress/wp-config.php
/** Add multi-site support */
define( 'WP_ALLOW_MULTISITE', true );
Now we need to switch back to the WordPress admin dashboard and reload the admin dashboard page. After that, visit the Tools » Network Setup page to configure your WordPress multisite network.
Choose the Sub-domains option, modify the Network Title as desired, and then click Install.
You will be presented with two blocks of code to be added in the wp-config.php and .htaccess files. Copy the wp-config.php code which looks similar to the following:
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'moss.law');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
Edit the wp-config.php file.
sudo vi /usr/share/nginx/wordpress/wp-config.php
Add these lines before the comment /* That's all, stop editing! Happy blogging. */
and save it.
Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.
Configure SSL certificates with Let’s Encrypt
To configure SSL certificates with Let’s Encrypt, first:
Install the EPEL repository and the mod_ssl package for better-updated packages and security.
sudo dnf install epel-release mod_ssl -y
DigitalOcean Agent 128 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 55 kB/s | 3.3 kB 00:00
Package epel-release-8-15.el8.noarch is already installed.
Dependencies resolved.
=======================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 136 k
Transaction Summary
=======================================================================================================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 957 kB/s | 136 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------
Total 706 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1
Installed:
mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64
Complete!
Next, install the certbot package as follows:
[mtb@sierra updraft]$ sudo dnf install python3-certbot-nginx -y
Last metadata expiration check: 0:01:00 ago on Thu 16 Jun 2022 09:48:43 PM UTC.
Package python3-certbot-nginx-1.22.0-1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Once installed, run the following command to start the creation of your certificate:
[mtb@sierra updraft]$ sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email mtb@costaflores.com -d moss.law
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for moss.law
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/moss.law/fullchain.pem
Key is saved at: /etc/letsencrypt/live/moss.law/privkey.pem
This certificate expires on 2022-09-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for moss.law to /etc/nginx/conf.d/moss.law.conf
Congratulations! You have successfully enabled HTTPS on https://moss.law
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now the site should respond to HTTPS connections with the new certificate!
Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.
sudo certbot renew --dry-run
Next install the cronjob (crontab -e):
00 00 */1 * * /usr/sbin/certbot-auto renew