Configuring wordpress

Wordpress is used for https://openvino.org and other project sites.

This is how wordpress is configured and installed. Much of the contents for this document were copied from the excellent tutorial https://www.linuxcapable.com/how-to-install-wordpress-with-lemp-nginx-mariadb-and-php-on-rocky-linux-8/, though some additions and changes have been made.

  1. Install unzip

    [mtb@sierra ~]$ sudo dnf install unzip -y

     

  2. In this setup, nginx is already installed and enabled as a service on boot:

    [mtb@sierra ~]$ nginx -v nginx version: nginx/1.14.1 [mtb@sierra ~]$ systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 15:47:48 UTC; 7h ago Process: 170448 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 170387 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 170385 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 170383 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 170390 (nginx) Tasks: 5 (limit: 49268) Memory: 23.2M CGroup: /system.slice/nginx.service ├─170390 nginx: master process /usr/sbin/nginx ├─170449 nginx: worker process ├─170450 nginx: worker process ├─170451 nginx: worker process └─170452 nginx: worker process May 26 15:47:48 sierra systemd[1]: Starting The nginx HTTP and reverse proxy server... May 26 15:47:48 sierra nginx[170385]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok May 26 15:47:48 sierra nginx[170385]: nginx: configuration file /etc/nginx/nginx.conf test is successful May 26 15:47:48 sierra systemd[1]: Started The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloading The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloaded The nginx HTTP and reverse proxy server.

     

  3. Install MariaDB (LEMP STACK)
    Optional. Change to MariaDB 10.5

Rocky Linux App stream by default installs MariaDB 10.3, an older but incredibly stable version. However, the latest build of MariaDB at the time of this tutorial that is classed as a stable release is MariaDB 10.7, with MariaDB 10.8 being the RC candidate.

As you can imagine, the difference is pretty significant; however, as most users of Rocky Linux prefer using stability over cutting edge, a solution will be to use MariaDB 10.5 that is newer while at the same time being incredibly stable and still receiving bug fixes and security updates.

First, reset the MariaDB module list:

sudo dnf module reset mariadb [mtb@sierra ~]$ sudo dnf module enable mariadb:10.5 Last metadata expiration check: 0:01:11 ago on Thu 26 May 2022 11:05:48 PM UTC. Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Enabling module streams: mariadb 10.5 Transaction Summary ======================================================================================================= Is this ok [y/N]: y Complete!

 

4. Install MariaDB


[mtb@sierra ~]$ sudo dnf install mariadb-server mariadb Last metadata expiration check: 0:03:01 ago on Thu 26 May 2022 11:05:48 PM UTC. Dependencies resolved. ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Installing: mariadb x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 6.2 M mariadb-server x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 18 M Upgrading: libsemanage x86_64 2.9-8.el8 baseos 167 k policycoreutils x86_64 2.9-19.el8 baseos 373 k policycoreutils-python-utils noarch 2.9-19.el8 baseos 252 k python3-libsemanage x86_64 2.9-8.el8 baseos 127 k python3-policycoreutils noarch 2.9-19.el8 baseos 2.2 M selinux-policy noarch 3.14.3-95.el8 baseos 644 k selinux-policy-targeted noarch 3.14.3-95.el8 baseos 15 M Installing dependencies: libaio x86_64 0.3.112-1.el8 baseos 31 k mariadb-common x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 67 k mariadb-connector-c x86_64 3.1.11-2.el8_3 appstream 199 k mariadb-connector-c-config noarch 3.1.11-2.el8_3 appstream 14 k mariadb-errmsg x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 239 k mysql-selinux noarch 1.0.2-6.el8 appstream 36 k perl-DBD-MySQL x86_64 4.046-3.module+el8.6.0+904+ef468285 appstream 155 k perl-DBI x86_64 1.641-4.module+el8.6.0+891+677074cb appstream 739 k perl-Math-BigInt noarch 1:1.9998.11-7.el8 baseos 194 k perl-Math-Complex noarch 1.59-421.el8 baseos 108 k Installing weak dependencies: mariadb-backup x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 6.9 M mariadb-gssapi-server x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 55 k mariadb-server-utils x86_64 3:10.5.13-1.module+el8.5.0+773+f75e97f7 appstream 1.2 M Enabling module streams: perl-DBD-MySQL 4.046 perl-DBI 1.641 Transaction Summary ======================================================================================================= Install 15 Packages Upgrade 7 Packages Total download size: 53 M Is this ok [y/N]:

 

5. Check the MariaDB version:

 

[mtb@sierra ~]$ mysql --version mysql Ver 15.1 Distrib 10.5.13-MariaDB, for Linux (x86_64) using EditLine wrapper

 

6. Check MariaDB server status

Verify the status of the database software by using the following systemctl command:

[mtb@sierra ~]$ mysql --version mysql Ver 15.1 Distrib 10.5.13-MariaDB, for Linux (x86_64) using EditLine wrapper [mtb@sierra ~]$ sudo systemctl enable mariadb --now Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.

7. Recheck the status:

[mtb@sierra ~]$ systemctl status mariadb ● mariadb.service - MariaDB 10.5 database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 23:13:37 UTC; 51s ago Docs: man:mysqld(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 187209 (mysqld) Status: "Taking your SQL requests now..." Tasks: 18 (limit: 49268) Memory: 77.5M CGroup: /system.slice/mariadb.service └─187209 /usr/libexec/mysqld --basedir=/usr May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: See the MariaDB Knowledgebase at https://mariadb.> May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: MySQL manual for more instructions. May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: Please report any problems at https://mariadb.org> May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: The latest information about MariaDB is available> May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: You can find additional information about the MyS> May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: https://dev.mysql.com May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: Consider joining MariaDB's strong and vibrant com> May 26 23:13:37 sierra mysql-prepare-db-dir[187121]: https://mariadb.org/get-involved/ May 26 23:13:37 sierra mysqld[187209]: 2022-05-26 23:13:37 0 [Note] /usr/libexec/mysqld (mysqld 10.5.1> May 26 23:13:37 sierra systemd[1]: Started MariaDB 10.5 database server.

8. To stop MariaDB:

[mtb@sierra ~]$ sudo systemctl stop mariadb

9. To enable MariaDB on system startup

[mtb@sierra ~]$ sudo systemctl enable mariadb

10. To restart the MariaDB service:

[mtb@sierra ~]$ sudo systemctl restart mariadb

11. Secure MariaDB with Security Script

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script that comes with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

[mtb@sierra ~]$ sudo mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] Y Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

Install PHP & PHP-FPM (LEMP STACK)

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the Rhel family for those unaware.

For the tutorial, we will install the newest PHP 8.0. However, it must be noted while WordPress works well with PHP 8.0 and higher, some of the plugins may face issues, so make sure you are only installing active and updated plugins which should be the standard in any CMS. If you encounter problems, uninstall PHP 8.0, and use PHP 7.4.

To install PHP from Remi’s repository, you will need to have installed the EPEL repository at the start of the tutorial. By default, PHP 7.2 is the default PHP choice for standard installation on Rocky Linux. A quick tip is to use the (list php) command to see the options available and the default.

12. enable (Remi repository) with the following:

sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm Last metadata expiration check: 0:00:50 ago on Sun 29 May 2022 01:35:45 AM UTC. remi-release-8.rpm 110 kB/s | 29 kB 00:00 Package yum-utils-4.0.21-3.el8.noarch is already installed. Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Installing: remi-release noarch 8.6-1.el8.remi @commandline 29 k Upgrading: dnf noarch 4.7.0-8.el8 baseos 540 k dnf-data noarch 4.7.0-8.el8 baseos 154 k dnf-plugins-core noarch 4.0.21-11.el8 baseos 70 k json-c x86_64 0.13.1-3.el8 baseos 40 k libdnf x86_64 0.63.0-8.el8 baseos 704 k python3-dnf noarch 4.7.0-8.el8 baseos 544 k python3-dnf-plugins-core noarch 4.0.21-11.el8 baseos 239 k python3-hawkey x86_64 0.63.0-8.el8 baseos 115 k python3-libdnf x86_64 0.63.0-8.el8 baseos 777 k rocky-release noarch 8.6-3.el8 baseos 21 k rocky-repos noarch 8.6-3.el8 baseos 14 k yum noarch 4.7.0-8.el8 baseos 205 k yum-utils noarch 4.0.21-11.el8 baseos 72 k Transaction Summary ======================================================================================================= Install 1 Package Upgrade 13 Packages Total size: 3.4 M Total download size: 3.4 M Is this ok [y/N]: y Downloading Packages: (1/13): dnf-plugins-core-4.0.21-11.el8.noarch.rpm 298 kB/s | 70 kB 00:00 (2/13): dnf-data-4.7.0-8.el8.noarch.rpm 627 kB/s | 154 kB 00:00 (3/13): json-c-0.13.1-3.el8.x86_64.rpm 728 kB/s | 40 kB 00:00 (4/13): dnf-4.7.0-8.el8.noarch.rpm 1.5 MB/s | 540 kB 00:00 (5/13): libdnf-0.63.0-8.el8.x86_64.rpm 4.4 MB/s | 704 kB 00:00 (6/13): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm 3.0 MB/s | 239 kB 00:00 (7/13): python3-dnf-4.7.0-8.el8.noarch.rpm 3.8 MB/s | 544 kB 00:00 (8/13): python3-hawkey-0.63.0-8.el8.x86_64.rpm 2.1 MB/s | 115 kB 00:00 (9/13): rocky-release-8.6-3.el8.noarch.rpm 309 kB/s | 21 kB 00:00 (10/13): rocky-repos-8.6-3.el8.noarch.rpm 318 kB/s | 14 kB 00:00 (11/13): python3-libdnf-0.63.0-8.el8.x86_64.rpm 7.1 MB/s | 777 kB 00:00 (12/13): yum-4.7.0-8.el8.noarch.rpm 3.5 MB/s | 205 kB 00:00 (13/13): yum-utils-4.0.21-11.el8.noarch.rpm 1.3 MB/s | 72 kB 00:00 ------------------------------------------------------------------------------------------------------- Total 5.4 MB/s | 3.4 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: json-c-0.13.1-3.el8.x86_64 1/1 Upgrading : json-c-0.13.1-3.el8.x86_64 1/27 Upgrading : libdnf-0.63.0-8.el8.x86_64 2/27 Upgrading : python3-libdnf-0.63.0-8.el8.x86_64 3/27 Upgrading : python3-hawkey-0.63.0-8.el8.x86_64 4/27 Upgrading : rocky-repos-8.6-3.el8.noarch 5/27 Upgrading : rocky-release-8.6-3.el8.noarch 6/27 Upgrading : dnf-data-4.7.0-8.el8.noarch 7/27 Upgrading : python3-dnf-4.7.0-8.el8.noarch 8/27 Upgrading : dnf-4.7.0-8.el8.noarch 9/27 Running scriptlet: dnf-4.7.0-8.el8.noarch 9/27 Upgrading : python3-dnf-plugins-core-4.0.21-11.el8.noarch 10/27 Upgrading : dnf-plugins-core-4.0.21-11.el8.noarch 11/27 Upgrading : yum-utils-4.0.21-11.el8.noarch 12/27 Upgrading : yum-4.7.0-8.el8.noarch 13/27 Installing : remi-release-8.6-1.el8.remi.noarch 14/27 Cleanup : yum-utils-4.0.21-3.el8.noarch 15/27 Cleanup : dnf-plugins-core-4.0.21-3.el8.noarch 16/27 Cleanup : python3-dnf-plugins-core-4.0.21-3.el8.noarch 17/27 Cleanup : yum-4.7.0-4.el8.noarch 18/27 Running scriptlet: dnf-4.7.0-4.el8.noarch 19/27 Cleanup : dnf-4.7.0-4.el8.noarch 19/27 Running scriptlet: dnf-4.7.0-4.el8.noarch 19/27 Cleanup : python3-dnf-4.7.0-4.el8.noarch 20/27 Cleanup : rocky-release-8.5-1.el8.noarch 21/27 Cleanup : python3-hawkey-0.63.0-3.el8.x86_64 22/27 Cleanup : rocky-repos-8.5-1.el8.noarch 23/27 Cleanup : dnf-data-4.7.0-4.el8.noarch 24/27 Cleanup : python3-libdnf-0.63.0-3.el8.x86_64 25/27 Cleanup : libdnf-0.63.0-3.el8.x86_64 26/27 Cleanup : json-c-0.13.1-2.el8.x86_64 27/27 Running scriptlet: json-c-0.13.1-2.el8.x86_64 27/27 Verifying : remi-release-8.6-1.el8.remi.noarch 1/27 Verifying : dnf-4.7.0-8.el8.noarch 2/27 Verifying : dnf-4.7.0-4.el8.noarch 3/27 Verifying : dnf-data-4.7.0-8.el8.noarch 4/27 Verifying : dnf-data-4.7.0-4.el8.noarch 5/27 Verifying : dnf-plugins-core-4.0.21-11.el8.noarch 6/27 Verifying : dnf-plugins-core-4.0.21-3.el8.noarch 7/27 Verifying : json-c-0.13.1-3.el8.x86_64 8/27 Verifying : json-c-0.13.1-2.el8.x86_64 9/27 Verifying : libdnf-0.63.0-8.el8.x86_64 10/27 Verifying : libdnf-0.63.0-3.el8.x86_64 11/27 Verifying : python3-dnf-4.7.0-8.el8.noarch 12/27 Verifying : python3-dnf-4.7.0-4.el8.noarch 13/27 Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch 14/27 Verifying : python3-dnf-plugins-core-4.0.21-3.el8.noarch 15/27 Verifying : python3-hawkey-0.63.0-8.el8.x86_64 16/27 Verifying : python3-hawkey-0.63.0-3.el8.x86_64 17/27 Verifying : python3-libdnf-0.63.0-8.el8.x86_64 18/27 Verifying : python3-libdnf-0.63.0-3.el8.x86_64 19/27 Verifying : rocky-release-8.6-3.el8.noarch 20/27 Verifying : rocky-release-8.5-1.el8.noarch 21/27 Verifying : rocky-repos-8.6-3.el8.noarch 22/27 Verifying : rocky-repos-8.5-1.el8.noarch 23/27 Verifying : yum-4.7.0-8.el8.noarch 24/27 Verifying : yum-4.7.0-4.el8.noarch 25/27 Verifying : yum-utils-4.0.21-11.el8.noarch 26/27 Verifying : yum-utils-4.0.21-3.el8.noarch 27/27 Upgraded: dnf-4.7.0-8.el8.noarch dnf-data-4.7.0-8.el8.noarch dnf-plugins-core-4.0.21-11.el8.noarch json-c-0.13.1-3.el8.x86_64 libdnf-0.63.0-8.el8.x86_64 python3-dnf-4.7.0-8.el8.noarch python3-dnf-plugins-core-4.0.21-11.el8.noarch python3-hawkey-0.63.0-8.el8.x86_64 python3-libdnf-0.63.0-8.el8.x86_64 rocky-release-8.6-3.el8.noarch rocky-repos-8.6-3.el8.noarch yum-4.7.0-8.el8.noarch yum-utils-4.0.21-11.el8.noarch Installed: remi-release-8.6-1.el8.remi.noarch Complete!

13. Next, use the (dnf) command to update your repository list:

sudo dnf update

14. Now list the modules available for PHP using the following command:

sudo dnf module list php DigitalOcean Agent 109 kB/s | 3.3 kB 00:00 DigitalOcean Droplet Agent 71 kB/s | 3.3 kB 00:00 Rocky Linux 8 - AppStream Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language php 7.4 common [d], devel, minimal PHP scripting language php 8.0 common [d], devel, minimal PHP scripting language Remi's Modular repository for Enterprise Linux 8 - x86_64 Name Stream Profiles Summary php remi-7.2 common [d], devel, minimal PHP scripting language php remi-7.3 common [d], devel, minimal PHP scripting language php remi-7.4 common [d], devel, minimal PHP scripting language php remi-8.0 common [d], devel, minimal PHP scripting language php remi-8.1 common [d], devel, minimal PHP scripting language Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

As you can see above, the (d) tag is next to PHP 7.2, which you will need to reset and change to install PHP 8.0 on Rocky Linux.

15. To reset the PHP list is easy with the following command:

sudo dnf module list reset php

16. Next, enable PHP 8.1 with the following command:

sudo dnf module enable php:remi-8.1 Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC. Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Enabling module streams: php remi-8.1 Transaction Summary ======================================================================================================= Is this ok [y/N]: y Complete!

Install PHP & PHP-FPM

17. Install PHP on your server:

[mtb@sierra ~]$ sudo dnf module enable php:remi-8.1 Last metadata expiration check: 0:04:32 ago on Sun 29 May 2022 01:51:02 AM UTC. Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Enabling module streams: php remi-8.1 Transaction Summary ======================================================================================================= Is this ok [y/N]: y Complete! [mtb@sierra ~]$ sudo dnf install php [sudo] password for mtb: DigitalOcean Agent 122 kB/s | 3.3 kB 00:00 DigitalOcean Droplet Agent 67 kB/s | 3.3 kB 00:00 Dependencies resolved. ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Installing: php x86_64 8.1.6-1.el8.remi remi-modular 1.7 M Installing dependencies: apr x86_64 1.6.3-12.el8 appstream 128 k apr-util x86_64 1.6.1-6.el8.1 appstream 104 k httpd x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 1.4 M httpd-filesystem noarch 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 40 k httpd-tools x86_64 2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 107 k libsodium x86_64 1.0.18-2.el8 epel 162 k mailcap noarch 2.1.48-3.el8 baseos 38 k mod_http2 x86_64 1.15.7-5.module+el8.6.0+823+f143cee1 appstream 153 k oniguruma5php x86_64 6.9.8-1.el8.remi remi-safe 212 k php-common x86_64 8.1.6-1.el8.remi remi-modular 1.2 M rocky-logos-httpd noarch 85.0-4.el8 baseos 22 k Installing weak dependencies: apr-util-bdb x86_64 1.6.1-6.el8.1 appstream 23 k apr-util-openssl x86_64 1.6.1-6.el8.1 appstream 26 k php-cli x86_64 8.1.6-1.el8.remi remi-modular 5.3 M php-fpm x86_64 8.1.6-1.el8.remi remi-modular 1.8 M php-mbstring x86_64 8.1.6-1.el8.remi remi-modular 521 k php-opcache x86_64 8.1.6-1.el8.remi remi-modular 628 k php-pdo x86_64 8.1.6-1.el8.remi remi-modular 161 k php-sodium x86_64 8.1.6-1.el8.remi remi-modular 101 k php-xml x86_64 8.1.6-1.el8.remi remi-modular 251 k Enabling module streams: httpd 2.4 Transaction Summary ======================================================================================================= Install 21 Packages Total download size: 14 M Installed size: 57 M Is this ok [y/N]: y Downloading Packages: (1/21): apr-util-bdb-1.6.1-6.el8.1.x86_64.rpm 121 kB/s | 23 kB 00:00 (2/21): apr-util-openssl-1.6.1-6.el8.1.x86_64.rpm 400 kB/s | 26 kB 00:00 (3/21): apr-util-1.6.1-6.el8.1.x86_64.rpm 327 kB/s | 104 kB 00:00 (4/21): apr-1.6.3-12.el8.x86_64.rpm 399 kB/s | 128 kB 00:00 (5/21): httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarc 616 kB/s | 40 kB 00:00 (6/21): httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 1.6 MB/s | 107 kB 00:00 (7/21): mailcap-2.1.48-3.el8.noarch.rpm 454 kB/s | 38 kB 00:00 (8/21): rocky-logos-httpd-85.0-4.el8.noarch.rpm 1.3 MB/s | 22 kB 00:00 (9/21): mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm 1.2 MB/s | 153 kB 00:00 (10/21): httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 4.3 MB/s | 1.4 MB 00:00 (11/21): libsodium-1.0.18-2.el8.x86_64.rpm 1.5 MB/s | 162 kB 00:00 (12/21): php-8.1.6-1.el8.remi.x86_64.rpm 2.3 MB/s | 1.7 MB 00:00 (13/21): php-common-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 1.2 MB 00:00 (14/21): php-mbstring-8.1.6-1.el8.remi.x86_64.rpm 5.5 MB/s | 521 kB 00:00 (15/21): php-fpm-8.1.6-1.el8.remi.x86_64.rpm 10 MB/s | 1.8 MB 00:00 (16/21): php-cli-8.1.6-1.el8.remi.x86_64.rpm 5.9 MB/s | 5.3 MB 00:00 (17/21): php-opcache-8.1.6-1.el8.remi.x86_64.rpm 5.8 MB/s | 628 kB 00:00 (18/21): php-pdo-8.1.6-1.el8.remi.x86_64.rpm 1.9 MB/s | 161 kB 00:00 (19/21): php-sodium-8.1.6-1.el8.remi.x86_64.rpm 1.2 MB/s | 101 kB 00:00 (20/21): php-xml-8.1.6-1.el8.remi.x86_64.rpm 2.8 MB/s | 251 kB 00:00 (21/21): oniguruma5php-6.9.8-1.el8.remi.x86_64.rpm 2.5 MB/s | 212 kB 00:00 ------------------------------------------------------------------------------------------------------- Total 6.4 MB/s | 14 MB 00:02 Remi's Modular repository for Enterprise Linux 8 - x86_64 3.0 MB/s | 3.1 kB 00:00 Importing GPG key 0x5F11735A: Userid : "Remi's RPM repository <remi@remirepo.net>" Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8 Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: php-common-8.1.6-1.el8.remi.x86_64 1/21 Installing : php-common-8.1.6-1.el8.remi.x86_64 1/21 Running scriptlet: httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21 Installing : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 2/21 Installing : apr-1.6.3-12.el8.x86_64 3/21 Running scriptlet: apr-1.6.3-12.el8.x86_64 3/21 Installing : apr-util-bdb-1.6.1-6.el8.1.x86_64 4/21 Installing : apr-util-openssl-1.6.1-6.el8.1.x86_64 5/21 Installing : apr-util-1.6.1-6.el8.1.x86_64 6/21 Running scriptlet: apr-util-1.6.1-6.el8.1.x86_64 6/21 Installing : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21 Installing : php-fpm-8.1.6-1.el8.remi.x86_64 8/21 Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 8/21 Installing : php-cli-8.1.6-1.el8.remi.x86_64 9/21 Installing : php-opcache-8.1.6-1.el8.remi.x86_64 10/21 Installing : php-pdo-8.1.6-1.el8.remi.x86_64 11/21 Installing : php-xml-8.1.6-1.el8.remi.x86_64 12/21 Installing : oniguruma5php-6.9.8-1.el8.remi.x86_64 13/21 Installing : php-mbstring-8.1.6-1.el8.remi.x86_64 14/21 Installing : libsodium-1.0.18-2.el8.x86_64 15/21 Installing : php-sodium-8.1.6-1.el8.remi.x86_64 16/21 Installing : rocky-logos-httpd-85.0-4.el8.noarch 17/21 Installing : mailcap-2.1.48-3.el8.noarch 18/21 Installing : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 19/21 Installing : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21 Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 20/21 Installing : php-8.1.6-1.el8.remi.x86_64 21/21 Running scriptlet: httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 21/21 Running scriptlet: php-8.1.6-1.el8.remi.x86_64 21/21 Running scriptlet: php-fpm-8.1.6-1.el8.remi.x86_64 21/21 Verifying : apr-1.6.3-12.el8.x86_64 1/21 Verifying : apr-util-1.6.1-6.el8.1.x86_64 2/21 Verifying : apr-util-bdb-1.6.1-6.el8.1.x86_64 3/21 Verifying : apr-util-openssl-1.6.1-6.el8.1.x86_64 4/21 Verifying : httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 5/21 Verifying : httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch 6/21 Verifying : httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 7/21 Verifying : mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 8/21 Verifying : mailcap-2.1.48-3.el8.noarch 9/21 Verifying : rocky-logos-httpd-85.0-4.el8.noarch 10/21 Verifying : libsodium-1.0.18-2.el8.x86_64 11/21 Verifying : php-8.1.6-1.el8.remi.x86_64 12/21 Verifying : php-cli-8.1.6-1.el8.remi.x86_64 13/21 Verifying : php-common-8.1.6-1.el8.remi.x86_64 14/21 Verifying : php-fpm-8.1.6-1.el8.remi.x86_64 15/21 Verifying : php-mbstring-8.1.6-1.el8.remi.x86_64 16/21 Verifying : php-opcache-8.1.6-1.el8.remi.x86_64 17/21 Verifying : php-pdo-8.1.6-1.el8.remi.x86_64 18/21 Verifying : php-sodium-8.1.6-1.el8.remi.x86_64 19/21 Verifying : php-xml-8.1.6-1.el8.remi.x86_64 20/21 Verifying : oniguruma5php-6.9.8-1.el8.remi.x86_64 21/21 Installed: apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8.1.x86_64 apr-util-bdb-1.6.1-6.el8.1.x86_64 apr-util-openssl-1.6.1-6.el8.1.x86_64 httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 libsodium-1.0.18-2.el8.x86_64 mailcap-2.1.48-3.el8.noarch mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64 oniguruma5php-6.9.8-1.el8.remi.x86_64 php-8.1.6-1.el8.remi.x86_64 php-cli-8.1.6-1.el8.remi.x86_64 php-common-8.1.6-1.el8.remi.x86_64 php-fpm-8.1.6-1.el8.remi.x86_64 php-mbstring-8.1.6-1.el8.remi.x86_64 php-opcache-8.1.6-1.el8.remi.x86_64 php-pdo-8.1.6-1.el8.remi.x86_64 php-sodium-8.1.6-1.el8.remi.x86_64 php-xml-8.1.6-1.el8.remi.x86_64 rocky-logos-httpd-85.0-4.el8.noarch Complete!

17b. Add the PHP MySQL extension!

sudo dnf install php-mysqlnd


18. Verify the installation and check the version and build:

[mtb@sierra ~]$ php -v PHP 8.1.6 (cli) (built: May 11 2022 01:14:18) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.1.6, Copyright (c) Zend Technologies with Zend OPcache v8.1.6, Copyright (c), by Zend Technologies

Now, by default, PHP-FPM is off and not enabled on boot.

19. Enable on boot and start the service, use the following systemctl commands:

 

[mtb@sierra ~]$ sudo systemctl enable php-fpm --now Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. [mtb@sierra ~]$ sudo systemctl status php Unit php.service could not be found. [mtb@sierra ~]$ sudo systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-05-29 02:03:19 UTC; 59s ago Main PID: 260101 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 6 (limit: 49268) Memory: 13.1M CGroup: /system.slice/php-fpm.service ├─260101 php-fpm: master process (/etc/php-fpm.conf) ├─260102 php-fpm: pool www ├─260103 php-fpm: pool www ├─260104 php-fpm: pool www ├─260105 php-fpm: pool www └─260106 php-fpm: pool www May 29 02:03:19 sierra systemd[1]: Starting The PHP FastCGI Process Manager... May 29 02:03:19 sierra systemd[1]: Started The PHP FastCGI Process Manager.

Install WordPress Backend

Download WordPress

Visit the WordPress.org download page and scroll down to find thelatest.zipdownload link or use the wget command to download.

20. Install wget:

[mtb@sierra ~]$ sudo dnf install wget DigitalOcean Agent 142 kB/s | 3.3 kB 00:00 DigitalOcean Droplet Agent 83 kB/s | 3.3 kB 00:00 Dependencies resolved. ======================================================================================================= Package Architecture Version Repository Size ======================================================================================================= Installing: wget x86_64 1.19.5-10.el8 appstream 733 k Installing dependencies: libmetalink x86_64 0.1.3-7.el8 baseos 31 k Transaction Summary ======================================================================================================= Install 2 Packages Total download size: 763 k Installed size: 2.8 M Is this ok [y/N]: y Downloading Packages: (1/2): wget-1.19.5-10.el8.x86_64.rpm 11 MB/s | 733 kB 00:00 (2/2): libmetalink-0.1.3-7.el8.x86_64.rpm 359 kB/s | 31 kB 00:00 ------------------------------------------------------------------------------------------------------- Total 3.8 MB/s | 763 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libmetalink-0.1.3-7.el8.x86_64 1/2 Installing : wget-1.19.5-10.el8.x86_64 2/2 Running scriptlet: wget-1.19.5-10.el8.x86_64 2/2 Verifying : wget-1.19.5-10.el8.x86_64 1/2 Verifying : libmetalink-0.1.3-7.el8.x86_64 2/2 Installed: libmetalink-0.1.3-7.el8.x86_64 wget-1.19.5-10.el8.x86_64 Complete!

21. Download the latest version of wordpress:

[mtb@sierra ~]$ wget https://wordpress.org/latest.zip --2022-05-29 02:07:52-- https://wordpress.org/latest.zip Resolving wordpress.org (wordpress.org)... 198.143.164.252 Connecting to wordpress.org (wordpress.org)|198.143.164.252|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 22766944 (22M) [application/zip] Saving to: 'latest.zip' latest.zip 100%[====================================>] 21.71M 85.8MB/s in 0.3s 2022-05-29 02:07:52 (85.8 MB/s) - 'latest.zip' saved [22766944/22766944]

22. Create Folder Structure for WordPress

sudo mkdir -p /usr/share/nginx/html/wordpress

23. Unzip WordPress to the www directory:

sudo unzip latest.zip -d /usr/share/nginx/html/

Create HTML file permissions

24. You must set the directory owner permissions to something consistent, or else you will have trouble with WordPress write permissions. We first need to create a user and group that owns HTML content (web2), and also that is not a user with a shell or sudo permissions.

[mtb@sierra ~]$ sudo groupadd -g 2222 webtwo [mtb@sierra ~]$ sudo useradd -u 2222 -g 2222 -d /usr/share/nginx/html -s /sbin/nologin -c "webtwo files" webtwo useradd: warning: the home directory already exists. Not copying any file from skel directory into it. [mtb@sierra ~]$ sudo usermod -G webtwo nginx

25. Add nginx user support to the webtwo group created in the previous step:

[mtb@sierra ~]$ sudo usermod -G webtwo nginx

26. Change ownership on the HTML directories:

[mtb@sierra html]$ sudo chown -R webtwo:webtwo /usr/share/nginx/html [sudo] password for mtb: [mtb@sierra html]$ ls -la total 8 drwxrwxr-x. 13 webtwo webtwo 236 Jun 13 15:05 . drwxr-xr-x. 4 root root 33 Mar 31 14:03 .. drwxr-xr-x 2 webtwo webtwo 6 May 26 16:00 4m3.bio drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 costaflores.com drwxr-xr-x 4 webtwo webtwo 57 May 26 15:57 martianwinefederation.org drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 moss.law drwxrwxr-x 4 webtwo webtwo 292 Jun 13 15:03 nft.openvino.org drwxr-xr-x 3 webtwo webtwo 229 Jun 13 15:04 old drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.exchange drwxr-xr-x 2 webtwo webtwo 6 Jun 13 15:05 openvino.org drwxrwxr-x 16 webtwo webtwo 4096 Jun 10 16:12 postfixadmin drwxr-xr-x 8 webtwo webtwo 123 May 4 2020 theluckhunters.com drwxr-xr-x 5 webtwo webtwo 4096 May 29 02:14 wordpress

27. Allow group write content (for nginx) into wp-content

sudo chmod 775 wordpress/wp-content

Create Database for WordPress

28. Create the Wordpress DB’s and username:

[mtb@sierra html]$ sudo mariadb -u root [sudo] password for mtb: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.5.13-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE WORDPRESSDB; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> CREATE USER 'WPUSER'@localhost IDENTIFIED BY 'CHANGEONINSTALL'; Query OK, 0 rows affected (0.004 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON WORDPRESSDB.* TO WPUSER@localhost IDENTIFIED BY 'CHANGEONINSTALL'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> EXIT; Bye

Configure WordPress Configuration Files

29. Configure wp-config.php

[mtb@sierra wordpress]$ pwd /usr/share/nginx/html/wordpress [mtb@sierra wordpress]$ sudo cp wp-config-sample.php wp-config.php [mtb@sierra wordpress]$ vi wp-config.php // ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'WORDPRESSDB' ); /** Database username */ define( 'DB_USER', 'WPUSER' ); /** Database password */ define( 'DB_PASSWORD', 'CHANGEONINSTALL' ); /** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_'; /** * Save files direct */ define( 'FS_METHOD', 'direct' ); /** * Increase memory limit */ define('WP_MEMORY_LIMIT', '256M');

File Permissions for WordPress Files/Folders

In general, the correct file permissions for WordPress should be as follows:

  • Files: 664

  • Folders: 775

However, there are a few specific exemptions that are important to note:

  • wp-config.php file

  • .htaccess file

  • nginx.conf file

You might have noticed that wp-config.php has the database password in cleartext.

wp-config.php Permissions

30. Set file permissions.

A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.

[mtb@sierra wordpress]$ sudo chown webtwo:webtwo wp-config.php [mtb@sierra wordpress]$ sudo chmod 640 wp-config.php

Set WordPress Security Salt Keys

It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at https://api.wordpress.org/secret-key/1.1/salt/. Replace the example lines with the codes from the generator.

define('AUTH_KEY', '<3yfS7/>%m.Tl^8Wx-Y8-|T77WRK[p>(PtH6V]Dl69^<8|K86[_Z},+THZ25+nJG'); define('SECURE_AUTH_KEY', 'bN#Qy#ChBX#Y`PE/_0N42zxgLD|5XpU[mu.n&:t4q~hg<UP/b8+xFTly_b}f]M;!'); define('LOGGED_IN_KEY', 'owpvIO-+WLG|,1)CQl*%gP1uDp}s(jUbYQ[Wm){O(x@sJ#T}tOTP&UOfk|wYsj5$'); define('NONCE_KEY', '8=Vh|V{D<>`CLoP0$H!Z3gEqf@])){L+6eGi`GAjV(Mu0YULL@sagx&cgb.QVCbi'); define('AUTH_SALT', '%TX*X$GE-;|?<-^(+K1Un!_Y<hk-Ne2;&{c[-v!{q4&OiJjQon /SHcc/:MB}y#('); define('SECURE_AUTH_SALT', '=zkDT_%}J4ivjjN+F}:A+s6e64[^uQ<qNO]TfHS>G0elz2B~7Nk.vRcL00cJoo7*'); define('LOGGED_IN_SALT', '{$-o_ull4|qQ?f=8vP>Vvq8~v>g(2w12`h65ztPM(xo!Fr()5xrqy^k[E~TwI!xn'); define('NONCE_SALT', 'a1G(Q|X`eX$p%6>K:Cba!]/5MAqX+L<A4yU_&CI)*w+#ZB+*yK*u-|]X_9V;:++6');

Nginx server block configuration

31. Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.

The settings below are pretty crucial. It should be noted to emphasize the importance of “try_files $uri $uri/ /index.php?$args;” as it is often an issue with other tutorials that leave the ending ?$args left out, giving you major site health issues comes to the REST API of WordPress.

Next, edit a domain specific file in /etc/nginx/conf.d (i.e. moss.law.conf):

[mtb@sierra conf.d]$ cat moss.law.conf server { listen 80; listen [::]:80; server_name www.moss.law moss.law; root /usr/share/nginx/html/wordpress; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php?$args; } location ~* /wp-sitemap.*\.xml { try_files $uri $uri/ /index.php$is_args$args; } client_max_body_size 64M; # Pass the php scripts to FastCGI server specified in upstream declaration. location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_buffer_size 128k; fastcgi_busy_buffers_size 128k; fastcgi_buffers 4 128k; fastcgi_intercept_errors on; fastcgi_connect_timeout 40; fastcgi_send_timeout 60; fastcgi_read_timeout 60; gzip on; gzip_comp_level 6; gzip_min_length 1000; gzip_proxied any; gzip_disable "msie6"; gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml; # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 90d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 90d; access_log off; } location ~ /\.ht { access_log off; log_not_found off; deny all; } } }

PHP.ini configuration

To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.

Firstly, open the php.ini file:To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.

32. Firstly, edit the php.ini file, and make the following changes:

max_execution_time = 180 (located on line 338) max_input_time = 90 (located on line 398) memory_limit = 256M (located on line 409) upload_max_filesize = 64M (located on line 846)

By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

33. Edit www.conf and replace user apache with nginx

[mtb@sierra conf.d]$ sudo vi /etc/php-fpm.d/www.conf ; RPM: apache user chosen to provide access to the same directories as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx

34. Restart PHP

sudo systemctl restart php-fpm

35. Fix path for fastcgi_pass in /etc/ngninx/default.d/php.conf

fastcgi_pass unix:/var/run/php-fpm/www.sock;

36. Test to see if the configuration files load correctly:

[mtb@sierra conf.d]$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

37. After checking and everything is ok with your Nginx dry run test, restart the Nginx service.

sudo systemctl restart nginx

SElinux configuration

Before proceeding any further, a few adjustments must be made to SELinux.

38. First, allow webserver network connections.

sudo setsebool -P httpd_can_network_connect 1


39. Next, set the SELinux contexts WordPress directory.

[mtb@sierra conf.d]$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html(/.*)?" ValueError: File context for /usr/share/nginx/html(/.*)? already defined [mtb@sierra conf.d]$ sudo restorecon -Rv /usr/share/nginx/html [mtb@sierra conf.d]$ sudo systemctl restart php-fpm

Not sure why the “ValueError: … already defined” message appears. It should exit 0, even if these flags are already set.

40. Restart PHP-FPM for good practice

sudo systemctl restart php-fpm

Install WordPress frontend

Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.

41. Go to mydomain.com/wp-admin/install.php

If it works, you should see this screen:

Once you have created an initial admin user, WordPress is setup. Now we need to enable WordPress to manage multiple domains.

 

Configure WordPress multi-site feature for multiple domains

In this setup, we are using one WordPress installation to manage different domains:

WordPress multisite functionality comes built-in with WordPress, but it is turned off by default. You’ll need to enable it in order to set up your WordPress multisite.

For that, we need to add multisite support in /usr/share/nginx/html/wordpress/wp-config.php

/** Add multi-site support */ define( 'WP_ALLOW_MULTISITE', true );

Now we need to switch back to the WordPress admin dashboard and reload the admin dashboard page. After that, visit the Tools » Network Setup page to configure your WordPress multisite network.

Choose the Sub-domains option, modify the Network Title as desired, and then click Install.

You will be presented with two blocks of code to be added in the wp-config.php and .htaccess files. Copy the wp-config.php code which looks similar to the following:

define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', 'moss.law'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1);

Edit the wp-config.php file.

sudo vi /usr/share/nginx/wordpress/wp-config.php

Add these lines before the comment /* That's all, stop editing! Happy blogging. */ and save it.

Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.

 

Configure SSL certificates with Let’s Encrypt

To configure SSL certificates with Let’s Encrypt, first:

Install the EPEL repository and the mod_ssl package for better-updated packages and security.

sudo dnf install epel-release mod_ssl -y DigitalOcean Agent 128 kB/s | 3.3 kB 00:00 DigitalOcean Droplet Agent 55 kB/s | 3.3 kB 00:00 Package epel-release-8-15.el8.noarch is already installed. Dependencies resolved. ======================================================================================================================================================= Package Architecture Version Repository Size ======================================================================================================================================================= Installing: mod_ssl x86_64 1:2.4.37-47.module+el8.6.0+823+f143cee1.1 appstream 136 k Transaction Summary ======================================================================================================================================================= Install 1 Package Total download size: 136 k Installed size: 266 k Downloading Packages: mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm 957 kB/s | 136 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------- Total 706 kB/s | 136 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1 Running scriptlet: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1 Verifying : mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 1/1 Installed: mod_ssl-1:2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64 Complete!

Next, install the certbot package as follows:

[mtb@sierra updraft]$ sudo dnf install python3-certbot-nginx -y Last metadata expiration check: 0:01:00 ago on Thu 16 Jun 2022 09:48:43 PM UTC. Package python3-certbot-nginx-1.22.0-1.el8.noarch is already installed. Dependencies resolved. Nothing to do. Complete!

Once installed, run the following command to start the creation of your certificate:

[mtb@sierra updraft]$ sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email mtb@costaflores.com -d moss.law Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for moss.law Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/moss.law/fullchain.pem Key is saved at: /etc/letsencrypt/live/moss.law/privkey.pem This certificate expires on 2022-09-14. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for moss.law to /etc/nginx/conf.d/moss.law.conf Congratulations! You have successfully enabled HTTPS on https://moss.law - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now the site should respond to HTTPS connections with the new certificate!

Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

Next install the cronjob (crontab -e):

00 00 */1 * * /usr/sbin/certbot-auto renew