Configuring wordpress

Wordpress is used for https://openvino.org and other project sites.

1. Install unzip
   
   

   [mtb@sierra ~]$ sudo dnf install unzip -y

    

2. In this setup, nginx is already installed and enabled as a service on boot:

   [mtb@sierra ~]$ nginx -v nginx version: nginx/1.14.1 [mtb@sierra ~]$ systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-05-26 15:47:48 UTC; 7h ago Process: 170448 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 170387 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 170385 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 170383 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 170390 (nginx) Tasks: 5 (limit: 49268) Memory: 23.2M CGroup: /system.slice/nginx.service ├─170390 nginx: master process /usr/sbin/nginx ├─170449 nginx: worker process ├─170450 nginx: worker process ├─170451 nginx: worker process └─170452 nginx: worker process May 26 15:47:48 sierra systemd[1]: Starting The nginx HTTP and reverse proxy server... May 26 15:47:48 sierra nginx[170385]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok May 26 15:47:48 sierra nginx[170385]: nginx: configuration file /etc/nginx/nginx.conf test is successful May 26 15:47:48 sierra systemd[1]: Started The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloading The nginx HTTP and reverse proxy server. May 26 15:52:47 sierra systemd[1]: Reloaded The nginx HTTP and reverse proxy server.

    

3. Install MariaDB (LEMP STACK)
   Optional. Change to MariaDB 10.5

Rocky Linux App stream by default installs MariaDB 10.3, an older but incredibly stable version. However, the latest build of MariaDB at the time of this tutorial that is classed as a stable release is MariaDB 10.7, with MariaDB 10.8 being the RC candidate.

As you can imagine, the difference is pretty significant; however, as most users of Rocky Linux prefer using stability over cutting edge, a solution will be to use MariaDB 10.5 that is newer while at the same time being incredibly stable and still receiving bug fixes and security updates.

First, reset the MariaDB module list:

4. Install MariaDB

5. Check the MariaDB version:

6. Check MariaDB server status

Verify the status of the database software by using the following systemctl command:

7. Recheck the status:

8. To stop MariaDB:

9. To enable MariaDB on system startup

10. To restart the MariaDB service:

11. Secure MariaDB with Security Script

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script that comes with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

Install PHP & PHP-FPM (LEMP STACK)

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the Rhel family for those unaware.

For the tutorial, we will install the newest PHP 8.0. However, it must be noted while WordPress works well with PHP 8.0 and higher, some of the plugins may face issues, so make sure you are only installing active and updated plugins which should be the standard in any CMS. If you encounter problems, uninstall PHP 8.0, and use PHP 7.4.

To install PHP from Remi’s repository, you will need to have installed the EPEL repository at the start of the tutorial. By default, PHP 7.2 is the default PHP choice for standard installation on Rocky Linux. A quick tip is to use the (list php) command to see the options available and the default.

12. enable (Remi repository) with the following:

13. Next, use the (dnf) command to update your repository list:

14. Now list the modules available for PHP using the following command:

As you can see above, the (d) tag is next to PHP 7.2, which you will need to reset and change to install PHP 8.0 on Rocky Linux.

15. To reset the PHP list is easy with the following command:

16. Next, enable PHP 8.1 with the following command:

Install PHP & PHP-FPM

17. Install PHP on your server:

17b. Add the PHP MySQL extension!

18. Verify the installation and check the version and build:

Now, by default, PHP-FPM is off and not enabled on boot.

19. Enable on boot and start the service, use the following systemctl commands:

Install WordPress Backend

Download WordPress

Visit the WordPress.org download page and scroll down to find the “latest.zip” download link or use the wget command to download.

20. Install wget:

21. Download the latest version of wordpress:

22. Create Folder Structure for WordPress

23. Unzip WordPress to the www directory:

Create HTML file permissions

24. You must set the directory owner permissions to something consistent, or else you will have trouble with WordPress write permissions. We first need to create a user and group that owns HTML content (web2), and also that is not a user with a shell or sudo permissions.

25. Add nginx user support to the webtwo group created in the previous step:

26. Change ownership on the HTML directories:

27. Allow group write content (for nginx) into wp-content

Create Database for WordPress

28. Create the Wordpress DB’s and username:

Configure WordPress Configuration Files

29. Configure wp-config.php

File Permissions for WordPress Files/Folders

In general, the correct file permissions for WordPress should be as follows:

• Files: 664

• Folders: 775

However, there are a few specific exemptions that are important to note:

• wp-config.php file

• .htaccess file

• nginx.conf file

wp-config.php Permissions

30. Set file permissions.

A good recommendations is for 640. You could set the file to 440, however this might cause problems, as many WordPress plugins rely on write access for the wp-config.php file.

Set WordPress Security Salt Keys

It would be best to visit WordPress secret-key API to generate your own. The address salt key generator can be found at https://api.wordpress.org/secret-key/1.1/salt/. Replace the example lines with the codes from the generator.

Nginx server block configuration

31. Now, you are almost ready to install WordPress through the web UI. However, you need to configure your Nginx server block.

Next, edit a domain specific file in /etc/nginx/conf.d (i.e. moss.law.conf):

PHP.ini configuration

To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.

Firstly, open the php.ini file:To successfully install WordPress and operate it well into the future, you should increase a few options in the php.ini configuration file.

32. Firstly, edit the php.ini file, and make the following changes:

By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

33. Edit www.conf and replace user apache with nginx

34. Restart PHP

35. Fix path for fastcgi_pass in /etc/ngninx/default.d/php.conf

36. Test to see if the configuration files load correctly:

37. After checking and everything is ok with your Nginx dry run test, restart the Nginx service.

SElinux configuration

Before proceeding any further, a few adjustments must be made to SELinux.

38. First, allow webserver network connections.

39. Next, set the SELinux contexts WordPress directory.

40. Restart PHP-FPM for good practice

Install WordPress frontend

Now that all the backend setup and configuration are complete, you can go to your domain and begin installing.

41. Go to mydomain.com/wp-admin/install.php

If it works, you should see this screen:

Open

Once you have created an initial admin user, WordPress is setup. Now we need to enable WordPress to manage multiple domains.

Configure WordPress multi-site feature for multiple domains

In this setup, we are using one WordPress installation to manage different domains:

• OpenVino.org

• costaflores.com

• moss.law

WordPress multisite functionality comes built-in with WordPress, but it is turned off by default. You’ll need to enable it in order to set up your WordPress multisite.

For that, we need to add multisite support in /usr/share/nginx/html/wordpress/wp-config.php

Now we need to switch back to the WordPress admin dashboard and reload the admin dashboard page. After that, visit the Tools » Network Setup page to configure your WordPress multisite network.

Open

Choose the Sub-domains option, modify the Network Title as desired, and then click Install.

You will be presented with two blocks of code to be added in the wp-config.php and .htaccess files. Copy the wp-config.php code which looks similar to the following:

Edit the wp-config.php file.

Add these lines before the comment /* That's all, stop editing! Happy blogging. */ and save it.

Log out of the WordPress admin panel, and log in again. From the admin toolbar on the top left, navigate to the My Sites > Network Admin > Sites.

Configure SSL certificates with Let’s Encrypt

To configure SSL certificates with Let’s Encrypt, first:

Install the EPEL repository and the mod_ssl package for better-updated packages and security.

Next, install the certbot package as follows:

Once installed, run the following command to start the creation of your certificate:

Now the site should respond to HTTPS connections with the new certificate!

Finally, we can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

Next install the cronjob (crontab -e):