2021 Updated! Install WordPress on Ubuntu Server with add-on features as HTTPS support, SSL certificate and HTTP2 supports
|
1 2 3 4 5 6 7 |
sudo apt-get install apache2 apache2-utils sudo systemctl enable apache2 sudo systemctl start apache2 sudo apt-get install mysql-client mysql-server sudo mysql_secure_installation sudo apt-get install php7.4 php7.4-mysql libapache2-mod-php7.4 php7.4-cli php7.4-cgi php7.4-gd sudo nano /var/www/html/info.php |
|
1 2 3 |
<?php phpinfo(); ?> |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
This is only for info about the server configuration and settings etc, very highly recommended to remove it after the initial test. Simply: sudo rm -rf /var/www/html/info.php sudo a2enmod rewrite sudo apache2ctl configtest (You might get a "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message") There is an easy fix: sudo nano /etc/apache2/apache2.conf Then Just add a line like this: ServerName 127.0.0.1 This should solve the issue. It's time to download and deploy the latest wordpress version. wget -c http://wordpress.org/latest.tar.gz tar -xzvf latest.tar.gz sudo rsync -av wordpress/* /var/www/html sudo chown -R www-data:www-data /var/www/html sudo chmod -R 755 /var/www/html cd /var/www/html |
|
1 |
mysql -u root -p |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
CREATE DATABASE dbuser; CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'YourPassword'; GRANT ALL PRIVILEGES ON dbuser.* TO 'dbuser'@'localhost'; FLUSH PRIVILEGES; There are several methods to determine what is our current password strength, and we can make it stronger if required. I usually use these methods: SHOW VARIABLES LIKE 'validate_password%'; SHOW VARIABLES LIKE 'default_authentication_plugin'; then if I need to modify something here are some useful variable settings: SET GLOBAL validate_password.LENGTH = 8; SET GLOBAL validate_password_policy=2; SET GLOBAL validate_password.policy=MEDIUM; SET GLOBAL validate_password.mixed_case_count = 1; SET GLOBAL validate_password.number_count = 1; SET GLOBAL validate_password.special_char_count = 1; SET GLOBAL validate_password.check_user_name = 0; |
|
1 2 3 4 5 6 7 8 9 |
cd /var/www/html sudo mv wp-config-sample.php wp-config.php In the wp-config.php we will set our own database name , username password ,and host name/address. sudo nano wp-config.php sudo systemctl restart apache2.service sudo systemctl restart mysql.service |
If we carefully followed all my steps above , you should have a running wordpress page by now.
You might need to run as the wordpress uses php file extensions.
sudo rm -rf /var/www/html/index.html
Enable HTTPS supports:
Create a ssl-params.conf file and add the following definition below to it, then save it.
|
1 |
$ sudo nvim /etc/apache2/conf-available/ssl-params.conf |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# Cipherli.st Strong Ciphers for Apache url: https://cipherli.st/ # Addong some Strong SSL Security on Apache2 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff # Requires Apache >= 2.4 SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires Apache >= 2.4.11 SSLSessionTickets Off |
Next thing to do is create a backup of the original default-ssl.conf file.
|
1 |
$ sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak |
Then modify it accordingly, we are deploying a wordpress site in this particular example we use the following adjustments.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
ServerName lnrsoft.ddns.net ServerAlias lnrsoft.ddns.net Redirect permanent / https://lnrsoft.ddns.net/ DocumentRoot /var/www/html Protocols h2 http:/1.1 <If "%{HTTP_HOST} == 'lnrsoft.ddns.net'"> Redirect permanent / https://lnrsoft.ddns.net/ SSLEngine on Options FollowSymLinks AllowOverride All Require all granted SSLProtocol +TLSv1.2 |
Enable HTTP2 supports:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<VirtualHost *:443> ServerName lnrsoft.ddns.net ServerAlias lnrsoft.ddns.net Protocols h2 http:/1.1 <If "%{HTTP_HOST} == 'lnrsoft.ddns.net'"> Redirect permanent / https://lnrsoft.ddns.net/ </If> DirectoryIndex index.html index.php DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/lnrsoft.ddns.net.log CustomLog ${APACHE_LOG_DIR}/lnrsoft.ddns.net-access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/lnrsoft.ddns.net/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/lnrsoft.ddns.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/lnrsoft.ddns.net/chain.pem <Directory /var/www> Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost> |
It is also recommended adding strong ciphers for Apache to increase SSL Security on the server.
Part of my Best Practices to deploy a secure webserver, virtual personal server or database serve is to add the recommended ciphers from SSL Server Test.
How to Enable HTTP2 in Apache 2.4 on Ubuntu
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
### Step 1: Upgrade Apache from PPA sudo add-apt-repository ppa:ondrej/apache2 sudo apt update sudo apt upgrade ### Step 2: Install the PHP FastCGI module for PHP 7.4 sudo apt install php7.4-fpm sudo a2enmod proxy_fcgi setenvif sudo a2enconf php7.4-fpm sudo a2dismod php7.4 sudo service apache2 restart ### Step 3: Change MPM from "prefork" to "event" sudo a2dismod mpm_prefork sudo a2enmod mpm_event sudo service apache2 restart sudo service php7.4-fpm restart ### Step 4: Add a line to your Virtual Host file Protocols h2 h2c http/1.1 ### Step 5: Enable the mod_http2 Apache module sudo a2enmod http2 sudo service apache2 restart ### Step 6: Test your Apache server for HTTP/2 https://http2.pro/ |