Deploying Wordpress: Difference between revisions

From The Opensource Knowledgebase
Jump to navigation Jump to search
← Older edit
mNo edit summary
 
(14 intermediate revisions by the same user not shown)
Line 5: Line 5:
<pre>
<pre>
hostname: infrabase1
hostname: infrabase1
Network: 172.16.149.128/25
Network: 10.1.65.0/24
IP Address : 172.16.149.176
IP Address : 10.1.65.11
Subnet Mask: 255.255.255.128
Subnet Mask: 255.255.255.0
Gateway: 172.16.176.129
Gateway: 10.1.65.1
DNS: 8.8.8.8
DNS: 8.8.8.8
sudo user: kedar
sudo user: kedar


Container: apache
Container: webserver
Network: 10.0.3.0/24
Network: 10.1.65.0/24
IP Address : 10.0.3.233
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Subnet Mask: 255.255.255.0
Gateway: 10.0.3.1
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar
 
Container: db1
Network: 10.1.65.0/24
IP Address : 10.1.65.108
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
DNS: 8.8.8.8
sudo user: kedar
sudo user: kedar
Line 23: Line 31:
PC type: Desktop
PC type: Desktop
OS: Ubuntu Desktop
OS: Ubuntu Desktop
IP Address: 172.16.162.65
IP Address: 10.1.65.160
sudo user:kedar
</pre>
</pre>
|}
|}
=Before you proceed=
=Before you proceed=
The domain used here is '''networked.com'''. This is a dummy domain used only for demonstration and required dns entries for this domain have already been done on a private dns server or in some cases, manual entries have been made to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them in any ways whatsoever. This domain has been used only for demo purpose. Wordpress configured for this domain in this howto is not reachable on public IP. If you try networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content whatsoever.
The domain used here is '''networked.com'''. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Wordpress configured for this domain in this howto is not reachable on public IP. If you try networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.
=SSH into the webserver=
Webserver is a container created on the host server (infrabase1) having an ip address of 10.0.3.233 and is a private IP address. To read on how this container has been made, click [https://infrastructure-advisory.org/index.php?title=Virtualization_using_LXC here]. This container is not reachable from any machine except the host server (infrabase1). To be able to access the web server from any machine on the network that is able to reach the host (infrabase1) server, two things have been done
* '''For ssh access''' from User PC (Details mentioned in Infobox on the right, top corner), iptables have been used on host server (infrabase1) for port forwarding. The rule ensures that any request on the host (infrabase1 server), on port number 61300 will be port forwarded to 10.0.3.233 on port number 22.
<syntaxhighlight lang="bash">
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61300 -j DNAT --to-destination 10.0.3.233:22
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61301 -j DNAT --to-destination 10.0.3.137:22
sudo iptables-save
sudo service netfilter-persistent save
</syntaxhighlight>
If an error is observed while executing the last two commands, install the below two packages and execute the above commands again
: <code> sudo apt install netfilter-persistent iptables-persistent </code>
The second iptable rule is for port forwarding for the database server.
*'''For http access''' - This is required because wordpress sites will be served on port 80 on the webserver container. Nginx web server has been installed on host server (inrabase1) and is configured as a reverse proxy. This ensures that any port 80 request that hits the infrabase1 server will be redirected to the webserver container ip. Since the web server container is running an apache webserver, depending on the header and configured virtual hosts, apache on webserver container will serve the necessary website. Nginx configuration as a reverse proxy can be found here.


=Prep the webserver=
=Introduction=
* Log into the webserver. In this case the host name of the web server is apache.
*We shall be creating a website using wordpress with FQDN as: https://wpress.networked.net
<syntaxhighlight lang="bash">
*We shall be hosting the site on port number: 35503
ssh kedar@172.16.149.176:61300
*We shall be using a self signed SSL certificate
*Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
=Pre-requisites installation=
* Log into the webserver and run the below commands
<pre>
ssh kedar@10.1.65.107
sudo apt install apache2 php7.2 php7.2-curl php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-soap php7.2-xml php7.2-zip libapache2-mod-php7.2  
sudo apt install apache2 php7.2 php7.2-curl php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-soap php7.2-xml php7.2-zip libapache2-mod-php7.2  
sudo apt install rsync nano openssl
sudo apt install rsync nano openssl
Line 53: Line 52:
sudo systemctl restart apache2
sudo systemctl restart apache2
sudo systemctl status apache2
sudo systemctl status apache2
</syntaxhighlight>
</pre>
 
=Database Creation=
=Database Creation=
Assuming mariadb database has been installed on the db server (hostname is db1) run the following commands
*Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
<syntaxhighlight lang="bash">
<pre>
sudo mysql -u root -p
sudo mysql -u root -p
CREATE DATABASE connect;
CREATE DATABASE wpress;
GRANT ALL PRIVILEGES ON connect.* TO "connect"@"%" IDENTIFIED BY "123456";
GRANT ALL PRIVILEGES ON wpress.* TO "wpress"@"%" IDENTIFIED BY "123456";
FLUSH PRIVILEGES;
FLUSH PRIVILEGES;
quit;
quit;
</syntaxhighlight>
</pre>
=Create self signed certificates=
* Log into the webserver and run the below commands
<pre>
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/wpress.key -out /etc/ssl/certs/wpress.crt
</pre>
* You can use a commercial self signed certificate if you have one or can also use free Lets Encrypt certificate
=Configure Apache=
* We are setting up a wordpress website to work on port #35503. We have to configure apache to listen to port #35503
<pre>
sudo nano /etc/apache2/ports.conf
</pre>
* It will only be listening to 443 and 80. We will need to add the port on which we want apache2 to be listening to. The file ports.conf should look like below
<pre>
 
Listen 80
 
<IfModule ssl_module>
        Listen 443
        Listen 35503
</IfModule>
 
<IfModule mod_gnutls.c>
        Listen 443
        Listen 35503
</IfModule>
 
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</pre>
* Save and exit the file
 
=Download Wordpress=
=Download Wordpress=
<syntaxhighlight lang="bash">
* Log into the webserver and run the below commands
<pre>
wget https://wordpress.org/latest.tar.gz
wget https://wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz
tar -zxvf latest.tar.gz
</syntaxhighlight>
</pre>
* After extracting the tar file above, all contents will have been extracted in the wordpress folder in the home directory
=Deploy Wordpress=
=Deploy Wordpress=
* Create a folder in /var/www/html directory
* Create a folder in /var/www/html directory
<syntaxhighlight lang="bash">
<pre>
cd /var/www/html
cd /var/www/html
sudo mkdir connect
sudo mkdir wpress
</syntaxhighlight>
</pre>
* Copy contents of the extracted wordpress folder in connect
* Copy contents of the wordpress folder in wpress
<syntaxhighlight lang="bash">
<pre>
sudo rsync -avz . /var/www/html/connect/
cd /home/kedar/wordpress
<syntaxhighlight lang="bash">
sudo rsync -avz . /var/www/html/wpress/
</pre>
* Change the owner of the folder to be www-data
* Change the owner of the folder to be www-data
<syntaxhighlight lang="bash">
<pre>
cd /var/www/html
cd /var/www/html
sudo chown -R www-data:www-data connect/
sudo chown -R www-data:www-data wpress/
</syntaxhighlight>
</pre>
* Create virtual host for the website
* Create virtual host for the website
<syntaxhighlight lang="bash">
<pre>
cd /etc/apache2/sites-available
cd /etc/apache2/sites-available
sudo a2dissite 000-default.conf
sudo a2dissite 000-default.conf
sudo cp 000-default.conf connect.conf
sudo a2dissite default-ssl.conf
sudo nano connect.conf
sudo nano wpress.conf
</syntaxhighlight>
</pre>
* Add the below configuration in the wpress.conf file
<pre>
<IfModule mod_ssl.c>
        <VirtualHost _default_:35503>
                ServerName      wpress.networked.net
                ServerAlias    wpress
                ServerAdmin    admin@networked.net
                DocumentRoot /var/www/html/wpress


Add the below configuration in the connect.conf file
                ErrorLog ${APACHE_LOG_DIR}/error.log
<syntaxhighlight lang="apacheconf">
                CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost connect.networked.com:80>
                SSLEngine on
ServerAdmin admin@networked.com
                SSLCertificateFile      /etc/ssl/certs/wpress.crt
ServerName connect.networked.com
                SSLCertificateKeyFile /etc/ssl/private/wpress.key
ServerAlias connect
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    DocumentRoot    /var/www/html/connect/
                                SSLOptions +StdEnvVars
 
                </FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
                <Directory /usr/lib/cgi-bin>
    CustomLog ${APACHE_LOG_DIR}/access.log combined
                                SSLOptions +StdEnvVars
</VirtualHost>
                </Directory>
</syntaxhighlight>
</VirtualHost>
</IfModule>
</pre>
* Enable the site and Restart apache service
<pre>
sudo a2ensite wpress.conf
sudo sysemctl restart apache2
</pre>
* Using a browser navigate to https://wpress.networked.com:35503
** Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
**Once the installation is complete, consider installing new themes and plugins mentioned below


=Themes & Plugins=
=Themes & Plugins=
Line 135: Line 184:
*** Elementor Builder
*** Elementor Builder
*** Testimonial Rotator
*** Testimonial Rotator
=Conclusion=
* We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
* No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
* In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.


=Conclusion=
[[Category: Intranet Applications]]
[[Category: Intranet Applications]]

Latest revision as of 05:40, 9 June 2020

Setup Details 
hostname: infrabase1
Network: 10.1.65.0/24
IP Address : 10.1.65.11
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: webserver
Network: 10.1.65.0/24
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: db1
Network: 10.1.65.0/24
IP Address : 10.1.65.108
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

User PC Details
PC type: Desktop
OS: Ubuntu Desktop
IP Address: 10.1.65.160

Before you proceed

The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Wordpress configured for this domain in this howto is not reachable on public IP. If you try networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.

Introduction

  • We shall be creating a website using wordpress with FQDN as: https://wpress.networked.net
  • We shall be hosting the site on port number: 35503
  • We shall be using a self signed SSL certificate
  • Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS

Pre-requisites installation

  • Log into the webserver and run the below commands
ssh kedar@10.1.65.107
sudo apt install apache2 php7.2 php7.2-curl php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-soap php7.2-xml php7.2-zip libapache2-mod-php7.2 
sudo apt install rsync nano openssl
sudo a2enmod ssl
sudo a2enmod rewrite
sudo systemctl restart apache2
sudo systemctl status apache2

Database Creation

  • Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
sudo mysql -u root -p
CREATE DATABASE wpress;
GRANT ALL PRIVILEGES ON wpress.* TO "wpress"@"%" IDENTIFIED BY "123456";
FLUSH PRIVILEGES;
quit;

Create self signed certificates

  • Log into the webserver and run the below commands
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/wpress.key -out /etc/ssl/certs/wpress.crt
  • You can use a commercial self signed certificate if you have one or can also use free Lets Encrypt certificate

Configure Apache

  • We are setting up a wordpress website to work on port #35503. We have to configure apache to listen to port #35503
sudo nano /etc/apache2/ports.conf
  • It will only be listening to 443 and 80. We will need to add the port on which we want apache2 to be listening to. The file ports.conf should look like below

Listen 80

<IfModule ssl_module>
        Listen 443
        Listen 35503
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
        Listen 35503
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
  • Save and exit the file

Download Wordpress

  • Log into the webserver and run the below commands
wget https://wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz
  • After extracting the tar file above, all contents will have been extracted in the wordpress folder in the home directory

Deploy Wordpress

  • Create a folder in /var/www/html directory
cd /var/www/html
sudo mkdir wpress
  • Copy contents of the wordpress folder in wpress
cd /home/kedar/wordpress
sudo rsync -avz . /var/www/html/wpress/
  • Change the owner of the folder to be www-data
cd /var/www/html
sudo chown -R www-data:www-data wpress/
  • Create virtual host for the website
cd /etc/apache2/sites-available
sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf
sudo nano wpress.conf
  • Add the below configuration in the wpress.conf file
<IfModule mod_ssl.c>
        <VirtualHost _default_:35503>
                ServerName      wpress.networked.net
                ServerAlias     wpress
                ServerAdmin     admin@networked.net
                DocumentRoot /var/www/html/wpress

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/wpress.crt
                SSLCertificateKeyFile /etc/ssl/private/wpress.key
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
		</VirtualHost>
</IfModule>
  • Enable the site and Restart apache service
sudo a2ensite wpress.conf
sudo sysemctl restart apache2
  • Using a browser navigate to https://wpress.networked.com:35503
    • Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
    • Once the installation is complete, consider installing new themes and plugins mentioned below

Themes & Plugins

  • Themes
    • Minamaze
    • Hestia
  • Plugins
    • Secuirty
      • Admin Block country
      • Limit Login Attempts Reloaded
      • WP Security Audit Log
      • User Role Editor
      • Wordpress Access Control
      • WP Content Copy Protection & No Right Click
    • Administration
      • Auto Hide Admin Bar
      • WP Super Cache
      • Slimstat Analytics
      • Wordpress Importer
      • WP Mail SMTP
      • Multisite User Management
    • Social
      • Buddypress (building your community)
      • Wordpress Social Login
      • Facebook Stream
      • WP TFeed
    • Content Management
      • Custom Sidebars
      • Disable Gutenberg
      • Shortcodes Ultimate
      • Elementor Builder
      • Testimonial Rotator

Conclusion

  • We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
  • No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
  • In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.
Retrieved from "https://infrastructure-advisory.org/index.php?title=Deploying_Wordpress&oldid=205"