Deploying Wordpress: Difference between revisions

From The Opensource Knowledgebase
Jump to navigation Jump to search
mNo edit summary
Line 14: Line 14:
Container: apache
Container: apache
Network: 10.0.3.0/24
Network: 10.0.3.0/24
IP Address : 10.0.3.233
IP Address : 10.0.3.211
Subnet Mask: 255.255.255.0
Subnet Mask: 255.255.255.0
Gateway: 10.0.3.1
Gateway: 10.0.3.1
Line 33: Line 33:
* '''For ssh access''' from User PC (Details mentioned in Infobox on the right, top corner), iptables have been used on host server (infrabase1) for port forwarding. The rule ensures that any request on the host (infrabase1 server), on port number 61300 will be port forwarded to 10.0.3.233 on port number 22.
* '''For ssh access''' from User PC (Details mentioned in Infobox on the right, top corner), iptables have been used on host server (infrabase1) for port forwarding. The rule ensures that any request on the host (infrabase1 server), on port number 61300 will be port forwarded to 10.0.3.233 on port number 22.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61300 -j DNAT --to-destination 10.0.3.233:22
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61300 -j DNAT --to-destination 10.0.3.211:22
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61301 -j DNAT --to-destination 10.0.3.137:22
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61301 -j DNAT --to-destination 10.0.3.137:22
sudo iptables-save
sudo iptables-save

Revision as of 13:05, 9 January 2020

Setup Details
hostname: infrabase1
Network: 172.16.149.128/25
IP Address : 172.16.149.176
Subnet Mask: 255.255.255.128
Gateway: 172.16.176.129
DNS: 8.8.8.8
sudo user: kedar

Container: apache
Network: 10.0.3.0/24
IP Address : 10.0.3.211
Subnet Mask: 255.255.255.0
Gateway: 10.0.3.1
DNS: 8.8.8.8
sudo user: kedar

User PC Details
PC type: Desktop
OS: Ubuntu Desktop
IP Address: 172.16.162.65
sudo user:kedar 

Before you proceed

The domain used here is networked.com. This is a dummy domain used only for demonstration and required dns entries for this domain have already been done on a private dns server or in some cases, manual entries have been made to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them in any ways whatsoever. This domain has been used only for demo purpose. Wordpress configured for this domain in this howto is not reachable on public IP. If you try networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content whatsoever.

SSH into the webserver

Webserver is a container created on the host server (infrabase1) having an ip address of 10.0.3.233 and is a private IP address. To read on how this container has been made, click here. This container is not reachable from any machine except the host server (infrabase1). To be able to access the web server from any machine on the network that is able to reach the host (infrabase1) server, two things have been done

  • For ssh access from User PC (Details mentioned in Infobox on the right, top corner), iptables have been used on host server (infrabase1) for port forwarding. The rule ensures that any request on the host (infrabase1 server), on port number 61300 will be port forwarded to 10.0.3.233 on port number 22.
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61300 -j DNAT --to-destination 10.0.3.211:22
sudo iptables -t nat -A PREROUTING -p tcp -i eno1 --dport 61301 -j DNAT --to-destination 10.0.3.137:22
sudo iptables-save
sudo service netfilter-persistent save

If an error is observed while executing the last two commands, install the below two packages and execute the above commands again

sudo apt install netfilter-persistent iptables-persistent

The second iptable rule is for port forwarding for the database server.

  • For http access - This is required because wordpress sites will be served on port 80 on the webserver container. Nginx web server has been installed on host server (inrabase1) and is configured as a reverse proxy. This ensures that any port 80 request that hits the infrabase1 server will be redirected to the webserver container ip. Since the web server container is running an apache webserver, depending on the header and configured virtual hosts, apache on webserver container will serve the necessary website. Nginx configuration as a reverse proxy can be found here.

Pre-requisites installation

  • Log into the webserver. In this case the host name of the web server is apache.
ssh kedar@172.16.149.176:61300
sudo apt install apache2 php7.2 php7.2-curl php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-soap php7.2-xml php7.2-zip libapache2-mod-php7.2 
sudo apt install rsync nano openssl
sudo a2enmod ssl
sudo a2enmod rewrite
sudo systemctl restart apache2
sudo systemctl status apache2

Database Creation

  • Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). DB server address is 10.0.3.137 and port forwarded as explained in step 2 above. Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
sudo mysql -u root -p
CREATE DATABASE connect;
GRANT ALL PRIVILEGES ON connect.* TO "connect"@"%" IDENTIFIED BY "123456";
FLUSH PRIVILEGES;
quit;
  • Disable bind address argument so that DB server is reachable by any host on the network and is not limited to the localhost
sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Search for bind-address argument and comment it by adding a # before the bind-address

#bind-address           = 127.0.0.1
  • Restart mariadb
sudo systemctl restart mariadb
sudo systemctl status mariadb
  • It is important to note that we have not changed the file format for mariadb server. It continues to be antelope. We shall be changing the file format to Baracuda to be able to install Moodle as that requires the database to be in Baracuda file format.

Download Wordpress

wget https://wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz

Deploy Wordpress

  • Create a folder in /var/www/html directory
cd /var/www/html
sudo mkdir connect
  • Copy contents of the extracted wordpress folder in connect
sudo rsync -avz . /var/www/html/connect/
  • Change the owner of the folder to be www-data
cd /var/www/html
sudo chown -R www-data:www-data connect/
  • Create virtual host for the website
cd /etc/apache2/sites-available
sudo a2dissite 000-default.conf
sudo cp 000-default.conf connect.conf
sudo nano connect.conf
  • Add the below configuration in the connect.conf file
<VirtualHost connect.networked.com:80>
	ServerAdmin		admin@networked.com
	ServerName		connect.networked.com
	ServerAlias		connect
    DocumentRoot    /var/www/html/connect/

	ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Enable the site and Restart apache service
sudo a2ensite connect.conf
sudo sysemctl restart apache2
  • Using a browser navigate to http://connect.networked.com
    • Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
    • Once the installation is complete, consider installing new themes and plugins mentioned below

Themes & Plugins

  • Themes
    • Minamaze
    • Hestia
  • Plugins
    • Secuirty
      • Admin Block country
      • Limit Login Attempts Reloaded
      • WP Security Audit Log
      • User Role Editor
      • Wordpress Access Control
      • WP Content Copy Protection & No Right Click
    • Administration
      • Auto Hide Admin Bar
      • WP Super Cache
      • Slimstat Analytics
      • Wordpress Importer
      • WP Mail SMTP
      • Multisite User Management
    • Social
      • Buddypress (building your community)
      • Wordpress Social Login
      • Facebook Stream
      • WP TFeed
    • Content Management
      • Custom Sidebars
      • Disable Gutenberg
      • Shortcodes Ultimate
      • Elementor Builder
      • Testimonial Rotator

Conclusion