INSTALLAZIONE DI WEBSERVER SU UBUNTU 18.04
First install Apache2 HTTP server since we’re using Apache2 for this post.. To install Apache2 server, run the commands below:
sudo apt update
sudo apt install apache2
After installing Apache2, the commands below can be used to stop, start and enable Apache2 service to always start up with the server boots…
sudo systemctl stop apache2.service
sudo systemctl start apache2.service
sudo systemctl enable apache2.service
Now that Apache2 is installed…. to test whether the web server is working, open your browser and browse to the URL below…
https://localhost
Apache2 Test Page
If you see the page above, then Apache2 is successfully installed…
Step 2: Install MariaDB Database Server
WordPress also requires a database server to store its content… If you’re looking for a truly open source database server, then MariaDB is a great place to start… To install MariaDB run the commands below:
sudo apt-get install mariadb-server mariadb-client
After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots…
Run these on Ubuntu 16.04 LTS
sudo systemctl stop mysql.service
sudo systemctl start mysql.service
sudo systemctl enable mysql.service
Run these on Ubuntu 19.04 and 18.04 LTS
sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation…
sudo mysql_secure_installation
When prompted, answer the questions below by following the guide.
Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below…
sudo mysql -u root -p
type the root password when prompted…
mariadb welcome
If you see a similar screen as shown above, then the server was successfully installed…
Step 3: Install PHP 7.2 and Related Modules
WordPress CMS is a PHP based CMS and PHP is required… However, PHP 7.2 may not be available in Ubuntu default repositories… To run PHP 7.2 on Ubuntu 16.04 and previous, you may need to run the commands below:
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
Then update and upgrade to PHP 7.2
sudo apt update
Next, run the commands below to install PHP 7.2 and related modules.
sudo apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-mysql php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-gd php7.2-xml php7.2-cli php7.2-zip
After installing PHP 7.2, run the commands below to open PHP default configuration file for Apache2…
sudo nano /etc/php/7.2/apache2/php.ini
The lines below is a good settings for most PHP based CMS… Update the configuration file with these and save….
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago
Everytime you make changes to PHP configuration file, you should also restart Apache2 web server… To do so, run the commands below:
sudo systemctl restart apache2.service
Now that PHP is installed, to test whether it’s functioning, create a test file called phpinfo.php in Apache2 default root directory…. ( /var/www/html/)
sudo nano /var/www/html/phpinfo.php
Then type the content below and save the file.
Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php
http://localhost/phpinfo.php
You should see PHP default test page…
PHP Test Page
Step 4: Create WordPress Database
Now that you’ve installed all the packages that are required for WordPress to function, continue below to start configuring the servers. First run the commands below to create a blank WordPress database.
To logon to MariaDB database server, run the commands below.
sudo mysql -u root -p
Then create a database called wpdatabase
CREATE DATABASE wpdatabase;
Create a database user called wpuser with a new password
CREATE USER ‘wpuser’@’localhost’ IDENTIFIED BY ‘new_password_here’;
Then grant the user full access to the database.
GRANT ALL ON wpdatabase.* TO ‘wpuser’@’localhost’ IDENTIFIED BY ‘user_password_here’ WITH GRANT OPTION;
Finally, save your changes and exit.
FLUSH PRIVILEGES;
EXIT;
Step 5: Download WordPress Latest Release
To get WordPress latest release you will need to go to its official download page and get it from there… The link below is where to find WordPress latest archive versions…
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
sudo mv wordpress /var/www/html/example.com
Then run the commands below to set the correct permissions for WordPress root directory and give Apache2 control….
sudo chown -R www-data:www-data /var/www/html/example.com/
sudo chmod -R 755 /var/www/html/example.com/
Step 6: Configure Apache2
Next, configure Apache2 site configuration file for WordPress… This file will control how users access WordPress content. Run the commands below to create a new configuration file called example.com.conf
sudo nano /etc/apache2/sites-available/example.com.conf
Then copy and paste the content below into the file and save it. Replace the highlighted line with your own domain name and directory root location.
ServerName example.com
ServerAlias www.example.com
ServerAdmin [email protected]
DocumentRoot /var/www/html/example.com
Options FollowSymlinks
AllowOverride All
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
Save the file and exit.
Now the the example.com configuration file is created, run the commands below to enable it…
sudo a2ensite example.com.conf
At this point Apache2 should be configured and ready to respond over HTTP… It doesn’t yet support HTTPS.
Step 7: Install and Configure Let’s Encrypt
Now that our Apache2 site is enabled and ready to use, run the commands below to install and configure Let’s Encrypt to secure the Apache2 website…
First install Certbot… Certbot is a fully featured and easy to use tool that can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates…
To install it, run the commands below:
sudo apt install certbot
After installing Certbot, create a file to for Let’s Encrypt to the Webroot plugin to validate our domain in the ${webroot-path}/.well-known/acme-challenge directory….
To do that, create the directory and give Apache2 access to it…
sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt
Next, create a well-known challenge file with the configurations below…
sudo nano /etc/apache2/conf-available/well-known.conf
Then copy and paste the content below into the file and save…
Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”
<Directory “/var/lib/letsencrypt/”>
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
Save the file and exit
Step 8: Obtain Your Free Certificate
At this point, your domain should be pointing to your server IP… Apache2 HTTP server installed and configured and Certbot installed ready to obtain your certificate…
Before requesting your free certificate, open your example.com enable Apache2 configurations and modules by running the commands below…
The commands below enable Apache2 SSL, Headers, HTTPS/2 and the well-known configuration file we created above..
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod http2
sudo a2enconf well-known
After enabling the modules and config file above, restart Apache2 server… To do that, run the commands below
sudo systemctl restart apache2
At this point all is set and you’re ready to obtain your certificate… To do that run the commands below:
sudo certbot certonly –agree-tos –email [email protected] –webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com
Let’s Encrypt should connect validate your domain and server, then install the domain certificate… If everything is successful, you should see a similar message as below:
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
At this point you have a certificate, now go and add it to Apache2 configuration for example.com domain…
First, let’s generate a Diffie–Hellman key exchange (DH) certificate to securely exchange cryptographic keys… To do that, run the commands below to generate a certificate with 2048 bit…
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Next, open your example.com config file and make it so that it looks similar to the one below:
sudo nano /etc/apache2/sites-available/example.com.conf
Configure your file to look similar to the one below
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
Protocols h2 http:/1.1
<If “%{HTTP_HOST} == ‘www.example.com’”>
Redirect permanent / https://example.com/
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLOpenSSLConfCmd DHParameters “/etc/ssl/certs/dhparam.pem”
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLUseStapling on
Options FollowSymlinks
AllowOverride All
Require all granted
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
Next you will need to configure a server cache for the OCSP status information. The best place for this would be in the Apache SSL configuration file.
sudo nano /etc/apache2/mods-available/ssl.conf
This file contains all the options that Apache uses for SSL. An additional option SSLStaplingCache, needs to be added to this file as below.
# Set the location of the SSL OCSP Stapling Cache
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
The SSLStaplingCache directive defines the location for the cache and a size value for the OCSP cache.
Save your changes above and restart Apache2 for the settings above to take effect..
sudo systemctl restart apache2
To setup a process to automatically renew the certificates, add a cron job to execute the renewal process.
sudo crontab -e
Then add the line below and save.
0 1 * * * /usr/bin/certbot renew & > /dev/null
The cron job will attempt to renew 30 days before expiring
Step 9: Complete WordPress Setup
FINE