** This is an insanely unorganized clump of notes I've taken while setting up a server for my own personal re-use when I may have to do it again, so I store it in the cloud for ease of access- but hopefully there may be some helpful tidbits of others found within, as it was other people's blogs that really helped me get through it.
Years ago I built a working Wordpress server using my domain name following most of pestermeester's tutorial below:
Years ago I built a working Wordpress server using my domain name following most of pestermeester's tutorial below:
https://pestmeester.nl/index.html#10.0
I had taken the server down sometime ago, played with some other Pi projects and upon trying to follow the tutorial again, there have been too many updates and the commands are no longer relevant. Going to raspberry Pi forums is not much help, you cannot post without waiting on moderators, and their very own tutorials are also outdated. Though the appeal to use a Pi remains strong due to no moving parts and low power draw, I wanted to get something up and working, so I leaned on my power hungry ESXi machine.
Rather than this be a tutorial that goes step by step and be invalid within months, this is just general links and notes as to the sites I used that were most current at the time for my particular setup (pfSense 2.4.2, Ubuntu headless server 16.x with LAMP, email and SSH selected during install). Then notes on the various 'trip wires' I ran into that had to be figured out or worked around.
So after a very frustrating day with the kid/education friendly (ie: should have solid documentation) Pi, I spun up a VM with Ubuntu Server 16.x- wow- the install GUI asks you what packages you want installed- it installed LAMP, webmail, SSH, new user account, all in one shot! Its not like this sidesteps the learning process, you will still learn what a LAMP stack is when you have to set it all up, but it saves you all the "apt-get" lines that inevitably gets outdated.
Since this is a VM, added:
sudo apt-get install open-vm-tools
** make a snapshot here so its easy to start over when one inevitably messes things up beyond what $ --purge can fix.
Then follow this tutorial that nails the basics that pestermeester had for account setup and SSH private key login:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
Follow the digitalocean pre-req for Lets Ecrypt by configuring the virtual host setup in Apache:
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
** to get lets encrypt to install correctly, the router/firewall needs to be setup correctly after having setup my domain hosting service to point to my IPS public IP. I had to use port forwarding as I could not get 1:1 NAT to work. Once all setup, lets encrypt does not suffer from verification issues or time-out issues.
* enable NAT reflection drop down to NAT + proxy so that viewing the server/site works from machines on your LAN.
To even test port forwarder working I had to use incongnito tabs in chrome so that chrome would not automatically force https.
Lets Encrypt will print a URL to test your cert after its completed, its actually really fun to see this URL validate your certificate and give it a grade:https://www.ssllabs.com/ssltest/analyze.html?d=yourdomainnamehere
Now I can access my apache test page even when chrome forces https. Finally getting somewhere!
* remember to 'fix' any firewall rules in your router/firewall and local rules on the Ubuntu box (ufw rules) to tighten things down if you had made any/any rules and/or ufw disable for testing purposes.
* take another ESXi snapshot, because why not?
Then the below tutorial is pretty good for installing wordpress:
https://www.techrepublic.com/article/how-to-install-wordpress-on-ubuntu-16-04/
But I'm partial to digitalocean tutorials, so their wordpress install has a few more details:
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lamp-on-ubuntu-16-04
A more applicable digital ocean wordpress tutorial as the lets encrypt tutorial had us setup apache/ubuntu to be able to host multible sites on one host.
https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-on-a-single-ubuntu-vps
* note, hate to say this but the digitalocean tutorial was no-joy, the techrepublic one gets me up and running.
*** tip in the digital ocean comments: If using a one-click LAMP image, be sure to remove
*** key point #2 from the comments: Turns out on MySQL 5.7 the line:
* yet another digital ocean tidbit that helps explains the organization of apache2 and wordpress files to make your site appear:
https://www.digitalocean.com/community/tutorials/how-to-move-an-apache-web-root-to-a-new-location-on-ubuntu-16-04
You will be up and running in a minutes!!!
Follow the raspberry pi tutorial or this other linked tutorial to add the security aspects-
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
I had taken the server down sometime ago, played with some other Pi projects and upon trying to follow the tutorial again, there have been too many updates and the commands are no longer relevant. Going to raspberry Pi forums is not much help, you cannot post without waiting on moderators, and their very own tutorials are also outdated. Though the appeal to use a Pi remains strong due to no moving parts and low power draw, I wanted to get something up and working, so I leaned on my power hungry ESXi machine.
Rather than this be a tutorial that goes step by step and be invalid within months, this is just general links and notes as to the sites I used that were most current at the time for my particular setup (pfSense 2.4.2, Ubuntu headless server 16.x with LAMP, email and SSH selected during install). Then notes on the various 'trip wires' I ran into that had to be figured out or worked around.
So after a very frustrating day with the kid/education friendly (ie: should have solid documentation) Pi, I spun up a VM with Ubuntu Server 16.x- wow- the install GUI asks you what packages you want installed- it installed LAMP, webmail, SSH, new user account, all in one shot! Its not like this sidesteps the learning process, you will still learn what a LAMP stack is when you have to set it all up, but it saves you all the "apt-get" lines that inevitably gets outdated.
Since this is a VM, added:
sudo apt-get install open-vm-tools
** make a snapshot here so its easy to start over when one inevitably messes things up beyond what $ --purge can fix.
Then follow this tutorial that nails the basics that pestermeester had for account setup and SSH private key login:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
Follow the digitalocean pre-req for Lets Ecrypt by configuring the virtual host setup in Apache:
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
** to get lets encrypt to install correctly, the router/firewall needs to be setup correctly after having setup my domain hosting service to point to my IPS public IP. I had to use port forwarding as I could not get 1:1 NAT to work. Once all setup, lets encrypt does not suffer from verification issues or time-out issues.
* enable NAT reflection drop down to NAT + proxy so that viewing the server/site works from machines on your LAN.
To even test port forwarder working I had to use incongnito tabs in chrome so that chrome would not automatically force https.
Lets Encrypt will print a URL to test your cert after its completed, its actually really fun to see this URL validate your certificate and give it a grade:https://www.ssllabs.com/ssltest/analyze.html?d=yourdomainnamehere
Now I can access my apache test page even when chrome forces https. Finally getting somewhere!
* remember to 'fix' any firewall rules in your router/firewall and local rules on the Ubuntu box (ufw rules) to tighten things down if you had made any/any rules and/or ufw disable for testing purposes.
* take another ESXi snapshot, because why not?
Then the below tutorial is pretty good for installing wordpress:
https://www.techrepublic.com/article/how-to-install-wordpress-on-ubuntu-16-04/
But I'm partial to digitalocean tutorials, so their wordpress install has a few more details:
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lamp-on-ubuntu-16-04
A more applicable digital ocean wordpress tutorial as the lets encrypt tutorial had us setup apache/ubuntu to be able to host multible sites on one host.
https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-on-a-single-ubuntu-vps
* note, hate to say this but the digitalocean tutorial was no-joy, the techrepublic one gets me up and running.
*** tip in the digital ocean comments: If using a one-click LAMP image, be sure to remove
/var/www/html/index.html file (or change the configuration) because the server defaults to .html files before .php files.*** key point #2 from the comments: Turns out on MySQL 5.7 the line:
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';
*** still had database access issues, followed this site:
https://chartio.com/resources/tutorials/how-to-grant-all-privileges-on-a-database-in-mysql/
did not not work for me; this command seems to be deprecated in MySQL. I used:
CREATE USER 'wordpressuser';
Then:
ALTER USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password';
* yet another digital ocean tidbit that helps explains the organization of apache2 and wordpress files to make your site appear:
https://www.digitalocean.com/community/tutorials/how-to-move-an-apache-web-root-to-a-new-location-on-ubuntu-16-04
You will be up and running in a minutes!!!
Follow the raspberry pi tutorial or this other linked tutorial to add the security aspects-
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
sudo apt-get install php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-cli php7.0-cgi php7.0-gd
OMG, logging into mysql with a password works!
Added a virtual NIC to connect the Ubuntu server to the DMZ, followed this guide:
https://ubuntuforums.org/showthread.php?t=1400504
** after everything was installed, wordpress put into the write folder, the right directories listed in the right .confs etc, the site still would not come up. Apache worked when I reverted to an apache only snapshot, but not when wordpress was installed (inside the LAN i did get the wordpress site, just not from outside). DNS and firewall settings were good- the issue is due to setting up/installing wordpress before the DNS A record is done, so the private IP was inputted. Go to the wordpress admin gui, general settings, and replace the IP addresses to your DNS.
https://www.digitalocean.com/community/questions/domain-redirects-to-ip-address-and-also-loading-from-ip-address
With wordpress and woocommerce running, the next issue is uploading and/or cropping
images will become an issue, so php7-gd needs to be installed
$ sudo apt-get install php7.0-gd
$ sudo systemctl restart apache2.service
## remaining tasks
- change permission settings so that plugins can be updated and installed
- fine tune firewall and ufw rules
- install email client/GUI
No comments:
Post a Comment