Installing WordPress over LAMP Stack on Ubuntu 17.04

So, I am setting up a VPS with the following configuration.

  • Operating System – Ubuntu 17.04
  • Web Server – Apache2
  • Database – MySQL
  • Backend  – PHP 7.0

 

This method of procedure will be a step by step guide from initializing your server to making it up and running.

 

Setting up your instance

Overview

At the time of OS selection , select Ubuntu 17.04. Once the instance is deployed , you will get the following details on your dashboard.

Setting up the first user

The first task would be to use the non-root user for all the configuration and disable the root login over ssh. You can use any SSH client on your local PC or laptop to SSH to the IP address. Use the username as root and password displayed in the snapshot.

Once you login , you will get the following prompt

~$ ssh root@99.99.99.99
The authenticity of host '99.99.99.994 (99.99.99.99)' can't be established.
ECDSA key fingerprint is SHA256:sssssssssssssssssssssssssssss.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '99.99.99.99' (ECDSA) to the list of known hosts.
root@99.99.99.99's password: 
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-35-generic x86_64)

First thing that you should do is update the packages.

root@hostname:~# sudo apt-get update
Get:1 http://security.ubuntu.com/ubuntu zesty-security InRelease [89.2 kB]
Hit:2 http://archive.ubuntu.com/ubuntu zesty InRelease    
Get:3 http://archive.ubuntu.com/ubuntu zesty-updates InRelease [89.2 kB]            
Get:4 http://archive.ubuntu.com/ubuntu zesty-backports InRelease [89.2 kB]
Fetched 268 kB in 1s (164 kB/s)
Reading package lists... Done

Creating the first user

We will be using this user for all our operations purposes.

root@hostname:/# sudo adduser newuser
Adding user `newuser' ...
Adding new group `newuser' (1001) ...
Adding new user `newuser' (1001) with group `electron' ...
Creating home directory `/home/newuser' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for electron
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y

Also we will add the newly added user to the sudoers list so that we can carry all the operations which require higher privileges. Use visudo to open the GNU Nano editor to edit the /etc/sudoers file.

root@hostname:~# visudo
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
newuser    ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

After you have edited this file, do a ctrl + O followed by ctrl + X. Make sure, you set the file location to /etc/sudoers while overwriting it.

 

Once the user is created you can just switch to the user and test if the sudo is working correctly

$ sudo bash
root@hostname:/#

 

Update the password for the root user

It is better to update the password for the root user and keep it somewhere safe

root@hostname:~# passwd
New password:
Retype new password:
passwd: password updated successfully

Enabling the password less SSH access

To enable the password less SSH access , we will have to follow 3 steps

  • Generate a SSH key on the local client i.e. your laptop or PC
  • Transfer the key to the server
  • Login using the SSH password less method

 

Generating the SSH Keys

To generate the SSH key , we will use the command ssh-keygen

~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_rsa): 
/home/localuser/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/localuser/.ssh/id_rsa.
Your public key has been saved in /home/localuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxx localuser@localpc
The key's randomart image is:
+---[RSA 2048]----+
|  sd             |
|       +.o=  . . |
|   ds o         .|
|       oS*+o+o ..|
| sssss .+++o+... |
|ssssss...o +  o .|
|     o= + .E ..o.|
|    .+o+ .  ..o..|
+----[SHA256]-----+
~$ 
Transferring the SSH Key

The easiest way to transfer the key is using the SSH-COPY-ID method

~$ ssh-copy-id newuser@99.99.99.99
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'newuser@99.99.99.99'"
and check to make sure that only the key(s) you wanted were added.

you might need to add the generated SSH Key to your client ssh keys as well.

~$ ssh-add
Identity added: /home/localuser/.ssh/id_rsa (/home/localuser/.ssh/id_rsa)

Now, you can try to login using the password less method

~$ ssh newuser@99.99.99.99
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-35-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

 * Ubuntu is participating in Google Code-in, a contest to introduce students
   from 13 to 17 years old to free software. You can join as a student or as a
   mentor:
   - https://ubu.one/UcodeIn

79 packages can be updated.
43 updates are security updates.

New release '17.10' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Fri Dec 15 06:40:44 2017 from 5.37.153.121
newuser@hostname:~$ 

Now, we will install LAMP.

Apache Web Server

newuser@hostname:~$ sudo apt-get install apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom
Recommended packages:
  ssl-cert
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
0 upgraded, 9 newly installed, 0 to remove and 75 not upgraded.
Need to get 1,580 kB of archives.
After this operation, 6,533 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

After apache is installed. Just put the IP address of the server in the browser.

 

 

Next, we will add a single line to the /etc/apache2/apache2.conf file to suppress a warning message. While harmless, if you do not set ServerName globally, you will receive the following warning when checking your Apache configuration for syntax errors. You can either set it to the IP address of the server or the domain name, that you are going to Map with the IP.

newuser@hostname:~$ sudo apache2ctl configtest
[sudo] password for newuser: 
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
newuser@hostname:~$ sudo vi /etc/apache2/apache2.conf
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ sudo service apache2 restart
newuser@hostname:~$ sudo apache2ctl configtest
Syntax OK
newuser@hostname:~$ sudo apache2ctl configtest
Syntax OK



Adjust the Firewall to Allow Web Traffic

Next, assuming that you have followed the initial server setup instructions to enable the UFW firewall, make sure that your firewall allows HTTP and HTTPS traffic. You can make sure that UFW has an application profile for Apache like so:

newuser@hostname:~$ sudo ufw app list
[sudo] password for newuser: 
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH
 
newuser@hostname:~$ sudo ufw app info "Apache Full"
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.

Ports:
  80,443/tcp
newuser@hostname:~$ sudo ufw allow in "Apache Full"
Rules updated
Rules updated (v6)

Install MySQL

Install the mysql server package using the following method

newuser@hostname:~$ sudo apt-get install mysql-server


Securing MySQL

The next thing would be securing our MySQL installation.

newuser@hostname:~$ mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 
 
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done! 

Installing PHP

newuser@hostname:~$ sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libapache2-mod-php7.0 libmcrypt4 php-common php7.0 php7.0-cli php7.0-common php7.0-json php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-readline
Suggested packages:
  php-pear libmcrypt-dev mcrypt
The following NEW packages will be installed:
  libapache2-mod-php libapache2-mod-php7.0 libmcrypt4 php php-common php-mcrypt php-mysql php7.0 php7.0-cli php7.0-common php7.0-json php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-readline
0 upgraded, 15 newly installed, 0 to remove and 75 not upgraded.
Need to get 3,686 kB of archives.
After this operation, 14.9 MB of additional disk space will be used.

Test PHP Processing on your Web Server

In order to test that our system is configured properly for PHP, we can create a very basic PHP script.
In Ubuntu 17.04, this directory is located at /var/www/html/. We can create the file at that location by typing:

sudo vi /var/www/html/info.php
This will open a blank file. We want to put the following text, which is valid PHP code, inside the file:

phpinfo();


When you are finished, save and close the file and open the following URI in the webpage – http://99.99.99.99/info.php .The following page will be displayed

 

After the page is tested, do not forget to remove the file using the command

sudo rm /var/www/html/info.php

Creating the MySQL Database

We are going to create a user and database that we will be using for WordPress installation.

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.20-0ubuntu0.17.04.1 (Ubuntu)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database dbname;
Query OK, 1 row affected (0.00 sec)
mysql> 
mysql> CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON * . * TO 'dbuser'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

 

Installing WordPress

To install WordPress, we will fetch WordPress using wget.

newuser@hostname:~/apps$ wget http://wordpress.org/latest.zip

To unzip it , we would require unzip package.

newuser@hostname:~/apps$ sudo apt-get install unzip

Unzip the package

 newuser@hostname:~/apps$ unzip -q latest.zip

Move the files to the apache web server path

 newuser@hostname:~/apps$ sudo mv wordpress/ /var/www/html/

Provide the appropriate permissions

newuser@hostname:/var/www/html$ sudo chown -R www-data:www-data /var/www/html/wordpress
newuser@hostname:/var/www/html$ sudo chmod -R 755 /var/www/html/wordpress
newuser@hostname:/var/www/html$ sudo mkdir -p /var/www/html/wordpress/wp-content/uploads
newuser@hostname:/var/www/html$ sudo chown -R www-data:www-data /var/www/html/wordpress/wp-content/uploads

Add the database details

newuser@hostname:/var/www/html/wordpress$ sudo cp wp-config-sample.php wp-config.php
newuser@hostname:/var/www/html/wordpress$ sudo vi wp-config.php

Published by

Mohit Kumar

A simple person who likes to share his thoughts on this blog. Know more about me

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.