These steps are based on Ubuntu 14.10 Server 64-bit but can be applied to virtually any Debian based UNIX distribution.
- Download Ubuntu
- Install Ubuntu
- Configure Ubuntu
- Install WordPress
- Configure WordPress
- Backup/Restore MySQL Database
Download Ubuntu
First we must download the Ubuntu DVD image, it is recommended to download straight from the official Ubuntu.com site.
For this document we will use Ubuntu 14.10 64-bit downloaded from http://releases.ubuntu.com/releases/14.10/ubuntu-14.10-server-amd64.iso
Install Ubuntu
- Load the computer with the DVD (created from the ISO) or VM with the ISO
- Select the language (English)
Note: Unless otherwise stated you can simply tap the enter/return key on your keyboard to progress to the next screen.
- Select “Install Ubuntu Server”
- Select the language again (English)
- Select your location (United States)
- Select a keyboard layout
- Type in a hostname for the server. This should be descriptive to the server’s purpose ex. WordPressSvr1
- Type a user’s full name, this is different than the username ex. John Doe
- Type a username, this is the login name that you will need to use.
- NOTE: If you receive this screen choose “Continue”, you will need to choose a different username
- Confirm the Full name and “Continue”
- Correct the invalid issue and “Continue”
- NOTE: If you receive this screen choose “Continue”, you will need to choose a different username
- Type a password, this should follow your company’s password requirements if you have any.
- Confirm the password
- Suggested But Optional – Encrypt home directory. If you select this option everything in the user’s directory will be encrypted.
- Make sure the installer detected the time zone correctly, typically you select Yes
- Similar to Microsoft Windows’ BitLocker you have the option to encrypt the entire drive and boot loader.
Encrypt the drive and boot loader choose the third option “Guided – use entire disk and set up encrypted LVM”
If you select this option you will get a prompt asking for an encryption key and to confirm that key. - Select the disk you want to use (typically only one option)
- Confirm your choice, this is typically the last chance you have to cancel the format of the hard drive
- Select an Encryption passphrase
- Confirm the Encryption passphrase
- Type the amount of the volume group to use. (Typically use the amount that’s already on the screen)
- Confirm the write changes
- If you need to use a HTTP proxy type it in otherwise just tap the enter/return key to continue
- Depending on your company policies it may be best to select “No automatic updates” so an Admin can install the needed updates
- On this screen only select “OpenSSH server”, you select by using the up and down arrows to move the cursor and then the space bar to select the item.
- Typically you would say yes to the installation of the GRUB boot loader.
NOTE: Even if this is not the primary operating system this is suggested
- Ubuntu is now installed. If you are on a non-VM system remove the DVD. Tap the enter/return key to finish and reboot
Configure Ubuntu
- If you encrypted the LVM you will start with this screen, type in the passphrase you created
- Depending on what you typed for your hostname you may see something different from “KDUbuntu” but this is your login screen.
Login with the username you created earlier
- After you successfully login, you need to setup a root password.
- Type “sudo passwd”
- Type in your username’s password
- Type in a password for root (should be different than your username’s password)
- Confirm the password for root
sudo passwd
- Start ssh services with “sudo service ssh restart”
sudo service ssh restart
- Type “ifconfig” to get the IP address of the server, in the example below the IP is 10.0.2.15
ifconfig
With this IP you should now connect via Putty to make the rest of the changes.
- Within Putty, once logged in as root run the following commands:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get check && sudo apt-get autoremove && sudo apt-get autoclean && sudo apt-get clean
sudo apt-get --assume-yes install ntp
sudo timedatectl set-timezone America/Detroit
sudo service ntp restart && sudo ntpdate -s ntp.ubuntu.com
sudo apt-get --assume-yes install apache2 apache2-mpm-prefork
sed -i 's/#ServerName www.example.com/ServerName wpsvr/g' /etc/apache2/sites-available/000-default.conf sed -i 's|DocumentRoot /var/www/html|DocumentRoot /var/www/html\n<Directory /var/www/html/>\nAllowOverride All\n</Directory>|g' /etc/apache2/sites-available/000-default.conf
sudo apt-get install sendmail
sudo apt-get --assume-yes install vsftpd
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd.conf sed -i 's/local_enable=NO/local_enable=YES/g' /etc/vsftpd.conf sed -i 's/#local_enable=YES/local_enable=YES/g' /etc/vsftpd.conf sed -i 's/#write_enable=YES/write_enable=YES/g' /etc/vsftpd.conf sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to the FTP service./g' /etc/vsftpd.conf ln -s /var/www/html /home/wpadmin/html sudo service vsftpd restart
sudo apt-get --assume-yes install php5 libapache2-mod-php5 php5-mcrypt php5-cli php5-cgi php5-common php5-curl php5-dbg php5-xcache php5-gd libssh2-php
mv -i /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available/
php5enmod mcrypt
Create Test PHP File
echo ‘<?php phpinfo(); ?>’ > /var/www/html/testphp.phpsed -i 's/display_errors = Off/display_errors = On/g' /etc/php5/apache2/php.ini
sed -i 's/display_errors = On/display_errors = Off/g' /etc/php5/apache2/php.ini
sudo /etc/init.d/apache2 restart
- Load the testphp.php in a web browser
http://(IP or Hostname)/testphp.php - Install MySQL, when you run the below script you will get prompted for a root password for MySQL (see screenshots)
sudo apt-get --assume-yes install mysql-server mysql-client libapache2-mod-auth-mysql php5-mysql phpmyadmin
- Type a password for root access
- Confirm the root password
- Select apache2 (space bar selects) to configure PHPMyAdmin and continue
- Select no to configure automattically and continue
- Type the MySQL root password you just created
- Create a default access password for PHPMyAdmin
- Confirm the default access password
- Type a password for root access
- Run the MySQL security installation, you get will prompted screens:
sudo /usr/bin/mysql_secure_installation
- Type in the root MySQL password (tap the enter/return key)
- Type n (tap the enter/return key)
- Type y (tap the enter/return key) to remove anonymous access
- Type y (tap the enter/return key) to disallow root remote access
- Type y (tap the enter/return key) to remove the test database and the access to it
- Type y (tap the enter/return key) to reload the priviledge tables
sudo /etc/init.d/apache2 restart
Install WordPress
- Download the latest released version of WordPress
mkdir /var/www/serversetup/ wget --no-check-certificate http://wordpress.org/latest.tar.gz -O /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz
- Create the database and a user for WordPress to use.
For our purposes the values we use can be changed to suit your needs:- Database: Site1WPDB
- Username: Site1WPUSR
- Password: Site1WPUSRPWD
mysql -h localhost -u root -p CREATE DATABASE IF NOT EXISTS Site1WPDB; CREATE USER 'Site1WPUSR'@'localhost' IDENTIFIED BY 'Site1WPUSRPWD'; GRANT ALL ON Site1WPDB.* TO 'Site1WPUSR'@'localhost'; FLUSH PRIVILEGES; Exit;
-
tar zxvf /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz -C /var/www/serversetup
- Configure WordPress
For our purposes the values we use can be changed to suit your needs:- Database: Site1WPDB
- Username: Site1WPUSR
- Password: Site1WPUSRPWD
cd /var/www/serversetup/wordpress cp wp-config-sample.php wp-config.php sed -i 's/database_name_here/Site1WPDB/g' wp-config.php sed -i 's/username_here/Site1WPUSR/g' wp-config.php sed -i 's/password_here/Site1WPUSRPWD/g' wp-config.php rm /var/www/html/index.html && rm /var/www/html/testphp.php mv -v /var/www/serversetup/wordpress/* /var/www/html/ cd /var/www/html echo '<IfModule mod_rewrite.c>' > .htaccess echo 'RewriteEngine On' >> .htaccess echo 'RewriteBase /' >> .htaccess echo 'RewriteRule ^index.php$ - [L]' >> .htaccess echo 'RewriteCond %{REQUEST_FILENAME} !-f' >> .htaccess echo 'RewriteCond %{REQUEST_FILENAME} !-d' >> .htaccess echo 'RewriteRule . /index.php [L]' >> .htaccess echo '</IfModule>' >> .htaccess sudo adduser wpadmin www-data chown wpadmin:www-data -R /var/www chmod 0775 -R /var/www chmod g+s -R /var/www chmod -v 604 /var/www/html/.htaccess chmod -v 600 /var/www/html/wp-config.php chmod -R 777 /var/www/html/wp-content/uploads - Now go to http://(IP or Hostname)/ to finish the setup
- “Site Title” is the title of the site
- “Username” is the admin user that you will primary use for administration tasks
Suggestion: Do not use admin, webmaster, administrator - “Password”, type your desired password
If you do not have a strong password it will warn you but you can check a check box to allow the weak password – NOT RECOMMENDED - “Your E-mail” is the email address for the admin of the site, best to make this a distribution list of trusted individuals otherwise the email of the administrator account
- “Privacy”, typically if the site is internal you want to uncheck the check box otherwise you want search engines to see you.
- When ready click on the “Install WordPress” button
- You are now ready to login
Configure WordPress
Two Factor Auth
This plugin is to add security to the WordPress site by requiring all users to use a two factor authentication so that simply having the password won’t let a potential hacker in.
Setup
- Install from http://(IP or Hostname)/wp-admin/plugin-install.php?tab=plugin-information&plugin=two-factor-auth&TB_iframe=true&width=772&height=799
- On the Plugins page, activate the Two Factor Auth plugin
- Click on the Settings link, by default all user types are required to use the two factor process
- Click on “Two Factor Auth” link just above the “Tools” menu link
There are two delivery types; Email and Third Party Apps
Note: Whether you choose Email or Third Party Apps the users will initially get emailed their one time code when they login for the first time. - Select “Third party apps (Duo Mobile, Google Authenticator etc)”
- With your phone scan the QR-Code on the screen using one of the tested apps
- Android – Duo Mobile or Google Authenticator
- iPhone – Duo Mobile
- Windows Phone – Windows Authenticator
- Scroll to the bottom of the page to find “Advanced”, click on “Show advanced info” it is suggested to keep it on “TOTP (time based)”
- Click on “Save Changes” button.
- Log out of the site
- Log back in, type in your username and password then click on the “Log In” button
- Type in the six digit number on your phone app or that you recieved in your email
Support
If you forget/lose the authentication codes you need to terminal into the server and run the disable script.
mv /var/www/html/wp-content/plugins/two-factor-auth/ /var/www/html/wp-content/plugins/two-factor-auth_disabled/
Once you are able to get back in run the enable script
mv /var/www/html/wp-content/plugins/two-factor-auth_disabled/ /var/www/html/wp-content/plugins/two-factor-auth/
Backup/Restore MySQL Database
The purpose of this step is to have a quick repeatable command to backup and restore a database.
Log in a your username (not root) and run this command
For our purposes the values we use can be changed to suit your needs:
- Database: Site1WPDB
- Username: Site1WPUSR
- Password: Site1WPUSRPWD
echo '[mysqldump]'> ~/.my.cnf; echo 'user=Site1WPUSR'>> ~/.my.cnf; echo 'password=Site1WPUSRPWD' >> ~/.my.cnf; chmod 0600 ~/.my.cnf
mysqldump -u Site1WPUSR Site1WPDB > ~/WordPress_DB_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.sql tar -zcvf WordPress_Site_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.tar.gz /var/www/html
Make sure you modify the date of the file to what you want to restore from.
mysql -u Site1WPUSR Site1WPDB < ~/WordPress_DB_Backup_08-27-2015.sql
Originally Posted on September 2, 2015
Last Updated on May 31, 2017
Last Updated on May 31, 2017
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.