Overview
You can use this document to learn how to install WordPress with a StackPath virtual machine. Specifically, this document uses CentOS 7 to describe the process. This process reduces latency and improves web applications speed because resources are geographically closer to your users.
Step 1: Create a virtual machine
- In the StackPath Control Portal, in the left-side navigation menu, click Workloads.
- Click Add Workload.
- In Name, enter a descriptive name.
- In Workload Type, select VM.
- In Image, select an OS image type.
- Click Continue to Settings.
- Under Public Ports, enter the following ports and connections:
- 80 on TCP (for the web server)
- 443 on TCP (for the web server)
- 22 on TCP (for SSH)
- Under First Boot SSH Key(s), enter your SSH key.
- By default, StackPath disables password logins.
- To manage the virtual machine, you must provide an SSH key during the deployment process. To learn more, see Generate and Add SSH Keys for virtual machine workloads.
- Click Continue to Spec.
- Select additional configurations , and then click Create Workload.
Step 2: Install NGINX, MariaDB, and PHP
- Access the virtual machine via SSH:
ssh centos@youriphere
- Install and start MariaDB:
sudo yum -y install mariadb mariadb-server sudo systemctl start mariadb sudo systemctl enable mariadb
- Secure and set up MariaDB:
sudo mysql_secure_installation
- Review the following text to securely set up MariaDB. In this example, Stackpath123 is the MariaDB root password.
[centos@wordpress-example-wordpress-dfw-0 ~]$ sudo mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
-
Install NGINX with Let's Encrypt SSL support:
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
sudo yum -y install nginx
sudo systemctl restart nginx
sudo systemctl enable nginx -
Install PHP:
sudo yum install nano
sudo yum installyum-utils
sudo yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php73
sudo yum install -y php-cli php-fpm php-mysql php-json php-opcache php-mbstring php-xml php-gd php-curl -
Configure php-fpm to work with NGINX:
sudo chown -R root:nginx /var/lib/php sudo nano /etc/php-fpm.d/www.conf
-
Modify the following settings:
group = nginx listen = /run/php-fpm/www.sock listen.owner = nginx listen.group = nginx
-
Once the php-fpm config has been updated, enable and start php-fpm on boot:
sudo systemctl enable php-fpm sudo systemctl start php-fpm
-
To complete the following steps, you must know the domain to use. The following examples will use wordpress-example.com. Additionally, the following examples will use nano as the editor.
mkdir -p /var/www/html/wordpress chcon -Rt httpd_sys_content_t /var/www/html/wordpress sudo yum -y install nano sudo nano /etc/nginx/conf.d/wordpress.conf
-
In NGINX config, use:
################################## # WORDPRESS NGINX CONFIGURATIONS ################################## server { root /var/www/html/wordpress; server_name wordpress-example.com; access_log /var/log/nginx/wp_client_access.log; error_log /var/log/nginx/wp_client_error.log; location / { index index.php index.html; try_files $uri $uri/ /index.php?$args; } # Specify a charset charset utf-8; # GZIP gzip on; gzip_min_length 1000; gzip_buffers 4 32k; gzip_proxied any; gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; gzip_vary on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Add trailing slash to */wp-admin requests. rewrite /wp-admin$ $scheme://$host$uri/ permanent; # Prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } ########### # SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING ########### location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } # Pass all .php files onto a php-fpm or php-cgi server location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_read_timeout 3600s; fastcgi_buffer_size 128k; fastcgi_buffers 4 128k; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; } # RESTRICTIONS location ~* /(?:uploads|files)/.*\.php$ { deny all; } }
-
For SSL purposes, install certbot:
sudo yum -y install yum-utils sudo yum -y install epel-release sudo yum -y install certbot python2-certbot-nginx
-
Generate the SSL certificate for the domain:
sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): ben.gabler@stackpath.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: wordpress-example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Obtaining a new certificate Performing the following challenges: http-01 challenge for wordpress-example.com Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /etc/nginx/conf.d/wordpress.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wordpress.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://wordpress-example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=wordpress-example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Set up the MariaDB database. Specifically, connect to MariaDB with the root user and password:
mysql -u root -p
-
Create the database and database user for Wordpress:
CREATE DATABASE wordpress; CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'strongpasswordhere'; GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress_user'@'localhost'; flush privileges;
-
Download the latest Wordpress package:
sudo yum install wget
sudo mkdir -p /var/www/html cd /var/www/html sudo wget http://wordpress.org/latest.tar.gz sudo tar xzvf latest.tar.gz sudo rm latest.tar.gz sudo chown -R nginx: /var/www/html/wordpress -
Configure wp-config.php with the proper MariaDB information:
cd wordpress sudo mv wp-config-sample.php wp-config.php sudo nano wp-config.php
-
Replace the default database configuration options with the correct settings from the previous steps:
define( 'DB_NAME', 'wordpress' ); /** MySQL database username */ define( 'DB_USER', 'wordpress_user' ); /** MySQL database password */ define( 'DB_PASSWORD', 'strongpasswordhere' );
Step 3: Access and configure Wordpress
- Access install.php for your WordPress site to begin WordPress configuration:
https://<yourdomain>/wp-admin/install.php
- Review the on-screen instructions. Afterwards, your virtual machine is installed and configured to support WordPress.