Prerequisites
- Have a ubuntu server up and running, maybe other OS go smooth, but I haven’t tested them
- Have a domain correctly mapped to that server
- Have
caddy(v2) working all ready, you cleaned yourapacheor younginx, easyapt install caddyafter cleaning.
Download
Download WordPress from source and manage permissions on the install dir.
sudo mkdir -p /var/www
sudo chown www-data: /var/www
curl https://wordpress.org/latest.tar.gz | sudo -u www-data tar zx -C /var/www
Install deps
Notice Im not using specif versions, like [email protected], not, im getting things off the apt shells, they know what they are doing, this way I get a more future resilient script (hopefully).
sudo apt install php-fpm \
ghostscript \
libapache2-mod-php \
mysql-server \
php \
php-bcmath \
php-curl \
php-imagick \
php-intl \
php-json \
php-mbstring \
php-mysql \
php-xml \
php-zip
DB time
Using MYSQL
Let’s generate a strong password
openssl rand -base64 20
Now let’s go sql
mysql -u root
mysql> CREATE DATABASE wordpress;
mysql> CREATE USER wordpress@localhost IDENTIFIED BY '<your-password>';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON wordpress.* TO wordpress@localhost;
mysql> FLUSH PRIVILEGES;
mysql> quit
Enable MySQL with
sudo service mysql start
At this point you should have a note with credentials:
DB_NAME=wordpress
USER_NAME=wordpress
USER_PASSWORD=<your-password>
Configure WordPress with that user
sudo -u www-data sed -i 's/database_name_here/wordpress/' /srv/www/wordpress/wp-config.php
sudo -u www-data sed -i 's/username_here/wordpress/' /var/www/wordpress/wp-config.php
sudo -u www-data sed -i 's/password_here/<your-password>/' /var/www/wordpress/wp-config.php
Replace weak lines with strong lines
In the wp-config.php replace the lines:
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
Caddy Config
your.domain {
# good practice to signal on behalf of who
# are the certs getting issue
tls [email protected]
# logs are optional
log {
output file /var/log/caddy/your.domain
format console
}
root * /var/www/wordpress
encode gzip
file_server
php_fastcgi unix//run/php/php-fpm.sock
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
}
Apply the latter with systemctl restart caddy, should go smooth, at least you have other bad things in your file.
Finish it on the browser
Go to your domain, at this point you should have a working wordpress site, on SSL,
if fails to load, give it a couple of minutes, those SSL certs aren’t going to issue
and process it selfs, leave Caddy do his thing. When things clear up, finish the setup
on your new WordPress portal.
Hopefully not, but if things go wrong, check out the log, that’s why I put it there:
tail -n 10 -f /var/log/caddy/your.domain
hit refresh and see what happens, good luck.
Allow WordPress access file system for plugins and friends
Nice, you have WordPress up and running, now you need the next thing, wish might be
You can do it by allowing access to www-data on the wp-content dir for now.
sudo chown -R www-data:www-data /var/www/wordpress/wp-content/