Installing Fedora 27 LAMP Stack plus WordPress and SSL

Obsolesce

Note, this was <originally> written in the context that this web server is on a private LAN and not accessible from anywhere else. Adjust accordingly where appropriate, such as IPs and user names instead of root, no phpmyadmin, etc.

Also note that it is WAY easier installing this whole thing via Salt or Ansible, but I wrote this in a case where these are not available to use easily.

Installing Fedora 27

1. Install Fedora 27 via Net Install ISO.
2. In Software Selection, select Minimal Install.
   • It may take a minute to download metadata before you can go in there.
3. In Network & Host Name, set the Host Name, then click Apply and Done. (ex. servname.domain.local)
4. In Installation Destination, select Custom, then click Done.
   • Verify LVM is selected.
   • Click "Click here to create them automatically".
     • Verify / is XFS File System.
     • Under Desired Capacity for /, type "9999999999" and then click the Update Settings button.
     • Click Done, then click Accept Changes in the Summary of Changes window pop-up.
5. Click Begin Installation.
6. Set a Root Password, then click Done.
7. Wait for installation to complete, then reboot.

Post Install

1. Log in as root, and verify OS is up to date:
   dnf upgrade --refresh
2. Fix Fedora MAC Address & DHCP Issue:
   echo "send dhcp-client-identifier = hardware;" >> /etc/dhcp/dhclient.conf
   • Reboot
3. Create a new secure SSH key:
   ssh-keygen -t rsa -b 4096 -C "root-webserv1-key"
   • Hit enter for default location and name.
   • Hit enter again to skip passphrase creation.
   • Now you should SSH to server to continue.
4. Install the following packages, then reboot:

dnf install -y hyperv-daemons hyperv-tools cockpit policycoreutils-python-utils rsync tar unzip net-tools dnf-automatic httpd mysql mysql-server php php-mysqlnd php-gd php-pecl-zip php-theseer-fDOMDocument php-pecl-apcu phpmyadmin php-gettext ZipArchive

5. Configure Services:
   systemctl enable --now cockpit.socket
systemctl enable --now httpd.socket
systemctl enable --now mariadb.service
6. Configure Firewall:
   firewall-cmd --add-service=cockpit --permanent
firewall-cmd --add-port=http/tcp --permanent
firewall-cmd --add-port=https/tcp --permanent
firewall-cmd --reload
7. Configure MySQL / MariaDB: (run the below command)
   /usr/bin/mysql_secure_installation
   • Hit enter for none (this is a new installation, so password is blank)
   • Enter Y to set root password.
   • Enter Y to remove anonymous users.
   • Enter N to not disallow root login remotely. (unless this is public facing)
   • Enter Y to remove test database.
   • Enter Y to reload privilege tables.
8. Allow remote access to phpMyAdmin:
   vi /etc/httpd/conf.d/phpMyAdmin.conf
   • Add the following to the relevant 4 sections in the file above:
     172.16.0.0/12 (edit accordingly)
   • Restart httpd service:
     service httpd restart
9. Configure automatic update settings, set the following in the below file:
   vi /etc/dnf/automatic.conf
   • apply_updates = yes
   • emit_via = email
   • email_from = [email protected]
   • email_to = [email protected]
   • email_host = smtpServer
10. Configure automatic update schedule, change the following in below file:
    vi /usr/lib/systemd/system/dnf-automatic-install.timer
    • OnUnitInactiveSec=6h
11. Enable automatic update system timer:
    systemctl enable dnf-automatic-install.timer && systemctl start dnf-automatic-install.timer
    • Verify timer is showing up after a reboot by the following command:
      systemctl list-timers
12. Set SELinux httpd_t to permissive:
    semanage permissive -a httpd_t

WordPress Installation

After the server is fully prepped with the LAMP stack (above), we can install any needed web apps, such as WordPress.

Installing WP CLI

Installing and using the WordPress Command Line Interface (WP-CLI) makes installing, configuring, and managing WordPress simpler, as you can do it from simple commands, and even automate things.

1. Download the wp-cli.phar file using wget or curl:
   curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
2. Next, check the Phar file to verify that it’s working:
   php wp-cli.phar --info
3. To use WP-CLI from the command line by typing wp, make the file executable and move it to somewhere in your PATH:
   chmod +x wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp
cp /usr/local/bin/wp /usr/bin
4. If WP-CLI was installed successfully, you should see something like this when you run wp --info:

$ wp --info
PHP binary: /usr/bin/php7.0
PHP version: 7.0.26-1~dotdeb+8.2
php.ini used: /etc/php/7.0/cli/php.ini
WP-CLI root dir: phar://wp-cli.phar
WP-CLI vendor dir: phar://wp-cli.phar/vendor
WP_CLI phar path: /home/wp-cli/website/html
WP-CLI packages dir: /home/wp-cli/.wp-cli/packages/
WP-CLI global config: /home/wp-cli/.wp-cli/config.yml
WP-CLI project config: /home/wp-cli/website/wp-cli.yml
WP-CLI version: 1.4.1

Installing WP with WP CLI

1. Create website directory:
   mkdir /var/www/html/siteFolder
   • Set ownership:
     chown apache:apache /var/www/html/siteFolder
2. Change to directory where you want to install WordPress:
   cd /var/www/html/siteFolder
3. Download WP:
   sudo -u apache wp core download
4. Create WP Config:
   sudo -u apache wp core config --dbname=nameOfDB --dbuser=root --dbpass=password --dbhost=localhost --dbprefix=absc_
5. Create Database per above config file:
   sudo -u apache wp db create
6. Set-up WP Site:
   sudo -u apache wp core install --url=webserv1.local/siteFolder --title="My Cool Website" --admin_user="root" --admin_email="[email protected]" --skip-email
7. Log in and change password. Password is displayed after above command is ran.

Here is a follow-up post with some additional configurations. More specificially, implementing SSL, and using the WP-CLI to install some plugins and making WP better to work with, as well as securing it:

https://www.timothygruber.com/linux/creating-lamp-server-fedora-27-ssl/

https://www.timothygruber.com/web/creating-modern-wiki-wordpress/

.

black3dynamite

Awesome work.

Isn't the dhcp-client-identifier more of annoyance than an issue? You can use static mapping on Windows DHCP.

Obsolesce

@black3dynamite said in Installing Fedora 27 LAMP Stack plus WordPress:

Awesome work.

Isn't the dhcp-client-identifier more of annoyance than an issue? You can use static mapping on Windows DHCP.

Yeah, but if I do that, then things "just work" and makes things easier. Like pre-configured DHCP reservations and DNS records by MAC address.

JaredBusch

Step seven of the first part can be automated instead of forcing the interactive secure MySQL. You can look at some of my newer guides for that. Or I can post it tonight or tomorrow when I’m not driving

Obsolesce

@jaredbusch said in Installing Fedora 27 LAMP Stack plus WordPress:

Step seven of the first part can be automated instead of forcing the interactive secure MySQL. You can look at some of my newer guides for that. Or I can post it tonight or tomorrow when I’m not driving

I can't find it.

black3dynamite

@tim_g said in Installing Fedora 27 LAMP Stack plus WordPress:

@jaredbusch said in Installing Fedora 27 LAMP Stack plus WordPress:

Step seven of the first part can be automated instead of forcing the interactive secure MySQL. You can look at some of my newer guides for that. Or I can post it tonight or tomorrow when I’m not driving

I can't find it.

https://mangolassi.it/topic/12878/install-nextcloud-11-0-2-on-centos-7-with-php-7-1-from-remi

Scroll down where he shows us how to create and secure the database.

Alex Sage

Now add a section for Virual Hosts

Obsolesce

@jaredbusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

#Secure mariadb. These commands do what mysql_secure_installation does interactively
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"

Awesome, I'll update my post when I'm not in my 2nd office.

JaredBusch

@tim_g said in Installing Fedora 27 LAMP Stack plus WordPress:

@jaredbusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

#Secure mariadb. These commands do what mysql_secure_installation does interactively
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"

Awesome, I'll update my post when I'm not in my 2nd office.

Yeah, I was driving home last night and couldn’t dig that up for you directly.

bnrstnr

Do you guys use dnf-automatic on all of your fedora servers?

scottalanmiller

@bnrstnr said in Installing Fedora 27 LAMP Stack plus WordPress:

Do you guys use dnf-automatic on all of your fedora servers?

Generally, yes.

JaredBusch

@bnrstnr said in Installing Fedora 27 LAMP Stack plus WordPress:

Do you guys use dnf-automatic on all of your fedora servers?

I do.

Alex Sage

@bnrstnr yup, and my containers too

black3dynamite

@bnrstnr said in Installing Fedora 27 LAMP Stack plus WordPress:

Do you guys use dnf-automatic on all of your fedora servers?

I do. And it’s important to have it send an email with the results of the completed updates so you can look over it.

Obsolesce

I should note that I have an updated Fedora 27 and WordPress procedure here:

https://www.timothygruber.com/web/creating-modern-wiki-wordpress/

black3dynamite

@tim_g said in Installing Fedora 27 LAMP Stack plus WordPress:

I should note that I have an updated Fedora 27 and WordPress procedure here:

https://www.timothygruber.com/web/creating-modern-wiki-wordpress/

Nice job on guide. I do have a question about the theme and plugin install. Shouldn’t you using sudo -u apache wp to install themes and plugins?

Obsolesce

@black3dynamite said in Installing Fedora 27 LAMP Stack plus WordPress:

@tim_g said in Installing Fedora 27 LAMP Stack plus WordPress:

I should note that I have an updated Fedora 27 and WordPress procedure here:

https://www.timothygruber.com/web/creating-modern-wiki-wordpress/

Nice job on guide. I do have a question about the theme and plugin install. Shouldn’t you using sudo -u apache wp to install themes and plugins?

Thanks.

No, it installs them just fine. I verified the files are owned by apache:apache in the directory.
If you get a warning about not using sudo -u apache, then you can. It doesn't matter.

Obsolesce

Updated LAMP section to install Let's Encrypt SSL (https) implementation:

https://www.timothygruber.com/linux/creating-lamp-server-fedora-27-ssl/

hobbit666

This is on my to-do list today. Need a clean install to compare a site that the theme has been modified and I can't see what file they've edited

bnrstnr

@tim_g said in Installing Fedora 27 LAMP Stack plus WordPress and SSL:

Create a new secure SSH key:
ssh-keygen -t rsa -b 4096 -C "root-webserv1-key"

Hit enter for default location and name.
Hit enter again to skip passphrase creation.
Now you should SSH to server to continue.

Does this step disable normal logins or change anything at all? After my first restart my root password isn't working.