Installing Wordpress on CentOS 7 Minimal


  • Service Provider

    I originally posted this over on my blog on August 11, 2014, but as I fail to actually do anything with my blog, I wanted to bring it over here.

    • Install CentOS7 Minimal. Turn on networking during the GUI setup process.
      • If you need to get the IP address of you CentOS7 server login as root and enter:
        ip a sh
        Note the IP address, and now you can log in from SSH.
    • install packages needed to run wordpress
    yum -y install httpd mariadb mariadb-server php php-mysql php-xml php-gd wget nano policycoreutils-python;
    systemctl enable httpd.service;
    systemctl enable mariadb.service;
    setenforce permissive;
    systemctl start mariadb;
    firewall-cmd --zone=public --add-port=http/tcp --permanent;
    systemctl reload firewalld;
    systemctl start httpd;
    
    • Now download wordpress
    cd /opt;
    wget https://wordpress.org/latest.tar.gz;
    tar -xzvf latest.tar.gz;
    

    Setup SELinux permissions

    semanage fcontext -a -t httpd_sys_content_t '/opt/yourdomain(/.*)?'
    restorecon -R /opt/yourdomain
    semanage fcontext -a -t httpd_sys_rw_content_t '/opt/yourdomain/wp-content(/.*)?'
    restorecon -R /opt/yourdomain/wp-content
    

    Change things here to be things only you know and execute these commands.

    #Create a database for wordpress and a user to access it.
    mysql -e "CREATE DATABASE wp_yourdomain;"
    mysql -e "CREATE USER 'wp_yourdomain'@'localhost' IDENTIFIED BY 'somerandompassword';"
    mysql -e "GRANT ALL PRIVILEGES ON wp_yourdomain.* TO 'wp_yourdomain'@'localhost';"
    mysql -e "FLUSH PRIVILEGES;"
    
    #Secure mariadb. These commands do what mysql_secure_installation does interactively
    mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
    mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    mysql -e "DELETE FROM mysql.user WHERE User='';"
    mysql -e "DROP DATABASE test;"
    mysql -e "FLUSH PRIVILEGES;"
    
    • copy the wordpress directory to the domain folder desired
    cp -R /opt/wordpress/ /opt/yourdomain/
    chown -R apache:apache /opt/yourdomain/;
    
    • create the wp-config.php file and set the database information
    cp /opt/yourdomain/wp-config-sample.php /opt/yourdomain/wp-config.php;
    sed -i -e 's/database_name_here/wp_yourdomain/' /opt/yourdomain/wp-config.php;
    sed -i -e 's/username_here/wp_yourdomain/' /opt/yourdomain/wp-config.php;
    sed -i -e 's/password_here/somerandompassword/' /opt/yourdomain/wp-config.php;
    
    • go to https://api.wordpress.org/secret-key/1.1/salt/ and copy paste a unique salt into your wp-config.php file
      • no idea how to use sed to find/replace this. This data goes at the end of the wp-config.php file.
      • This is what is in the default file.
    define('AUTH_KEY', 'put your unique phrase here');
    define('SECURE_AUTH_KEY', 'put your unique phrase here');
    define('LOGGED_IN_KEY', 'put your unique phrase here');
    define('NONCE_KEY', 'put your unique phrase here');
    define('AUTH_SALT', 'put your unique phrase here');
    define('SECURE_AUTH_SALT', 'put your unique phrase here');
    define('LOGGED_IN_SALT', 'put your unique phrase here');
    define('NONCE_SALT', 'put your unique phrase here');
    
    • This is what a salt should look like.
    define('AUTH_KEY', 'P/u!4L<`Ia+2e=^w&KBgDs[f)r:vcM~=ylK-E:[email protected]],6g!b');
    define('SECURE_AUTH_KEY', 'qJV7.|d>:N$61J*_<wyX +K<P(Xz_TId+uJQ+3V/~h_L8}k_l4t,i[^Ss^3}(1j*');
    define('LOGGED_IN_KEY', 'dfJ;0JEt?u&r[T%Vn|@|y3AXx&CO~bjmfy{9gIPi2i|ouwmv99*(a`-i(*F}L{g+');
    define('NONCE_KEY', 'Qy{%n+h,rt66ILfR[;xO2kCMrjMY&vppiU X+cq*OXeS44hyP.At3K3Eb3r~zOH-');
    define('AUTH_SALT', '3qH|kzJYd.*JmV%()x8yyl1a;^SC3}]D}7koA%|W*z(GRA/wF=p!(9xT~;+0A>>D');
    define('SECURE_AUTH_SALT', '1$LIVd(W 3X~.L$Or YbUtUBL%&}JNxF6o`tw.WVJ3b|v]Ik3c0afEy0j =D2R5<');
    define('LOGGED_IN_SALT', '[-Rf2*n&U]D&KWZ 5IR{63D^$g~oGq</!Pi(&8kEQ*J2Ui?cHo!h4(1~<Qj?g ah');
    define('NONCE_SALT', 'xRL!G|/Xe&f|WfCp(v(6H.?-OwY2uxp^HJYYhMWx8KJca0s<J_2%E[cr:ZZ9t`1k');
    
    • If you are only going to run the one website on this server, you can edit the apache config
    • to change the default document root to point to your wordpress folder
    • by default it is located: /etc/httpd/conf/httpd.conf
    • Change the following two lines
    DocumentRoot "/opt/yourdomain" # was "/var/www/html"
    <Directory "/opt/yourdomain"> # was "/var/www/html"
    
    • If this is the only website that will be hosted on this server, you can skip the Virtual host section and simply restart httpd now
    • If you are going to have multiple domains pointing to this server eventually,
    • you will need to create a virtual host config file and by default apache loads any conf files in the conf.d folder. So create: /etc/httpd/conf.d/vhosts.conf
    • Now copy and paste the below syntax once for each virtual host.
    • Obviously, replace yourdomain with your real domain info.
        ServerAdmin [email protected]
        DirectoryIndex index.php index.html index.htm
        DocumentRoot /opt/yourdomain
        ServerName yourdomain.com
        ServerAlias *.yourdomain.com
        LogLevel warn
        ErrorLog logs/yourdomain-error_log
        CustomLog logs/yourdomain-access_log common
            
                Require all granted
                Options Indexes FollowSymLinks Includes ExecCGI
                AllowOverride All
                Order allow,deny
                Allow from all
            
    
    • restart the webserver then browse to your site.
    systemctl reload httpd;
    


  • @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    This is for WordPress, correct?

    Now download wordpress

    Just wanted to double check because of the mention of ownCloud

    Sign in to the database and create the ownCloud instance and user.
    You will be prompted to enter your database root password.

    Not meaning to be nitpicky, but wanted to double check.


  • Service Provider

    Note, I used setenforce permissive during the setup. I recommend rebooting the instance after you confirm everything is setup and working.

    When I initially wrote this, everything works without needing to turn off SELinux.

    I have not done a clean install in a couple years at this point.


  • Service Provider

    @NerdyDad said in Installing Wordpress on CentOS 7 Minimal:

    Not meaning to be nitpicky, but wanted to double check.

    Because copy/paste fail.



  • Would it be hard to add the installation of phpMyAdmin into your guide?



  • @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    yum install phpMyAdmin
    

    Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.



  • @travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    yum install phpMyAdmin
    

    Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

    For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.


  • Service Provider

    @travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    yum install phpMyAdmin
    

    Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

    Same here. Not recommended for normal use.


  • Service Provider

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    @travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    yum install phpMyAdmin
    

    Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

    For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.

    It is, but for something like WordPress, no really use for it.


  • Service Provider

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    I never use It, and as the others have said I would never want to have it installed.


  • Service Provider

    And graphical tools like phpMyAdmin make instructions much harder. Telling someone to just "copy this command" is so easy. Telling someone to follow screen shot after screen shot of things to click on is not.



  • @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    @travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    Would it be hard to add the installation of phpMyAdmin into your guide?

    yum install phpMyAdmin
    

    Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

    For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.

    It is, but for something like WordPress, no really use for it.

    I put it on internal servers because it's easier to set up databases and users for those databases at the same time for web servers that will be hosting multiple sites that need databases. Go to the web address, enter info in for new user and database, set permissions, done. Easy.

    I personally do not know the command line way to do that, it's always been super easy and fast doing it through phpMyAdmin. When other people take over, it's very easy for them to do it.

    I'm not going to choose not to install it just because there may be a possibility that I have to give someone step by step instructions on creating a database and user for MySQL on ML or SW... if it were in person, I'd just take the 25-30 seconds to bookmark the page and show them.

    I'm not disagreeing with all of you, I'm just laying out my case usage. I have never installed phpMyAdmin on external facing servers. In cases where it was, it was due to the Webhost having it incorporated in cPanel for example, with no way to add databases via CLI or other real means.

    Now that you have posted the CLI to do it, I already copied that down into my personal notes to do it that way in the future... so thanks for that. Very helpful.


  • Service Provider

    @Tim_G said in Installing Wordpress on CentOS 7 Minimal:

    I personally do not know the command line way to do that, it's always been super easy and fast doing it through phpMyAdmin. When other people take over, it's very easy for them to do it.

    Every install guide has the command, making it super fast. And once you use it once, it is in your command history so you just "up arrow" and there it is.

    mysql> CREATE DATABASE databasename;
    mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname" IDENTIFIED BY "password";
    mysql> FLUSH PRIVILEGES;
    

  • Service Provider

    Obviously, you only create the database the first time. But that's how fast it is, just "create database name".


  • Service Provider

    I like doing it from the CLI, even though phpMyAdmin is slick, because I only need one interface. Having to switch back and forth between SSH and web or something else is cumbersome and more things that I have to maintain. I've had databases where I need to do regular maintenance and then, definitely, that's the tool that I use. But for just initial setup tasks, I stick to the command line.



  • @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    I like doing it from the CLI, even though phpMyAdmin is slick, because I only need one interface. Having to switch back and forth between SSH and web or something else is cumbersome and more things that I have to maintain. I've had databases where I need to do regular maintenance and then, definitely, that's the tool that I use. But for just initial setup tasks, I stick to the command line.

    Yeah, that's another point I didn't think about: it's never just initial setups that occur on a webserver. At least ones I deal with. Sure it can be fast to type in the commands fast to create a new database and user for it... but then when you have to export and import tables and such from other servers, among other things, I'd need to take a class on how to do it. And I can't stand around and school everyone or expect everyone I make contact with to pick up my documentation and do it all via CLI.

    Most people just want an easy web browser bookmark, where they can visually go in an get things done without worrying about typing it all out on CLI and everything that involves.

    I'm all about automation, scripting, etc... but only when it involves doing things more than once on the same or like systems.

    There's a saying I like that goes something like... "If you have to do it twice, it should have been automated." lol

    But anyways, I agree with you... initial set up, easy CLI... more involved work/maintenance = GUI (unless you're a trained SQL CLI admin or whatever) But even still, it's not always you who are going to be maintaining it after initial setup... it may not even be a technical fellow.


  • Service Provider

    @Tim_G yeah, that's very different. For WordPress, normally you never touch the DB again, ever.


  • Service Provider

    Updated the instrucitons a bit to make the MySQL setup non interactive and fixed a missing bit of info for the httpd.conf.


  • Service Provider

    Thanks to @BRRABill it looks like I missed some SELinux issues.

    Instructions updated, but this is what I needed to resolve his issues so far. He just installed, so maybe more updates to come :P

    yum install -y policycoreutils-python
    semanage fcontext -a -t httpd_sys_content_t '/opt/yourdomain(/.*)?'
    restorecon -R /opt/yourdomain
    semanage fcontext -a -t httpd_sys_rw_content_t '/opt/yourdomain/wp-content(/.*)?'
    restorecon -R /opt/yourdomain/wp-content
    


  • One other thing @JaredBusch and I discussed was the location in /opt and opposed to /var

    In theory, it should not matter.



  • @JaredBusch

    BTW, thanks for the writeup. Very good job.


  • Service Provider

    @BRRABill said in Installing Wordpress on CentOS 7 Minimal:

    One other thing @JaredBusch and I discussed was the location in /opt and opposed to /var

    In theory, it should not matter.

    @scottalanmiller there was a discussion in a thread here a couple years ago around using /opt/ for wordpress installs. but I cannot find it. I think there was a reasoning from someone in there for that location.


  • Service Provider

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    @BRRABill said in Installing Wordpress on CentOS 7 Minimal:

    One other thing @JaredBusch and I discussed was the location in /opt and opposed to /var

    In theory, it should not matter.

    @scottalanmiller there was a discussion in a thread here a couple years ago around using /opt/ for wordpress installs. but I cannot find it. I think there was a reasoning from someone in there for that location.

    Only thing I know of is that YUM using that location. But have no idea why.


  • Service Provider

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

  • Service Provider

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.


  • Service Provider

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.

    Looks like I got the /opt thing from you. Your LEMP challenge used /opt/wordpress.
    https://mangolassi.it/topic/1082/the-wordpress-on-centos-lemp-challenge

    Now I know there was a subsequent discussion somewhere on ML about /opt, I just cannot find it.


  • Service Provider

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.

    Looks like I got the /opt thing from you. Your LEMP challenge used /opt/wordpress.
    https://mangolassi.it/topic/1082/the-wordpress-on-centos-lemp-challenge

    Now I know there was a subsequent discussion somewhere on ML about /opt, I just cannot find it.

    I have a feeling that it was or is the nginx default directory.



  • @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.

    Looks like I got the /opt thing from you. Your LEMP challenge used /opt/wordpress.
    https://mangolassi.it/topic/1082/the-wordpress-on-centos-lemp-challenge

    Now I know there was a subsequent discussion somewhere on ML about /opt, I just cannot find it.

    I ask about it after seing your guide and you choosing /opt for the instalation

    https://mangolassi.it/topic/12567/is-there-a-best-practice-for-the-location-of-the-root-folder-of-a-webapp


  • Service Provider

    @Romo said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.

    Looks like I got the /opt thing from you. Your LEMP challenge used /opt/wordpress.
    https://mangolassi.it/topic/1082/the-wordpress-on-centos-lemp-challenge

    Now I know there was a subsequent discussion somewhere on ML about /opt, I just cannot find it.

    I ask about it after seing your guide and you choosing /opt for the instalation

    https://mangolassi.it/topic/12567/is-there-a-best-practice-for-the-location-of-the-root-folder-of-a-webapp

    And as you can see from my link above, @scottalanmiller's answer in your thread is not helpful. He simply stated standards. But what standard is the question.


  • Service Provider

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    @scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

    @JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

    Looking into things I found this link. Granted this is about packaging for RPM but still.
    https://fedoraproject.org/wiki/Packaging:Guidelines#Web_Applications

    Web Applications

    Web applications packaged in Fedora should put their content into /usr/share/%{name} and NOT into /var/www/. This is done because:

    • /var is supposed to contain variable data files and logs. /usr/share is much more appropriate for this.
    • Many users already have content in /var/www, and we do not want any Fedora package to step on top of that.
    • /var/www is no longer specified by the Filesystem Hierarchy Standard

    Hmmm... point two I understand. It's already in use. But it was always in /var specifically because it is variable data, that's where upload caches and stuff go.

    No idea about the hierarchy.

    Looks like I got the /opt thing from you. Your LEMP challenge used /opt/wordpress.
    https://mangolassi.it/topic/1082/the-wordpress-on-centos-lemp-challenge

    Now I know there was a subsequent discussion somewhere on ML about /opt, I just cannot find it.

    I have a feeling that it was or is the nginx default directory.

    No, you continually reference /opt as the directory to use for 3rd party applications.

    It I guess the better question is whether or not web apps like this are considered third party applications or something to put in webroot. A Google site search of this site and the term /opt returns many threads with directions from you installing things to /opt.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.