Setup WordPress with WP-CLI on Fedora with SSL Origin Certificate from Cloudflare



  • Here is an updated guide to installing a WordPress instance on a Fedora based LAMP stack.

    At the time of writing, Fedora 31 and WordPress 5.3.2 were current.

    I used a $3.50 Fedora 31 instance on Vultr (vultr.com) for the testing of this guide.

    Pretty much all the WP bits are randomized during setup, even the database name.

    1. Follow my guide to Create a Cloudflare Origin Certificate

    2. SSH in as a non-root user, because you seriously do not have SSH enabled for root. Right?

    3. Setup the session variables with your domain name, title, and email.

    ##############################################
    ######     CHANGE THESE VARIABLES     ########
    ##############################################
    export WP_URL='domain.com'
    export WP_TITLE='My Fancy WP Site'
    export WP_ADMIN_EMAIL='[email protected]'
    export CF_CERT='domain.pem'
    export CF_KEY='domain.key'
    
    1. Install packages.
    ##############################################
    ###### DO NOT EDIT ANYTHING ELSE UNLESS ######
    ###### YOU KNOW WHAT YOU ARE DOING      ######
    ##############################################
    # install basics
    sudo dnf install -y wget nano pwgen
    
    # install the basic requirements of a LAMP stack
    sudo dnf install -y httpd mariadb mariadb-server php php-pdo_mysql php-xml php-gd mod_ssl
    
    1. Open the firewall, for only https
    # allow https through the firewall
    sudo firewall-cmd --add-service=https --permanent 
    sudo firewall-cmd --reload
    
    1. Enable and start apache and mariadb
    # Enable and start apache and mariadb
    sudo systemctl enable --now httpd
    sudo systemctl enable --now mariadb
    
    1. Create the origin certificate files on your WP instance.
    # create the certificate file 
    sudo nano /etc/pki/tls/certs/$CF_CERT
    # <paste in cert data>
    
    # create the private key file
    sudo nano /etc/pki/tls/private/$CF_KEY
    # <paste in the key data>
    
    # adjsut the key file permissions
    sudo chmod 600 /etc/pki/tls/private/$CF_KEY
    
    1. Update the apache SSL config to use the Cloudflare certificate and key.
    # modify ssl.conf to look at the cloudflare origin certificate
    sudo sed -i "s/localhost.crt/${CF_CERT}/" /etc/httpd/conf.d/ssl.conf 
    sudo sed -i "s/localhost.key/${CF_KEY}/" /etc/httpd/conf.d/ssl.conf 
    
    # restart apache
    sudo systemctl restart httpd
    
    1. Start a file to hold some information that will be randomly created during the rest of this.
    # create a setup file to store randomly genreated information
    echo "Your WordPress setup has been completed." > ~/setup_info.txt
    echo "Some randomized information was generated during install." >> ~/setup_info.txt
    echo "It is located in ~/setup_info.txt. It is highly recommended you document the information and delete the file." >> ~/setup_info.txt
    
    1. Generate random passwords and names for the database. Log them into the setup file.
    # Database name to use for wordpress
    export DB_NAME=`pwgen -c -n -1 12`
    echo "Database name: ${DB_NAME}" >> ~/setup_info.txt
    # Generate a random password for the root user
    export DB_ROOT_PASS=`pwgen -c -n -1 20`
    echo "Database root password: ${DB_ROOT_PASS}" >> ~/setup_info.txt
    # Generate a random non-root user
    export DB_USER=`pwgen -c -n -1 16`
    echo "Database non-root user: ${DB_USER}" >> ~/setup_info.txt
    # Generate a random password for the non-root user
    export DB_PASS=`pwgen -c -n -1 20`
    echo "Database user ${DB_USER} password: ${DB_PASS}" >> ~/setup_info.txt
    
    1. Create the non-root DB user
    # Create a non-root db user to own and admin the WP database
    sudo mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
    sudo mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';"
    sudo mysql -e "FLUSH PRIVILEGES;"
    
    1. Secure the database.
    # Secure MariaDB (this does what mysql_secure_installation performs without interaction)
    sudo mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';"
    sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    sudo mysql -e "DELETE FROM mysql.user WHERE User='';"
    sudo mysql -e "FLUSH PRIVILEGES;"
    
    1. Pull down the WP-CLI phar file, make it executable and then move it to the path and rename as wp
    # download WordPress CLI
    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
    # make it executable and move it to the path
    chmod +x wp-cli.phar
    sudo mv wp-cli.phar /usr/local/bin/wp
    
    1. Because you will be executing all wp commands as the apache user, the cache folder needs manually setup ahead of time.
    # create a cache folder for wp-cli and give ownership to apache
    sudo mkdir -p /usr/share/httpd/.wp-cli/cache/
    sudo chown -R apache:apache /usr/share/httpd/.wp-cli/
    
    1. Fedora does not change permissions on /var/www/html by default. so adjust that.
    # set apache as the owner of the html folder
    sudo chown apache:apache /var/www/html
    
    1. Adjust SELinux permissions so Plugins cna be installed an auto updates work.
    # change SELinux permissions
    sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"
    sudo restorecon -R -F /var/www/html
    sudo setsebool -P httpd_can_sendmail 1
    sudo setsebool -P httpd_can_network_connect 1
    
    1. Download WordPress.
    # download WordPress
    cd /var/www/html
    sudo -u apache wp core download
    
    1. Create the WordPress config file and database.
    # create the wp-config.php file
    sudo -u apache wp config create --dbname=$DB_NAME --dbuser=$DB_USER --dbpass=$DB_PASS
    
    # create the WP database
    sudo -u apache wp db create
    
    1. Generate and log to the setup file a random username and password for the initial WordPress Admin.
    # generate random admin name and password for WP Admin login
    export WP_ADMIN=`pwgen -c -n -1 16`
    echo "WordPress Admin username: ${WP_ADMIN}" >> ~/setup_info.txt
    export WP_ADMIN_PASS=`pwgen -c -n -1 30`
    echo "WordPress Admin password: ${WP_ADMIN_PASS}" >> ~/setup_info.txt
    
    1. Install WordPress.
    # install WP
    sudo -u apache wp core install --url=$WP_URL --title="${WP_TITLE}" --admin_user=$WP_ADMIN --admin_password=$WP_ADMIN_PASS --admin_email=$WP_ADMIN_EMAIL --skip-email
    
    1. Dump the setup info to the screen.
    cat ~/setup_info.txt
    

    This will look like this.

    Your WordPress setup has been completed.
    Some randomized information was generated during install.
    It is located in ~/setup_info.txt. It is highly recommended you document the information and delete the file.
    Database name: aaaaaaaaaaa
    Database root password: bbbbbbbbbbbbbbbbb
    Database non-root user: ccccccccccccc
    Database user ccccccccccccc password: dddddddddddddd
    WordPress Admin username: eeeeeeeeeeeeee
    WordPress Admin password: fffffffffffffffffffffffffffffffff
    
    1. Navigate to your URL via https and log in with the admin account information noted in the prior step.


  • Running through this again now, finding a few typos and fixing them as I go.



  • And there it is.

    945811c6-6519-437f-9c24-5bb687b62d2d-image.png



  • 7191071a-16b2-43b5-ab97-d7420e9839f3-image.png



  • This is the SSL score.
    76a95c9d-98c9-4017-b1a5-9241f011403e-image.png

    I assume this is why the A rating and not A+
    c8606068-aa33-4e47-ac08-12495d504b90-image.png

    But not much to do about that since it is Cloudflare that is terminating.