Setup WordPress with WP-CLI on Fedora with SSL Origin Certificate from Cloudflare
-
Here is an updated guide to installing a WordPress instance on a Fedora based LAMP stack.
At the time of writing, Fedora 31 and WordPress 5.3.2 were current.
I used a $3.50 Fedora 31 instance on Vultr (vultr.com) for the testing of this guide.
Pretty much all the WP bits are randomized during setup, even the database name.
-
Follow my guide to Create a Cloudflare Origin Certificate
-
SSH in as a non-root user, because you seriously do not have SSH enabled for
root. Right? -
Setup the session variables with your domain name, title, and email.
############################################## ###### CHANGE THESE VARIABLES ######## ############################################## export WP_URL='domain.com' export WP_TITLE='My Fancy WP Site' export WP_ADMIN_EMAIL='[email protected]' export CF_CERT='domain.pem' export CF_KEY='domain.key'- Install packages.
############################################## ###### DO NOT EDIT ANYTHING ELSE UNLESS ###### ###### YOU KNOW WHAT YOU ARE DOING ###### ############################################## # install basics sudo dnf install -y wget nano pwgen # install the basic requirements of a LAMP stack sudo dnf install -y httpd mariadb mariadb-server php php-pdo_mysql php-xml php-gd mod_ssl- Open the firewall, for only
https
# allow https through the firewall sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload- Enable and start
apacheandmariadb
# Enable and start apache and mariadb sudo systemctl enable --now httpd sudo systemctl enable --now mariadb- Create the origin certificate files on your WP instance.
# create the certificate file sudo nano /etc/pki/tls/certs/$CF_CERT # <paste in cert data> # create the private key file sudo nano /etc/pki/tls/private/$CF_KEY # <paste in the key data> # adjsut the key file permissions sudo chmod 600 /etc/pki/tls/private/$CF_KEY- Update the apache SSL config to use the Cloudflare certificate and key.
# modify ssl.conf to look at the cloudflare origin certificate sudo sed -i "s/localhost.crt/${CF_CERT}/" /etc/httpd/conf.d/ssl.conf sudo sed -i "s/localhost.key/${CF_KEY}/" /etc/httpd/conf.d/ssl.conf # restart apache sudo systemctl restart httpd- Start a file to hold some information that will be randomly created during the rest of this.
# create a setup file to store randomly genreated information echo "Your WordPress setup has been completed." > ~/setup_info.txt echo "Some randomized information was generated during install." >> ~/setup_info.txt echo "It is located in ~/setup_info.txt. It is highly recommended you document the information and delete the file." >> ~/setup_info.txt- Generate random passwords and names for the database. Log them into the setup file.
# Database name to use for wordpress export DB_NAME=`pwgen -c -n -1 12` echo "Database name: ${DB_NAME}" >> ~/setup_info.txt # Generate a random password for the root user export DB_ROOT_PASS=`pwgen -c -n -1 20` echo "Database root password: ${DB_ROOT_PASS}" >> ~/setup_info.txt # Generate a random non-root user export DB_USER=`pwgen -c -n -1 16` echo "Database non-root user: ${DB_USER}" >> ~/setup_info.txt # Generate a random password for the non-root user export DB_PASS=`pwgen -c -n -1 20` echo "Database user ${DB_USER} password: ${DB_PASS}" >> ~/setup_info.txt- Create the non-root DB user
# Create a non-root db user to own and admin the WP database sudo mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" sudo mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';" sudo mysql -e "FLUSH PRIVILEGES;"- Secure the database.
# Secure MariaDB (this does what mysql_secure_installation performs without interaction) sudo mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';" sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" sudo mysql -e "DELETE FROM mysql.user WHERE User='';" sudo mysql -e "FLUSH PRIVILEGES;"- Pull down the WP-CLI phar file, make it executable and then move it to the path and rename as
wp
# download WordPress CLI curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar # make it executable and move it to the path chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp- Because you will be executing all
wpcommands as the apache user, the cache folder needs manually setup ahead of time.
# create a cache folder for wp-cli and give ownership to apache sudo mkdir -p /usr/share/httpd/.wp-cli/cache/ sudo chown -R apache:apache /usr/share/httpd/.wp-cli/- Fedora does not change permissions on
/var/www/htmlby default. so adjust that.
# set apache as the owner of the html folder sudo chown apache:apache /var/www/html- Adjust SELinux permissions so Plugins cna be installed an auto updates work.
# change SELinux permissions sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?" sudo restorecon -R -F /var/www/html sudo setsebool -P httpd_can_sendmail 1 sudo setsebool -P httpd_can_network_connect 1- Download WordPress.
# download WordPress cd /var/www/html sudo -u apache wp core download- Create the WordPress config file and database.
# create the wp-config.php file sudo -u apache wp config create --dbname=$DB_NAME --dbuser=$DB_USER --dbpass=$DB_PASS # create the WP database sudo -u apache wp db create- Generate and log to the setup file a random username and password for the initial WordPress Admin.
# generate random admin name and password for WP Admin login export WP_ADMIN=`pwgen -c -n -1 16` echo "WordPress Admin username: ${WP_ADMIN}" >> ~/setup_info.txt export WP_ADMIN_PASS=`pwgen -c -n -1 30` echo "WordPress Admin password: ${WP_ADMIN_PASS}" >> ~/setup_info.txt- Install WordPress.
# install WP sudo -u apache wp core install --url=$WP_URL --title="${WP_TITLE}" --admin_user=$WP_ADMIN --admin_password=$WP_ADMIN_PASS --admin_email=$WP_ADMIN_EMAIL --skip-email- Dump the setup info to the screen.
cat ~/setup_info.txtThis will look like this.
Your WordPress setup has been completed. Some randomized information was generated during install. It is located in ~/setup_info.txt. It is highly recommended you document the information and delete the file. Database name: aaaaaaaaaaa Database root password: bbbbbbbbbbbbbbbbb Database non-root user: ccccccccccccc Database user ccccccccccccc password: dddddddddddddd WordPress Admin username: eeeeeeeeeeeeee WordPress Admin password: fffffffffffffffffffffffffffffffff- Navigate to your URL via
httpsand log in with the admin account information noted in the prior step.
-
-
Running through this again now, finding a few typos and fixing them as I go.
-
And there it is.
-
-
This is the SSL score.
I assume this is why the A rating and not A+
But not much to do about that since it is Cloudflare that is terminating.
