Installing Wordpress on CentOS 7 Minimal

JaredBusch

I originally posted this over on my blog on August 11, 2014, but as I fail to actually do anything with my blog, I wanted to bring it over here.

• Install CentOS7 Minimal. Turn on networking during the GUI setup process.

  • If you need to get the IP address of you CentOS7 server login as root and enter:
    ip a sh
    Note the IP address, and now you can log in from SSH.

• install packages needed to run wordpress

yum -y install httpd mariadb mariadb-server php php-mysql php-xml php-gd wget nano policycoreutils-python;
systemctl enable httpd.service;
systemctl enable mariadb.service;
setenforce permissive;
systemctl start mariadb;
firewall-cmd --zone=public --add-port=http/tcp --permanent;
systemctl reload firewalld;
systemctl start httpd;

• Now download wordpress

cd /opt;
wget https://wordpress.org/latest.tar.gz;
tar -xzvf latest.tar.gz;

Setup SELinux permissions

semanage fcontext -a -t httpd_sys_content_t '/opt/yourdomain(/.*)?'
restorecon -R /opt/yourdomain
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/yourdomain/wp-content(/.*)?'
restorecon -R /opt/yourdomain/wp-content

Change things here to be things only you know and execute these commands.

#Create a database for wordpress and a user to access it.
mysql -e "CREATE DATABASE wp_yourdomain;"
mysql -e "CREATE USER 'wp_yourdomain'@'localhost' IDENTIFIED BY 'somerandompassword';"
mysql -e "GRANT ALL PRIVILEGES ON wp_yourdomain.* TO 'wp_yourdomain'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"

#Secure mariadb. These commands do what mysql_secure_installation does interactively
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"

• copy the wordpress directory to the domain folder desired

cp -R /opt/wordpress/ /opt/yourdomain/
chown -R apache:apache /opt/yourdomain/;

• create the wp-config.php file and set the database information

cp /opt/yourdomain/wp-config-sample.php /opt/yourdomain/wp-config.php;
sed -i -e 's/database_name_here/wp_yourdomain/' /opt/yourdomain/wp-config.php;
sed -i -e 's/username_here/wp_yourdomain/' /opt/yourdomain/wp-config.php;
sed -i -e 's/password_here/somerandompassword/' /opt/yourdomain/wp-config.php;

• go to https://api.wordpress.org/secret-key/1.1/salt/ and copy paste a unique salt into your wp-config.php file
  • no idea how to use sed to find/replace this. This data goes at the end of the wp-config.php file.
  • This is what is in the default file.

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

• This is what a salt should look like.

define('AUTH_KEY', 'P/u!4L<`Ia+2e=^w&KBgDs[f)r:vcM~=ylK-E:Hq|B`HGv%cZtAN*Toy@b],6g!b');
define('SECURE_AUTH_KEY', 'qJV7.|d>:N$61J*_<wyX +K<P(Xz_TId+uJQ+3V/~h_L8}k_l4t,i[^Ss^3}(1j*');
define('LOGGED_IN_KEY', 'dfJ;0JEt?u&r[T%Vn|@|y3AXx&CO~bjmfy{9gIPi2i|ouwmv99*(a`-i(*F}L{g+');
define('NONCE_KEY', 'Qy{%n+h,rt66ILfR[;xO2kCMrjMY&vppiU X+cq*OXeS44hyP.At3K3Eb3r~zOH-');
define('AUTH_SALT', '3qH|kzJYd.*JmV%()x8yyl1a;^SC3}]D}7koA%|W*z(GRA/wF=p!(9xT~;+0A>>D');
define('SECURE_AUTH_SALT', '1$LIVd(W 3X~.L$Or YbUtUBL%&}JNxF6o`tw.WVJ3b|v]Ik3c0afEy0j =D2R5<');
define('LOGGED_IN_SALT', '[-Rf2*n&U]D&KWZ 5IR{63D^$g~oGq</!Pi(&8kEQ*J2Ui?cHo!h4(1~<Qj?g ah');
define('NONCE_SALT', 'xRL!G|/Xe&f|WfCp(v(6H.?-OwY2uxp^HJYYhMWx8KJca0s<J_2%E[cr:ZZ9t`1k');

• If you are only going to run the one website on this server, you can edit the apache config
• to change the default document root to point to your wordpress folder
• by default it is located: /etc/httpd/conf/httpd.conf
• Change the following two lines

DocumentRoot "/opt/yourdomain" # was "/var/www/html"
<Directory "/opt/yourdomain"> # was "/var/www/html"

• If this is the only website that will be hosted on this server, you can skip the Virtual host section and simply restart httpd now
• If you are going to have multiple domains pointing to this server eventually,
• you will need to create a virtual host config file and by default apache loads any conf files in the conf.d folder. So create: /etc/httpd/conf.d/vhosts.conf
• Now copy and paste the below syntax once for each virtual host.
• Obviously, replace yourdomain with your real domain info.

    ServerAdmin [email protected]
    DirectoryIndex index.php index.html index.htm
    DocumentRoot /opt/yourdomain
    ServerName yourdomain.com
    ServerAlias *.yourdomain.com
    LogLevel warn
    ErrorLog logs/yourdomain-error_log
    CustomLog logs/yourdomain-access_log common
        
            Require all granted
            Options Indexes FollowSymLinks Includes ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        

• restart the webserver then browse to your site.

systemctl reload httpd;

NerdyDad

@JaredBusch said in Installing Wordpress on CentOS 7 Minimal:

This is for WordPress, correct?

Now download wordpress

Just wanted to double check because of the mention of ownCloud

Sign in to the database and create the ownCloud instance and user.
You will be prompted to enter your database root password.

Not meaning to be nitpicky, but wanted to double check.

JaredBusch

Note, I used setenforce permissive during the setup. I recommend rebooting the instance after you confirm everything is setup and working.

When I initially wrote this, everything works without needing to turn off SELinux.

I have not done a clean install in a couple years at this point.

JaredBusch

@NerdyDad said in Installing Wordpress on CentOS 7 Minimal:

Not meaning to be nitpicky, but wanted to double check.

Because copy/paste fail.

Obsolesce

Would it be hard to add the installation of phpMyAdmin into your guide?

travisdh1

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

yum install phpMyAdmin

Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

Obsolesce

@travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

yum install phpMyAdmin

Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.

scottalanmiller

@travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

yum install phpMyAdmin

Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

Same here. Not recommended for normal use.

scottalanmiller

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

@travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

yum install phpMyAdmin

Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.

It is, but for something like WordPress, no really use for it.

JaredBusch

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

I never use It, and as the others have said I would never want to have it installed.

scottalanmiller

And graphical tools like phpMyAdmin make instructions much harder. Telling someone to just "copy this command" is so easy. Telling someone to follow screen shot after screen shot of things to click on is not.

Obsolesce

@scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

@travisdh1 said in Installing Wordpress on CentOS 7 Minimal:

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

Would it be hard to add the installation of phpMyAdmin into your guide?

yum install phpMyAdmin

Wouldn't normally do that, so much of a security risk if it's not properly managed/maintained.

For intranet-only it's fine. Different for external facing installs, but it is securable. Especially when using the whitelist approach.

It is, but for something like WordPress, no really use for it.

I put it on internal servers because it's easier to set up databases and users for those databases at the same time for web servers that will be hosting multiple sites that need databases. Go to the web address, enter info in for new user and database, set permissions, done. Easy.

I personally do not know the command line way to do that, it's always been super easy and fast doing it through phpMyAdmin. When other people take over, it's very easy for them to do it.

I'm not going to choose not to install it just because there may be a possibility that I have to give someone step by step instructions on creating a database and user for MySQL on ML or SW... if it were in person, I'd just take the 25-30 seconds to bookmark the page and show them.

I'm not disagreeing with all of you, I'm just laying out my case usage. I have never installed phpMyAdmin on external facing servers. In cases where it was, it was due to the Webhost having it incorporated in cPanel for example, with no way to add databases via CLI or other real means.

Now that you have posted the CLI to do it, I already copied that down into my personal notes to do it that way in the future... so thanks for that. Very helpful.

scottalanmiller

@Tim_G said in Installing Wordpress on CentOS 7 Minimal:

I personally do not know the command line way to do that, it's always been super easy and fast doing it through phpMyAdmin. When other people take over, it's very easy for them to do it.

Every install guide has the command, making it super fast. And once you use it once, it is in your command history so you just "up arrow" and there it is.

mysql> CREATE DATABASE databasename;
mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname" IDENTIFIED BY "password";
mysql> FLUSH PRIVILEGES;

scottalanmiller

Obviously, you only create the database the first time. But that's how fast it is, just "create database name".

scottalanmiller

I like doing it from the CLI, even though phpMyAdmin is slick, because I only need one interface. Having to switch back and forth between SSH and web or something else is cumbersome and more things that I have to maintain. I've had databases where I need to do regular maintenance and then, definitely, that's the tool that I use. But for just initial setup tasks, I stick to the command line.

Obsolesce

@scottalanmiller said in Installing Wordpress on CentOS 7 Minimal:

I like doing it from the CLI, even though phpMyAdmin is slick, because I only need one interface. Having to switch back and forth between SSH and web or something else is cumbersome and more things that I have to maintain. I've had databases where I need to do regular maintenance and then, definitely, that's the tool that I use. But for just initial setup tasks, I stick to the command line.

Yeah, that's another point I didn't think about: it's never just initial setups that occur on a webserver. At least ones I deal with. Sure it can be fast to type in the commands fast to create a new database and user for it... but then when you have to export and import tables and such from other servers, among other things, I'd need to take a class on how to do it. And I can't stand around and school everyone or expect everyone I make contact with to pick up my documentation and do it all via CLI.

Most people just want an easy web browser bookmark, where they can visually go in an get things done without worrying about typing it all out on CLI and everything that involves.

I'm all about automation, scripting, etc... but only when it involves doing things more than once on the same or like systems.

There's a saying I like that goes something like... "If you have to do it twice, it should have been automated." lol

But anyways, I agree with you... initial set up, easy CLI... more involved work/maintenance = GUI (unless you're a trained SQL CLI admin or whatever) But even still, it's not always you who are going to be maintaining it after initial setup... it may not even be a technical fellow.

scottalanmiller

@Tim_G yeah, that's very different. For WordPress, normally you never touch the DB again, ever.

JaredBusch

Updated the instrucitons a bit to make the MySQL setup non interactive and fixed a missing bit of info for the httpd.conf.

JaredBusch

Thanks to @BRRABill it looks like I missed some SELinux issues.

Instructions updated, but this is what I needed to resolve his issues so far. He just installed, so maybe more updates to come

yum install -y policycoreutils-python
semanage fcontext -a -t httpd_sys_content_t '/opt/yourdomain(/.*)?'
restorecon -R /opt/yourdomain
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/yourdomain/wp-content(/.*)?'
restorecon -R /opt/yourdomain/wp-content

BRRABill

One other thing @JaredBusch and I discussed was the location in /opt and opposed to /var

In theory, it should not matter.