Nginx And WordPress

WordPress: Debian 11 Install

Views: 23
0 0
Read Time:6 Minute, 42 Second

Introduction

Important Pre Install Steps

Critical, to a raw WordPress sites. Lock down the server and diversify the sites processes between servers if possible. Like the old way overused statement “Don’t put all your eggs in one basket!” That is really true when it comes to the web. After all, all of the security breaches out there can take a server down or expose all of your data to a hacker. Of coarse, sometimes it is just easier and cost effective to place it all on one server. Overall, WordPress is the one blog platforms I have come back to over and over. For a complete WordPress: Debian 11 Install then please continue to read this post.

Domain

As many know, without a Domain then you have very little that can be easy for others to use your site and data. Now, it is not impossible but why not use a free option if nothing else. Something like: DuckDns or NoIP can give a free domain name to work from and that may be enough for you. Me, I like the vanity of having my own domain. Oh, and I love Epik they have great support and a good domain config panel.

DNS

Ok, most Domain providers give the option to allow DNS registration to DNS servers they run. This is the simplest way to setup a site. However, if you are brave and want to run your own DNS then I would use BIND.

Website

Website absolutely critical to WordPress. After all, without it there nothing to talk about. So, If you are interested in just short circuiting all of this blog just do this. Use existing domain provider to host WordPress. For example, sites as Epik, Ionos, OVH and there are many others. So, many options here; but I choose to build my own everything and I will outline it on this site.

WordPress: Debian 11 Install Process

VPS of Physical Server

So for this example, I am using CrownCloud. So, here is why:

  • Not too expensive
  • Gives ipv4 and ipv6 addresses.
  • Easy setup in panel.

DNS Config

Ok, so many ways to do this option from easy to complex. Epik is a great domain provider and alshowto.com is currently served on its own DNS servers. So, I configed in webmin:

DNS setup in webmin

Furthermore, Webmin is a great platform to easily administer the server. See my vanilla server setup for configuring this option. As shown, bind is setup as DNS server for alhowto.com.

aaPanel Setup

First, there are so many CPanel like linux server administrative pages. Note, this one is free and it has some really great components. So, I am using this as a way to control the web server and have a simple GUI to control and configure the web server. Also, aaPanel was simple to setup and I will add I will include a setup tutorial for it on this website too. Spoiler, it is easy to configure: wget -O install.sh http://www.aapanel.com/script/install-ubuntu_6.0_en.sh && sudo bash install.sh aapanel

Also, there is the tutorial from aaPanel’s own site.

Email Setup

Website Configuration

First, It is important that DNS is configured to the website url! Why? Simply, it allows https to be configured right from the start of the website location creation. Once DNS done, configure the website location in aaPanel. . That is it, just configure as below. Click the Add Site button .Then, fill in the popup page below:

Add Site Popup Webpage
Add Site Popup Webpage

See above, I have highlighted the most important things to consider during initial configuration.

PHP 8.1Warning!

At the time of writing this 8.1 does not work with WordPress! That may have changed, but I wanted to highlight the fact I had problems setting up a site with PHP version 8.1. Here is a WordPress page to explain.

WordPress Baseline Config

Get Latest WordPress from WordPress.org

Ok, time to get the actual WordPress website code. With this, it is possible to setup WordPress once placed in proper wwwRoot folder and security is configured for access of associated web server. In this case, it is Nginx. So, here are the commands to run to get from WordPress site directly.

cd /root
rm -fR wordpress-release/
mkdir wordpress-release
cd wordpress-release/
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
cd ..
chmod 755 -R wordpress-release/
chown -R www:www wordpress-release/

Oh, notice the command above I setup a cron job to get this every week and load into wordpress-release folder. So, now all I have to do is copy all the files to the root folder where Nginx is pointing to load files. In this case, root /www/wwwroot/alshowto.com; Now, simply run cp from the command line in the /root/wordpress-release folder.

cp -r -f * <location pointed to by root of Nginx webserver config>

Configure WordPress

Finally, it is time to configure WordPress and point it to the DB associated with the site. Now, using aaPanel helps with this configuration as it is capable of creating the database while configuring the Website in the website configuration page. Consequently, to get to the website simply type https://<Your WordPress website url base>. Then, the website should come up with the first configuration page below:

WordPress Install: First WordPress page.
WordPress Install: Second Page of config.
WordPress Install: Set DB Info.
WordPress Install: Run the installation.

Before, config ngnix to work correctly with PermaLinks. See this page for more info on this. It worked for ngnix under managed under aaPanel

location / {
try_files $uri $uri/ /index.php?$args;
}

Here is what can be run to create new salt for login tokens. WordPress Salt

What, why run that? Well, setting salt helps keep the login tokens secure. However, in the latest WordPress release I find it already sets them uniquely per site. So, if you feel there was a security breach then run the WordPress Salt link above to generate new salt keys.

WordPress Plugins

Other Issues

Oh, one really big issue I ran into is Health check failing due to curl error 60 in WordPress Health Check.

Below, is the nigx config for ssl:

 ssl_certificate    /www/server/panel/vhost/cert/alshowto.com/fullchain.pem;
 ssl_certificate_key    /www/server/panel/vhost/cert/alshowto.com/privkey.pem;

The REST API request failed due to an error unable to get local issuer certificate

So, what is the issue? Add the whole blockchain to the websites cert pem file. That is, if using Let’s Encrypt then make sure to use the full chain pem. See below, It contains three public key certificates.

----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgISBGoYo0mZ5INvBZ43vrUBcJ5RMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA0MTgyMzA3MzJaFw0yMjA3MTcyMzA3MzFaMBkxFzAVBgNVBAMM
DiouYWxzaG93dG8uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
zDvVlT7byccVqVuiar7XLh+rVY2Wo08cbi7DoSSbV2CsIvqF5h8bC60I4nO2bkj5
Px5xr1N5gN5h3sYo/CbhA/SlrxTSrrCEuYxbwX+x4N5pURWo6y+vackbChyJ3t2j
kNRF5WnFGdIb9Q475qvEWKuJAKW7/MjSyx1x6LQmnKOXf5gZsjofvK1iHVXS1jlV
AoT4CsGWXZmETVl//luDfDYj/8AoefcWq4foaUQC7ODikjKnn1Hgv/F3RHBt1zXl
XWR3e4VlOwl+feXz1AcFIEsUmt38sVIRqsNrproJS27YgYrp0JbAthS+seuzuYrb
vYuf4ixrcpEmVMfAXMbWt6k58EkhlwPAj2P8SpHvSaWFYmRnrfROxMgZRUCiqq6s
lv49U8BlvMCeN1gyqp/98VjYTCdamSrW4Ny+O3Wo8XkhOcRt0fra+pkbOgbCFSHu
d5OTJcVADfa0KwaYO7WrVMG+nn4v/Cq2+tLwXpJRHL2YpUBZIq/obYKXOi4QMtrw
Yel4wXhV2e0iC1z3+r5xD7IdX59uJMg754QBCb9Wj1X6ebnX7/HHtn1/7NEPav+z
lcoj9XPQiSjuwnBv7oMgQ+zTvlFuA62/YYXdJzjXq2O7MXBFPwT2dtAYsI2JsWRE
3H0NnjVqb32TCaQsLFCNg6HW3z1s9JoBoW1r/ayzrsMCAwEAAaOCAlcwggJTMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUrXzB5Mipdz/oUf9dz50l3Rr/SfQwHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wJwYDVR0RBCAwHoIOKi5hbHNob3d0by5jb22CDGFs
c2hvd3RvLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisG
AQQB1nkCBAIEgfUEgfIA8AB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBi
lgb2AAABgD8lUvYAAAQDAEcwRQIgI4QBEpUmsWmrjVJfqvWo9d1o1KXbYAv5AX8/
IOI4kP8CIQCMt8AtK9gYpgpVrI9DlLStequoL2aulcbU0lFnlhRL0wB2ACl5vvCe
OTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABgD8lUxMAAAQDAEcwRQIhAOHX
UgVcInrJAN4ilTWeLJdPoAry2FapSZgP+DAXktgEAiBVp11Pa+zSLlhpxeqZVYew
VS2pBOj4OzzdhtrDNXNq0TANBgkqhkiG9w0BAQsFAAOCAQEAMaYxzwN9TCKJYUTx
ZK73VwQimbW2PmEhc+7+TqD0SwLiyeJEWUgtp9z6sZxPG4zDUff8dk+A/Gsh7ZRY
zBDsmFSUZeFStaGTyQyqt96lIulfm2DL6SW/OuKY29tjl4vL2kFTaVdrCU/UXn5j
+kl8a1VjKpOPKiyeVKBv3t8Tii79PEQFkqIt1kGYsH5BP4oGXEwRgOkY/ysAahg0
HrurN0sM8KbzHJy0Ul0gbZNoGu86nGql4o7P9InEnRvd9Dzkr6DaItTjoK0EujC5
kR7EW9DeX/r5IsanuahOqLvWnRUz1V2zO8GdciknOKXyCvzDvR0mEUuoRhrA/+SD
0KWjSA==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published.

Uses for the "Mask" Next post Uses for the “Mask”