Experiments in Lifestyle Design

How to Install and Configure WordPress on Fedora 27 with NGINX and MariaDB

WordPress does have it’s famous 5 minute install, but to get it fully configured these days there’s a few additional steps you’ll want to take. Directions were drafted from Fedora 27, but they’re very similar for other linux distributions. I’m serving the site using php 7  and NGINX.

The instructions are written assuming your nginx user and group are “nginx” a lot of systems are using www-data, make sure you use the right identifiers for your environment.

Log into your system.

You’ll need wget, php, and nginx, and sendmail installed, if it’s not:

dnf -y install wget php php-fpm php-mysqlnd mariadb mariadb-server php-pecl-ssh2 php-devel nginx sendmail sendmail-cf

Then download the package from wordpress.

wget https://wordpress.org/latest.tar.gz

Make the directory and extract

mkdir /var/www/wordpress
tar -xzvf latest.tar.gz -C /var/www

Fix ownership, jump into the directory, and the copy the template for wp-config

chown -R nginx:nginx /var/www/wordpress
cd /var/www/wordpress
mv wp-config-sample.php wp-config.php

Start and enable MariaDB, and do first time config. If you already have MariaDB up and running skip to the next step.

systemctl start mariadb.service
systemctl enable mariadb.service
mysql_secure_installation

Log into the mysql console and set up the database.

mysql -uroot -p
CREATE DATABASE wordpress_blog;
CREATE USER 'blogUser'@'localhost' IDENTIFIED BY 'yoursecretpassword';
GRANT ALL PRIVILEGES ON wordpress_blog.* TO 'blogUser'@'localhost';
FLUSH PRIVILEGES;
quit;

You now have a database and database user set up and ready for wordpress.

WordPress now needs a ftp user to do it’s updates and installation. To keep everything streamlined and low effort moving forward we’ll create a pair of local ssh keys for WordPress to use when doing those updates and installs.

Instead of saving the ssh key to the default path save it at /home/wp-user/wp_rsa
When asked to enter a password for the ssh key press enter twice to leave it blank.

create user wp-user
usermod -aG nginx wp-user
su wp-user
ssh-keygen -t rsa -b 4096
exit
chown wp-user:www-data /home/wp-user/wp_rsa*
chown wp-user:nginx /home/wp-user/wp_rsa*
chmod 0640 /home/wp-user/wp_rsa*
mkdir /home/wp-user/.ssh
chown wp-user:wp-user /home/wp-user/.ssh/
chmod 0700 /home/wp-user/.ssh/
cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys
chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
chmod 0644 /home/wp-user/.ssh/authorized_keys
vi /home/wp-user/.ssh/authorized_keys 

In the authorized keys file add from="127.0.0.1" to the very beginning so it’s only accessible locally. It should look something like this:

from="127.0.0.1" ssh-rsa AADAB3ZzaC3yc5EA.....

Check out a vi primer if you’ve never used it; it’s my prefered system editor, but the first time I used it I literally had to reboot to get out of it. Or just use nano.

Get a unique salt from wp at https://api.wordpress.org/secret-key/1.1/salt/

cd /var/www/wordpress
vi wp-config.php

Replace the empty salt.
Update DB_NAME, DB_USER, and DB_PASSWORD.
Add the following lines towards the end of the file.

define('FTP_PUBKEY','/home/wp-user/wp_rsa.pub');
define('FTP_PRIKEY','/home/wp-user/wp_rsa');
define('FTP_USER','wp-user');
define('FTP_PASS','');
define('FTP_HOST','127.0.0.1:22');

Now nearly the last piece of the puzzle, the nginx config.

# WordPress single site rules.
# Designed to be included in any server {} block.
# Upstream to abstract backend connection(s) for php
upstream php {
        server unix:/run/php-fpm/www.sock;
}

server {
        ## Your website name goes here.
        server_name yourdomainname.tld;
        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        client_max_body_size 500m;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
                fastcgi_buffers 16 16k;
                fastcgi_buffer_size 32k;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

If you’re not on fedora you may need to check /etc/php-fpm.d/www.conf to find out what path to use for your sock. /run/php-fpm/www.sock

I also had to set my user and group to nginx in /etc/php-fpm.d/www.conf.

systemctl start php-fpm.service
systemctl start nginx.service
systemctl enable php-fpm.service
systemctl enable nginx.service

At this point you should be able to navigate to http://yourblogurl.tld/wp-admin/install.php and step through the initial wordpress installation.

Once that’s complete try installing a theme or plugin and verify your ssh keys are setup. If done correctly you should be able to install without entering any additional credentials.

Finally you’ll probably want your system to be able to send out email on your behalf, so it’s time to configure sendmail.

cd /etc/mail
cp sendmail.mc sendmail.mc.bak
cp sendmail.cf sendmail.cf.bak

Remove dnl from the beginning of these lines if it exists:

LOCAL_DOMAIN (‘localhost.localdomain’) dnl
FEATURE (masquerade_envelope) dnl
FEATURE (masquerade_entire_domain) dnl

Enter the domain name you want to use, this example uses yourdomainname.tld:

MASQUERADE_AS (‘yourdomainname.tld’) dnl
MASQUERADE_DOMAIN (yourdomainname.tld) dnl

Now you can restart sendmail and test your changes.

cd /etc/mail
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
systemctl restart sendmail
sendmail -s "TEST EMAIL" john@doe.com < /dev/null

Within a few minutes you should receive your test email. If that came through plugins like Contact Form 7 will now be able to send out messages.

Leave a comment