Install Word Press on Debian Buster, HTTPS access only

Posted on by sandeep

Bring up a fresh installation of Debian Buster. Had opted only for ssh access and standard utilities during installation.

Note : Preferred not to use any wordpress plugins to have the redirection to https. Wanted to keep the blog, plain simple and faster – page completely being displayed when accessed.

Install php7.3 and php modules

#apt install php php-common php-mysql php-curl php-xml 
#apt install php-imagick php-mbstring php-zip php-gd
#apt install php-mysql

Install apache2

#apt install apache2 libapache2-mod-php

Enable apache2 modules

#a2enmod php7.3 rewrite ssl

Create an empty folder for web-site content and add a simple index.html file for testing – Say /var/www/websitefolder

Create a folder /etc/apache2/sites-available/websitefolder/certs and copy the SSL certificate, certificate key file and certificate chain file to that folder.

Add virtual host configuration.

Note : Initially had added rewrite rules to redirect all http requests to https. However page speed checks recommend to avoid redirects in landing page and hence removed it. Added to that added expires heading to selective (FilesMatch) files – a recommendation from page speed checks.

<VirtualHost *:80>
   ServerName website.net
   ServerAlias www.website.net
   DirectoryIndex index.html index.php
   DocumentRoot /var/www/sandeeprao.net
   ErrorLog ${APACHE_LOG_DIR}/blog-error.log
   CustomLog ${APACHE_LOG_DIR}/blog-access.log combined

   <FilesMatch "(?i)^.*.(ico|flv|jpg|jpeg|png|gif|js|css|woff)$">
     ExpiresActive On     
     ExpiresDefault A2592000
   </FilesMatch>

   Options FollowSymLinks
   <Directory "/var/www/sandeeprao.net">
     AllowOverride All
     Require all granted
   </Directory>
 </VirtualHost>

 <VirtualHost *:443>
   ServerName website.net
   ServerAlias www.website.net
   DirectoryIndex index.html index.php
   DocumentRoot /var/www/websitefolder

   SSLEngine On
   SSLCertificateFile /etc/apache2/sites-available/certs/websiteprimary.crt
   SSLCertificateKeyFile /etc/apache2/sites-available/certs/website-privatekey.txt
   SSLCertificateChainFile /etc/apache2/sites-available/certs/website-chain.crt

   ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
   CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined

   <FilesMatch "(?i)^.*.(ico|flv|jpg|jpeg|png|gif|js|css|woff)$">
     ExpiresActive On     
     ExpiresDefault A2592000
   </FilesMatch>

   Options FollowSymLinks
   <Directory "/var/www/websitefolder">
     AllowOverride All
     Require all granted
   </Directory>
 </VirtualHost>

Enable mod_deflate for compression

#ln -s /etc/apache2/mods-available/deflate.load /etc/apache2/mods-enabled/

Restart apache2 and verify access to your website (the default dummy test index.html should be displayed). Try accessing without http and verify that the request is redirected to https.

Next we need to ensure that access to a database in mysql / mariadb for a user account to be used for the website is available. In my case I use mariadb and is hosted in a different vm. Replace appropriate values for ‘bloguseraccount’ and ‘bloguseraccountpassword’ as required. The same will be required to update configuration in WordPress.

Welcome to the MariaDB monitor.  Commands end with ; or \g. 
Your MariaDB connection id is 131598
Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database blogdb;
Query OK, 1 row affected (0.008 sec)

MariaDB [(none)]> grant all on blogdb.* to 'bloguseraccount'@'blogvmip' identified by 'bloguseraccountpassword';
Query OK, 0 rows affected (0.008 sec) MariaDB [(none)]>

Remove the default index.html. Download the latest wordpress from here. Unzip/Extract the contents to /var/www/websitefolder. Now copy the file wp-config-sample.php to wp-config.php (in websitefolder).

Edit the wp-config.php and add update the following lines

define( 'DB_NAME', 'blogdb' );

/** MySQL database username */
define( 'DB_USER', 'bloguseraccount' );

/** MySQL database password */ 
define( 'DB_PASSWORD', 'bloguseraccountpassword' );

/** MySQL hostname */
define( 'DB_HOST', 'dbhostip' );

Add one more line just before the define(‘DBNAME’, ‘blogdb’) as follows to avoid issues related to deleting plugins.

define('FS_METHOD','direct');
define( 'DB_NAME', 'blog' );

Set the required file permissions to the contents of website folder

chown www-data:www-data  -R /var/www/websitefolder
cd /var/www/websitefolder
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

Restart apache2 and complete the famous five minute install WordPress process by accessing https://website.net/wp-admin/install.php (Replace website.net with your website information.)