One of the key elements of managing a home lab is documenting every single step and keeping that documentation updated. There are many platforms suitable for this purpose, but I prefer WordPress because it is convenient, flexible, and easy to maintain.
This post captures the exact steps I used to deploy a production-grade WordPress instance on Ubuntu, backed by an external MariaDB 11.8 database and served securely over HTTPS using Apache2. These notes ensure a consistent, repeatable deployment inside the infrastructure.
1. Create the WordPress Database in MariaDB
On the MariaDB server, run:
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wpuser'@'%' IDENTIFIED BY '<Password>';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%';
FLUSH PRIVILEGES;
This creates a dedicated WordPress database and a user accessible from external hosts.
2. Install Apache and Required PHP Modules (WordPress VM)
On the WordPress VM:
sudo apt update
sudo apt install -y apache2 php php-mysql php-gd php-curl php-xml php-mbstring php-zip php-intl php-soap php-bcmath php-imagick
sudo systemctl enable --now apache2
These packages provide the full PHP runtime required by WordPress.
3. Configure Apache Virtual Host with HTTPS
Place your SSL certificates in the appropriate directories:
| File | Path |
|---|---|
| yourdomain.key | /etc/ssl/private/ |
| yourdomain.crt | /etc/ssl/certs/ |
| ca_bundle.crt | /etc/ssl/certs/ |
Set secure permissions:
chmod 640 /etc/ssl/private/yourdomain.key
chown root:www-data /etc/ssl/private/yourdomain.key
chmod 644 /etc/ssl/certs/yourdomain.crt
chmod 644 /etc/ssl/certs/ca_bundle.crt
Create the virtual host:
File:/etc/apache2/sites-available/blog.conf
<VirtualHost *:80>
ServerName blog.yourdomain.net
Redirect permanent / https://blog.yourdomain.net/
</VirtualHost>
<VirtualHost *:443>
ServerName blog.yourdomain.net
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
<Directory /var/www/html>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/blog_error.log
CustomLog ${APACHE_LOG_DIR}/blog_access.log combined
</VirtualHost>
Enable required modules and activate the site:
sudo a2enmod ssl rewrite headers
sudo a2ensite blog.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2
sudo systemctl restart apache2
4. Download and Install WordPress
Prepare a working directory:
mkdir wp
cd wp
Download WordPress:
wget https://wordpress.org/latest.tar.gz
tar -xf latest.tar.gz
Install it:
sudo rm -rf /var/www/html/*
sudo mv wordpress/* /var/www/html/
sudo chown -R www-data:www-data /var/www/html
Copy default configuration:
cd /var/www/html/
sudo cp wp-config-sample.php ../wp-config.php
5. Configure WordPress (wp-config.php)
Edit:
/var/www/wp-config.php
Force HTTPS
Add this at the top:
// Force HTTPS
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
define('FORCE_SSL_ADMIN', true);
Database Settings
define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'wpuser' );
define( 'DB_PASSWORD', '<PasswordConfigured>' );
define( 'DB_HOST', '<MariaDB host>' );
define( 'DB_CHARSET', 'utf8mb4' );
define( 'DB_COLLATE', 'utf8mb4_unicode_ci' );
6. Secure the WordPress Configuration
sudo chown www-data:www-data /var/www/wp-config.php
sudo chmod 640 /var/www/wp-config.php
sudo chmod 440 /var/www/wp-config.php
This restricts access so only the web server can read the file.
7. Complete WordPress Installation
Open your browser and navigate to:
https://blog.yourdomain.net
Walk through the WordPress setup wizard:
- Set site name
- Create admin account
- Finalize installation
Your WordPress instance is now ready.