This is the implementation guide for the bonus part of the `born2beroot` project. In here, we will describe the implementation of a Wordpress site and a service of our choice in both the operating systems defined by the project. The bonus implementation of the other partitioning scheme was already explained during both the Debian and the CentOS implementation guides, so you might want to check those out first.
Wordpress • Lighttpd • MariaDB • PHP • Instructions • Fail2ban • References
Wordpress is a Content Manager System (CMS). In other words, it's an application that allows you to create blogs and websites, and was originally designed to be a simple, user-friendly platform so that anyone, anywhere, could create a functional website.
In this project, we will have to set up a Wordpress website so that our server works as host to it. We will need to set up http , Database and PHP services, and make sure the website or blog is completely functional.
We will also need to deal with our firewall and MAC systems in order to allow communication through the correct ports. But first, let`s understand the services we will need to install beforehand.
Lighttpd is an open-source web server known for being fast, secure and optimized for less memory consumption than its pairs.
For CentOS, you will need the
EPELrepository in order to installlighttpd. You already downloaded it during theUFWinstallation, but if you need, here's the command one more time:# dnf install -y epel-release
Now you can install lighttpd.
In CentOS:
# dnf install lighttpdIn Debian:
# aptitude install lighttpdAfter installation is complete, you can use the following commands to start and enable lighttpd at startup. Don't forget to also check its status and current version. The output should appear like this on CentOS
# lighttpd -v
# systemctl start lighttpd
# systemctl enable lighttpd
# systemctl status lighttpdNow, you will need to allow HTTP traffic in you Firewall.
# ufw allow httpThe default port for http traffic is 80. Make sure it is already included on your firewall settings.
# ufw statusNow, if you're using CentOS, you must make sure SELinux is also permiting communication through port 80. To do so, check the HTTP ports and include 80 in your allowed list if its not already there (by default it usually is) by the following commands:
# semanage port -l | grep http # semanage port -a -t http_port_t -p tcp 80
MariaDB is an open source database management system that is a sort-of replacement for the MySQL database tecnology, being very much compatible and even sharing some of its own commands. It is SQL based and completely free.
To install MariaDB on your server, you must do the following steps:
In CentOS:
# dnf install mariadb-serverIn Debian:
# aptitude install mariadb-serverSame thing as done in lighttpd, you must make sure to start and enable MariaDB on startup:
# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadbThen, you should make sure tu secure MariaDB server with the following command:
# mysql_secure_installationYou should configure your MariaDB like this and this:
# Switch to unix_socket authentication [Y/n]: Y
# Enter current password for root (enter for none): Enter
# Set root password? [Y/n]: Y
# New password: C1t1zenK4ne | M1lesD4vis
# Re-enter new password: C1t1zenK4ne | M1lesD4vis
# Remove anonymous users? [Y/n]: Y
# Disallow root login remotely? [Y/n]: Y
# Remove test database and access to it? [Y/n]: Y
# Reload privilege tables now? [Y/n]: YThen, you must restart MariaDB service:
# systemctl restart mariadbNow that you already have a database management system intalled, you will need to configure a Database to host your Wordpress site.
# mysql -u root -pYou will be asked to enter your DB password. Then, you can create de Database for your Wordpress site. The final result should look like this. To do so, use the following comands on the MariaDB terminal:
On CentOS:
MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> CREATE USER 'admin'@'cado-car42' IDENTIFIED BY 'WPadm1n';
MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'admin'@'cado-car42' IDENTIFIED BY 'WPadm1n' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;On Debian:
MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> CREATE USER 'admin'@'localhost' IDENTIFIED BY 'WPadm1n';
MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'admin'@'localhost' IDENTIFIED BY 'WPadm1n' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;PHP is a well-known and open-source scripting language for servers that is quite popular to develop web pages. You will need to install it in order to allow proper functioning of the Wordpress website you will try to create. For this activity, we will install the last available PHP version, which currently is 8.0.
If you're using
CentOS, you will needEPELrepository again for this one (check lighttpd for information on how to download it). Also, you will need to downloadRemi, a third-party repository that provides a wide range of PHP versions for RedHat Enterprise Linux - including its most recent one.# dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpmConfirm its modules:
# dnf module list phpAnd then enable its last version:
# dnf module enable -y php:remi-8.0
If you're using Debian you you need to install some repositories in order to be able to install
php 8.0.# aptitude install -y lsb-release ca-certificates apt-transport-https software-properties-common # echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list # wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add - # aptitude update # aptitude install php8.0
You must install PHP and some of its modules that might be helpful to create a full operational Wordpress website. Only php-cgi php-common php-cli and php-mysql are in fact, fundamental to this project. However, I chose to download some other in order to, in the future, be able to expand my website's functionality. You may choose any packages you may find interesting.
In CentOS:
# dnf install php-cgi php-common php-cli php-mysql php-gd php-imagick php-recode php-tidy php-xml php-xmlrpc php-fpmIn Debian:
# aptitude install php-cgi php-common php-cli php-mysql php-gd php-imagick php-recode php-tidy php-xml php-xmlrpc php-fpmThis is the part where CentOS and Debian diverge a great deal. Let's break it into two parts:
After this, you can install lighttpd-fastcgi:
# dnf install lighttpd-fastcgiNow, since you installed php-fpm and lighttpd-fastcgi, you must configure some details.
First, you'll edit the PHP-FPM configuration file:
# vim /etc/php-fpm.d/www.confThen, you will edit the PHP configuration and uncomment this line:
# vim /etc/php.iniNext, you need to edit a file called modules.conf like this.
# vim /etc/lighttpd/modules.confThen, open a fourth file called /etc/lighttpd/conf.d/fastcgi.conf and edit these lines.
# vi /etc/lighttpd/conf.d/fastcgi.confLastly, you must make sure that your SELinux is allowing connection to your http server and your database:
# setsebool -P httpd_can_network_connect 1
# setsebool -P httpd_can_network_connect_db 1You will need to start and enable PHP-FPM on boot:
# systemctl start php-fpm
# systemctl enable php-fpmThen, you must make sure that lighttpd is getting the correct folder in which your wordpress data is (/var/www/html/). To do so, change your lighttpd server root location to be like this.
# vim /etc/lighttpd/lighttpd.confAfter installing all the php packages, you will need to configure some extra details. First, you will need to make sure Apache2is not installed in your server. It might be so thanks to php dependencies or even a pre-installation option you might have accidentely flagged. If it is, remove it completely from it, as so not to create any clashes between the two http servers.
# aptitude purge apache2Then, you will need to configure some php info, make it look like this:
# vim /etc/php/8.0/cgi/php.iniAnother php file to look like this:
# vim /etc/php/8.0/fpm/pool.d/www.confNow, make sure you configure you fastcgi file to contain some information on host and port, like this.
# vim /etc/lighttpd/conf-available/15-fastcgi-php.confNow, you must activate the modules for fastcgi using the following comands:
# lighty-enable-mod fastcgi
# lighty-enable-mod fastcgi-phpNow you can check if your connection is working properly by creating an information file to be displayed at your local browser:
# vi /var/www/html/info.phpThen you can try and access it going to you http://'your-ip-address'/info.php. Your webpage should display something like this.
If everything is according to the plan, you can now install and create your Wordpress website.
To install Wordpress into your computer, you must first make sure you have the wget and tar packages installed.
In CentOS:
# dnf install wget
# dnf install tarIn Debian:
# aptitude install wget
# aptitude install tarAfter that, you can download the latest available release of Wordpress and unzip it:
# wget http://wordpress.org/latest.tar.gz
# tar -xzvf latest.tar.gz
# mv wordpress/* /var/www/html/
# rm -rf latest.tar.gz wordpressCreate a Wordpress configuration file from its downloaded sample, and then edit it:
# mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
# vim /var/www/html/wp-config.phpYou must alter the 3 lines that specify the DB name, DB user, DB password and DB host, like this.
Lastly, you must change your wordpress folders permitions:
In CentOS:
# chown -R lighttpd:lighttpd /var/www/html/wordpress
# chmod -R 755 /var/www/html/wordpress
# chcon -t httpd_sys_rw_content_t /var/www/html/wordpress -RIn Debian:
# chown -R www-data:www-data /var/www/html/
# chmod -R 755 /var/www/html/At last, restart lighttpd againg and we are finally able to go to the computer's browser and typed:
http://192.168.15.181/And
http://192.168.15.121/The configuration menu for Wordpress should appear. You may configure it as you wish, these are my configuration settings, and these are [@]HCastanh](https://github.com/HCastanha)'s. Once it's all set, you may configure it as you wish: the sky is the limit!
At the end, my Wordpress website looked like this:
And Herbie's looked like this:
We decided to install, as part of the last bonus task, Fail2Ban, a service that gives an extra layer of protection to any other service that connects through password with your server.
Fail2Ban finds failed login attempts using your service's log and blocks new attempts at login from those IPs. In doing so, it disencourages hackers and people with malicious intetions from accessing your server in full.
We will install Fail2Ban and configure it so it blocks remote attempts from SSH connections that typed the wrong password more than a few times.
Fail2Ban can be found on the EPEL repository, which was already enabled previously on our machine. You can install it normally:
In CentOS:
# dnf install fail2banIn Debian:
# aptitude install fail2banThen, you can start it. I chose not to enable it at startup:
# systemctl start fail2banYou will need to create and edit the /etc/fail2ban/jail.local with some new configuration settings regarding ssh service, in order to activate fail2ban on your computer. You must then restart the service.
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# systemctl restart fail2ban
# systemctl status fail2banSince we're using a different port for ssh (port 4242), we will also need to edit the /etc/fail2ban/jail.conf to add the ssh port accordinly. You may choose to edit everything through this file, if you prefer.
To find status of failed and banned IP address, and the log file for fail2ban:
# fail2ban-client status
# fail2ban-client status sshd
# tail -f /var/log/fail2ban.logHow to install WordPress with lighttpd on Debian 10?
How to Install Lighttpd with PHP and MariaDB on CentOS/RHEL 8/7