How to Setup a Multi-site LAMP Stack Using Apache Vhosts and Setup Wordpress

This guide goes over the process of setting up a LAMP stack, configuring Apache’s VirtualHosts for a multisite configuration, and then installing Wordpress on the server.

Note: This guide assumes that the server is of the Ubuntu flavor — for other distributions, note that the commands may be different.

Secure Your Server

Don’t leave a public-facing server insecure, no matter how little traffic it may receive. Before starting the guide, it is important to lock down the root user, add a new user account to use, and restrict ssh access.

Change the root password

First, lock down the root account. Login to the server as the root user, and change the root user’s password (if it isn’t a very secure password already) using

passwd

Enter a new, secure password and make sure that it is noted somewhere.

Password Managers

If you are going to be managing a lot of servers, it is a good idea to look into using a password manager. Two of the most popular options are OnePassword and LastPass.

Create a new admin user

Now, create a new user. Use the following command, substituting username for whatever username you’d like to use

adduser username

The prompt will ask for a password to be entered for the new user.

Give the new user sudo privileges

Now, the new user added needs sudo privileges.

To do this, the user needs to be added to the sudoers file. The shortcut to editing the sudoers file is entering the command

visudo

This will open the sudoers file in the default editor (for Ubuntu, this is nano).

Find the section called user privilege specification. Under the bottom line in this section, add all permissions for the username created in the previous step:

username ALL=(ALL:ALL) ALL
Why Sudo?

You may ask yourself, why use sudo at all? The sudo pattern is beneficial for two main reasons:

  1. It prevents the user from making any system destroying mistakes.
  2. It stores all commands run with the sudo prefix to /var/log/secure, which can be reviewed later if needed.

Setup remote login using SSH

The last thing to do before starting is to secure SSH. This generally comes down to two configuration options: restricting root access over SSH, and changing the port that SSH operates over.

Open the sshd_config file in nano by using the command

nano /etc/ssh/sshd_config

Find the following options in the file and change them, where appropriate:

Port 25137
Protocol 2
PermitRootLogin no
  • The Port can be set to any number between 1025 and 65536—setting SSH to run over a non-standard port will make it harder for a potential hacker to guess which port is being used for SSH.
  • Make sure that PermitRootLogin is set to no—this option disables root login via SSH (can only use root from the local terminal).

At the bottom of the sshd_config file, add the following lines to explicitly allow your new user to login via SSH:

UseDNS no
AllowUsers username

Where username is the user that was created in the create a new user step.

Save, exit, and reload the local ssh daemon:

reload ssh

LAMP Stack

The LAMP stack involves the following technologies:

  • Linux
  • Apache
  • MySQL
  • PHP

There are still three parts of the LAMP stack that need to be installed: Apache, MySQL, and PHP. This part should be quick and painless if the server is configured properly and the linux distribution being used has a decent package manager. For Ubuntu, the package manager is APT, short for Advanced Packaging Tool.

Packages can be installed on Ubuntu using the command

apt-get install package-name

Install apache

SSH into the server using the account created in the pre-setup configuration, then install apache using

sudo apt-get update
sudo apt-get install apache2

Check that apache has installed correctly by navigating to the server’s IP address and making sure that the It works! page appears.

Install mysql

Now, go back to the terminal and install mysql

sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

Once mysql is installed, activate it using sudo mysql_install_db, then finish up by running the mysql secure installation script:

sudo /usr/bin/mysql_secure_installation

Set the mysql bind-address

You may not need to do this, but sometimes it is necessary to set (or un-set) the mysql bind address.

Open my.cnf, which should be in one of the following locations:

  • /etc/my.cnf
  • /etc/mysql/my.cnf
  • $MYSQL_HOME/my.cnf
  • ~/my.cnf

Search for the bind-address and change it from 127.0.0.1 to 0.0.0.0:

bind-address    = 0.0.0.0

Restart the mysql server:

sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysql start

Now, check that mysql is running and isn’t bound to 127.0.0.1:

netstat -tulpen

Look for an address that ends in port :3306, for example:

tcp  0   0.0.0.0:3306   0.0.0.0:*  LISTEN   106  22693

Install php

Now, install php in the terminal using

sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-gd

Then the directory index needs to be updated to know that it should serve php files:

sudo nano /etc/apache2/mods-enabled/dir.conf

Add index.php to the beginning of the index files:

<IfModule mod_dir.c>
        DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

Optional: See the php settings info

It is easy to view the settings and information associated with the php that has been installed. First, create a new file

sudo nano /var/www/html/info.php

Add the following code to the file

1
2
3
<?php
  phpinfo();
?>

Save, exit, and restart the apache server

sudo service apache2 restart

Now, navigate the the server’s IP address (the same address used to check that apache was installed correctly) but with /info.php appended to the end of the IP address. The browser should display a page showing the configuration options of the PHP running on the server.


Configure Apache VirtualHosts

Navigate to the /var/www directory and create directories for each site to be hosted on the server

sudo mkdir site1
sudo mkdir site2

Where site1 and site2 are the names of the sites that are going to be hosted on the server.

Navigate the apache’s sites-available directory

cd /etc/apache2/sites-available

Create new virtual host files for each site by copying the default host file

sudo cp 000-default.conf site1.conf
sudo cp 000-default.conf site2.conf

Open the first file that was created and configure it for the first site

sudo nano site1.conf

Modify site1.conf to match the following format, substituting the values for your site where needed:

<VirtualHost *:80>
    ServerAdmin your_email_address
    ServerName siteone.com
    ServerAlias www.siteone.com

    DocumentRoot /var/www/site1
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/site1>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
    ...
</VirtualHost>

Do the same for the rest of the sites.

Enable the sites

Enables the sites using the a2enmod command

sudo a2ensite site1
sudo a2ensite site2

Optional: Enable mod_rewrite for Pretty URL’s

If you plan on using Pretty URL’s, apache’s mod_rewrite module needs to be enabled.

sudo a2enmod rewrite
sudo service apache2 restart

Download and Setup WordPress

Download WordPress

Navigate into a directory to download WordPress to, and download it using

wget http://wordpress.org/latest.tar.gz

Unpack the tarball

tar -xzvf latest.tar.gz

Create a mysql database and user

Login to mysql using the root account setup when it was installed

mysql -u root -p

At the mysql command prompt, create a new database for the first site

CREATE DATABASE site1_db;

Create a user and grant it privileges on the database

GRANT ALL PRIVILEGES ON site1_db.* TO 'site1_user'@'localhost' IDENTIFIED BY 'password';

Where password is the password that will be used to access the database for the user.

The user should only be allowed to access the database from localhost unless the site and the database are hosted on separate servers.

Create databases and users for the other sites, and make sure that you note their credentials somewhere.

Setup WordPress files and user

Now, copy the unzipped WordPress files to the root folders of the sites that were created

cp ~/wordpress/wp-config-sample.php ~/wordpress/wp-config.php
sudo rsync -avP ~/wordpress/ /var/www/site1
sudo rsync -avP ~/wordpress/ /var/www/site2

Now, the users that can access the WordPress files need to be updated to allow apache to server the files.

sudo chown -R www-data:www-data /var/www/*
sudo usermod -a -G www-data youruser

For each site, the wp-config.php file needs to be updated to match the databases created for the sites.

cd /var/www/site1
sudo nano wp-config.php

Insert the information for the database and mysql user created for site1 in the wp-config.php file:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for Wordpress */
define('DB_NAME', 'dbname');

/** MySQL database username */
define('DB_USER', 'dbuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

Do the same for the other sites.