This guide goes over the process of setting up a LAMP stack, configuring Apache’s VirtualHosts for a multisite configuration, and then installing Wordpress on the server.
Note: This guide assumes that the server is of the Ubuntu flavor — for other distributions, note that the commands may be different.
Secure Your Server
Don’t leave a public-facing server insecure, no matter how little traffic it may receive. Before starting the guide, it is important to lock down the root user, add a new user account to use, and restrict ssh access.
Change the root password
First, lock down the root account. Login to the server as the root user, and change the root user’s password (if it isn’t a very secure password already) using
Enter a new, secure password and make sure that it is noted somewhere.
Create a new admin user
Now, create a new user. Use the following command, substituting
username for whatever username you’d like to use
The prompt will ask for a password to be entered for the new user.
Give the new user sudo privileges
Now, the new user added needs sudo privileges.
To do this, the user needs to be added to the
sudoers file. The shortcut to editing the sudoers file is entering the command
This will open the
sudoers file in the default editor (for Ubuntu, this is nano).
Find the section called user privilege specification. Under the bottom line in this section, add all permissions for the
username created in the previous step:
username ALL=(ALL:ALL) ALL
You may ask yourself, why use sudo at all? The
sudo pattern is beneficial for two main reasons:
- It prevents the user from making any system destroying mistakes.
- It stores all commands run with the
/var/log/secure, which can be reviewed later if needed.
Setup remote login using SSH
The last thing to do before starting is to secure SSH. This generally comes down to two configuration options: restricting root access over SSH, and changing the port that SSH operates over.
sshd_config file in nano by using the command
Find the following options in the file and change them, where appropriate:
Port 25137 Protocol 2 PermitRootLogin no
- The Port can be set to any number between 1025 and 65536—setting SSH to run over a non-standard port will make it harder for a potential hacker to guess which port is being used for SSH.
- Make sure that PermitRootLogin is set to
no—this option disables
rootlogin via SSH (can only use
rootfrom the local terminal).
At the bottom of the
sshd_config file, add the following lines to explicitly allow your new user to login via SSH:
UseDNS no AllowUsers username
username is the user that was created in the create a new user step.
Save, exit, and reload the local ssh daemon:
The LAMP stack involves the following technologies:
There are still three parts of the LAMP stack that need to be installed: Apache, MySQL, and PHP. This part should be quick and painless if the server is configured properly and the linux distribution being used has a decent package manager. For Ubuntu, the package manager is APT, short for Advanced Packaging Tool.
Packages can be installed on Ubuntu using the command
SSH into the server using the account created in the pre-setup configuration, then install apache using
Check that apache has installed correctly by navigating to the server’s IP address and making sure that the It works! page appears.
Now, go back to the terminal and install mysql
Once mysql is installed, activate it using
sudo mysql_install_db, then finish up by running the mysql secure installation script:
Set the mysql bind-address
You may not need to do this, but sometimes it is necessary to set (or un-set) the mysql bind address.
my.cnf, which should be in one of the following locations:
Search for the bind-address and change it from
bind-address = 0.0.0.0
Restart the mysql server:
sudo /etc/init.d/mysql stop sudo /etc/init.d/mysql start
Now, check that mysql is running and isn’t bound to 127.0.0.1:
Look for an address that ends in port
:3306, for example:
tcp 0 0.0.0.0:3306 0.0.0.0:* LISTEN 106 22693
Now, install php in the terminal using
Then the directory index needs to be updated to know that it should serve php files:
Add index.php to the beginning of the index files:
<IfModule mod_dir.c> DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule>
Optional: See the php settings info
It is easy to view the settings and information associated with the php that has been installed. First, create a new file
sudo nano /var/www/html/info.php
Add the following code to the file
1 2 3 <?php phpinfo(); ?>
Save, exit, and restart the apache server
sudo service apache2 restart
Now, navigate the the server’s IP address (the same address used to check that apache was installed correctly) but with
/info.php appended to the end of the IP address. The browser should display a page showing the configuration options of the PHP running on the server.
Configure Apache VirtualHosts
Navigate to the
/var/www directory and create directories for each site to be hosted on the server
sudo mkdir site1 sudo mkdir site2
site2 are the names of the sites that are going to be hosted on the server.
Navigate the apache’s sites-available directory
Create new virtual host files for each site by copying the default host file
sudo cp 000-default.conf site1.conf sudo cp 000-default.conf site2.conf
Open the first file that was created and configure it for the first site
sudo nano site1.conf
site1.conf to match the following format, substituting the values for your site where needed:
<VirtualHost *:80> ServerAdmin your_email_address ServerName siteone.com ServerAlias www.siteone.com DocumentRoot /var/www/site1 <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/site1> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ... </VirtualHost>
Do the same for the rest of the sites.
Enable the sites
Enables the sites using the
sudo a2ensite site1 sudo a2ensite site2
Optional: Enable mod_rewrite for Pretty URL’s
If you plan on using Pretty URL’s, apache’s
mod_rewrite module needs to be enabled.
sudo a2enmod rewrite sudo service apache2 restart
Download and Setup WordPress
Navigate into a directory to download WordPress to, and download it using
Unpack the tarball
tar -xzvf latest.tar.gz
Create a mysql database and user
Login to mysql using the root account setup when it was installed
mysql -u root -p
At the mysql command prompt, create a new database for the first site
Create a user and grant it privileges on the database
password is the password that will be used to access the database for the user.
The user should only be allowed to access the database from
localhostunless the site and the database are hosted on separate servers.
Create databases and users for the other sites, and make sure that you note their credentials somewhere.
Setup WordPress files and user
Now, copy the unzipped WordPress files to the root folders of the sites that were created
cp ~/wordpress/wp-config-sample.php ~/wordpress/wp-config.php sudo rsync -avP ~/wordpress/ /var/www/site1 sudo rsync -avP ~/wordpress/ /var/www/site2
Now, the users that can access the WordPress files need to be updated to allow apache to server the files.
For each site, the
wp-config.php file needs to be updated to match the databases created for the sites.
cd /var/www/site1 sudo nano wp-config.php
Insert the information for the database and mysql user created for site1 in the
Do the same for the other sites.