Install WordPress on DigitalOcean

wordpress on digital ocean

This is the first article in the series Installing and Configuring WordPress on Digital Ocean.

This is a guide to installing WordPress on the DigitalOcean cloud hosting service.

There are two objectives with this post. First, I am writing this article for myself so I can remember the steps needed to install WordPress on a DigitalOcean image. Second, I hope this article will be useful for other people who needed to do the same.

The steps to setup a new WordPress blog on DigitalOcean are:

If you don’t already have a Digital Ocean account and want to follow along with this tutorial then click the link below:

Create a new Droplet

Select the correct droplet size. I will use the smallest and cheapest version for this demonstration. Small WordPress blogs don’t need much memory or disk space.

create droplet on digital oceanSelect the region you want the server to be created in. Select the image type, I am using Ubuntu here.

select region and imageYou can optionally create an SSH key, for this demo I have opted not to use this option although it would be
more secure to do so.

creating droplet on digital oceanOnce the droplet has been created successfully you will be emailed the IP address of the server and the root password to log in to the server.

confirmation emailLogin to new Droplet, create a new non-root user

$ ssh root@<ip addresss>
The authenticity of host 'ip addresss (ip addresss)' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
root@'s password:
You are required to change your password immediately (root enforced)
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 23 01:18:32 EST 2014

  System load: 0.0               Memory usage: 9%   Processes:       50
  Usage of /:  9.1% of 19.56GB   Swap usage:   0%   Users logged in: 0

  Graph this data and manage this system at:
    https://landscape.canonical.com/

Changing password for root.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
root@MyWordPressBlog:~#

Create a new non-root user

You don’t normally want to use the root user so we will create a non-root user before doing anything else.

I will use the username ‘mark’.

root@MyWordPressBlog:~# adduser mark
Adding user `mark' ...
Adding new group `mark' (1000) ...
Adding new user `mark' (1000) with group `mark' ...
Creating home directory `/home/mark' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for mark
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
root@MyWordPressBlog:~#

This user has normal privileges. We want to add this user to the group ‘sudo’ so that we can install and configure software.

root@MyWordPressBlog:~# gpasswd -a mark sudo
Adding user mark to group sudo

I can now temporarily run a command under the root user. You will be asked for your password everytime though. Add the following statement to the file /etc/sudoers so you won’t be prompted for your password each time you use sudo.

$ sudo vi /etc/sudoers

Add the following line to the end of the file:

mark ALL=(ALL) NOPASSWD: ALL

For extra security you can change the SSH port number, it’s normally 22. Hackers can check that port number to see if you are running the ssh service and attempt to hack into your machine. I change the port number to some random number instead.

In file /etc/ssh/sshd_config

$ sudo vi /etc/ssh/sshd_config

Find the line ‘Port 22’ and change it to something else, e.g. ‘Port 1234’. Don’t forget this number!

I also like to change the line ‘PermitRootLogin yes’ to ‘PermitRootLogin no’. You have a non-root user set up that has super privileges so there is no need for the root user login.

After you have made the changes just restart the ssh service.

$ sudo service ssh restart

Exit the session and try to log in as before. It should not work because the ssh service is no longer listening on port 22. Add the -p option and set it to the port number you set in the sshd_config file and try again.

$ ssh mark@ip address
ssh: connect to host ip address port 22: Connection refused
$ ssh -p 1234 mark@<ip address>
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 23 02:00:08 EST 2014

  System load:  0.0               Processes:           67
  Usage of /:   9.5% of 19.56GB   Users logged in:     0
  Memory usage: 11%               IP address for eth0: ip address
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

Last login: Tue Dec 23 02:00:09 2014 from <last log in address>

If you are accessing the server from linux then you can put the login details into a config file in your .ssh directory. This makes it easier to log in. For example:

From your local machine:

$ vi ~/.ssh/config

And type:

Host wpblog
  User mark
  Port 1234
  Hostname ip address
  TCPKeepAlive yes
  SendEnv

Now you can log in to the server by typing, no need to remember the port number or the ip address:

$ ssh wpblog
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 23 02:01:56 EST 2014

  System load:  0.0               Processes:           67
  Usage of /:   9.5% of 19.56GB   Users logged in:     0
  Memory usage: 11%               IP address for eth0: ip address
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

Install NGinx (Web Server)

First we update the repository and then we install the web server. It will be started automatically.

$ sudo apt-get update
$ sudo apt-get install nginx

To test the web server is working from our local machine open a browser and point it at our droplet:

e.g. access http://<ip address>

welcome to nginxIf everything worked we should see the default nginx web page.

Install MySql (Database)

Next we need to install the MySql database that WordPress uses to store all the blog posts and settings in.

$ sudo apt-get install mysql-server

During the install you are asked to specify the password for the root login. Don’t forget the password!

mysql root passwordNext we generate the directory structure.

$ sudo mysql_install_db

Then we secure the installation by removing the test account and test database.

$ sudo mysql_secure_installation

Install PHP and configure NGinx to use PHP

Next we need to install PHP and configure the NGinx web server to pass incoming requests to the PHP processor.

We will install php5-fpm which stands for “fastCGI process manager”. We will also install the package that will allow php to communicate with the mysql database.

$ sudo apt-get install php5-fpm php5-mysql

Next we need to make a configuration change to make our installation more secure.

Open the php5-fpm configuration file.

$ sudo vi /etc/php5/fpm/php.ini

Look for the parameter cgi.fix_pathinfo

Uncomment the parameter and set it to 0, the line should read:

cgi.fix_pathinfo=0

Now we need to restart the php processor to use the new configuration.

$ sudo service php5-fpm restart

Configure NGinx to use php5-fpm

We need NGinx to hand off incoming requests to the PHP backend.

We do this at the service block level (similar to apache virtual hosts). The file we need to change is /etc/nginx/sites-available/default

$ sudo vi /etc/nginx/sites-available/default

Change it to look like this:

Once you have finished editing the nginx config file restart the service.

$ sudo service nginx restart

Create a test php page to test configuration

Next we create a php page in the nginx home directory to test that nginx passes the request to the PHP backend and that it is processed correctly.

$ sudo vi /usr/share/nginx/html/test.php

Then type the following:

Now from your local machine request this file, e.g. http://<ip address>/test.php

If everything worked correctly you should see the following:

phpinfoNow remove the file because it contains sensitive information that would be useful to a hacker.

sudo rm /usr/share/nginx/html/test.php

Set up WordPress

These are the following steps to set up WordPress:

Configure Database

We will now create the wordpress database.

$ mysql -u root -p

Type in the password for the root account, this is the password you used when you installed mysql previously.

I assume this droplet will only ever run one instance of wordpress so I am going to call the database ‘wordpress’:

create database wordpress;

Don’t forget the semicolon (;) at the end of the statement.

WordPress doesn’t use the root account, at least it shouldn’t. So we will now create the user account that WordPress will use when communicating with mysql.

create user wpuser@localhost identified by 'password';

I used ‘password’ as the example password here. Obviously not the most secure password.

Now we grant permissions to this account so that it can access the wordpress database.

grant all privileges on wordpress.* to wpuser@localhost;
flush privileges;

We have now finished with mysql so we exit from the mysql client.

exit

Download the latest version of WordPress

Next we will download the latest version of WordPress.

$ cd
$ wget http://wordpress.org/latest.tar.gz

Once the file has downloaded we can extract it’s contents with the following command:

$ tar zxvf latest.tar.gz

There will now be a directory called wordpress in our home directory.

Install some more PHP libraries

Next we will install two more PHP libraries. The first, php5-gd, will let us work with images and the second, libssh2-php, allows updating/installing plugins using ssh.

$ sudo apt-get update
$ sudo apt-get install php5-gd libssh2-php

Configure WordPress

Next we will configure wordpress so that it can access our wordpress database.

$ cd wordpress
$ mv wp-config-sample.php wp-config.php
$ vi wp-config.php

Now we need to modify the database constants that wordpress uses to access the database.

Here are the statements that we will modify to match our database credentials.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

After modification, the statements should be:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wpuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Lower down in the file we see:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

Let us change these values to make our installation more secure.

From your browser access this url: https://api.wordpress.org/secret-key/1.1/salt/

Paste the contents into your config file replacing the default values.

Now we copy the wordpress files into the nginx directory and set the correct permissions.

$ sudo cp -r ~/wordpress/* /usr/share/nginx/html/
$ cd /usr/share/nginx/html/
$ sudo mkdir wp-content/uploads
$ sudo chown -R www-data:www-data /usr/share/nginx/html/

After we copy the wordpress files to the nginx directory. We create an uploads directory underneath wp-content. This is where uploaded media files will be saved. We then set the nginx web user account to have full access to the wordpress directory.

Now you can point your browser at http://<ip address>/wp-admin/ to continue the setup.

wordpress setup page

 

After you have provided the information needed the wordpress database will be created and populated and you will be directed to the WordPress Dashboard page.

wordpress dashboard

 

wordpress blog home page

 

Did I miss anything?
Would you do anything different?
Please leave a comment.

 


Links for this article

Digital Ocean [affiliate link]


If you liked this article please share.