Install WordPress + Apache, MariaDB, and HHVM in Ubuntu 18.04

How to Install LAMP Stack on Ubuntu 18.04 Server/Desktop
How to Install WordPress on Ubuntu 17.10 with Apache, MariaDB, PHP7.1
How to Properly Enable HTTPS on Apache with Let’s Encrypt on Ubuntu 16.04/17.10
How to Change Your WordPress URL (4 Easy Methods)

How To Install WordPress with LAMP on Ubuntu 18.04

Switch WordPress from HTTP to HTTPS on Ubuntu with Let’s Encrypt and Apache2
How to Install WordPress with Apache2 and Let’s Encrypt SSL/TLS Certificates on Ubuntu 16.04 | 18.04
Secure Apache2 HTTPS Websites with Let’s Encrypt Free SSL/TLS Certificates on Ubuntu 16.04 | 18.04



 Ubuntu 18.04 пакеты в репозитарии

# apt update
# apt upgrade
# apt install mc
# adduser user
# usermod -aG sudo user
# su user
$ cd ~
$ mkdir ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t rsa
Скачать и использовать для входа /home/user/.ssh/id_rsa
$ cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
$ rm ~/.ssh/id_rsa.pub
$ rm ~/.ssh/id_rsa
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
$ exit
# nano /etc/ssh/sshd_config

Проверить:

PasswordAuthentication no
.....

PubkeyAuthentication yes
ChallengeResponseAuthentication no

Сохранить.

$ sudo systemctl reload sshd

После проверки входа и sudo

Отключть вход root по ssh

$ sudo nano /etc/ssh/sshd_config

Исправить:

PermitRootLogin no

Сохранить.

$ sudo systemctl reload sshd
# отключим ipv6
$ sudo /bin/su -c "echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf"
$ sudo /bin/su -c "echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf"
$ sudo /bin/su -c "echo 'net.ipv6.conf.lo.disable_ipv6 = 1' >> /etc/sysctl.conf"
#sudo /bin/su -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"
$ sudo sysctl -p


$ sudo apt install -y apache2 apache2-utils
$ systemctl status apache2

http://example.com/

$ sudo chown www-data:www-data /var/www/html/ -R




$ sudo apt install mariadb-server mariadb-client
$ sudo systemctl status mariadb


$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.


проверка:

$ sudo mariadb -u root

MariaDB [(none)]> exit
Bye

sudo apt install php7.2 libapache2-mod-php7.2 php7.2-mysql php-common php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline

$ sudo a2enmod php7.2
Considering dependency mpm_prefork for php7.2:
Considering conflict mpm_event for mpm_prefork:
Considering conflict mpm_worker for mpm_prefork:
Module mpm_prefork already enabled
Considering conflict php5 for php7.2:
Module php7.2 already enabled


$ sudo systemctl restart apache2

$ php --version

$ sudo nano /var/www/html/info.php  

<?php phpinfo(); ?>

Сохранить.

http://example.com/info.php


$ sudo a2dismod php7.2

$ sudo apt install php7.2-fpm

$ sudo a2enmod proxy_fcgi setenvif

$ sudo a2enconf php7.2-fpm


http://example.com/info.php

$ sudo apt update && sudo apt upgrade

$ wget https://wordpress.org/latest.zip

#$ sudo apt install unzip

$ sudo unzip latest.zip
 

$ sudo mkdir /var/www/example.com 

$ sudo mv wordpress/* /var/www/example.com

$ sudo mariadb -u root 

MariaDB [(none)]> create database wordpress;

MariaDB [(none)]> grant all privileges on wordpress.* to wpuser@localhost identified by '12345'; 

MariaDB [(none)]> flush privileges;




Database Name: wordpress
User: wpuser
Password: 12345

$ cd /var/www/example.com/

$ sudo cp wp-config-sample.php wp-config.php 

$ sudo nano wp-config.php

Отредактировать: 

/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );

/** MySQL database username */
define( 'DB_USER', 'wpuser' );

/** MySQL database password */
define( 'DB_PASSWORD', '12345' );

Сохранить.

$ sudo chown www-data:www-data /var/www/example.com/ -R

$ cd /etc/apache2/sites-available/

$ sudo nano example.com.conf

<VirtualHost *:80>
        ServerName example.com
        ServerAlias www.example.com

        DocumentRoot /var/www/example.com

        #This enables .htaccess file, which is needed for WordPress Permalink to work.
        <Directory "/var/www/example.com">
             AllowOverride All
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
        CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
</VirtualHost>

Сохранить.

$ sudo apache2ctl configtest

$ sudo a2ensite example.com.conf

$ sudo systemctl reload apache2 

Делаем сертификаты от root :

Вариант от root :
$ sudo -i
# apt install curl
# curl https://get.acme.sh | sh

Делаем сертификаты:
# /root/.acme.sh/acme.sh --issue -d example.com -w /var/www/example.com
$ ~/.acme.sh/acme.sh --issue -d example.com -w /var/www/example.com

[Mon Jun 17 12:28:42 CEST 2019] Your cert is in  /root/.acme.sh/example.com/example.com.cer
[Mon Jun 17 12:28:42 CEST 2019] Your cert key is in  /root/.acme.sh/example.co/example.com.key
[Mon Jun 17 12:28:42 CEST 2019] The intermediate CA cert is in  /root/.acme.sh/example.co/ca.cer
[Mon Jun 17 12:28:42 CEST 2019] And the full chain certs is there:  /root/.acme.sh/example.com/fullchain.cer


$ sudo nano /etc/apache2/sites-enabled/example.com.conf


 <IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/example.com
    SSLEngine on
    SSLCertificateFile      /root/.acme.sh/example.com/example.com.cer
    SSLCertificateKeyFile  /root/.acme.sh/example.com/example.com.key
    #SSLCertificateChainFile /root/.acme.sh/example.com/fullchain.cer
</VirtualHost>

sudo nano /etc/apache2/sites-available/zaz01.info-ssl.conf

sudo nano /etc/apache2/sites-available/site.conf 

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/example.com
    SSLEngine on
    SSLCertificateFile      /root/.acme.sh/example.com/example.com.cer
    SSLCertificateKeyFile  /root/.acme.sh/example.com/example.com.key
    #SSLCertificateChainFile /root/.acme.sh/example.com/fullchain.cer
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule>
 

$ sudo a2enmod ssl 

$ sudo a2enmod rewrite

sudo a2ensite site