This is my personal steps in preparing my VPS/Dedicated server for running WordPress installation. Due to the nature of Nginx, .htaccess is not supported. We will look into configuration to imimate the how .htaccess normally works.
All files given on http://paste.laravel.com has been put into its respective files in etc folder above.
Make sure to replace <username> or <website> with your own
- ssh root@your-ip-address
- yum update
- Check version
- cat /etc/redhat-release
- Cetup hostname
- echo "HOSTNAME=<yourhostname>" >> /etc/sysconfig/network
- hostname "<yourhostname>"
- Update /etc/hosts
- nano /etc/hosts
- add new line: <ip address> <yourhostname>.example.com <yourhostname>
- add new line: <ipv6 address> <yourhostname>.example.com <yourhostname>
- Install important repo
- rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
- rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
- Install yum-priorities for repo config
- yum install yum-priorities
- Install mysql
- yum install mysql mysql-server
- chkconfig --levels 235 mysqld on
- service mysqld start
- Check mysqld server in running
- netstat -tap | grep mysql
- Run secure installation (to set password to root)
- mysql_secure_installation
- Set password
- Now, lets install nginx
- yum install nginx
- chkconfig --levels 235 nginx on
- service nginx start
- ifconfig eth0 | grep inet | awk '{ print $2 }'
- Visit your ip address to check on nginx static page
- Now, lets install php-fpm
- yum install php-fpm php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy php-pecl-apc sendmail sendmail-cf
- edit /etc/php.ini to set cgi.fix_pathinfo=0;
- nano /etc/php.ini
-
cgi.fix_pathinfo=0;
- Edit timezone to your location (Asia/Kuala_Lumpur)
-
date.timezone = "Asia/Kuala_Lumpur"
- ln -sf /usr/share/zoneinfo/Asia/Kuala_Lumpur /etc/localtime
- chkconfig --levels 235 php-fpm on
- service php-fpm start
- chkconfig --levels 235 sendmail on
- service sendmail start
- Now, lets install memcached
- yum install memcached php-memcached
- nano /etc/sysconfig/memcached
-
OPTIONS="-l 127.0.0.1”
- chkconfig --levels 235 memcached on
- service memcached start
- useradd <username>
- passwd <username>
- cd /srv
- mkdir www
- cd www
- mkdir <website>
- mkdir <website>/html
- chown -R user:usergroup <website>
- Edit nginx configuration file
- nano /etc/nginx/nginx.conf
-
worker_processes 8;
-
keeplive_timeout 2;
- Easier, follow this format http://paste.laravel.com/15PT
- Here, we set some configuration for php-fpm to run on socket
- Then, we edit the default virtual host configuration
- nano /etc/nginx/conf.d/default.conf
- Follow this format http://paste.laravel.com/162K
- Now, add those global/… config files
- cd /etc/nginx
- mkdir global
- cd global
- nano restrictions.conf => http://paste.laravel.com/15PY
- nano wordpress.conf => http://paste.laravel.com/162I
- nano w3-total-cache.conf => http://paste.laravel.com/15Q6
- service nginx restart
- Now, we edit php-fpm configuration
- nano /etc/php-fpm.d/www.conf
-
listen = /tmp/php-fpm.sock
-
user = <username>
-
group = <username>
-
php_value[session.save_handler] = memcached
-
php_value[session.save_path] = “127.0.0.1:11211"
- service php-fpm restart
- service memcached restart
- yum install vsftpd
- nano /etc/vsftpd/vsftpd.conf
-
anonymous_enable=NO
-
chroot_local_user=YES
- add => user_config_dir=/etc/vsftpd/vsftpd_user_conf
- add => use_localtime=YES
- Save
- mkdir /etc/vsftpd/vsftpd_user_conf
- nano /etc/vsftpd/vsftpd_user_conf/
-
dirlist_enable=YES
-
download_enable=YES
-
local_root=/srv/www/
-
write_enable=YES
- Save
- service vsftpd restart
- yum install phpmyadmin
- Now, create new mysql user since root has been denied
- mysql -u root -p
- CREATE USER ‘<username>'@'localhost' IDENTIFIED BY ‘<password>’;
- GRANT ALL PRIVILEGES ON * . * TO ‘<username>'@'localhost’;
- FLUSH PRIVILEGES;
- exit
- usermod -a -G wheel <username>
- visudo
- Uncomment %wheel lines
- Add new line below root ALL=(ALL) ALL
- <username> ALL=(ALL) ALL
- ESC key
- :wq
- su <username>
- cd /srv/www/<website>/html
- wget http://wordpress.org/latest.tar.gz
- tar -xzvf latest.tar.gz
- mv wordpress/* ./
- rmdir wordpress
- rm latest.tar.gz
- Visit website and install
- rpm -Uvh http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
- yum install newrelic-php5
- newrelic-install install
- yum install newrelic-sysmond
- nano /etc/php.d/newrelic.ini
-
newrelic.appname = "<website name>"
- service php-fpm restart
- service newrelic-sysmond start
###vSTEP 11: Disable root SSH login and change Port 22 to Port 215
- nano /etc/ssh/sshd_config
-
Port 215
-
PermitRootLogin no
- service sshd restart
- iptables -L
- nano /etc/iptables.firewall.rules
- Fill up with this http://paste.laravel.com/164b
- iptables-restore < /etc/iptables.firewall.rules
- /sbin/service iptables save
- You will face raw nat filter error (http://blog.btnotes.com/articles/606.html)
- mv /etc/init.d/iptables /etc/init.d/iptables.bkp
- nano /etc/init.d/iptables
- Paste this content http://paste.laravel.com/164n
- SAVE
- service iptables restart
- yum install fail2ban
- configure setting: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Configuration