Installing WordPress (HTTPS) with Apache on OmniOSce

(copy/paste)

                March 20, 2024

            Installing WordPress (HTTPS) with Apache on OmniOSce

            ┌ Open a terminal and switch to root
su -
┌ Install Apache
pkg install pkg:/ooce/server/apache-24
mkdir /etc/opt/ooce/apache-2.4/SSL
┌ Install MariaDB
pkg install pkg:/ooce/database/mariadb-1011 && sleep 5
svcadm enable svc:/ooce/database/mariadb1011:default && sleep 10
(you have to wait those 10 seconds ! Even if the command is done)

┌ Create an SQL database
mysqladmin -uroot create "wordpressdb"
┌ Create a privileged user (adminwp) for managing the wordpressdb database
mysql -uroot -e"CREATE USER 'adminwp'@'localhost' IDENTIFIED BY 'password'"
mysql -uroot -e"GRANT ALL ON \`wordpressdb\`.* TO 'adminwp'@'localhost'"
(use \`basename`\ in scripts because only 'basename' won't work)

┌ Install PHP
pkg install pkg:/ooce/application/php-83

┌ Configure PHP
sed -i 's/;extension=curl/extension=curl/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=gd/extension=gd/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=mbstring/extension=mbstring/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=zip/extension=zip/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=exif/extension=exif/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=openssl/extension=openssl/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=fileinfo/extension=fileinfo/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;zend_extension=opcache/zend_extension=opcache/' /etc/opt/ooce/php-8.3/php.ini
sed -i 's/;extension=mysqli/extension=mysqli/' /etc/opt/ooce/php-8.3/php.ini

┌ Restart PHP
svcadm disable svc:/application/php83:default && sleep 5 && svcadm enable svc:/application/php83:default

┌ Add the php user to the webservd group
usermod -G webservd php

┌ Install Wordpress
mkdir /var/www
wget http://wordpress.org/latest.tar.gz -P /var/www/
tar -xvzf /var/www/latest.tar.gz -C /var/www/
rm /var/www/latest.tar.gz
cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php
sed -i "s/database_name_here/wordpressdb/" /var/www/wordpress/wp-config.php
sed -i "s/username_here/adminwp/" /var/www/wordpress/wp-config.php
sed -i "s/password_here/password/" /var/www/wordpress/wp-config.php
sed -i 's/localhost/127.0.0.1/' /var/www/wordpress/wp-config.php

┌ Apply permissions to the DocumentRoot
find /var/www/wordpress -type d -exec chmod 755 {} \;
find /var/www/wordpress -type f -exec chmod 644 {} \;
chmod 640 /var/www/wordpress/wp-config.php
chown -R webservd:webservd /var/www/wordpress

┌ Configure Apache Logs
mkdir -p /opt/ooce/apache-2.4/logs/
chown webservd:webservd /opt/ooce/apache-2.4/logs/
chmod 755 /opt/ooce/apache-2.4/logs/

┌ Create our own SSL certification authority for self-signing
cd /etc/opt/ooce/apache-2.4/SSL
openssl genrsa 4096 > ca.key
openssl req -new -x509 -days 365 -nodes -key ca.key > ca.crt
openssl genrsa 4096 > cleprivapache.key

┌ Create the SSL signature request and have it signed by our certification authority

For a real website, you'll have to send this demandesignature.csr to a real SSL certification authority
openssl req -new -key cleprivapache.key > demandesignature.csr
openssl x509 -req -in demandesignature.csr -out certifapache.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

┌ Apply permissions for the private key and SSL certificate
chown webservd:webservd cleprivapache.key
chmod 640 cleprivapache.key
chown webservd:webservd certifapache.crt
chmod 644 certifapache.crt

┌ Creation of the VirtualHost for Wordpress
(copy/paste)
 {  
   echo "#### VHOST WORDPRESS ####"  
   echo ""  
   echo "Listen 443"  
   echo ""  
   echo 'SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES'  
   echo 'SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES'  
   echo "SSLHonorCipherOrder on"  
   echo "SSLProtocol all -SSLv3"  
   echo "SSLProxyProtocol all -SSLv3"  
   echo "SSLPassPhraseDialog builtin"  
   echo 'SSLSessionCache "shmcb:/var/opt/ooce/apache-2.4/run/ssl_scache(512000)"'  
   echo "SSLSessionCacheTimeout 300"  
   echo ""  
   echo "# REDIRECTION HTTP -> HTTPS"  
   echo "<VirtualHost 192.168.0.122:80>"  
   echo "  ServerName www.wordpress.lan"  
   echo "  Redirect permanent / https://www.wordpress.lan:443/"  
   echo "</VirtualHost>"  
   echo ""  
   echo "<VirtualHost 192.168.0.122:443>"  
   echo ' '  
   echo "  ServerAdmin admin@www.wordpress.lan"  
   echo "  DocumentRoot \"/var/www/www.wordpress.lan\""  
   echo "  ServerName www.wordpress.lan:443"   
   echo "  ErrorLog \"/opt/ooce/apache-2.4/logs/www.wordpress.lan-error_log\""  
   echo "  CustomLog \"/opt/ooce/apache-2.4/logs/www.wordpress.lan-access_log\" common"  
   echo ' '  
   echo "  SSLEngine on"  
   echo ''  
   echo '  SSLCertificateFile "/etc/opt/ooce/apache-2.4/SSL/certifapache.crt'  
   echo '  SSLCertificateKeyFile "/etc/opt/ooce/apache-2.4/SSL/cleprivapache.key'  
   echo " "  
   echo "  <Directory \"/var/www/www.wordpress.lan\">"  
   echo '    AllowOverride All'  
   echo '    Require all granted'  
   echo '    DirectoryIndex index.php index.html index.htm'  
   echo '  </Directory>'  
   echo ' '  
   echo '  <FilesMatch "\.(cgi|shtml|phtml|php)$">'  
   echo '    SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"'  
   echo '    SSLOptions +StdEnvVars'  
   echo '  </FilesMatch>'  
   echo ''  
   echo '  <Directory "/var/opt/ooce/apache-2.4/cgi-bin">'  
   echo '    SSLOptions +StdEnvVars'  
   echo '  </Directory>'  
   echo ""  
   echo '  BrowserMatch "MSIE [2-5]" \'  
   echo '    nokeepalive ssl-unclean-shutdown \'  
   echo '    downgrade-1.0 force-response-1.0'  
   echo ' '  
   echo '  CustomLog "/var/log/opt/ooce/apache-2.4/ssl_request_log" \'  
   echo '    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"'  
   echo ''  
   echo '</VirtualHost>' 
} > /etc/opt/ooce/apache-2.4/extra/wordpress.conf

┌ Add the virtualhost to the apache configuration
{  
   echo ' '  
   echo '#-------------------------#'  
   echo '# VHOST Wordpress'  
   echo "Include /etc/opt/ooce/apache-2.4/extra/wordpress.conf" 
} >> /etc/opt/ooce/apache-2.4/httpd.conf

┌ Configure Apache for PHP
sed -i 's/#LoadModule proxy_module libexec\/mod_proxy.so/LoadModule proxy_module libexec\/mod_proxy.so/' /etc/opt/ooce/apache-2.4/httpd.conf
sed -i 's/#LoadModule proxy_fcgi_module libexec\/mod_proxy_fcgi.so/LoadModule proxy_fcgi_module libexec\/mod_proxy_fcgi.so/' /etc/opt/ooce/apache-2.4/httpd.conf

┌ Configure Apache for SSL
sed -i 's/#LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/' /etc/opt/ooce/apache-2.4/httpd.conf
sed -i 's/#LoadModule ssl_module libexec\/mod_ssl.so/LoadModule ssl_module libexec\/mod_ssl.so/' /etc/opt/ooce/apache-2.4/httpd.conf
sed -i 's/#LoadModule setenvif_module libexec\/mod_setenvif.so/LoadModule setenvif_module libexec\/mod_setenvif.so/' /etc/opt/ooce/apache-2.4/httpd.conf
sed -i 's/#LoadModule log_config_module libexec\/mod_log_config.so/LoadModule log_config_module libexec\/mod_log_config.so/' /etc/opt/ooce/apache-2.4/httpd.conf

┌ Start Apache
svcadm disable svc:/network/http:apache24 && sleep 5
svcadm enable svc:/network/http:apache24 && sleep 5

The site is now launched and accessible.

Don't miss what's next. Subscribe to Illumadmin: