Install WordPress With OpenLiteSpeed On Debian
Tutorial on how to Install WordPress with OpenLiteSpeed on Debian 10
Installation of OpenLiteSpeed
Add OpenLiteSpeed to repository
$ sudo wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash
$ sudo apt update
Install OpenLiteSpeed & PHP components
$ sudo apt-get install openlitespeed
$ sudo apt-get install lsphp73-common lsphp73-curl lsphp73-imagick lsphp73-imap lsphp73-json lsphp73-memcached lsphp73-mysql lsphp73-opcache lsphp73-redis
Enable OpenListSpeed to start automatically when system boot up
$ sudo systemctl enable lsws
Change the default Admin’s Password for OpenLiteSpeed
$ sudo /usr/local/lsws/admin/misc/admpass.sh
Allow TCP 7080 for default Management Port for OpenLiteSpeed
$ sudo ufw allow 7080/tcp
Verify OpenLiteSpeed is installed successfully
LiteSpeed/1.6.18 Open
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.4
(built: Tue Nov 24 16:40:45 UTC 2020)
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.4
Login OpenLiteSpeed Management via http://IP-ADDRESS:7080
Change Default Web Server Port from 8088 to 80
Click on Listeners > Default
Click Edit
Change the Port No from 8088 to 80 & Listerner Name from Default to HTTP and click Save & Restart for the changes to be applied
Verify http://IP-ADDRESS is accessable now
By default, PHP 7.3.23-1+buster is installed
Directory for New Virtual Host
Prepare a new directory called /var/www/yongkw.com with the following sub-folders, config, logs, html and ssl
sudo mkdir -p /var/www/yongkw.com/{conf,logs,html,ssl}
Change the ownership from root to lsadm for /var/www/*
$ sudo chown -R lsadm:lsadm /var/www/*
Backup the default vhost configuration with root
$ su -
$ tar cvf vhosts.tar /usr/local/lsws/conf/vhosts/
Delete the default vhost configuration file and link it to /var/www
$ sudo rm -rf /usr/local/lsws/conf/vhosts/
$ sudo ln -s /var/www /usr/local/lsws/conf/vhosts
New Virtual Host
Click on "+" to create a new virtual host called yongkw.com
Enter the following information
- Virtual Host Name = yongkw.com
- Virtual Host Root = /var/www/$VH_NAME
- Config File = $SERVER_ROOT/conf/vhosts/$VH_NAME/conf/vhconf.conf
- Enable Scripts/ExtApps = YES
- Restrained = YES
Click save and click CLICK TO CREATE to create a new vhost configuration file
Restart the OpenLiteSpeed Server
Verify a new virtual host called yongkw.com is created successfully
Change the following in General
- Document Root = $VH_ROOT/html
- Enable Compression = YES
- Index Files = index.php, index.html
Enable the followng in Rewrite Tab
- Enable Rewrite = YES
- Auto Load from .htaccess = YES
Delete the default Example Virtual Host
Go to Listerners > General > Virtual Host Mappings to verify yongkw.com is added
Save the configuration and restart the service
Let’s Encrypt SSL Certificate
Verify the public IP Address of Debian 10 Server
$ curl http://ipinfo.io/json
{
"ip": "172.104.x.x",
"hostname": "li1619-141.members.linode.com",
"city": "Singapore",
"region": "Singapore",
"country": "SG",
"loc": "1.2897,103.8501",
"org": "AS63949 Linode, LLC",
"postal": "048508",
"timezone": "Asia/Singapore",
"readme": "https://ipinfo.io/missingauth"
Update the Public DNS record to point yongkw.com to 172.104.x.x and install Certbot Package
$ sudo apt-get install certbot
Request SSL Certificate from LetsEncrypt
$ sudo certbot certonly --webroot -w /var/www/yongkw.com/html/ -d yongkw.com -d www.yongkw.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.yongkw.com
http-01 challenge for yongkw.com
Using the webroot path /var/www/yongkw.com/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/yongkw.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yongkw.com/privkey.pem
Your cert will expire on 2021-04-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Switch to root and verify the LetsEncrypt SSL Certificate is created successfuly in /etc/letsencrypt/live/yongkw.com/
$ su -
$ ls /etc/letsencrypt/live/yongkw.com/
cert.pem chain.pem fullchain.pem privkey.pem README
Renew LetsEncrypt SSL Certificate
Verify there is no error when renew let’s Encrypt SSL Certificate with cerbot manually
$ sudo certbot renew --dry-run
Create a Cron job to renew it every month
$ sudo crontab -e
00 02 1 * * certbot renew >/dev/null 2>&1
00 03 1 * * /usr/local/lsws/bin/lswsctrl restart
New HTTPS Listener
Create a new HTTPS listerner with
- Listener Name = HTTPS
- Port = 443
- Secure = YES
Ensure that Virtual Host Mappings is configured for yongkw.com
Enter the following for SSL tab
- Private Key File = /etc/letsencrypt/live/yongkw.com/privkey.pem
- Certificate File = /etc/letsencrypt/live/yongkw.com/fullchain.pem
- Chained Certificate = YES
- Protocol Version = TLS 1.2 & TLS 1.3
Save & Restart
Enter the following for Virtual Host yongkw.com > SSL
- Private Key File = /etc/letsencrypt/live/$VH_NAME/privkey.pem
- Certificate File = /etc/letsencrypt/live/$VH_NAME/fullchain.pem
- Chained Certificate = YES
- Protocol Version = TLS 1.2 & TLS 1.3
Mariadb
Install MariaDB 10.3 Server & Client
$ sudo apt install mariadb-server mariadb-client -y
Set password for root
$ sudo mysql
ALTER USER root@localhost IDENTIFIED VIA mysql_native_password;
SET PASSWORD = PASSWORD('XXXXXXXX');
flush privileges;
quit
Secure the Mariadb databases
$ sudo mysql_secure_installation
Change the root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Configure Mariadb to start automatically when server is rebooted
$ sudo systemctl enable mariadb
Login to MariaDB to verify version 10.3 is installed
$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 58
Server version: 10.3.23-MariaDB-0+deb10u1 Debian 10
Prepare a Database called wordpress with user called wpuser. Replace XXXX with your own password.
CREATE DATABASE wordpress;
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'XXXXXXXXXX';
GRANT ALL ON wordpress.* TO 'wpuser'@'localhost' IDENTIFIED BY 'XXXXXX' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Install WordPress With OpenLiteSpeed On Debian
Download the latest WordPress installation file and prepare a .htaccess file
$ cd /tmp
$ sudo wget https://wordpress.org/latest.tar.gz
$ sudo tar -zxvf latest.tar.gz
$ sudo touch /tmp/wordpress/.htaccess
Prepare a wp-config.php file from wp-config-sample.php by defining the Database Name, User and password
$ cd wordpress
$ sudo cp wp-config-sample.php wp-config.php
$ sudo nano wp-config.php
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'wpuser' );
/** MySQL database password */
define( 'DB_PASSWORD', 'P@ssw0rd!@#$' );
Move /tmp/wordpress to /var/www/yongkw.com/html/
$ sudo mv * /var/www/yongkw.com/html/
# Change the permission of wp-config.php
$ sudo chown nobody:nogroup /var/www/aventistech.com/html/wp-config.php
Login to https://yongkw.com to complete the first time wordpress configuration with GUI.