Ubuntu Static IP

 Ubuntu Static IP KB ID 0001892

Problem

Like most OSs out of the box the system is set to get it’s IP address from a DHCP server (i.e. dynamically). On the rare occasions I’m deploying Linux its to perform a specific task, so in nearly all cases I want it to have a static IP. Here is how to achieve that.

Solution : Ubuntu Static IP

Disable Cloud-Init

Since Ubuntu version 18.04, it has shipped with this enabled, you can proceed with it enabled, but the procedure is different and your efforts can be ignored, so I simply disable it. the first command sees if its running (if it yields any output, {as shown} then it is).

Remember: This procedure changes the IP address, if you are connected remotely by SSH for example, you may lose connectivity. Perform this at the console or ensure you can reconnect to the new IP address (post change).

[box]

apt-cache pkgnames | grep cloud-init
sudo nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

ENTER YOUR PASSWORD

[/box]

Paste in the following, then save and exit (CTRL+X >  Y > Enter).

[box]

network: {config: disabled}

[/box]

Then reboot the machine.

[box]

reboot

[/box]

Ubuntu Static IP Netplan

Ubuntu will apply a set of network configuration settings that are formatted as YAML. Before we create that file let’s look to find out what our network interface is called, what the current IP address and network range is, and where the default gateway (or default route) has been pointed to.

[box]

ip addr
ip route

[/box]

From the above we can see our interface is called ens33 (yours may be called something different like eth0), it has an IP address of 192.168.100.103/24 (i.e it has a netmask of 255.255.255.0), and its default gateway is 192.168.100.1 To see the current netplan we need to look in/etc/netplan as you can see (below) mines called 50-cloud-init.yaml (yours may have a slightly different name, so change to the directory and list is contents to make sure.

[box]

cd /etc/netplan
ls
sudoedit {name-of-your-netplan-file}.yaml

[/box]

Here is an idea of what your file may currently look like.

And here is one I’ve edited to include the required IP 192.168.100.20/24 and the default route (gateway) 192.168.100.1, and my local DNS servers 192.168.100.10 and 192.168.100.3.

[box]

network:
ethernets:
  ens33:
  dhcp4: no 
  addresses: 
    - 192.168.100.20/24
  routes:
    - to: default
    via: 192.168.100.1
  nameservers:
    addresses: [192.168.100.10,192.168.100.3]
Version: 2

[/box]

Save and exit the file, then apply the netplan (Note: if you are connected via SSH you may lose connectivity).

Note: For an example of setting up a bridged network see the link below.

[box]

sudo netplan apply

AT THIS POINT CHECK CONNECTIVITY

[/box]

Related Articles, References, Credits, or External Links

KVM Bridge Network

KVM Bridge Network

Bridge Network KB ID 0001891

Problem

Not sure why KVM does not come preconfigured for this out of the box, and it took me a very long time to work out how to do this. But if you want your KVM VMs to behave as if they are on your production LAN (rather than the default of setting up DHCP and NAT). The default is fine but if you want to access your VMs from outside the host you need to setup bridged networking.

In my example I want my VMs to get an IP address from my DHCP server.

Solution : Bridge Network

Currently you probably have an IP address on the host itself (192.168.100.20) the process is to create a network bridge, Move the IP address from your network interface so that it is now ON THE BRIDGE, add the network interface to the bridge, then finally move the VMs onto the bridge.

The following commands with display your current virtual networks, and current bridges, then we will create a new bridge (br0), and finally make sure that new switch is listed.

[box]

virsh net-list --all
brctl show
sudo brctl addbr br0
brctl show

[/box]

We need to change the IP address location so edit your current netplan.

[box]

ls /etc/netplan
TAKE NOTE OF THE NAME
sudoedit /etc/netplan/{name-of-netplan-file}.yaml

[/box]

Edit Netplan

Example (Note: you will need to enter YOUR details and your interface mat have a different name e.g. eth0)

[box]

network:
  version: 2
  renderer: networkd

  ethernets:
    ens33:
      dhcp4: false 
      dhcp6: false 

  bridges:
    br0:
      interfaces: [ens33]
      addresses: [192.168.100.20/24]
      routes:
      - to: default
        via: 192.168.100.1
        metric: 100
        on-link: true
      mtu: 1500
      nameservers:
        addresses: [192.168.100.10,192.168.100.3]
      parameters:
        stp: true
        forward-delay: 4
      dhcp4: no
      dhcp6: no

[/box]

Save and exit the file.

Now we need to exempt traffic going through the bridge from being sent though the netfilter (i.e. for iptables inspection).

[box]

sudoedit /etc/sysctl.d/bridge.conf

[/box]

Paste in the following text, then save and exit.

[box]

net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-arptables=0

[/box]

Those settings would be lost in a reboot, to make them permanent.

[box]

sudoedit /etc/udev/rules.d/99-bridge.rules

[/box]

Paste in the following, then save and exit.

[box]

ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ 
RUN+="/sbin/sysctl -p /etc/sysctl.d/bridge.conf"

[/box]

Now we will delete and undefine the built in default network.

[box]

virsh net-list --all
virsh net-destroy default
virsh net-undefine default
virsh net-list --all

[/box]

Now before we apply the netplan we created earlier take a look, our IP address is currently on interface ens33 when we have finished it will move to the br0 network.

[box]

ip addr
sudo netplan apply

[/box]

Now check again, and ensure the bridge now has the IP address.

[box]

ip addr

[/box]

We are now going to define the bridge, sudoedit won’t work in the home directory so I’m using vi instead.

[box]

vi host-bridge.xml

[/box]

Text

Paste in the following, then save and exit (Esc > wq!)

[box]

<network>
  <name>host-bridge</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>

[/box]

From the file we just created, we will define the new bridge network, start the network, then set it to autostart with the host, then finally we make sure its defined and listed.

[box]

virsh net-define host-bridge.xml
virsh net-start host-bridge
virsh net-autostart host-bridge
virsh net-list --all

[/box]

Connecting VMs to the Bridge Network

List the registered VMs, then edit the VM you want to change.

[box]

virsh list all
virsh edit {VM-Machine-Name}

[/box]

Locate the source network= section and change it from default .

To host-bridge then save and exit the file.

I manage my VMs with Cockpit, and they were working fine, but they were asking to be restarted. I did that with mixed results. (some worked others didn’t).

I had 100% success by removing the old network connections, and adding a new one like so, this was for an Ubuntu guest VM (Note: if it’s a Windows VM, use a e1000e model card instead).

Related Articles, References, Credits, or External Links

Install Ubuntu KVM

Install Ubuntu KVM

Ubuntu KVM KB ID 0001890

Problem

I’ve been looking at KVM for a couple of reasons, firstly people are looking at VMware alternatives, now there’s no ‘free version‘, and secondly the firm I work for have potentially a large KVM to VMware migration on the horizon, so I thought I’d build it on the test bench and see how best to address that migration scenario.

Note: This was written with Ubuntu version 24.04, which was current at the time of publication, if the experience has taught me anything it’s the commands and procedures may well change in future versions. If you are reading this in the distant future and something needs tweaking let me know below, so I can try to keep things up to date.

Solution : Ubuntu KVM

Update Ubuntu.

I’m assuming you’ve already got an Ubuntu server installed ready to go, the first task is to ensure its fully up to date.

[box]

sudo apt update && sudo apt upgrade -y

[/box]

    

Go and have a coffee, when complete simply reboot the server.

[box]

[ -e /var/run/reboot-required ] && sudo reboot

[/box]

Ubuntu KVM (CPU Checker)

All modern physical servers will now have the virtualisation CPU elements enabled in BIOS, It’s been many years since I had to go and enable them, but if you on an old piece of tin, or someone’s disabled them, you need to check they are available. Note: This is more a problem id you intent to run Ubuntu nested inside another hypervisor like VMware ESX, or Hyper-V where you have to manually expose the virtualisation elements to a guest VM (often called nested virtualisation).

To make sure, we install cpu-checker.

[box]

sudo apt install cpu-checker

[/box]

Then to test the CPU run the kvm-ok command and ensure it responds KVM acceleration can be used.

[box]

sudo kvm-ok

[/box]

Ubuntu Install KVM

Use the following command.

[box]

sudo apt -y install libvirt-daemon-system bridge-utils qemu-kvm libvirt-daemon

[/box]

Then install the additional components and tools we may require.

[box]

sudo apt install virtinst libosinfo-bin virt-top libguestfs-tools 

[/box]

Finally ensure all is well run virsh version and ensure the components look like the following (note some may have newer versions depending on how far in the future you are following along).

[box]

virsh version 

[/box]

     

Ubuntu KVM: Install Cockpit

Cockpit is a web based GUI where you can directly interrace with Linux, you can create run and manage your virtual machines from command line, but this is a little easier for most people.

[box]

sudo apt install cockpit 

[/box]

When complete add the machines plugin (for managing virtual machines) and podman plugin (for managing containers).

[box]

sudo apt install cockpit-{machines,podman}

[/box]

 

Then enable Cockpit to AutoStart with the host and check its status. Take note of the port it is running on (highlighted below, this is usually TCP port 9090).

[box]

sudo systemctl enable --now cockpit.socket
systemctl status cockpit.socket

[/box]

 

Connect to the Ubuntu KVM server using a web browser to port 9090 (https://{ip-address-or-host-name}:9090 and log in.

Select “Turn on administrative access” and supply your password to authenticate again.

Ubuntu KVM Creating Guest VMs

I prefer to have the ISO files that I will build my VMs from on the server itself, so I upload them into the /tmp directory on the Ubuntu host. Below I’m using WinSCP because its free and it’s simple to use,

In Cockpit navigate to virtual Machines > Create VM.

Enter the details, and the path to the ISO file you uploaded above > Create and Run.

Now if you select the server you get a nice VNC remote console which you can interact with to build and manage the server remotely.

What you will notice is at this point your VMS get an IP address from the KVM host which will NAT the traffic to the outside world, which is fine. But if you want to access these VMs FROM the outside world then you have a problem (no, routing the traffic back to the KVM server manually or adding static routes to your other devices does not work) Well it didn’t for me! So a more likely scenario is you want bridged networking, where your VMs will get an IP address on your live LAN. I’ll be showing you how to do that next

Related Articles, References, Credits, or External Links

Ubuntu Setting a Static IP

Certificate Chain Incomplete

KB ID 0001570

Problem

The certificate here at PNL expired over the weekend, I got a new one and installed it. All appeared to be fine until I did an online check to make sure it was OK. 

The server’s certificate chain is incomplete

Solution

I had this problem once before, back then I was using Apache and CentOS7, and things were a little different, (now I’m using NGINX and Ubuntu 18.04). Essentially you see this error because you have bought a ‘cheap‘ SSL certificate. There’s nothing wrong with that per se, but they tend to be issued from an ‘Intermediate CA‘. Again there’s nothing wrong with that either, but to improve your score you need to ‘Embed‘ the intermediate certificate, into your SSL certificate, (or all the intermediates back to a Root CA Server, if you have multiple intermediate certificates!) 

Here I have ONE intermediate, (which is pretty normal.)

There a no special tools you require to be able to do this, other than a simple text editor, you open your SSL certificate and ‘Paste” the intermediate certificate on the bottom. (DO NOT ADD ANY EXTRA SPACES). Like so;

Note: As you can see, you DON’T put the Root CA certificate at the bottom, (clients should already have them!) I made this mistake then got the following error;

[box]

Jun 23 14:12:29 localhost nginx[1197]: nginx: [emerg] PEM_read_bio_X509("/etc/nginx/ssl/www_petenetlive_com.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
Jun 23 14:12:29 localhost nginx[1197]: nginx: configuration file /etc/nginx/nginx.conf test failed

[/box]

Retry your test.

Related Articles, References, Credits, or External Links

NA

Linux – Install VMware Tools

KB ID 0001330 

Problem

Note: This is to install the VMware Tools NOT the OPEN-VM-TOOLS.

I’ve had to do this a few times now, and every time I Goolge how to do it, I get pages of instructions on how to install the open vm tools. When what I really want is to install the VMware Tools.

Solution

I’m using vSphere ESX, but even if you are using VMware Workstation or VMware Fusion, you can still select ‘Install/Upgrade VMware tools’, this presents a DVD image to the virtual machine.

The install for VMware tools uses Perl, so you will need to have that installed.

[box]

yum install perl

[/box]

Now we are going to mount the virtual CDROM/DVD drive into a folder, (called/mnt). Then when we have a look inside this folder, you will see the VMwareTools-{version}.tar.gz (take a note of this).

[box]

mount /dev/cdrom /mnt
cd /mnt
ls
TAKE NOTE OF THE VERSION!

[/box]

Unzip those files into the /tmp directory, then run the installer.

[box]

cd /tmp
tar zxf /mnt/VMwareTools-9.10.0-2476743.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

[/box]

Keep pressing {Enter} to accept the defaults, when complete the mounted VMware tools DVD will be ejected.

 

Related Articles, References, Credits, or External Links

NA

Nginx Error – 413 Request Entity Too Large

KB ID 0001325 

Problem

A few weeks ago I did a series on setting up a new WordPress site, shortly after I had some problems uploading my caching plugin (wp-rocket). This was the error I got;

413 Request Entity Too Large
nginx/1.10.3 (Ubuntu)

Anyway, I fixed the error, and a few days later I got an email from someone with the same problem, so I thought this time I would document the fix.

 

Solution

Note: I’m going to raise the limits to 100Mb this might be far to large for you, 20 or 50Mb might be more sensible for most sites.

Firstly you need to make an entry in the nginx.conf file

[box]sudo nano /etc/nginx/nginx.conf[/box]

If you’re unused to working in these config files, you are looking for the http section, just before this sections ends (i.e. before the end curly bracket ‘}’), insert the following text.

[box]client_max_body_size 100M;[/box]

Exit and Save the file (ctrl+x, then ‘y’ {Enter}.

Restart nginx.

[box]sudo service nginx restart[/box]

You will also need to enter the new values in the php.ini file.

[box]sudo nano /etc/php/7.0/fpm/php.ini[/box]

Change the following values, like so;

upload_max_filesize = 100M
post_max_size = 100M

Exit and save the file, then restart PHP.

[box]sudo service php7.0-fpm restart[/box]

 

Related Articles, References, Credits, or External Links

WordPress – HTTP Error

Ubuntu: Setting Up a WordPress Website with LEMP – Part 3

KB ID 0001320 

Problem

So you want your own web server running WordPress? Previously in Parts One and Two, we setup a new Linux box, and got all the prerequisites installed. Now it’s time to deploy WordPress.

Solution

There are a few extra bits we need to add to the PHP installation before we setup WordPress, to get those installed run the following command;

[box]sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc[/box]

Then restart PHP;

[box]sudo systemctl restart php7.0-fpm[/box]

Download and Install WordPress.

We are going to use the /tmp directory and download wordpress into that, you don’t need to worry about what version to download because the good folk at WordPress use the same URL for the latest version and keep it updated.

[box]

cd /tmp
curl -O https://wordpress.org/latest.tar.gz

[/box]

If you didn’t already guess from the file extension, the WordPress files are compressed, we need to ‘extract’ them.

[box]tar xzvf latest.tar.gz[/box]

WordPress has a file called wp-config.php in the root of the website that we will be editing in a while, so we are going to create that file by using the ‘sample’ file provided.

[box]cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php[/box]

And, to save you hassle, (in future) we will pre-create the folder that WordPress will need when you eventually come to upgrade it, it will also, (after we have moved it in a minute),  have the correct permissions.

[box]mkdir /tmp/wordpress/wp-content/upgrade[/box]

Now we have all the files, but they are in the WRONG PLACE, they are all sat in the /tmp directory, but we want them in the root of your website, i.e. the  /var/www/html  directory. So to copy them (in bulk).

[box]sudo cp -a /tmp/wordpress/. /var/www/html[/box]

You won’t see anything happen, but if you have a look in your /var/www/html directory, the files will be there.

To set the correct permissions, execute the following commands;

[box]

sudo chown -R www-data /var/www/html
sudo find /var/www/html -type d -exec chmod g+s {} \;
sudo chmod g+w /var/www/html/wp-content
sudo chmod -R g+w /var/www/html/wp-content/themes
sudo chmod -R g+w /var/www/html/wp-content/plugins

[/box]

Configuring WordPress

Run the following, and it will return a large block of incomprehensible text; 

[box]curl -s https://api.wordpress.org/secret-key/1.1/salt/[/box]

COPY THAT TEXT TO THE CLIPBOARD (Yours will look different to the one above!)

Now edit the wp-config.php file, when its open go the the section that ‘looks like’ the text you copied above and paste your text over the top.

[box]nano /var/www/html/wp-config.php[/box]

While you are still in the file, you need to enter the database settings you setup in Part One. Near the top of the file you will see there’s a space for database name, username and password.

Enter your settings;

Save and close the file.

Now if you browse to your website, you should see the WordPress language selection, select your language and enter the settings and logon details for your website.

You will be logged into your sites admin panel (http://your-site/wp-admin). From here you can install new themes, add new plugins, and create new posts. Your website will now be ‘live’.

You may want to consider raising the maximum upload limit before proceeding;

Nginx Error – 413 Request Entity Too Large

If you are migrating data from another WordPress site into this one, see the following article;

Migrating WordPress From One Server To Another

If you are unsure on how to setup DNS records for your website see the following article;

Setting up the Correct DNS Records for your Web or Mail Server

Related Articles, References, Credits, or External Links

NA

Ubuntu: Setting Up a WordPress Website with LEMP – Part 2

KB ID 0001319 

Problem

Back in part one we deployed the server and setup our database, now we are going to setup our nginx web server, and get it to work with PHP.

Solution

Install NGINX

To get the nginx package installed;

[box]sudo apt install nginx[/box]

Now ensure nginx is set to start automatically with the server, and manually start the service.

[box]

sudo systemctl enable nginx
sudo systemctl start nginx

[/box]

Make sure it’s up and running;

[box]systemctl status nginx[/box]

Now the test if the web server is up and running, get the IP address (ifconfig), and browse to the IP address and you should see the nginx welcome page.

Note: If you get a 403 error, issue a ‘cp index.nginx-debian.html index.html‘ command and try again.

Install PHP7

Run the following command;

[box]sudo apt install php7.0-fpm php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl[/box]

Start the service and check it’s running;

[box]

sudo systemctl start php7.0-fpm
systemctl status php7.0-fpm

[/box]

Now to enable nginx to pass information to the FastCGI server (allows php scripts to be executed outside the web server). Your nginx install should be taking its settings from a configuration file ‘/etc/nginx/sites-enabled/default’.  To make sure execute an ‘nginx -t’ command. We need to edit that file.

Note: Below you will want to change the values in red to match your server, and the values in blue are optional. You can remove all the contents of the existing file and paste in the following.

To Edit;

[box]sudo nano /etc/nginx/sites-enabled/default[/box]

[box]

# Default server configuration

server {
listen 80 default_server;
listen [::]:80 default_server;

# Set The Root Directory for the Entire Website

    root /var/www/html/;

# Adding index.php to the list if you are using PHP

    index index.html index.htm index.nginx-debian.html;

# Add The Server IP Address or FQDN

    server_name 123.123.123.12;

# Auto Remove and re-write .htm from requests (to maintain old back-links)

    rewrite ^(/.*)\.htm(\?.*)?$ $1$2 permanent;

# The following does the WordPress Rewrites for the permalinks

      location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
      }

# Allow the user to Cache Static files for 1 year

      location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;
      }

# pass PHP scripts to FastCGI server

     location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
}

[/box]

Now save and exit the file, make sure its ok by running;

[box]nginx -t[/box]

Providing it says ‘successful’ restart nginx.

[box]sudo systemctl reload nginx[/box]

Testing PHP7 Works

Make sure we are up and running on version 7.

[box]php –version[/box]

Now just to be sure we are going to create a test page,  put in some PHP and make sure it works.

Create a file;

[box]sudo nano /var/www/html/test.php[/box]

Pete in the following;

[box]<?php phpinfo(); ?>[/box]

Save and exit the file, then browse to http://{ip-address}/test.php it should look something like the image below.

It’s considered bad practice to have that file on the server, so lets delete it with the following command;

[box]sudo rm /var/www/html/test.php[/box]

 

That’s us with a fully functioning nginx web server thats processing PHP, in part three we will install WordPress, connect it to the database we made easier, and then you will be ready to start posting.

Related Articles, References, Credits, or External Links

NA

Ubuntu: Setting Up a WordPress Website with LEMP – Part 1

KB ID 0001318 

Problem

At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).

So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.

Solution

Installing Linux

You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.

The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.

Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.

Update The Server

It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.

[box]sudo apt update[/box]

In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);

[box]sudo apt upgrade[/box]

Change the Linux SSH Port

Note: If you built the server, you may need to install openssh server.

[box]sudo apt-get install openssh-server[/box]

I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).

Edit the SSH config file;

[box]sudo nano /etc/ssh/sshd_config[/box]

Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).

Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;

Ubuntu: Allow SSH access for ‘root’ user

Don’t forget to restart the service;

[box]sudo service ssh restart[/box]

Protect Your Web Server With a Firewall

Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.

I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.

Run the following commands;

[box]

sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2223/tcp

[/box]

Then enable the firewall, and set it so that it starts when the server reboots, you can also check its status for peace of mind;

[box]

sudo ufw enable
sudo ufw status

[/box]

Install and Configure MariaDB

Like most things Linux, installing MariaDB is simple, run the following command;

[box]sudo apt install mariadb-server mariadb-client[/box]

Then make sure it’s up and running;

[box]systemctl status mysql[/box]

Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back

Set MariaDB to start when the server restarts;

[box]systemctl enable mariadb[/box]

Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;

[box]sudo mysql_secure_installation[/box]

Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.

Create Your WordPress Database

WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;

  • A database name.
  • A username to access the database.
  • A password for that user.

So in the following example I will use;

  • Database Name: PETESDATABASE
  • Username: petesuser
  • Password: P@ssword12345

Execute the following commands one by one;

[box]

sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit

[/box]

 

In Part Two, we will install nginx and PHP.

Related Articles, References, Credits, or External Links

NA