Setting up Apache2, MySQL, PHP
DigitalOcean has published a detailed article1 on setting up your LAMP (Linux, Apache2, MySQL, PHP) stack. These are needed as WordPress runs on PHP and uses MySQL database. Here is a quick run-through of the bare essentials.
- Let’s install Apache.
root> apt install apache2
Apache2 should be installed and have a test page available on port 80 through our static IP address. We will be testing it shortly.
- Let’s get MySQL and add a password. First, let’s install it:
root> install mysql-server root> mysql_secure_installation
You will be asked if you wish to configure a plugin to improve password security. We will be skipping this since we are only using one database user just for WordPress.
root user of the system can automatically authenticate themselves to MySQL based on their UID through
auth_socket plugin. We can see this by opening MySQL prompt (notice that no password is required), and pull up the list of authentication method used by each account.
root> mysql mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
Then, we can configure the
root account to use a password “ChangeMe” and apply new changes as follows:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'ChangeMe'; mysql> FLUSH PRIVILEGES;
We are done with MySQL and we can exit
mysql shell now.
- And finally, PHP. We will install PHP as well as modules / helper packages to integrate PHP with Apache2, MySQL database, and WordPress.
root> apt install php libapache2-mod-php php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip
That’s it for PHP! You can additionally check your PHP installation with
phpinfo(); but remember to delete this off. This function creates a lot of sensitive information about your server and environment that you probably don’t want attackers to find out.
If you want to configure Apache2 to prefer PHP files over others, modify the
/etc/apache2/mods-enabled/dir.conf file to place
index.php first so it looks like so:
<IfModule mod_dir.c> DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule>
We are all done! To finish off the installation, let’s restart Apache2. We can check the status of the service with the second line.
root> systemctl restart apache2 root> systemctl status apache2
Setting up Apache2 Reverse Proxy
Now let us set up Apache2 on our host to fetch request from the Apache in our container. We will see if we can reach the test page generated from the Apache in the container.
- Enable Apache2 proxy modules in our host machine.
host> sudo a2enmod proxy host> sudo a2enmod proxy_http host> sudo a2enmod headers
- Configure your Apache2 in host machine.
host> sudo vim /etc/apache2/sites-enabled/000-default.conf
Modify the file to match something like below:
<VirtualHost *:443> # Listen to this name ServerName blog.warmwolf.com # For identifying the original protocol and port client used RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" # Set up proxy ProxyPreserveHost On ProxyPass / http://10.0.3.101:80/ ProxyPassReverse / http://10.0.3.101:80/ # Some boilerplate config for TLS SSLEngine On SSLCertificateFile "/var/www/www.foo.com/ssl/server.crt" SSLCertificateKeyFile "/var/www/www.foo.com/ssl/server.key" </VirtualHost>
X-Forwarded-Portpasses on information about the protocol and port from the original request. This is important later for WordPress to correctly choose the protocol to use. Recall that clients visit
blog.warmwolf.comon HTTPS (port 443) but the request is relayed with HTTP (port 80).
ProxyPreserveHostpreserves and retains the hostname from the original request.
ProxyPassis our reverse proxy at work. The Apache2 is passing on a path from
ProxyPassReverseis how our Apache in the container affects the Apache in the host. If WordPress decides to head to
http://10.0.3.101:80/new_path, our main Apache in the host will understand to keep our domain and head to
https://blog.warmwolf.com/new_path; not actually
- Let’s restart Apache2 for our changes and new modules to take effect.
host> sudo systemctl restart apache2
The reverse proxy should now be working. Visiting
blog.warmwolf.com should show you the Apache test page from within the container! If this subdomain is not responding, remember to add it to your DNS entries and allow up to two days for it to take effect (DNS propagation).
On the next page, we will set up WordPress.
- On Page 1, we start with a bit of literature so we know what we will be doing later on.
- On Page 2, we create an unprivileged LXC container.
- On Page 3, we set up Apache2, MySQL and PHP in the container. We also set up our main Apache2 as a reverse proxy to serve pages from within the container.
- On Page 4, we set up WordPress inside the container.
- On Page 5, we end with some closing thoughts.