WordPress Hosting Series

This how-to series will walk you through setting up your home hosted WordPress web server on Ubuntu 14.10 on a redundant virtualized infrastructure

 

Following this guide will allow you to do the following:

1)      Select the Proper Hardware for your home hosting environment

2)      Install and configure a Nexenta SAN

3)      Configure ISCSI Initiator and Target

4)      Install VirtualBox

5)      Install a Ubuntu Server inside of VirtualBox

6)      Configure Apache

7)      Install WordPress

8)      Troubleshoot your installation

9)      Setup Domain Name Mappings

10)   Configure your firewall

11)   Secure Your installation

12)   Provide a workaround for when you want to do a test install of WordPress when you don’t own the DNS name on the internet

13)   Select Plugins for WordPress

14)   Select a theme for your WordPress install

15)   And much more

To see a 40,000-foot overview of what we are going to setup, please take a look at this first video:

This will help you understand how all the pieces fit together.

Also, if you have no idea what virtualization is then please take a look at the video at this link:

https://rawcell.com/virtual-machines-what-are-they/

Please take the time to register a domain name on the internet and to obtain your static IP address from your internet service provider to avoid the majority of the difficulties that this install can cause.

Map your static IP address given to you by your provider to the domain name that you have purchased.

You will be replacing in this video where I refer to mydomain.com or whateveryourdomain.com  with the name of the domain that you  have purchased.

You should make sure that you watch this full video series as it’s shown here once through before following along with it to actually perform the installation. This will give you a good understanding of how it all goes together before you begin.

Also please take a look at these links in order to help you understand they types of hardware you will need to setup your virtualized environment.

The amount of hardware that you purchase will vary with the complexity that you choose for your installation.

The maximum hardware that you would need to purchase is:

Two machines for a mirrored Nexenta SAN install

Two machines for installing your virtual environment (the exact setup depends on the virtualization solution that you choose and the price will vary greatly as well)

Two pfSense firewall hardware boxes (NOTE: FOR A REDUNDANT pfSense Setup with 2 LANS YOU WILL NEED TO HAVE 8 GIGABIT ETHERNET PORTS TO SUPPORT GIGABIT WAN LIKE GOOGLE IS NOW OFFERING (EVENTUALLY OTHER ISP’s WILL FOLLOW SUITE)

http://www.tmworld.com/electronics-news/4380071/What-does-GT-s-mean-anyway-

http://ark.intel.com/products/family/46829

STAY TUNED I AM LOOKING FOR SUPER MICRO CASES THAT ARE CAPABLE OF SATURATING 8 GIGABIT ETHERNET PORTS FOR USE AS pfSENSE GIGABIT FIREWALLS. WILL POST HERE SOON! NO DOUBT, IT WILL BE A MOTHERBOARD THAT SUPPORTS PCI-e 2.1 or 3.0 with x16 or x32 LANES.

ALSO A FAST BACK-PLAIN AND SUPPORT OF 128 GB of MEMORY OR MORE IS NECESSARY AS WELL AS 4 HIGH-END XEON PROCESSORS.

Two WAN ISP connections

Take a look at these documents to get an idea of the potential hardware you might select.

https://rawcell.com/esx-white-box/

http://www.netgear.com/business/products/switches/smart-switches/smart-switches/gs108t.aspx#four

http://store.netgate.com/Netgate-FW-7541-P1846.aspx

http://www.hacom.net/catalog/pfsense/jupiter (high end for gigabit Ethernet internet connections)

http://www.pcengines.ch/alix.htm (low end up to 50 MB/s Internet Connections)

To find out about how necessary fancy iSCSI host but adapters are: Read this

http://www.las-solanas.com/storage_virtualization/iscsi_san_faq.php

For most installs CAT 6a is more than sufficient. If you are really rich and can afford 10G Ethernet then you will need to follow this guide:

http://www.techdata.com/(S(gec5go45l3e3a2ecpbinz055))/netgear/files/NETGEAR-Whitepaper-10_Things_10_Gigabit-v1.pdf

Depending on how far you want to take it you could easily get away with half the hardware since the list above will allow you to setup a high available installation.

Also, take a look at this Overview of iSCSI document:

http://www.snia.org/sites/default/education/tutorials/2008/fall/networking/WolfgangSinger_NAS_and_ISCSI_Technology_Overview.pdf

Also please take a look at the Nexenta HCL (Hardware Compatibility List) to help you select the most compliant hardware for your SAN, although I have worked with it on many types of Super Micro boards without a problem.

If you have the time check out this forum for to read the ramblings of fellow geeks that have gone there before you!

http://hardforum.com/showthread.php?t=1675656

Although I covered this in part 11 of the video series, I feel that it is important to learn how to do this part first, since it avoids a lot of hacking to get it working.

Please follow this video segment to learn how to purchase a domain for only 99 cents for one year.

It also gives you an understanding of why you shouldn’t use DynDNS but instead, you should use static IP addressing if you can afford it.

I also cover

How to map your domain name to a static IP.

How to setup a Virtual IP address on your pfSense firewall

How to implement port address translation or 1 To 1 NAT mapping.

I also suggest proper ports to forward to your Ubuntu Web Server.

This Segment Covers the Following:

Downloading and Installing Nexentastor  Video

Mirroring Your Nexentastor SAN System Partition

Registering Your NexentaStor SAN

Configuring the Nexentastor SAN

Setting Up Primary Interface and Static IP

Multiple Interfaces for SAN Console and ISCSI Traffic

Setup Management Protocol (HTTP vs sHTTP)

A Bit About the SSL Certificate

Configuring HostName  Domain Name  Timezone and NTP

Configuring a Root Password and Admin Password and Password

 

Complexity and Storage

Setting up Nexentastor Email

First Note about Registering Domain and Static IP

Configuring Other Interfaces

Configuring Initiators

Configuring Multi-Tiered Storage Pool

Verify  Compression  Deduplication

Configuring RAID and Zpool

Creating Zvol

Creating Initiator Groups

Additional Initiators and MultiPathing

Creating Target Groups and Adding Targets and Multipathing

Creating ISCSI Target Portal Groups and Assigning Address and Port

This Segment Covers the Following:

 

Creating an ISCSI Initiator for Windows

Configuring Windows ISCSI Initiator

Initializing ISCSI Initiator Service

Setting UP DNS Name to IP for Nexenta SAN

Connecting to an ISCSI Target Portals using Windows ISCSI Initiator

Auto Configure of Volumes

Using Computer Manager to Create Partition on ISCSI SAN Share

Initializing Disks

Creating MBR

Formatting Disk

Installing VirtualBox (Separate Video)

Virtual Disk and Mapping it to VBOX Virtual Hard Drive

Setting up DNS Host Name in pfSense Firewall

This Segment Covers the following:

 

Downloading Ubuntu 12.04 LTR

Installing Ubuntu 12.04 Server in VBox on ISCSI Share Part I

Configuring Keyboard

AutoDetect vs Manual vs Dvorak vs QWERTY

Configuring HostName

Creating Primary User

Proper Selection of Usernames and Passwords

Proper Password Change Schedule

Physical Security and Encryption of Home Directory

LVM

Configuring Disk Sizes and Effects on Linux Guest

proxy server

Installing Ubuntu 12.04 Server in VBox on ISCSI Share Part II

Installing Security Updates

Selecting LAMP Server Install Packages

mySQL Passwords Configuration and Proper Complexity

Configuring GRUB in MBR for Ubuntu Server Guest

RAM Requirement for Video Card

Booting Ubuntu Server for the First Time

Selecting XFCE Desktop and Security Considerations

Using Apt Package Installer

apt-get update (Updating Repository)

apt-get upgrade (Install Updates)

Setting Password for Root User and Sudo User

Finding the XFCE package

apt-cache search XFCE

apt-cache search XFCE | grep -i Desktop

Installing  XFCE4

Installing VirtualBox Guest Tools and Overview VMWare Tools Process

Mounting CDROM

Running vboxLinuxAdditions.run

Loading XFCE Desktop

Rebooting Ubuntu

Advantages of GUI Desktop and Terminals

Configuring Network

gedit interfaces

Setting Up Static Addressing

iface eth0 inet static

address

netmask

gateway

dns-nameservers

gedit /etc/hosts

Initial Assignment of Host Names

service network restart

sudo bash (Creating Privileged Command Prompt for Multiple Elevated Commands)

Adding Video Card Memory to VBOX GUEST Continued

What to do if XFCE Fails to Start

Note: We later discovered the XFCE desktop would not start due to a mouse integration problem with v-box. Inserting the USB mouse into the guest by clicking on Devices on the VBox Guest top menu and selecting USB devices and selecting the mouse and then when the guest has the mouse focus entering startx. When the ubuntu Server has loaded the XFCE desktop one needs to hit Right Ctrl+ Home Key to highlight Virtualbox guest menu and using the arrow keys to select devices. Next  got USB devices then right arrow followed by up and down arrows to highlight the mouse and hitting enter on it to regain normal mouse control. I am not sure what causes this but it might have something to do with a configuration in the guests x windows settings. I am leaving this up to the smart community to help me come up with a better solution than this USB mouse insert into guest VM   start x and then remove USB mouse from guest kludgy workaround.

sudo dpkg-reconfigure xserver-xorg

Recover XFCE Desktop

Command to Remove XFCE Desktop (Purge XFCE Desktop)

https://rawcell.com/uB8Au

Configuring Host file Before Installing XFCE Desktop Advantages

Monitoring of SAN Storage for Space

Opinion on Proxy Servers

Don’t get me wrong proxy servers fill an excellent nitch in the security of a network. Unfortunately they are too temperamental and often block traffic that they shouldn’t. I wouldn’t recommend implementation of one on any network without a highly skilled Proxy Server Specialist on site.

 

This Segment Covers the Following:

Configuring Apache for the WordPress Install

Privileged Command Prompt

Copying Configuration Files that Make WordPress Work (Click to Download)

https://rawcell.com/RGTFD

Launching Firefox from Inside XFCE Desktop

Downloading the Files

WGET As An Alternative

Installing Unzip

Extracting Custom Apache Config Files

Copying Files to Apache Directory

Relevant WordPress Configuration Files Setup

Nicely Highlighted, Bolded, Annotated,  and Colored Configuration Files Located Here

This Segment Covers the Following:

ports.conf

Sites-Available Configuration

default

mydomain.com

Copy to Proper Domain Name

Required Edits

Make Directory for Placing WordPress Into

Downloading WordPress

Copy and untar latest.tar.gz and Removing WordPress Directory

Fix for Video For Second Copy of Domain Name (just in my case)

pinging mydomain.com (We need a fix since we don’t own this domain. In your case, you more than likely will own the domain (unless it’s just for testing purposes) so you won’t need to fix it.

Proper Domain Links Inside Web Server for Apache

rm -rf whatevermydomain.com

ln -s ../sites-available/mydomain.com mydomain.com

nano mydomain.com (Setting Redirect IP Address) This should always point to your internal address

Recreating /etc/apache2/sites-enabled Entry This entry should always point to your internal address

rm -rf 000-default

Re-Entering IP Address to /etc/apache2/sites-enabled/mydomain.com

Note this step would be an internet address if you owned the domain.

Single Instance vs Multi-Site WordPress Install Overview

Method 1 Installing Sub-Instances of Apache

Using this method one can have multiple instances of a web server running  each connected to an IP address.

Method 2 Installing WordPress in Multi-Site Mode

WordPress can be installed in a multisite mode where each instance is a sub-instance of WordPress rather than as separate instances of a web server.

Registering Domain and Mapping Static IP

pfsense Firewall Configuration (Static MAC Address to IP Mapping to Internal Server Name)

Note: The Video is in Error. One Mapping is necessary the mapping of internal WEB Server IP to the domain name since this won’t appear on the internet and you would not want it to appear when pinging on the internet. This is an error in my video narration! The Static mapping in /etc/hosts and c:/windows/system32/drivers/etc/hosts are only fixes and are not needed if you first register your domain and map your static IP to the domain and put the NAT mappings on your firewall.

DNS Forwarder Entry on pfSense Firewall

Saving and Applying Changes in pfSense

pinging web-srv-WordPress

Removing Temporary FIX Entries from HOSTS Files on both Windows and from Ubuntu 12.04

Ctrl+K in nano to remove line

Moving the WordPress Install Out of the WordPress Folder

mkdir whatevermydomain.com

cd /var/www/whatevermydomain.com

wget http://wordpress.org/latest.tar.gz

tar -xzvf latest.tar.gz

cp -R * ../

rm latest.tar.gz

rm -rf wordpress (Removing WordPress Folders and Files)

clear (clear Screen Command)

This Segment Covers the Following:

 

Installing phpmyadmin

Launching phpMyAdmin from a Command Line

firefox http://localhost/phpmyadmin from a Command Line

(Once it is working do the next step and retest to make sure it is still accessible from localhost)

Making phpmyadmin Available Only on LOCAL Domain

Download using wget https://rawcell.com/wp-content/uploads/apache.conf.tar.gz and follow the Instructions at

https://rawcell.com/wordpress-install-configuration-files/

Creating & Configuring Database for WordPress

Selecting A Good Database Name

Configuring Secure User on Database

Accessibility of Root User to Database Locally and Remotely (A Golden Nugget Not Contained in Video)

Go to this web page from the server and download the following file:

https://rawcell.com/wp-content/uploads/apache.conf.tar.gz

or from a command line do a

wget https://rawcell.com/wp-content/uploads/apache.conf.tar.gz

tar -zxvf apache.conf.tar.gz

sudo chown root:root apache.conf

mv apache.conf /etc/phpmyadmin/apache.conf

rm apache.conf.tar.gz (for security reasons)

ls -al /etc/phpmyadmin to confirm it has been properly placed

make sure there is a hard link to the file by doing an  

ls -al  /etc/apache2/conf.d/phpmyadmin.conf

for security reasons perform a

sudo gedit /etc/phpmyadmin/apache.conf and review its contents.

 

This Segment Covers the Following:

 

Proper Domain Links Inside Web Server for Apache

rm -rf whatevermydomain.com

ln -s ../sites-available/mydomain.com mydomain.com

nano mydomain.com (Setting Redirect IP Address) This should always point to your internal address

Recreating /etc/apache2/sites-enabled Entry This entry should always point to your internal address

rm -rf 000-default

Re-Entering IP Address to /etc/apache2/sites-enabled/mydomain.com

This Segment Covers the Following:

 

firefox http://mydomain.com/wp-admin/install.php

404 Error on Website

Troubleshooting

Configuring c:/windows/system32/drivers/etc/hosts with Temporary host Entries

add the following entries:

192.168.1.161 mydomain.com

192.168.1.161 web-srv-wordpress.mydomain.com

192.168.1.161 web-srv-wordpress

192.168.1.161 www.mydomain.com

nano /etc/hosts (Adding Entries On One Line)

191.168.1.161 web-srv-wordpress wordpress.mydomain.com mydomain.com www.mydomain.com

nano mydomain.com (Setting Redirect IP Address)

Pinging by domain name to test

>

This Segment Covers the Following:

 

Creating User and Group that Apache Runs Under

Editing /etc/apache2/envvars to set user and group apache runs under

APACHE_RUN_USER=apache

APACHE_RUN_GROUP=apache

ctrl+o to Save ctrl+x to Exit

Creating Apache User and Apache Group

groupadd apache

useradd -G apache apache (add user apache to group apache)

Assign Password to User Apache

Setting Up File System Permissions

Attempt to Starting Apache Service

Failure of Apache Service waiting /var/lock/apache2 already exists but not owned by apache

service apache2 stop

Change Ownership of files in /var/www

Removing Defunct Lock on Apache Service and Restart Apache service

This is a very good place to take a Virtual Machine Snapshot from VBOX or from SAN of Virtual Ubuntu Server 12.04 Guest

Rollbacks and Snapshots Advantages from SAN and From Virtual Guest

Returning to Snapshot in Virtualbox

Returning to Previous Time with Other Vendor VM’s

Simple Script for Putting Proper Permissions On Files After WordPress Install is

Completed (Just Before Going Live)

Take Post Fix Snapshot

 

This Segment Covers the Following:

 

The Actual WordPress Installation

firefox http://www.mydomain.com/wp-admin/install.php

Installing WordPress

Click on “Create a Configuration File” to Start Install

Click on “Let’s Go” to Continue!

Configure Database Name

Configure Username Previously Configured on the Database (WP-MySQL-Admin)

Configure Password

Configure to run at localhost (keep localhost at the default)

Table Prefix wp_ is the default change it to wp_mydomain_ (where mydomain is the name of your domain)

Screendump Snapshot

Run Installer

Entering Site Title

Assigning a WordPress Administrative Username

Creating a Password That is Unguessable and Unique

Password Complexity

Storage Reminder

Enter Email

Enter Password

Click Install WordPress

Logging Into WordPress for the First Time

Appearance Themes

Searching for a Theme

Installing a Theme

Activating a Theme

Testing User Access to Domain

 

This Segment Contains the Following:

 

Warning of Site Being Available Only Locally

If you add the entries to the local host files then that means that your domain is only available locally. You must add entries that map your static IP on your firewall (or use DnyDNS). You get the static IP from your internet provider and you then must map your DNS domain name which you purchased from 1&1.com to the IP address given by your provider.

Our Site PressWork Theme

Securing WordPress

Long Passwords

I would suggest that passwords be over 20 digits in length  although the general recommendation is 17 digits in length. I would suggest changing them every 45-60 days. They should contain capital letters  small letters  numbers and symbols. You might choose a password like: The LHC has found the GOD particle! 643. Different Username & Passwords for Each User

You should choose different passwords for every account that is created root  ubuntu user  database  WordPress  etc.   etc.

Password Storage

You should store these passwords in a physical safe in a secure area for reference.

One Admin User  — Create only one Full Admin user for WordPress. Keep the passwords long and store it in a safe.

Captcha’s — Captcha plugins will prevent robot based hacking attempts on your site from being successful. I have a couple of captcha plugin suggestions: For the login use: Captcha on Login Plugin. For comments that people post to your site use: NuCaptcha plugin.

Different Database Username and Password — I can’t stress it enough use a different username for the database and a long password. And make phpmyadmin accessible only from the localhost. Choose a username for it that is obscure and hard to guess.

Selecting and Installing Plugins in WordPress

Plugins from WordPress Site

The WordPress site has an advantage that the plugins are monitored for rogue code. However, the problem with the current policy used by the WordPress people is that updates to the plugins come from the third party site. This leaves an avenue for rogue programmers to inject malware  spyware or viruses during updates to the plugins. A situation I hope the WordPress folks resolve in the near future.

Paid for Plugins

Paid for plugins can offer quality over free ones. However several instances of rogue plugins being created and themes being created that mess with your site. I recommend doing a snapshot before you go and install any plugins.

SEO Plugins

I would highly recommend one SEO plugin in particular. WordPress SEO by YOAST.

Risks and Rewards

PressWork Offensive Tweets

I discovered that the PressWork theme installs a tweet plugin which defaults to the PressWork tweet account. The problem is due to a bug or due to purposeful code problems  I was unable to change the tweet account to my own and the tweet account contained some very offensive tweets that do not look good on a corporate website.

Social Media Malware

There has been a recent occurrence that a seeming legit plugin for Social Media on the WordPress site had an update that contained spam and it was made difficult to remove once installed. It took me two days to clean out the malware. So remember snapshots and VM clones and backups are your friends!

Recommended WordPress plugins

I would recommend that the following decent plugins are amongst the many great plugins out there.

NOTE: I have no affiliation with the makers of any of the themes or the plugins so I get no kickbacks from suggesting them to you!

I found many plugins slow can slow down your site, for instance, google analytics was a huge problem  so take snapshots  write down the things you change in chronological order with a timestamp and make frequent backups and don’t make too many changes at the same time!

404 to Start Lets you design a nice page when page not found errors occur. Couple this with a menu maker plugin like jQuery Vertical Accordian Menu where you create a menu that contains a copy of every page listed in one column will allow anyone to find pages that have changed location easily. My missing link page can be found at: https://rawcell.com/missing-link so you can get an idea how it works!

Many of the slide show plugins are fancy and give your website a little zing. But I find that most of them are not supported on all types of devices like an android mobile phone. This is likely to change as HTML5 adoption becomes universal  but, for now, I find these plugins to be insufficient.

Google Docs Shortcode allows you to embed google docs into your website  very handy!

Daily Stats: A rather simple stats plugin  leaves a lot to be desired but it doesn’t slow down the site like most plugins I have found.

Comment Disable Master: Allows you to disable comments on certain pages. A very important feature to have!

Quttera Web Malware Scanner  BulletProof Security are great security enhancing plugins that I would even recommend purchasing the paid for versions.

Advanced YouTube Embed With Google Analytics -like Stats  by Embed Plus. With this plugin, you can embed your youtube videos and get stats.

Shareaholic | share buttons  analytics  related content

Short URL allows you to use shortcodes. A handy thing for posting on REDDIT  or for TWEETING where you have very few characters available to get your message across.

Slingpic allows easy sharing of pictures from your website by users.

Updraft Backup/Restore a plugin allowing backups of your sites data and database to be sent to an email address or to google drive. This gives you another layer of backups besides snapshots and san LEVEL Backups.

TinyMCE Advanced A program that allows you to add extra editing buttons for when you create new pages. Also, WP TinyMCE Tables allows you to easily insert tables into your pages

Being Indexed by Google  Bing  Yahoo

Google Sitemap plugin another plugin for creating a sitemap worth a look.

Bing Site Verification Plugin using Meta Tag – Allows Bing Indexing

Part 3: Overview of Cloud Hosting of Your Website

You can opt to host your website on a cloud provider on the internet. Prices range from low to high and offer a wide range of options. These sites allow you to log into either a dedicated server or a Virtual Machine and install whatever you wish. Other providers allow less complete access and control. You get what you pay for is the golden rule  but some great deals are available with Bluehost  since they have just completed a rollout of google fiber. Here are a few other providers out of the many to choose from:

Amazon

Rackspace

1&1 Hosting

Register.com

Mediatemple.net

Bluehost

See the forum  to start a discussion about these providers or others. Or for more community tips!

Conclusion

Thanks for Watching

Other Videos at https://rawcell.com

Global Energy Solutions