Recently, I have begun hosting several web services on my home network, and have a few projects I’d like to be able to host. I have been hosting my sites on Amazon for a few years, but now that I have a reliable setup, I figured it was time to migrate everything internally. Unfortunately, my current services each have their own servers, and are distinct enough in purpose that pooling them (or new ones) would not make much sense. Most of my upcoming projects will be websites (and it opens up the potential for additional income).
On to my nginx configuration and WordPress install.
I started with a bare CentOS server, added the nginx repo, and installed all the necessary software for this project.
#add nginx repo cat > /etc/yum.repos.d/nginx.repo << \EOF [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/$basearch/ gpgcheck=0 enabled=1 EOF #install nginx yum -y install nginx #install necessary software yum -y install wget mysql-server php-fpm php-xml php-mysql
Now that we have all the required software, we can start to configure it. I'm going to start with the database, but WordPress won't work until all of these steps are completed, no matter what order.
chkconfig mysqld on service mysqld start mysql_secure_installation mysql -u root -p > CREATE DATABASE wordpress; > GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "password"; > FLUSH PRIVILEGES; > EXIT
And now, configure PHP to provide a pool and work within the permissions of nginx, by editing /etc/php-fpm.d/www.conf
listen = /var/run/php5-fpm.sock user = nginx group = nginx chkconfig php-fpm on service php-fpm start
Ok, time to install WordPress:
mkdir -p /var/www/blog/{htdocs,logs}
#download wordpress
cd /var/www/blog/htdocs/
wget http://wordpress.org/latest.tar.gz
tar --strip-components=1 -xvf latest.tar.gz
#update permissions
cd /var/www/blog/htdocs/
chown -R root:root .
chown -R nginx:nginx wp-content wp-admin/update* wp-admin/network/update*
And, finally, configure nginx:
cat > /etc/nginx/php.conf << \EOF
location ~ \.php {
# for security reasons the next line is highly encouraged
try_files $uri =404;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
# if the next line in yours still contains $document_root
# consider switching to $request_filename provides
# better support for directives such as alias
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# If using a unix socket...
fastcgi_pass unix:/var/run/php5-fpm.sock;
# If using a TCP connection...
#fastcgi_pass 127.0.0.1:9000;
}
EOF
cat > /etc/nginx/drop.conf << \EOF
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
EOF
cat > /etc/nginx/conf.d/blog.conf << \EOF
server {
server_name blog.example.com;
root /var/www/blog/htdocs;
index index.php;
access_log /var/log/nginx/blog.access.log;
error_log /var/log/nginx/blog.error.log;
location / {
try_files $uri $uri/ /index.php;
}
location @rewrites {
rewrite ^ /index.php last;
}
# This block will catch static file requests, such as images, css, js
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
# the pattern to be captured into $1 which should help improve performance
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# remove the robots line if you want to use wordpress' virtual robots.txt
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
# this prevents hidden files (beginning with a period) from being served
location ~ /\. { access_log off; log_not_found off; deny all; }
include php.conf;
}
EOF
#Ready to configure WordPress
cp /var/www/blog/htdocs/wp-config{-sample,}.php
chown -R nginx:nginx /var/www/blog/htdocs/wp-config.php
sed -i -e 's/database_name_here/wordpress/' wp-config.php
sed -i -e 's/username_here/wordpress/' wp-config.php
sed -i -e 's/password_here/wordpresspassword/' wp-config.php
SALT=$(curl -L https://api.wordpress.org/secret-key/1.1/salt/)
STRING='put your unique phrase here'
printf '%s\n' "g/$STRING/d" a "$SALT" . w | ed -s wp-config.php
sed -i -e 's/\r$//' wp-config.php
To make sure we can get to the server:
COUNT=`expr $(iptables -L INPUT | wc -l) - 2`; iptables -I INPUT $COUNT -m state --state NEW -p tcp --dport 80 -j ACCEPT
At this point, just navigate to the WordPress site, blog.example.com, and follow the prompts. Permissions should all be set appropriately so that everything should be possible from the site itself.
References
