WordPress Install on Azure Ubuntu 18.04

For the last 12 months I had been using DigitalOcean for the hosting of this website. I’d get the occasional ‘website unavailable’ error but a quick reboot of the droplet normally fixed any issues. That was until this month when it appears as though the site became compromised even though WordPress and the underlying Ubuntu image were set to auto update. Whenever you visited the site you would get redirected to a ‘different’ site!

Because I hadn’t got around to making backups (I know!) I took the decision to simply drop the content I had, and move back to Azure where I knew I could manage both the backups and updates along with monitoring better than I could with DigitalOcean. So, the first post here is an update on installing WordPress on an Azure Ubuntu 18.04 VM.


Azure VM

I am basing the site off a “Standard B1ms” image in Azure which gives 1 x vCPU and 2Gb vRAM. This should be more than enough for the site of site I have and can easily be upgraded in the future if required.

I am also using the standard Ubuntu 18.04 image from Microsoft rather than anything pre-built with WordPress.

I am using a single Resource Group based in UK South which contains:

  • Virtual Machine (+ NIC, PIP & OS disk)
  • VNET
  • Network Security Group (associated to the subnet)
  • Recovery Services Fault for backup

The Automation Account used for automatic updates to the OS is located in a different Resource Group.


Ubuntu

Before moving onto the installation of MySQL and WordPress there are a couple of items that need to be completed on the OS first:

sudo apt update
sudo apt upgrade -y
sudo apt dist-upgrade -y
sudo apt autoremove -y
sudo dpkg-reconfigure tzdata
sudo reboot

MySQL / MariaDB

The following commands will install MariaDB and also secure the installation:

sudo apt -y install mariadb-server
sudo mysql_secure_installation
	<Set a root password>
	<Remote anonymous users> 
	<Disallow root login remotely> 
	<Remote test databases> 
	<Reload privilege table>

Once the above is completed you can go onto create the database and user:

sudo mysql -u root -p
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT;

Apache Config

There are two parts to the Apache config. This one is all about setting Apache up and getting it ready for WordPress. The following will install Apache along with the dependencies we require for WordPress:

sudo apt update
sudo apt install apache2 -y
sudo apt install php libapache2-mod-php php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip php-imagick -y

We then want to ensure that PHP files are seen as priority over anything else when someone browses to the site. To do this ensure that the file /etc/apache2/mods-enabled/dir.conf mirrors the following with index.php at the start of the list:

sudo nano /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

We now need to create the vhost config file for Apache:

sudo nano /etc/apache2/sites-available/wordpress.conf

Paste the following into the file:

<VirtualHost *:80>
        ServerAdmin webmaster@server.com
        DocumentRoot /var/www/wordpress
        <Directory /var/www/wordpress>
                AllowOverride All
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

We then need to enable this new configuration and disable the default:

sudo a2ensite wordpress.conf
sudo a2dissite 000-default.conf

Finally, enable the rewrite module which is used by WordPress and various plugins and then restart Apache:

sudo a2enmod rewrite
sudo systemctl restart apache2

WordPress

Now we can install WordPress and get it configured. Firstly, download the latest version of WordPress into a temporary location and un-compress:

cd /tmp
curl -O https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz

Create the .htaccess file for WordPress to use at a later point:

touch /tmp/wordpress/.htaccess

Next, copy over the sample config file to one which WordPress can read and create the upload directory for use later before copying the entire directory into the correct location:

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
mkdir /tmp/wordpress/wp-content/upgrade
sudo cp -a /tmp/wordpress/. /var/www/wordpress

The following commands will set the correct permissions on the files and folders we have just copied across:

sudo chown -R www-data:www-data /var/www/wordpress
sudo find /var/www/wordpress/ -type d -exec chmod 750 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 640 {} \;

Now we need to setup the WordPress config file for our installation. The following will generate unique values which you need to place into your config file:

curl -s https://api.wordpress.org/secret-key/1.1/salt/

It is important to note that these values are specific to you and the time you ran the generator. Once you have these values you need to edit the main WordPress config file and input them:

sudo nano /var/www/wordpress/wp-config.php

You should be replacing the dummy lines that already exist within this file with the ones the generator provided. With this file still open we can then change all of connection settings which are at the beginning of the file:

define( 'DB_NAME', 'database_name_here' );

define( 'DB_USER', 'username_here' );

define( 'DB_PASSWORD', 'password_here' );

define( 'DB_HOST', 'localhost' );

Apache Config – SSL

Before continuing with the WordPress install, it is a good time to complete SSL enabling the site using LetsEncrypt. I have used LetsEncrypt lots in the past and is a great and easy way to achieve traffic encryption without having to spend any money!!

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache

Once the required packages have been installed you will then enter the wizard which will ask you the following questions:

  • Enter an email address for renewals and security updates: <your email>
  • Do you agree with the T&C’s?: (A)gree/(C)ancel
  • Share information?: (Y)es/(N)o
  • Enter your domain name: <your domain name>
  • Virtual host: <select wordpress-le-ssl.conf>

The certificate will auto renew every 90 days automatically but you will get an email from LetsEncrypt if there are any issues with this process.

Once this is complete you can now go to https://<yourdomainname> to complete the installation of WordPress.


References

Leave a comment