Digital Ocean provision a virtual server in less than one minute and if you are estimating high volume traffic to your website then one must consider either virtual or dedicated server.

Shared hosting is good for startup and it comes with limitation whereas virtual server provides full control but require setup and configuring them properly to get the best performance.

I selected DigitalOcean for Best Flare and thought to share the instructions, which I followed to get WordPress running on CentOS with Nginx, MYSQL & PHP-FPM. This assumes you already have created droplet and you have received IP, User & Password.

Getting Started – Initial Basic Configuration & Securing CentOS

First-time login and Change the Password

  • Login into IP provided by Digital Ocean and it will prompt to change the password at first login.
Chandans-iMac:~ chandan$ ssh [email protected]
The authenticity of host '128.199.100.xxx (128.199.100.xxx)'
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '128.199.100.xxx (RSA) to the list of known hosts.
[email protected]'s password:”Enter Your Password Here”
You are required to change your password immediately (root enforced)
Changing password for root.
(current) UNIX password: ”Enter Your Password Here”
New password: ”Enter Your New Password Here”
Retype new password: ”Enter Your New Password Again

So now you have changed the password of root and it’s time to create a new user and provide sudo permission.

Create a new user and provide sudo permission

As a good practice, you don’t want to use root all the time instead create a new user and provide sudo privilege.

  • Create user by using adduser command
[[email protected] ~]# adduser chandan
  • Change password of newly created user with passwd command
[[email protected] ~]# passwd chandan
Changing password for user chandan.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Now, I have created a new user called “chandan” and set the password. It’s time to add “chandan” to sudo privilege.

  • Execute the following command
/usr/sbin/visudo
  • Look for
## Allow root to run any commands anywhere
root   ALL=(ALL)       ALL
  • and add newly created user below the root so like this
## Allow root to run any commands anywhere
root   ALL=(ALL)       ALL
chandan ALL=(ALL)       ALL
  • Save the file and exit

Let’s verify if you can login with new user and have sudo permission

  • Login to your server with new user
Chandans-iMac:~ chandan$ ssh [email protected]
[email protected] password:
[[email protected] ~]$
  • Let’s test sudo with yum command.
[[email protected] ~]$ sudo yum search http
[sudo] password for chandan:
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile

As you can see, new users can sudo to execute privileged command now.

Change default SSH port in CentOS 6

By default SSH port is 22 so if someone knows your server IP they can attempt to login with default port. However, by changing this port to something else will add an additional layer of security.

  • Modify the configuration file by executing
sudo vi /etc/ssh/sshd_config
  • Search for port and change from 22 to something else between 1025 and 65535. In this example, I have kept 5000.
Port 5000
  • Reload the configuration by executing

service sshd reload

[[email protected] ~]$ sudo service sshd reload
Reloading sshd:                                           [ OK ]
[[email protected] ~]$
  • So now, you can’t get into your server with default SSH port 22 and must login by passing port number. Let’s test out.
Chandans-iMac:~ chandan$ ssh [email protected]
ssh: connect to host 128.199.100.xxx port 22: Connection refused
Chandans-iMac:~ chandan$

You see I am getting connection refused with port 22 so now will log in with 5000 port

Chandans-iMac:~ chandan$ ssh -p 5000 [email protected]
[email protected]'s password:
[[email protected] ~]$
  • Default SSH port is changed successfully.

Changing the TimeZone in CentOS 6

This may not be required if you are in same time as server a is. However, if you need to

  • Execute date command to verify the time zone
[[email protected] ~]$ date
Thu Jun 11 21:18:33 EDT 2015
[[email protected] ~]$

I am in Singapore so EDT is not good for me. All time zone file is located under /usr/share/zoneinfo so first you got to find the required one then create symbolic link from zone file to /etc/localtime

[[email protected] ~]$ sudo ln -s /usr/share/zoneinfo/Singapore /etc/localtime
  • Let’s verify the date and time now
[[email protected] ~]$ date
Fri Jun 12 09:30:22 SGT 2015
[[email protected] ~]$
  • Now, my server is in my time zone.

Secure from Brute Force attacks using Fail2Bank

Fail2Bank will help you to prevent brute force attacks on your server. In default installation configuration, Fail2Bank will monitor SSH only, however, if you wish you can configure for other services like HTTP, SMTP, etc.

Fail2Ban is not available in CentOS repository so you got install EPEL repository first.

sudo yum install epel-release
sudo yum install fail2ban

You may take a look at /etc/fail2ban/jail.conf to understand how it works.

Install Nginx, MySQL, PHP & WordPress on CentOS 6

It’s time to get ready for WordPress and it’s pre-requisite installation.

Install MySQL

sudo yum install mysql-server
  • Let’s secure MySQL by executing
sudo /usr/bin/mysql_secure_installation

It will prompt to enter current password for root but as you have just installed you can just press enter because there is none.

Next, you can follow the instructions on the screen. Actually, all of them are Y.

Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL installation should now be secure.
Thanks for using MySQL!
  • Restart MySQL to ensure it’s coming up good.
sudo /etc/init.d/mysqld restart
  • MySQL is installed and secured now.

Install Nginx

  • Nginx can be installed directly using yum as below.
sudo yum install nginx
  • Once installed, let’s start it.
sudo /etc/init.d/nginx start

Install PHP-FPM

  • Let’s install PHP by the following command
sudo yum install php-fpm php-mysql

Install WordPress

  • Download latest WordPress version by using wget
wget http://wordpress.org/latest.tar.gz
  • Extract the download file
gunzip –c latest.tar.gz | tar xvf –

It’s time to create the WordPress database and user to get the WordPress installed.

  • Log into MySQL
mysql –u root –p
  • Create a database
  • Below will create a database called CHANDAN. Off course, you want to change this name by replacing CHANDAN to something else. You will also need to grant all privileges, as it’s needed for WordPress installation. Here is the snapshot with the commands highlighted in yellow .
[[email protected] tmp]$ sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 16
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> create database CHANDAN;
Query OK, 1 row affected (0.01 sec)
mysql> create user [email protected];
Query OK, 0 rows affected (0.00 sec)
mysql> set password for [email protected]= PASSWORD("CHANDAN");
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on CHANDAN.* to [email protected] identified by 'CHANDAN';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
[[email protected] tmp]$
  • Copy extracted WordPress folder to your document root. In Nginx, it would be /usr/share/nginx/html
  • Install php-gd module, as this is needed for form.
sudo yum install php-gd
  • Now, access WordPress installer by accessing your IP and add /wp-admin/install.php

For ex: http://youripaddress/wp-admin/install.php

  • Follow the instructions on the screen and you are all set.

The last step would be configured Nginx, MySQL & PHP in autostart so they get started when you reboot your server.

Go to /etc/init.d and execute following commands

sudo chkconfig --levels 235 nginx on
sudo chkconfig --levels 235 php-fpm on
sudo chkconfig --levels 235 mysqld on

Woho! That’s all for today and hope you like it. You may refer DigitalOcean knowledge base for more. And yes, if you consider subscribing DigitalOcean please feel free to use my referral link here, I would appreciate it.

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *