Of all the choices of Linux distros, Debian is our flavour of choice — it’s a source distro and doesn’t have any meddling into the OS incurred by means of repackaging.
Video Transcript
Creating a New Droplet
0:07 so today we are going to spin up a digital ocean droplet and install wordpress on it
0:15 I’m logged into my digitalocean account and we’ll go ahead and click on create
0:21 droplets. I’m going to go with the latest version
0:28 of debian and we’ll just go with a basic shared
0:34 cpu with a regular intel with ssd
0:40 It’s got 1gb one cpu 25gb of ssd disk and 1000 gb of transfer.
0:47 We don’t want to add a block storage I’m going to choose the region as san francisco data center 2.
0:57 the benefit is that most of the it companies are located in California so having a droplet there speeds up your
1:04 api latency etc. You can select some additional
1:12 options here like ipv6 networking
1:19 user data I’m just going to enable monitoring for now because that allows us to collect cpu
1:25 load and all that other data. For the authentication I’m just going to go with a password for now
1:32 I’m going to type in a password.
1:41 I’m going to give it a hostname of demo, you can enable backups,
1:50 for this price it’s taken once every week and stays for four weeks
1:57 create
2:02 and now just waiting for it to complete
2:30 so the droplet has been created and if you just want to check what’s happening you can just click on console
2:44 and there you see the login prompt i am going to close out the console and we are just going to use
2:52 the command line so I’m going to open windows terminal I’m in on uh windows 10 insiders
3:00 but you can also use putty for this so I’m going to go ahead and use this ip
3:06 address on debian by default it’s going to be the user is going to be root
3:12 so ssh root at
3:23 the first time you connect is going to verify the fingerprint
3:30 yes so now that we are in we’re just going to go
3:35 and do a sudo apt get update
3:43 and upgrade just to see if there are any updates pending yes
3:52 and now your droplet is ready to use
Creating a New Sudo User
3:58 so in order to manage your droplet it is highly recommended that you use a non-root account but with a suit
4:05 but with the pseudo privileges so we’re going to create a new user on this debian install and we’re going to
4:13 add a new sudo user so the command to do that is add user
4:18 and I’m going to name it malcur and type in a password for the new user
4:26 verify
4:35 and the user is created now second thing you want to do is you need to add this root you need to
4:43 add this user to the pseudogroup and the command for that is user mod dash a
4:50 uppercase g and the group is going to be sudo and which user do we
4:56 want to add we want to add the user malcu
5:02 and the user is added so now we want to log in as the user and see if everything is okay and it is able to do
5:09 other stuff and use the pseudo privileges so we do a pseudo su
5:16 [Music] and we are logged in as melchio the new user we just created
5:23 will go into the home directory and we are going to do let’s see let’s
5:30 sudo that’s asking for a password
5:39 so we are able to use the studio privileges on this user
Using Sudo but Without a Password Prompt
5:47 so now we want to use the pseudo user but we don’t want it
5:53 to you uh to ask us for a password every time so what you can do is you can edit the etsy sudo as file
6:00 sudo I’m going to use wim as my default text editor let’s see
6:13 and here
6:19 we’re going to type in now p-a-s-s-w-d
6:35 exit out of it so this time it did not ask us for a
6:41 password and that’s how you enable cd commands without having it to request as a
6:47 password every time I’m going to install the um shell
Installing Oh My ZSH Framework
6:56 for this user because it makes it a little easier to customize the shell prompt and also to
7:02 access the history and all that stuff so you can go ahead and search for oh
7:10 my zsh
7:15 this is the command you want to type down but uh for this you need curl and some other
7:20 utilities to be installed in advance so let’s go ahead and install that first so i’ll just go ahead and do a sudo
7:27 apt-get install we need coral to beget jit I’m also going to install
7:36 h top while I’m at it and of course it needs the csh shell enter yes
7:51 so that being installed now we are going to install the actual omega sh framework
7:58 just going to clear out of it and this is the command you need to type
8:03 [Music] it’s going to ask you to change the default shell to zsh
8:09 default is yes it’s going to ask a password to verify and zsh is the default shell
8:20 we are going to add two extensions two plugins basically to oh my zsh
8:27 framework the first one is zsh auto suggestions
8:35 so this is the command you can again go to the get a page and copy this command from there
8:44 the second thing you need to do is install csh completions
8:50 you just go to the get a page for csh completions copy the command from there and enter
8:56 this here and both the plugins have been installed so we are just going to go ahead and
9:01 enable it clear out so
9:07 the file that you need to edit is inside your home directory and it’s called zshrc
9:15 and optionally you can change the theme here agnostic happens to be the most popular
9:25 and that’s what I’m going to use for this for the purposes of this demo
9:30 and here you see the plugins
9:37 so I’m going to add a space and type in zsh
9:43 completions and zsh two suggestions
9:55 hit escape right and exit I’m just going to exit and
10:02 exit and going to change back to the user login as the user again
10:08 just to verify that the shell changes have taken place take an effect
10:18 [Music] and there you see we have the prompt and that’s going to clear it out so
10:24 it allows you to it automatically fills up the commands
10:30 from your history and suggests your comments so i just typed in ls-el and if you type
10:36 ls then you can see that it is suggested suggesting the parameters automatically
10:44 so that’s how you install zsh
Installing AMP in the L-AMP
10:55 so now we’re going to install the lamp server on the system and the command for this thing is this
11:02 so what we are essentially going to do is sudo and apt-get install we’re going to
11:09 install apache and live apache to mod fcg id then of course we need mariadb server
11:17 php the php extension for mysql php extension mba string zip
11:25 gd and of course the package php dash fbm which is going to install the php
11:31 dash fpm service and all hit enter
11:40 enter
11:47 so all these services are installed all these packages are installed now what we need to do is uh we need to
11:52 enable these services so for that now we need to enable essentially three services
11:58 sudo system ctl [Music]
12:08 apache php fpm and
12:16 mariadb and then you can start these services
12:29 start apache
12:43 now the next thing we want to do is uh secure the mysql installation for that the command is to do
12:52 mysql
12:58 secure installation so it’s going to ask enter the current root password we don’t have a root password set yet
13:06 so we want to set the root password I’m going to put in a password here
13:15 remove anonymous users yes disallow root in remotely so this means you will not
13:21 be able to connect to this mario db server from an external server you can only connect to only the locally
13:28 installed services will be able to connect to the to the local mariadb server so yes
13:36 remove test database reload privileges yes we’re just going to go ahead and
13:43 create a we’re just going to get ahead go ahead and see if
13:48 we are able to access apache so this is the ipf address of this droplet and
13:55 i hit this and we have the party to debian default page and we are going to enable
14:04 the configuration [Music]
14:10 for php 7.3 fpm
14:16 and it’s enabled we’re just going to reload apache copy paste but
14:23 you need sudo here to go to the beginning of the command line you can just hit ctrl a
14:28 and for the end you can go uh and hit control e to go to the end of the command line
14:34 so let’s just test it out first we are going to go ahead and create a php info file
14:41 so apache hosts the files here where www html
14:49 and the index that you and the file index.html is the default
14:55 apache file on debian which is what you see here
15:00 so I’m going to create sudo p webmp dot php
15:19 and now we can type in slash p dot php to see if everything is okay
15:26 so there you have it it’s using php fpm and these are the
15:31 modules that are installed
15:42 and just as a little cleanup we are going to remove p dot php because sometimes it
15:48 reveals too much because oftentimes it reveals too much information about your server configuration and we are also going to
15:55 remove index.html because we don’t need it
16:01 and that’s your lamp server up and
Installing phpMyAdmin From the Repository
16:06 running we are now going to install phpmyadmin
16:12 but i typically don’t like to install it from the sources because there’s a quite some bit of
16:18 configuration that is required i instead modify the sources so that uh it also keeps
16:23 the instant the package updated so what we’re going to do is
16:28 we’re going to amend the sources.list file so that it can install it from the repository
16:35 so pseudo and we’re going to edit etsy at
16:42 sources.list right at the top you’re going to add a line
17:13 now remember to disable this repository after you’re done because otherwise it will continue to install packages from the testing
17:20 repository which is not very stable but it does give you some cutting edge
17:27 versions of the packages so next thing you do is sudo apt get
17:37 update so it’ll fetch the newer packages
17:45 and now you can do a sudo [Music]
17:53 that’s going to install a whole bunch of things here so continue yes
18:01 and it is asking if you want to configure phpmyadmin to automatically run inside with apache integrate with
18:08 apache or light httpd so I’m just going to select apache and hit
18:14 ok
18:26 by the way you can see that since we enabled the test repository it’s installed php 7.4 18:32 as well so configure phpmyadmin with dbconfig.com yes
18:37 and we’re going to create a password for the phpmyadmin user
18:53 now that being installed you do actually want to have another user for database administration
19:00 so we are going to create a mysql user for database administration so the way you do is sudo
19:08 mysql dash user is going to be root we are going to log in as a root user
19:14 from the shell and create a new user
19:25 and we’re logged in
19:33 create user I’m going to call it db mgr at
19:42 localhost
19:48 identified by I’m going to give it a password for now I’m just just going to
19:53 give it to a simple password like my password
20:00 never use this one this one never use this kind of a password on a
20:06 production system
20:12 we forgot the terminator okay that’s done now you also need to give all the
20:18 privileges to the new database manager user you created so that you can use that
20:24 user to manage the databases so the command for that is
20:29 grant all on there’s a wild card privilege
20:46 too and then you do a flush
20:58 exit and now you can go back to the droplet and then type in phpmyadmin
21:09 and we can log in as the user dbmgr and we can type in the password we just
21:15 created
21:26 so that’s done now by default you’ll see this uh database over here information schema
21:33 and if you don’t want it you can go to settings
21:39 features and databases
21:45 and here you can put in high databases
21:51 and that’s gone so that’s how you install phpmyadmin on debian from the repository
Securing Public Web-Directories
22:06 now we’re going to secure the apache directories from weather files where the public files are served so for that
22:14 uh reason I’m going to create a new user which is going to be a non-sudo user and which will have access to these
22:21 directories so like in like we previously did we’re just going to do a sudo
22:26 add user and let’s just call it web manager try to avoid
22:34 typically common names like admin webmaster etc
22:40 so it’s asking for a password in a production environment you never
22:45 want to use a password you instead want to use a ssh based authentication system
22:56 and we’re going to add this user to the www data group because that’s a one that is
23:04 used by apache by default sudo user mod dash a
23:12 capital g the group is going to be www data and the user is going to be the one
23:19 that we just created web mgr right clear out of this now we need to
23:27 go ahead and get into where slash www slash html directory and
23:34 see what the permissions are here so right now this directory is owned by root which is not what we want we want
23:42 this directory to be owned and writable and readable by the web
23:48 user which is www.data so for that we are going to do a pseudo
23:54 ch bone so essentially change the ownership i do a recording just in case if you already
24:00 have directories inside it and
24:06 user and group is going to be www.data and the directory is going to be the
24:12 current directory that being done i also want to enable
24:18 enable inheritable permissions for all the directories going forward in the future so what I’m going to do is sudo
24:27 chmod 2775 24:33 the current directory and if you already have existing
24:42 directories and files inside it you would certainly want to do a sudo find
24:50 in the current directory what we want to do is we want to find
24:55 directories and execute
25:02 [Music]
25:10 so this essentially this command essentially is going to find all the directories recursively and that’s going to apply
25:16 these permissions to the directories seven seven five seven means writable by the users
25:22 another the next seven means writable by the group and five means readable and executable by
25:27 others and for the files what you need is
25:35 664 so this essentially means read and write permissions on the files
25:41 so instead of d we type in f which means for the type file
25:48 and that’s it so now nobody else can go into this directory and write anything other than
25:55 the users which are part of the www data group if i try to touch something
26:01 here touch test.php it’s going to say service denied but if i go ahead and
26:07 sudo s u web
26:13 mgr ls dash yes if i do a touch as web manager user that we just created
26:23 and the file is there i can edit this file if you can create a file most certainly you can edit it
26:31 [Music]
26:36 i just wrote that file I’m going to delete that file now because we don’t need it and that’s how you secure the apache web
26:43 directories
Installing WordPress via Command Line
26:50 so we’re now going to install wordpress on this uh droplet we created and right now I’m
26:56 logged in as a pseudo user but i need to log in as a user which is the part of
27:02 which is a part of www.datagroup so I’m going to login as a user that
27:07 i’ve already created and I’m going to switch to the directory
27:14 where we want to install so by default it’s supposed to be where slash www.html
27:23 and here we are going to download wordpress so we do a wket
27:32 https
27:38 oops we need a dot there gz so there’s the url where you can
27:45 always find the latest wordpress version it’s downloaded we are going to extract it now we’re going to
27:52 do a tar xvzf so extract verbose and the compression
27:58 type is gz and fs file
28:07 so wordpress is extracted but it happens to be in a subdirectory right now so we need to bring it to the root
28:13 if you have multiple installations of wordpress then you can obviously you know install it inside subdirectories and configure
28:19 apache to serve those wordpress installations from their own root web route
28:26 so I’m going to get rid of this file and I’m going to move all the
28:32 files inside wordpress to the current directory so move wordpress all the files inside were
28:41 pressed to the current directory that is a dot so as you can see all the direct uh all
28:47 the files and directories inside wordpress have been moved to the current directory and we don’t need this uh
28:52 wordpress directory anymore so we are going to remove it rm rf in fact you should at least verify if
28:59 there is any file left inside wordpress like htxs or other stuff
29:10 so to install wordpress you need to have a database in advance so you can just go to new or you can go to databases here
29:16 and I’m going to name the database wordpress you can name it anything
29:25 and we’re just going to go to the ip address for this droplet which is here hit enter and wordpress
29:32 should pop up yes it is asking us for database name username
29:39 so if you have multiple used databases and you have multiple database users so you can put in the
29:45 username here we just have a single database user as of now so we’re just going to use that
29:51 but it is not recommended that you use a common database user for all the databases because that is a security
29:57 threat and if one of the website gets infected the infection can travel into
30:02 other databases
30:15 run install I’m just going to call it malcur demo you can put in a username
30:24 try to avoid admin usernames because they are pretty common and hackers actually try to access your website using those
30:31 usernames you can put in a password just remember not to forget it you can
30:37 put in an email address here and since this is a website which is not yet launch ready you can just uh
30:44 discredit search engines from indexing this site and install wordpress and
30:50 then you log in so the user was this and password was
30:55 this and you’re logged in
Installing Certbot
31:08 what I’m going to do is I’m going to install start bot so that we can also add ssl certificates to this thing
31:15 so i already have a domain pointed to this thing but let’s see so on debian the command
31:21 is sudo apt install
31:28 apt is just a wraparound app dash get command so you can use apt also hit enter
31:37 we are going to refresh the snapcore
31:44 next
31:58 so
32:12 [Music] okay there are no updates available and
32:19 now we are going to install the actual starboard
32:47 and I’m also going to create a link to the third bot
32:54 application so right now it is installed inside the snap slash bin short bot
33:02 but I’m going to link it to user bin so that
33:10 it is available from everywhere and you just want to check if it is available you can do sudo which
33:22 yep it is accessible now and the next command you need to run is sudo cert bot
33:40 so email address it’ll ask you for an email address I’m going to enter
33:46 this one for now terms of service agree yes
33:53 do you want them to contact you for stuff no
34:00 account registered please enter the domain name so i have already pointed a domain to this droplet and that droplet the domain is
34:09 demo.malcure.com
34:16 as requesting a certificate and it’s automatically going to integrate the configuration with
34:22 apache because we watched the past apache flag and once the certificate is installed
34:28 what you need to go ahead and do is uh you need to restart apache so what you’re going to do is sudo
34:35 service apache2 restart so now you can go to the domain
34:44 [Music] using ssa using ssl https
34:50 this should work and yes it loads fine the certificate is fine
34:56 but wordpress needs to the wordpress configuration needs to be pointed
35:02 to ensure that wordpress actually loads on the new domain instead of the ip address
Installing WP-CLI
35:19 we’re going to install wp cli which is a command line wordpress utility allowing you to manage
35:25 wordpress installations and the wordpress databases from the command line so the command for that is this is the
35:34 file that you need to get with curl so curl is going to get this
35:39 file and output it save it basically so the file is saved
35:44 we’re going to do uh sudo chmod plus x on this
35:51 file we just downloaded this is going to make the file executable so you can do php
35:59 if the file is not executable you can still test it with the php wp cl
36:06 this way it will give you all the help commands etc and you can just do a queue to quit so
36:12 we’ve already made it executable and we are going to move it to
36:21 the bin directory so that all the users have access to it
36:30 it’s we’re going to move it as wp so it’ll be available as a wp
36:36 command if you do a wp-info there it works
36:48 so what happens if you have a site but you want to move it to a new domain
36:53 so as you saw uh previously this site was actually installed on this
36:58 specific ip address 138.68.18.187 and when you reload this thing wordpress
37:04 is still not aware that it’s running on a domain so you need to operate update the wordpress database and for
37:10 that thing we are going to use the wbcli and I’m going to run the this command it
37:16 says wp search dash replace so we’re going to do a search and replace the database and
37:22 we’re going to search for this ip address which is within codes going to replace it with the actual domain name again which is within codes
37:29 and we’re going to do the search and replace in all tables and initially we’re just going to do a
37:35 dry run so it’ll scan the database for the string but it’s not going to make any changes
37:42 and here it lists that it needs to make nine replacements
37:47 and we run the same command without this parameter and it is actually going to do the
37:53 replacement so now if you go back to the site and reload
37:59 it’s actually going to load all the css and all that stuff