So after I spent quite a large amount of time writing my last post, I was contacted in the comments by an enterprising marketing executive from rtCamp, recommending their free EasyEngine product, which quickly installs LEMP and WordPress sites with minimal user interaction.

I was wary at first, since this was a clear solicitation, and I certainly didn’t want to be told that all my work was for nothing.  But I tried it out, and was so delighted, that I am now recommending it as the best way to quickly and securely install WordPress on a LEMP stack.  The installation is also a much more secure configuration than what I recommended.  Plus, did I mention that EasyEngine is free?

So, in essence, ignore my last post.  Here is my revised recommendation for the best way to install WordPress on top of LEMP (Linux, Nginx, mySQL, and PHP) on Ubuntu .

NOTE: rtCamp is apparently working on supporting MariaDB over mySQL, but it’s not final yet. UPDATE July 2, 2014: While I did attempt installing MariaDB over mySQL in Ubuntu, MariaDB kept on crashing on out of memory errors. At this time, I would recommend sticking with mySQL for your EasyEngine installation. That is, skip section IV, and go straight to section V.

I. ASSUMPTIONS

This post, like my previous post assumes that you already have the following in place, and I will not cover them:

  • Ubuntu installed on either a dedicated server, a VPS, or on AWS EC2.
  • Access to that server’s command line, whether through the console or SSH.
  • A sudo user set up on the Ubuntu instance.
  • A purchased SSL certificate for your website.
  • You understand basic Linux commands such as cp.
  • You can use a text editor, such as vi, vim, or nano to edit files on the server.

If anyone really needs help with any the above, please leave a comment and I’ll consider adding it.  I’ve also decided to use nano in this post, instead of vim, since nano will be much easier than vim for me to walk a beginner through.

 

II. INSTALL EASYENGINE

All you have to do is type the following at the command line:

curl -sL rt.cx/ee | sudo bash

Poof! EasyEngine is installed.

 

III. INSTALL LEMP STACK

  1. Type the following at the command line:
    sudo ee system install

    EasyEngine will begin to install, mostly hands off, until…

  2. You will be prompted to enter a username and password for the admin pages that EasyEngine installs on port 22222.  First you will see:
    Enter The HTTP AUTH Username [easyengine]:

    Enter a username that is secure and that you can remember here, and press [Enter].

    Next, you’ll see:

    Enter The HTTP AUTH Password [easyengine]:

    Enter a secure password here and press [Enter].

Poof!  The LEMP stack is installed.

 

IV. REPLACE MYSQL WITH MARIADB (OPTIONAL)

UPDATE: July 2, 2014: You might not wish to use MariaDB with EasyEngine.  When I did the below, MariaDB regularly crashed, due to out of memory errors.  That meant that my site went down a few times a day.  When I restored mySQL, everything was happy again.  So until I or the folks at rtCamp figure out what the conflict is between EasyEngine and MariaDB, I’m going to have to recommend that you stick with the default EasyEngine mySQL.

I’ve left this section for completeness and history.  If you don’t care, skip to section V.


If, as I recommend, you prefer MariaDB over mySQL, all you have to do is install MariaDB over mySQL from Ubuntu, and everything should work properly:

  1. sudo apt-get install mariadb-server
  2. When you are prompted to enter a root password…
      | While not mandatory, it is highly recommended that you set a password   │ 
      │ for the MariaDB administrative "root" user.                             │ 
      │                                                                         │ 
      │ If this field is left blank, the password will not be changed.          │ 
      │                                                                         │ 
      │ New password for the MariaDB "root" user:                               |
    

    leave the field blank, so that MariaDB maintains the mySQL root password that was set by EasyEngine. Then press the [Tab] key until <OK> is selected, and press [Enter].

  3. When you are asked if you wish to replace the config file:
    Configuration file '/etc/logrotate.d/mysql-server'
     ==> Modified (by you or by a script) since installation.
     ==> Package distributor has shipped an updated version.
       What would you like to do about it ?  Your options are:
        Y or I  : install the package maintainer's version
        N or O  : keep your currently-installed version
          D     : show the differences between the versions
          Z     : start a shell to examine the situation
     The default action is to keep your current version.
    *** mysql-server (Y/I/N/O/D/Z) [default=N] ? 
    

    …select N (or O) to keep your currently-installed version. This will also maintain any settings set by EasyEngine.

  4. You will be prompted a second time to set a root password. Again, leave it blank, press the [Tab] key until <OK> is selected, and press [Enter].

After another minute, MariaDB is installed.

 

V. INSTALL WORDPRESS

Again, delightfully easy.  Just type the following at the command-line:

sudo ee site create yoursite.com --wp

Obviously replace “yoursite.com” with your actual site’s domain name.

Poof!  WordPress is installed.  Make note of the EasyEngine-generated admin username and password here, or you won’t be able to log in to wp-admin.  Then navigate to http://yoursite.com and http://yoursite.com/wp-admin to verify that WordPress is working.

 

VI. CONFIGURE SSL

As a reminder, our goal here is to force SSL on login pages and wp-admin pages.

UPDATE, June 30, 2014: So it turns out that my original steps on June 27 for configuring SSL, which borrow heavily from Pothi Kalimuthu‘s configuration files on Github, conflict with the EasyEngine default settings.  Specifically, the “location” directive that forces SSL on wp-login.php is overridden by EasyEngine’s “location” directive (in /etc/nginx/common/wpcommon.conf) which prevents brute force attacks on the login page.  After some back and forth in the rtCamp forums, I found that with the WordPress HTTPS plugin and some minimal SSL configuration in the nginx conf file (/etc/nginx/sites-available/<yoursite>.com), I could set up the SSL force without conflicting with EasyEngine.

As before, this section assumes that you’ve either migrated your SSL certificate from your old site, or you’ve already purchased, requested, and downloaded a new certificate from a trusted certificate authority (CA). Your CA probably has good instructions on its web site for obtaining an SSL certificate.

Assuming that your certificate files are now in ~/.ssl, here are the directions, step by step:

  1. Place your site’s certificate file (.crt) in a good place on your server. I recommend /etc/ssl/certs.
    sudo cp ~/.ssl/yoursitename.com.crt /etc/ssl/certs
  2. Place your site’s private key file (.key) in a safe place on your server. I recommend /etc/ssl/private.
    sudo cp ~/.ssl/yoursitename.com.key /etc/ssl/private
  3. Navigate to your site’s nginx configuration file directory:
    cd /etc/nginx/sites-available/
  4. Copy your existing configuration file to a backup file (obviously, replace “yoursite.com” with your site’s actual domain name”):
    sudo cp yoursite.com yoursite.com.bak
  5. Open the original config file for editing:
    sudo nano yoursite.com
  6. Copy the ENTIRE “server” block and paste at the end of the file, so that you have 2 identical “server” blocks.
  7. Inside the *first* server block, add the following line:
    listen 80;
    
  8. Inside the *second* server block, add the following 4 lines:
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/certs/<yourserver>.com.crt; #whatever path you set in step #1
    ssl_certificate_key /etc/ssl/private/<yourserver>.com.key; #whatever path you set in step #2
    
  9. [Ctrl] + ‘o’, followed by [Enter] to save the changes.
  10. [Ctrl] + ‘x’ to exit nano.
  11. Restart Nginx and PHP
    sudo service nginx restart && sudo service php5-fpm restart
  12. Navigate to https://<yoursite.com>/wp-admin (it might only work over SSL at this point).
  13. On the navigation bar on the left, click on “Plugins”–>”Add New”.
  14. Search for “WordPress HTTPS” by typing it in the textbox and clicking on “Search Plugins”.
  15. “WordPress HTTPS” should be the first plugin in the list.  Click on its “Install Now” link.
  16. In the “Are you sure you want to install this plugin?” popup, Click “OK”.
  17. The plugin will install.  When done, click the “Activate Plugin” link in the main page frame.
  18. In the navigation bar on the left, you’ll now notice a new item, “HTTPS”, at the bottom.  Click on it.
  19. Check the “Force SSL Administration” checkbox, and click the “Save Changes” button.
  20. Navigate to http://<yoursite.com>/wp-admin. Make sure that you’re directed to https://<yoursite.com>/wp-admin, and that the login page is also https.  If this does not work, then try rebooting your server and  trying again.
  21. Congratulations! SSL has been properly configured.

Again, please let me know in the comments if there are any inaccuracies, inefficiencies, or if anything is just plain unclear. Hooray for EasyEngine!

 

11 Responses to EasyEngine: lickety-split installation of WordPress on a LEMP stack, with selective SSL.

  1. […] MariaDB vs mySQL. EasyEngine: lickety-split installation of WordPress on a LEMP stack, with selective SSL. […]

  2. […] UPDATE, July 27, 2014: This post is sort of obsolete now.  Use EasyEngine!  I’ve posted about it in detail here. […]

  3. Ngor says:

    Wow! I was just writing my own post about LEMP stack as there was no sufficent information about it in Ukrainian. And suddenly I found this and previous post.

    Following your advice – screwed my own post. I’ll beter give some links to your site and maybe make some translations.

    Great work!

  4. Ngor says:

    Update: Easy Engine installation on my Ubuntu server is very unstable. It fails about 2 times in an hour. The reason why is currently being investigated but it looks like mysql is the guilty one. It is a Ubuntu 14.04.1 Virtual Box machine and ee installation is default (sudo ee system install && sudo ee site create myblog.com –wp )

  5. jake says:

    I have had unstable results with easy engine which I don’t experience when installing the same stack via Puppet, Ansible or bash.

    IMHO, the fastest way to get up and running in with Docker.

    • Aviv Roth says:

      Thanks, Jake. I haven’t had any issues, frankly. And without EE, you still need to manually set up the Docker container, which means that you still need to go through a non-trivial process to get the initial stack up and running in the container (although once you’ve set up the container, you are done…).

      What sorts of issues have you been having?

  6. ndha says:

    Hello,
    How about making whole WP site with ssl on EE?? not only the login page.
    is it the same tutor with the post??
    or any else to config??
    Thank in advance 🙂

    • Aviv Roth says:

      I think that the key would be to change the nginx settings. I don’t know if EE has a setting to put SSL on the entire site or not. I’ll need to look into it.

  7. Felix B says:

    Thanks Aviv Roth for this Awesome Post.
    Really Enjoyed it. I got a database issue if you can help me
    My Blog is http://www.99blogger.com

    The issue is I see a lot of â and  all over the site 🙁

    Can you please help ?

  8. Jonathan H says:

    Amazing post! I have been looking through various sites trying to config the vhost server block and could never get nginx to reload until I tried this. THANK YOU, THANK YOU, THANK YOU!!!

  9. You can re-install WordPress files by logging into WordPress and going to Tools – Upgrade and selecting the re-install option. WordPress will use the built-in updater to re-install all core files but not touch any theme or plugin files.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Set your Twitter account name in your settings to use the TwitterBar Section.