Load Times Under 2s: Adding a WordPress Site

Adding the DNS Configuration

First up, we need to add your domain name to your DNS server, if you haven’t already. First, add your domain to the master zones file:
nano /etc/named.rfc1912.zones

 

… add the following contents to the bottom of the file
zone "[[Your Domain Name]]" IN { type master; file "[[Your Domain Name]]"; allow-query { any; }; allow-transfer { none; }; };

 

Next, open the individual file:
nano /var/named/[[Your Domain Name]]

 

… and, copy and paste the following code over to your DNS server, adjusting the serial and other records as needed.
$TTL 3H @ IN SOA @ hostmaster.[[Your Domain Name]]. ( 0 ; serial 3H ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.[[Your Domain Name]]. @ IN NS ns2.[[Your Domain Name]]. @ IN A [[Your IP Address]] @ IN MX 10 mail.[[Your Domain Name]]. ns1 IN A [[Your IP Address]] ns2 IN A [[Your IP Address]] www IN CNAME [[Your Domain Name]]. mail IN CNAME [[Your Domain Name]].

You can adjust any of these records as needed (like the mail IP address), and add in any additional subdomains by listing:
[[subdomain]] IN A [[Your IP Address]]

 

below the records.

Now, test your configuration using
named-checkzone [[Your Domain Name]] /var/named/[[Your Domain Name]]

 

If you see an “OK” at the end, everything should be good to go. Once you get that, you can reload your DNS server.
systemctl reload named;

 

… and check the status
systemctl status named;

 

If you see an “active (running)”. Everything should be loaded properly.

At this point, if you run, from a different computer (like your home one):
dig @[[Your IP Address]] [[Your Domain Name]]

 

You should see your DNS records show up in the “Answer” section. Now, you can add hostnames in your domain name provider for “ns1” to [[Your IP Address]] and “ns2” to [[Your IP Address]] and then to point your domain’s nameservers to ns1.[[Your Domain Name]] and ns2.[[Your Domain Name]] .

Adding a Verified SSL Certificate

In order to avoid having a warning every time our site is loaded over TLS/HTTPS, we need to add a verified SSL certificate. Personally, I use either the 2- or 3-year wildcard certificates available through SSL2Buy, or a free Let’s Encrypt SSL certificate (they are essentially identical).

Manual Creation

First up, we need to generate a certificate signing request. To do this, run:
openssl req -new -newkey rsa:2048 -nodes -keyout /etc/ssl/private/[[Your Domain Name]].key -out /etc/ssl/certs/[[Your Domain Name]].csr;

 

Follow the instructions to enter your organization’s and domain’s information. At this point, you should be able to print your CSR for generating your certificate file (.crt).
cat /etc/ssl/certs/[[Your Domain Name]].csr;

 

When you’re done with getting your certificate information (we need the section “—–BEGIN CERTIFICATE—–”), we can add it to the server. Open up the corresponding .crt file, and paste the contents.
nano /etc/ssl/certs/[[Your Domain Name]].crt;

 

In the case of AlphaSSL and some other certificate providers, you may need to add in an intermediate certificate. In my case, I added the intermediate certificate here: https://www.ssl2buy.com/wiki/alphassl-intermediate-root-ca-certificates to the end of the .crt file.

Same as with our self-signed certificate, we’re going to generate a Diffie-Hellman Group certificate
openssl dhparam -out /etc/ssl/certs/[[Your Domain Name]].pem 2048

 

… and append it to our certificate file
cat /etc/ssl/certs/[[Your Domain Name]].pem | sudo tee -a /etc/ssl/certs/[[Your Domain Name]].crt

 

Let’s Encrypt Free SSL Certificate

To install a free Let’s Encrypt certificate, first we will need to install the certbot (the tool that will help us verify the certificate.) To do this, run

sudo yum -y install certbot;

 

You will need to copy the following script over to /var/local/src/authenticator.sh using

nano /var/local/src/authenticator.sh;

The script to copy:
DNS_RECORD="_acme-challenge IN TXT $CERTBOT_VALIDATION" DNS_CONF_FILE="/var/named/$CERTBOT_DOMAIN" echo "$DNS_RECORD" >> "$DNS_CONF_FILE" systemctl restart named;

And now you can generate the certificate:

certbot certonly --manual --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns --agree-tos --no-eff-email --manual-public-ip-logging-ok --rsa-key-size 4096 --email [[Your Email Address]] --manual-auth-hook /var/local/src/authenticator.sh -d *.[[Your Domain Name]] -d [[Your Domain Name]]

 

This should auto-install and confirm your certificate.

Site Folder Setup

Now, we’re going to need to create a subfolder of the FTP server folder and link our domain directory to it. First, we need to create a subfolder:
mkdir /var/www/ftp/[[FTP User]]/[[Your Domain Name]];

 

… and change the permissions so that the vsftpd can access the folder.
chown -Rf vsftpd:vsftpd /var/www/ftp/[[FTP User]]/;

 

Now, we need to create the link
mkdir /var/www/[[Your Domain Name]]/; ln -sf /var/www/ftp/[[FTP User]]/[[Your Domain Name]] /var/www/[[Your Domain Name]]/public_html;

 

… and change the permissions of the link so that the web server can access it.
chown -h apache:apache /var/www/[[Your Domain Name]]/public_html;

 

At this point, if you upload a file (say test.php) via FTP to the [[Your Domain Name]] folder, you should be able to see it if you run:
cat /var/www/[[Your Domain Name]]/public_html/test.php

 

Apache Configuration

Now, we need to add an Apache configuration file for the new site. Open a new file named /etc/httpd/conf.d/[[Your Domain Name]].conf
nano /etc/httpd/conf.d/[[Your Domain Name]].conf;

 

and copy in the following contents.
<VirtualHost *:8081> ServerAdmin webmaster@[[Your Domain Name]] ServerName [[Your Domain Name]] DocumentRoot /var/www/[[Your Domain Name]]/public_html ServerAlias www.[[Your Domain Name]] SSLEngine on SSLCertificateFile /etc/ssl/certs/[[Your Domain Name]].crt SSLCertificateKeyFile /etc/ssl/private/[[Your Domain Name]].key </VirtualHost> <VirtualHost *:8080> ServerAdmin webmaster@[[Your Domain Name]] ServerName [[Your Domain Name]] ServerAlias www.[[Your Domain Name]] DocumentRoot /var/www/[[Your Domain Name]]/public_html </VirtualHost>

You may wish to change the ServerAdmin email address to your own, or leave it as is. At this point, you can test your Apache configuration using
apachectl -t

 

… and if you see a “Syntax OK”, everything should be good to go. Now you can restart your Apache server and check the status.
systemctl restart httpd; systemctl status httpd;

 

If you see “active (running)”, everything should be good to go. If you have your web proxy ports open, you should be able to go to: http://[[Your Domain Name]]:8080/test.php and https://[[Your Domain Name]]:8081/test.php and see your test file (assuming you uploaded them).

Nginx Configuration

Finally, we can copy in our Nginx configuration. This mainly just specifies which of our previous files we need to include, and all of the settings for our site. Open /etc/nginx/conf.d/[[Your Domain Name]].conf
nano /etc/nginx/conf.d/[[Your Domain Name]].conf

 

…and copy in the following configuration if you’re using a manual SSL certificate:

ssl_certificate "/etc/ssl/certs/[[Your Domain Name]].crt"; ssl_certificate_key "/etc/ssl/private/[[Your Domain Name]].key"; include global/gzip.conf; include global/cache.conf; include global/restrictions.conf; include global/wordpress.conf; include global/proxyConfig.conf;

or if you’re using Let’s Encrypt:

ssl_certificate "/etc/letsencrypt/live/[[Your Domain Name]]/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/[[Your Domain Name]]/privkey.pem"; include global/gzip.conf; include global/cache.conf; include global/restrictions.conf; include global/wordpress.conf; include global/proxyConfig.conf;

 

You can test your configuration by running
/usr/sbin/nginx -t -c /etc/nginx/nginx.conf

 

You should see something like:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

 

Indicating that everything is set up properly.

At this point, you should be able to restart you Nginx server:
systemctl restart nginx;

 

… and check its status:
systemctl status nginx;

 

If you see “active (running)”, everything should be good to go. You should be able to go to: http://[[Your Domain Name]]/test.php and https://[[Your Domain Name]]/test.php and see your test file (assuming you uploaded them).

Uploading Your WordPress Site Files

To upload your MySQL database, export and download it as a single .sql file (the entire database). After you’ve downloaded it from your old server if needed, upload the file via FTP. Once you have the file uploaded, create a database via phpmyadmin with the same name as your old one. Once it’s uploaded, run on your server:

mysql -hlocahost -uroot -p”[[Root MySQL Password]]” “[[MySQL WordPress Database Name]]” < /var/www/[[Your Domain Name]]/public_html/[[exported database filename]].sql

 

This should upload everything into your new MySQL database. To check, view the database in phpmyadmin, and see if all of the content is loaded properly.

To upload your WordPress site, you can simply upload your files via FTP to your server. They should be available immediately. At this point, if you go to https://[[Your Domain Name]]/ you should be able to view your website.

 

Automatic Installation?

If you like the result of the tutorial, but run into problems or would just like to have the work done automatically, we can help you with that. We have an automated script that can SSH into your server and run this tutorial from beginning to end (as long as it’s running CentOS 7). If you would like this done for you ($100), please contact us using the form below.

 

 

---