Review & FAQ – Set Up a VPS to host WordPress
A few unplanned and unannounced service outages with my VPS provider made me realize that it was time to jump ship, and take my business elsewhere.
SiteGround introduction
Several friends of mine are using SiteGround for their VPS needs, and highly recommended their product. SiteGround offers VPS solutions from servers with 512MB of RAM, all the way up to servers with 96GB of RAM. All of their servers use extremely fast SSD drives.
SiteGround has a very clean and intuitive interface to get your VPS up and running very quickly. You can choose from various distributions of Linux, including Ubuntu, CentOS, Debian, Arch, and Fedora. Various applications can also be pre-installed on your VPS, including, LAMP, WordPress, Dokku, Docker, Ruby on Rails, Redmine, and GitLab.
I opted to set up a 1GB RAM VPS, running Ubuntu Server 12.04.3 LTS. The VPS “droplet” only took a minute to create, and I was very quickly on my way to get the new server up and running. Thankfully, I saved the web references that I used last time to set up my old VPS.
LAMP and phpMyAdmin installation
Webrich Software used to have an excellent article titled “LAMP Server and phpMyAdmin installation” which detailed how to set up LAMP and phpMyAdmin. The article has since been removed, however I was able to find a cached copy and it is now located here for reference. I followed these directions to the letter. The post makes reference to using gedit as text editor; obviously use whichever text editor you feel most comfortable using.
Postfix Send-Only SMTP server installation
Your VPS will need a basic Send-Only SMTP Server to send you messages from your WordPress installation. Thankfully, DigitalOcean already wrote this excellent tutorial How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 14.04 explaining how to set up your PostFix SMTP server running.
mod_rewrite installation
You will need mod_rewrite enabled on your Apache server if you want fancy SEO and user friendly page names with your WordPress installation. The mod_rewrite function is not usually enabled when Apache server is first installed. Fortunately, the very clueful staff at DigitalOcean has already written this excellent article “How To Set Up Mod_Rewrite” detailing how to enable mod_rewrite.
WordPress system files
Next, you will need to install the WordPress files on your system for each site installation. Set up two separate directories for the files; one directory for the system files, and another directory for the log files. For example, WordPress files could be installed in:
/html/www/site.domain.name.com
and log files could be stored in:
/html/logs/site.domain.name.com
or whatever naming convention works for best for your configuration.
Apache configuration file
The Apache /etc/apache2/sites-available/default file must be configured properly to find your WordPress installation(s). DigitalOcean has this great article How To Set Up Multiple WordPress Sites on a Single Ubuntu VPS explaining how to set up your Apache config file. Linode also has a great article titled “Configure apache to use virtual hosts on ubuntu server” to help you get started on this configuration.
Below is a sample default file with virtual hosts for 3 separate websites; example.com, example.net, and example.org
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /html/www/example.com
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog /html/logs/example.com/error_log
CustomLog /html/logs/example.com/access_log combined
ServerSignature Off
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /html/www/example.com>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName example.net
ServerAlias www.example.net
DocumentRoot /html/www/example.net
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog /html/logs/example.net/error_log
CustomLog /html/logs/example.net/access_log combined
ServerSignature Off
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /html/www/example.net>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
DocumentRoot /html/www/example.org
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog /html/logs/example.org/error_log
CustomLog /html/logs/example.org/access_log combined
ServerSignature Off
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /html/www/example.org>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
# notes for maintaining /etc/apache2/sites-available/default
#
# commands to check apache config and to reboot apache
# sudo apache2ctl configtest
# sudo /etc/init.d/apache2 restart
#
# be sure to specify log file location in
# /etc/logrotate.d/apache2 for proper log file rotation
logrotate configuration
You will also need to set up /etc/logrotate.d/apache2 to properly rotate the log files for each website. The DigitalOcean folks have done it again with this excellent article on “How To Configure Logging And Log Rotation In Apache On An Ubuntu VPS”.
WordPress file permissions
I must admit that I have installed WordPress many times, however only recently have learned how to set proper file permissions and ownership so that WordPress can function properly. My previous installations always had issues with the system being able to create the proper file structure in /wp-content. This excellent article “Setting Proper WordPress Unix Permissions” spells it all out to get the file structure working properly.
Basically, you want your user account to own the WordPress installation directory, and all files in it as yourusername:yourusername with permissions 664, with just a few exceptions. The /wp-content directory and its contents needs to be owned by the web server account, which is either apache or www-data, with group ownership of either ‘yourusername’ or a special group created for admins.
The /wp-content directory and its entire contents will need permissions set to 775 to be able to add and remove files via your FTP login. You can set these permissions from the command line while in the docroot of your site by typing: sudo chmod -R 775 wp-content/
Ownership of .htaccess, .htpasswd (optional), and wp-config.php to should be set to root:root with permissions 664 to prevent anything bad happening to these important files!
Securing WordPress and phpMyAdmin from hackers
Next, take a look at another excellent DigitalOcean article about “How To Install and Secure phpMyAdmin on Ubuntu 12.04” to keep your phpMyAdmin installation safe from unauthorized access. Your phpMyAdmin login page should be protected with .htaccess and .htpasswd files to prevent brute force attacks on the root login password.
The Authentication and Authorization page for the official Apache documentation has everything that you need to know about how to set up .htaccess and .htpasswd
Take special note about the section on properly configuring the /etc/phpmyadmin/apache.conf file. The line AllowOverride All is very important, and is not always included in the default installation. My previous VPS had AllowOverride All included in the default configuration, but the install did not. Needless to say, I spent a few days scratching my head trying to figure out why my .htaccess login would not work properly!
Sign up for your VPS cloud server from SiteGround today!
I hope that this article was useful. Bookmark this page, as it will be updated periodically with current information. Be sure to read these other excellent tutorials:
- YouTube – How to Build a WordPress Website on Digital Ocean in a Minute!
- YouTube – How To Setup WordPress in Digitalocean Cloudserver
- 20 WordPress Tutorials for DigitalOcean Customers
- 4 WordPress sites, 1 server – great performance on Digital Ocean using Nginx and caching
- Moving WordPress to DigitalOcean
Related Posts
About The Author
