Scripted WordPress Installation (for Reverse Proxy) 2.3.1

Improved error checking around the WP_ROOT configuration variable introduced in the last release. Refer to the 2.3.1 changelog for details. There is no change to existing jails.

1. A Caddy web server serves the PHP files in the WordPress jail. Caddy has been upgraded from 2.2.1 to 2.3.0.

To update your WordPress jail, assuming the jail is named wordpress, enter the jail iocage console wordpress and update Caddy:

Code:

cd /usr/local/bin
fetch https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_freebsd_amd64.tar.gz
caddy version #2.2.1
service caddy stop
mv caddy caddy_2.2.1
tar xvf caddy_2.3.0_freebsd_amd64.tar.gz
service caddy start
caddy version #2.3.0
rm caddy_2.3.0_freebsd_amd64.tar.gz

2. Configuration variable WP_ROOT replaces FILES_PATH and DB_PATH. This should make script configuration clearer. No change is required for existing WP jails. The change only affects new installations and rebuilds using the latest script.

Notable changes in this release:

1. Install the command line tool WP-CLI within the jail.
2. Bugfix: Avoid the use of $ when generating passwords.
3. Bugfix: Authentication keys and salts in wp-config.php.

Acknowledgements: @NasKar for his valuable contributions to this release.

To update your wordpress jail if you've run the previous version 2.1.0 of the script, enter the jail iocage console wordpress and then follow the instructions below.

Install WP-CLI

Code:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp 

Amendments to wp-config.php

Edit wp-config.php cd /usr/local/www/wordpress && ee wp-config.php.

To support WP_CLI, replace the lines (near the top of the file)...

Code:

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
  $_SERVER['HTTPS']='on';

...with...

Code:

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO'] ) {
  $_SERVER['HTTPS']='on';
}

Next, search for AUTH_KEY. If on the next line, AUTH_KEY is also defined, change that to SECURE_AUTH_KEY. Repeat for AUTH_SALT.

References:

1. Installing WP-CLI.
2. PHP notice: Undefined index on $_SERVER superglobal

After a somewhat bumpy ride upgrading from MariaDB 10.3 to 10.4, the upgrade from MariaDB 10.4 to 10.5 turned out to be painless. There are no outwardly visible changes arising from the upgrade. Assuming you've previously run version 2.0.0 of the installation script, you can upgrade to the newer version of MariaDB by performing the following steps within the WordPress jail:

It's recommended that you backup the MariaDB databases before proceeding. You can use phpMyAdmin to accomplish this. Once you've completed the backup, proceed with the following steps:

1. Stop MariaDB service mysql-server stop
2. Remove MariaDB 10.4 pkg delete mariadb104-server and its dependencies pkg autoremove
3. Install MariaDB 10.5 pkg update and pkg install mariadb105-server
4. Start MariaDB service mysql-server start
5. f you've upgraded from an earlier version of MariaDB (10.3 or earlier), you may still need the root db password for this step. Upgrade the database mysql_upgrade -p

Reference: Upgrading from MariaDB 10.4 to MariaDB 10.5

MariaDB 10.4 uses an improved authentication model. Versions 1.x of the script used MariaDB 10.3. Assuming you've previously run version 1.5.0 of the installation script, you can upgrade to the newer version of MariaDB by performing the following steps within the WordPress jail:

It's recommended that you backup the MariaDB databases before proceeding. You can use phpMyAdmin to accomplish this. Once you've completed the backup, proceed with the following steps:

1. Stop MariaDB service mysql-server stop
2. Remove MariaDB 10.3 pkg delete mariadb103-server and its dependencies pkg autoremove
3. Install MariaDB 10.4 pkg update and pkg install mariadb104-server
4. Make the following configuration changes within the jail:

Code:

chown mysql:mysql /var/run/mysql
sed -i '' "s|mysqli.default_socket =|mysqli.default_socket = /var/run/mysql/mysql.sock|" /usr/local/etc/php.ini

5. Start MariaDB service mysql-server start
6. Restart PHP services service php-fpm restart
7. If you're upgrading from an earlier version of MariaDB (10.3 or earlier), you may need the root db password for this step. Upgrade the database mysql_upgrade -p

Reference: Upgrading from MariaDB 10.3 to MariaDB 10.4

Create and configure a phpMyAdmin database to store configuration data.

To update your WordPress jail wordpress if you've run the previous version 1.4.8.1 of the script:

1. First note the wordpress user password of the WordPress database cat /root/wordpress_db_passwords.txt
2. Enter the jail iocage console wordpress and execute the following commands, substituting the wordpress user password for ${DB_PASSWORD}.

Code:

mysql -u root -e "CREATE DATABASE phpmyadmin;"
mysql -u root -e "GRANT ALL PRIVILEGES ON phpmyadmin.* TO wordpress@localhost IDENTIFIED BY '${DB_PASSWORD}';"

3. Using a browser, log in to phpMyAdmin and follow the signposts to store phpMyAdmin configuration data in the phpmyadmin database.

Refer to release 1.4.8.1 for details.

This is likely to be one of the last versions to support MariaDB 10.3.

It's no longer necessary to configure phpMyAdmin manually. An improved password algorithm has been adopted for the script. The number of manual post-installation tasks is now at a minimum.

There are no changes to the jail between versions 1.4.7 and 1.4.8 of this resource. This revision streamlines the installation phase by having the script do more while further reducing the need for manual post-installation intervention.

Manually generating Authentication Unique Keys and Salts is no longer necessary. The steps to do this have been merged into the installation script. Instructions for manual post-installation tasks have been revised to reflect this change.

There are no changes to the jail between versions 1.4.6 and 1.4.7 of this resource. This revision streamlines the installation phase by having the script do more while further reducing the need for manual post-installation intervention.

Manually securing MariaDB is no longer necessary. The steps to do this have been merged into the installation script. Instructions for manual post-installation tasks have been revised to reflect this change.

There are no changes to the jail between versions 1.4.5 and 1.4.6 of this resource. This revision streamlines the installation phase by having the script do more while further reducing the need for manual post-installation intervention.