How to install WordPress on a VPS.

Short explanation.

How to install WordPress on a VPS?

Normally when you have a good control panel installed on your virtual private server then installing WordPress is a piece of cake. The only thing you have to do is press a few buttons and voila, your WP installation is finished!

On the other hand there can be circumstances that you need to install WP manually on your VPS and that’s what this manual is all about. You can scroll down for the instructions.

What is the best WordPress VPS provider in 2021?

According to us (and many others) the best WordPress VPS provider is Linux Hosts Inc. They are based in the US and UK. It’s our own web host. The company has the lowest cancellation rate in the web hosting industry. You can order their fantastic VPS servers from $15 per month.

 

Long explanation.

Instructions for installing WordPress on a VPS.

These instructions are based on the current Debian 10 operating system. We will implement WordPress under Docker. This enables us to have very quick updates and a quick installation later.

Table of Contents 1: installing WP:

  • Overview
  • Install WordPress
  • Start WordPress
  • Create posts
  • Install plugins
  • Install themes

Overview 1:

  • System used: Debian 10 64 bit
  • Used user: I do everything as “root”
  • Duration: approx. 10 minutes
  • Test system: vServer CloudServer XXL 2.0
  • Difficulty: easy. Copy code only

Particularities: The basis is the following instructions. These instructions must be carried out first:

Install Traefik reverse proxy on the vServer

Traefik is a modern http reverse proxy and load balancer. A reverse proxy is used to offer several services on one server. A different service can be provided behind each subdomain.

Table of Contents 2: installing Traefik first.

  • Introduction
  • Preparation
  • Create dynamic_conf.yml
  • adapt traefik.yml
  • customize docker-compose.yml
  • Create a Docker network
  • Uninstall apache2
  • Adjust DNS settings
  • Start Traefik
  • Test security of the website

overview 2:

  • System used: Debian 10 64 bit
  • Used user: I do everything as “root”
  • Duration: approx. 20 – 30 minutes. However, due to the DNS settings, it can take longer until they take effect
    Difficulty: easy. Copy code only

Particularities: Ports 80 and 443 must be free. So no other services are allowed to run.

1. Install Traefik v2

1.1 Introduction

Normally port 80 (HTTP) and 443 (HTTPS) would be occupied by a service and you would have to buy a second server (VServer). Traefik enables many services such as e-mail, cloud, video conferencing to be operated on one server. Another advantage is that later all connections that run via Traefik are secured using HTTPS.

Traefik is open source and the basic version is free. These instructions are based on this free version. But there is also an enterprise version, which for example offers more options for scaling to multiple Traefik servers.

1.2 Preparation

These instructions are based on the current Debian 10 operating system. We will implement Traefik under Docker. This enables us to update very quickly later as well as easy integration of new services.

1.2.1 Install Docker

So we’ll install Docker first. To do this, enter the following on the console:

apt-get update \

apt-get install \

apt-transport-https \

ca-certificates \

curl \

gnupg2 \

software-properties-common \

Integrate Docker GPG Key

curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add –
Integrate the Docker repository

add-apt-repository

“deb [arch = amd64] https://download.docker.com/linux/debian$(lsb\_release -cs) stable”

Now we have installed and configured everything we need for Docker. We can now easily install this.

apt-get update

apt-get install docker-ce docker-ce-cli containerd.io

Now we can test Docker. To do this, enter the following command:

docker run hello-world

1.2.2 Install Docker-Compose

In addition to Docker, also install Docker-Compose. We need this in order not to have to enter all Docker commands individually but to write “building instructions” for the containers.

To install Docker-Compose, you enter the following commands:

curl -L “https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s) – $ (uname -m)” -o / usr / local / bin / docker-compose

Now you adjust the rights for the file. To do this, enter the following:

chmod + x / usr / local / bin / docker-compose

To see if everything worked, you can enter the following command:

docker-compose version

1.2.3 Install htpasswd

We need this program to generate a secure password for our traefik login. To install you enter the following:

apt-get install apache2-utils

1.2.4 Create required files / directories

Now we create the directory in which Traefik is to be installed later. To do this, enter the following command. You can of course change the directory. I will always work with this directory in this guide. You take this into account accordingly.

mkdir -p / opt / containers / traefik

Then we create files within this directory which will later save certificates for us.

mkdir -p / opt / containers / traefik / data

touch /opt/containers/traefik/data/acme.json

chmod 600 /opt/containers/traefik/data/acme.json

touch /opt/containers/traefik/data/traefik.yml

1.2.5 Information on yml files

With yml files it is very important that the lines are all correctly indented. The lines MUST always be indented with the space bar. It must NOT contain tabs. You can always have the following code “checked” online. Most errors are caused by incorrect formatting. A service for checking is for example: https://codebeautify.org/yaml-validator

1.3 Create Dynamic_conf.yml

This file specifies which parameters are to be used for the “secure connection” using HTTPS. We want a very good rating (A +) from SSL Labs. SSL Labs (https://www.ssllabs.com/ssltest/) is a website to test your own website for security.

As an editor, I always use “nano”. You can install this using the following command

apt-get install nano

You can also use any other editor.

Now enter the following code into your console:

nano /opt/containers/traefik/data/dynamic\_conf.yml

Now copy the following into the file:

tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
– TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
– TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
– TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
– TLS_AES_128_GCM_SHA256
– TLS_AES_256_GCM_SHA384
– TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
– CurveP521
– CurveP384
sniStrict: true
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: “SAMEORIGIN”

1.4 adapt traefik.yml

In this step we create an empty file in which we enter some settings.

nano /opt/containers/traefik/data/traefik.yml

Now copy the following into this file:

api:
dashboard: true
entryPoints:
http:
address: “: 80”
https:
address: “: 443”
providers:
docker:
endpoint: “unix: ///var/run/docker.sock”
exposedByDefault: false
file:
filename: “./dynamic_conf.yml”
certificatesResolvers:
http:
acme:
email: email@example.com #### enter your email here ####
storage: acme.json
httpChallenge:
entryPoint: http

You now have to enter your e-mail address under e-mail. This is required for Lets Encrypt. This is a free service on the Internet that provides you with valid HTTPS certificates (“secure connection”).

1.5 customize docker-compose.yml

Now we can start with the actual “installation” of Traefik. To do this, open the following file:

nano /opt/containers/traefik/docker-compose.yml

Now you copy the following code into the file. This code is, so to speak, our blueprint for our Traefik container.

version: ‘3’
services:
traefik:
image: traefik: latest
container_name: traefik
restart: unless-stopped
security_opt:
– no-new-privileges: true
networks:
– proxy
ports:
– 80:80
– 443: 443
volumes:
– / etc / localtime: / etc / localtime: ro
– /var/run/docker.sock:/var/run/docker.sock:ro
– ./data/traefik.yml:/traefik.yml:ro
– ./data/acme.json:/acme.json
– ./data/dynamic_conf.yml:/dynamic_conf.yml
labels:
– “traefik.enable = true”
– “traefik.http.routers.traefik.entrypoints = http”
– “traefik.http.routers.traefik.rule = Host (` traefik.example.com`) ”
– “traefik.http.middlewares.traefik-auth.basicauth.users = USER: PASSWORD”
– “traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme = https”
– “traefik.http.routers.traefik.middlewares = traefik-https-redirect”
– “traefik.http.routers.traefik-secure.entrypoints = https”
– “traefik.http.routers.traefik-secure.rule = Host (` traefik.example.com`) ”
– “traefik.http.routers.traefik-secure.tls = true”
– “traefik.http.routers.traefik-secure.tls.certresolver = http”
– “traefik.http.routers.traefik-secure.service=api@internal”
– “providers.file.filename = / dynamic_conf.yml”
– “traefik.http.routers.traefik-secure.middlewares = secHeaders @ file, traefik-auth”
networks:
proxy:
external: true

Now save the file and exit your editor. We will now generate a user / password and then change this in the file.

To generate a user / password you enter the following command:

echo $ (htpasswd -nb user password) | sed -e s / \\ $ / \\ $ \\ $ / g

Here you swap “user” or “password” with your username / password. For example, it could look like this:

echo $ (htpasswd -nb peter secret123) | sed -e s / \\ $ / \\ $ \\ $ / g

Output: peter: $$ apr1 $$ 7ciH.Uzt $$ DUqDgmpLmFE2Fm7Z7VaMe /

You now copy this string and we open our docker-compose again.

nano /opt/containers/traefik/docker-compose.yml

Here you enter your copied code:

before:

“traefik.http.middlewares.traefik-auth.basicauth.users = USER: PASSWORD”

after:

“traefik.http.middlewares.traefik-auth.basicauth.users = peter: $$ apr1 $$ 7ciH.Uzt $$ DUqDgmpLmFE2Fm7Z7VaMe /”

You also have to adjust the host name. This is the name under which Traefik will later be available.

Before:

– “traefik.http.routers.traefik.rule = Host (` traefik.example.com`) ”

– “traefik.http.routers.traefik-secure.rule = Host (` traefik.example.com`) ”

After:

– “traefik.http.routers.traefik.rule = Host (` traefik.yourdomain.com`) ”

– “traefik.http.routers.traefik-secure.rule = Host (` traefik.yourdomain.com`) ”

We’re almost done now.

1.6 Create a Docker network

Finally we just have to create a Docker network. This will later be used for communication between the individual containers and Traefik. I call the network “proxy” here. But you can also use any other name. But later you’ll have to adapt the instructions accordingly. To do this, enter the following code:

docker network create proxy

We have now prepared everything for the first start.

1.7 Uninstall apache2

An apache2 server is already preinstalled on the Debian 10 image used. We will uninstall this because we need port 80 and 443 for Traefik. We’ll later put all of our websites there in containers. To uninstall apache2 you enter the following:

apt-get remove apache2

2. Adjust DNS settings

So that we can easily create subdomains at Traefik later (e.g. mail.yourdomain.com, cloud.yourdomain.com), we have to adjust the DNS settings.

To do this, go to the following website: https://cloudpit.io/

Here you log in with your access data and then go to the “Web Hosting” area.

Then click on “more” for your domain. Now select “DNS management”.

Now select “Manual DNS Management”. Then click on “Add Entry”.

Now enter “*” in the Name field and the IP address of your server in the Destination IP.

Then you click on “save”.

It can take several hours for these settings to be transferred worldwide and to work.

3. Start Traefik

Now enter the following to start your Traefik container:

docker-compose -f /opt/containers/traefik/docker-compose.yml up -d

Now go to your website with your web browser.

4. Test the security of the website

Now we go again to https://www.ssllabs.com/ssltest/ to see if we get a good rating.

Here you now enter your website address. Preparation Finished.

1. Install WordPress on your VPS.

1.1 Introduction

WordPress (https://WordPress.org) is an open source content management system. The advantage of WordPress is that it is very popular and therefore plugins already exist for almost every task. You can also easily adapt your website to your wishes later with the thousands of free themes.

1.2 Yml files

With yml files it is important that the lines are correctly indented. The lines should be indented with the space bar. It should NOT contain any tab. You can check your code online with: https://codebeautify.org/yaml-validator

1.3 Preparation

So we work with the current Debian 10 operating system. WordPress will be under Docker in order to get very quick updates and a swift installation later.

In order to be able to run WordPress along with other services on our server, we use the reverse proxy Traefik here.

1.3.1 Create directory

We will create a new directory in which we will later save all of the WordPress data. To do this, we enter the following in the console:

mkdir -p / opt / containers / WordPress / {database, app}

You can also use a different directory here. But then you have to adapt the entire manual accordingly.

1.3.2 Create docker-compose.yml

Now we can start with the actual “installation” of WordPress. To do this, open the following file:

nano /opt/containers/WordPress/docker-compose.yml

Now you copy the following code into the file. This code is our blueprint for our WordPress container.

version: ‘5.8’

services:

WordPress:

image: WordPress

restart: unless-stopped

environment:

WORDPRESS_DB_HOST: WordPress-db

WORDPRESS_DB_USER: exampleuser ## Enter user here ##

WORDPRESS_DB_PASSWORD: examplepass ## Enter password here ##

WORDPRESS_DB_NAME: WordPress

volumes:

– / opt / containers / WordPress / app: / var / www / html

labels:

– “traefik.enable = true”

– “traefik.http.routers.WordPress-app.entrypoints = http”

`-” traefik.http.routers.WordPress-app.rule = Host (WordPress.yourdomain.com`) “## Enter your domain here ##

– “traefik.http.middlewares.WordPress-app-https-redirect.redirectscheme.scheme = https”

– “traefik.http.routers.WordPress-app.middlewares = WordPress-app-https-redirect”

– “traefik.http.routers.WordPress-app-secure.entrypoints = https”

`-” traefik.http.routers.WordPress-app-secure.rule = Host (WordPress.yourdomain.com`) “## Enter your domain here ##

– “traefik.http.routers.WordPress-app-secure.tls = true”

– “traefik.http.routers.WordPress-app-secure.tls.certresolver = http”

– “traefik.http.routers.WordPress-app-secure.service = WordPress-app”

– “traefik.http.services.WordPress-app.loadbalancer.server.port = 80”

– “traefik.docker.network = proxy”

– “traefik.http.routers.WordPress-app-secure.middlewares=secHeaders@file”

networks:

– proxy

– default

WordPress-db:

image: mysql: 8.0

restart: unless-stopped

environment:

MYSQL_DATABASE: WordPress

MYSQL_USER: exampleuser ## Enter the same user here ##

MYSQL_PASSWORD: examplepass ## Enter the same password here ##

MYSQL_RANDOM_ROOT_PASSWORD: ‘1’

volumes:

– / opt / containers / WordPress / database: / var / lib / mysql

networks:

– default

networks:

proxy:

external: true

Now we still have to adjust a few things.

1.3.4 Adapt host name

Now you still have to adjust the host name which will later be used to access WordPress.

You have to adapt these two lines.

`-” traefik.http.routers.WordPress-app.rule = Host (WordPress.yourdomain.com`)”

`-” traefik.http.routers.WordPress-app-secure.rule = Host (WordPress.yourdomain.com`) ”

So in my case:

`-” traefik.http.routers.WordPress-app.rule = Host (WordPress.testbereich.net`) ”

`-” traefik.http.routers.WordPress-app-secure.rule = Host (WordPress.testbereich.net`) ”

If you want to run WordPress directly on your “main domain”, change it as follows:

“traefik.http.routers.WordPress-app.rule = Host (www.yourdomain.com, yourdomain.com)”

“traefik.http.routers.WordPress-app-secure.rule = host (www.yourdomain.com, yourdomain.com)”

1.3.5 Adjust passwords

After you have adjusted the host name, you should / have to adjust the passwords. Create a long, secure password.

You have to change the following lines:

WORDPRESS_DB_USER: exampleuser ## Enter user here ##
WORDPRESS_DB_PASSWORD: examplepass ## Enter password here ##
MYSQL_USER: exampleuser ## Enter the same user here ##
MYSQL_PASSWORD: examplepass ## Enter the same password here ##
So I’m changing my passwords. This could be, for example:

WORDPRESS_DB_USER: wordsql ## Enter user here ##
WORDPRESS_DB_PASSWORD: FhgnaAufnau7812 ## Enter password here ##
MYSQL_USER: wordsql ## Enter the same user here ##
MYSQL_PASSWORD: FhgnaAufnau7812 ## Enter the same password here ##

We’re done now.

2. Start WordPress

Now enter the following to start your WordPress container:

docker-compose -f /opt/containers/WordPress/docker-compose.yml up -d

Now go to your website with your web browser (e.g. WordPress.yourdomain.com).

Here you choose your language. Click on “Next” to get to this page.

Here you now enter the title of your website and set an administrator and the password. For security reasons, you should not use this account later to publish your articles. An attacker knows the name of your account and then only has to “guess” your password. Now you can install WordPress using “Install WordPress”.

Now you can log in with your account. To do this, click on “Register”. Here you enter your account data.

3. Create posts

To create new posts, you click on “Posts”.

Now you click on “Create”.

Now you can simply write and format your post. All changes will be displayed to you directly. So I don’t have to write any source code or anything like that.

With a click in the upper right area on “Publish” the contribution will be put online.

4. Install plugins

To do this, click on “Plugins”.

Here you can see all the plugins that have already been installed. In our case, an update for “Akismet” would even be available, which we can install by clicking on “update now”.

But we click on “Install” to install new plugins.

Now we are shown a preselection of plugins.

Here you can switch to “recommended” or “popular” to view the popular plugins.

5. Install themes

To do this, click on “Design”.

Here we are shown that 3 designs are installed and the design “Twenty Twenty One” is currently used (active).

We click on “Add Theme” to install new designs.

Here we are again shown a preselection of designs.

Here, too, we can sort by “popular” or otherwise.

How to install WordPress on a VPS – a conclusion.

I hope that, using the instructions above, you managed to install WordPress on your VPS. If, for whatever reason, it didn’t work out, don’t despair. In this case you still have 2 other options:

  1. Request a VPS from Linux Hosts Inc. and press only a few buttons to install WP via your control panel. See the start of this article.
  2. Send me an email and I will try to help you.

Good luck!