Via Cà Matta 2 - Peschiera Borromeo (MI)
+39 02 00704272
info@synaptica.info

Configurare un Server Multi-Sito con Apache e WordPress su Ubuntu 24.04

Digital Innovation Partner

Configurare un Server Multi-Sito con Apache e WordPress su Ubuntu 24.04

 

1. Prerequisites

  • A server with Ubuntu 24.04 LTS.
  • Access with sudo privileges.
  • A domain name pointing to your server’s IP address (e.g., miosito.com).

2. Update the System

Run the command to update your system:

3. Install Apache

Install Apache as the web server:

Start and enable Apache:

4. Install MariaDB and Configure the Database

Install MariaDB:

Attiva MariaDB:

Run the security script:

Create a database and user for your site:

5. Install PHP

WordPress requires PHP. Install PHP and the necessary extensions:

6. Download and Configure WordPress

Create a directory for your site:

Download WordPress and move the files to your site’s directory:

Set the correct permissions:

Configure the wp-config.php file:

Update the database details:

7. Configure Apache for Multi-Site

Create a Virtual Host for your site:

Add the following content:

Enable the site and the rewrite module:

Disable the Default site:

Restart Apache:

8. Add Additional Sites

To add more sites, repeat the steps above, changing the directory names, database names, and configuration files.

 

9. SSL Configuration for Apache and WordPress

Enabling SSL on your Apache server ensures that communications between your WordPress site and visitors are secure and encrypted. This section will guide you through the necessary steps to configure SSL using Certbot and Let’s Encrypt.

9.1. Install Certbot

Certbot is a tool that simplifies obtaining and automatically renewing free SSL certificates provided by Let’s Encrypt.

9.2. Obtain an SSL Certificate

Run Certbot to automatically obtain and install an SSL certificate for your domain.

During the installation, you will be prompted for the following information:

  • Enter your email address to receive certificate expiration notifications.
  • Agree to the terms of service.
  • Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).

9.3. Verify SSL Configuration

After completing the installation, verify that the SSL certificate is active by visiting your domain with HTTPS:

https://miosito.com

You can also check the certificate status with the following command:

9.4. Configure Apache for HTTPS

If you are setting up multiple sites, ensure that each Virtual Host has the correct SSL settings. Here is an example configuration for a site with SSL:

Add or modify the Virtual Host to include SSL directives:

Ensure you replace miosito.com with your actual domain and that the SSL certificate paths are correct.

9.5. Force HTTP to HTTPS Redirection

To ensure all traffic uses HTTPS, configure Apache to automatically redirect HTTP requests to HTTPS.

Add the following Virtual Host for traffic on port 80:

9.6. Restart Apache

After making all changes, restart Apache to apply the new configurations:

9.7. Configure WordPress for HTTPS

Ensure that WordPress correctly recognizes and uses HTTPS.

9.7.1. Modify the wp-config.php File

Add the following lines to your wp-config.php to enforce the use of HTTPS:

9.7.2. Update Site URLs

Log in to the WordPress dashboard and navigate to Settings > General. Update the WordPress Address (URL) and Site Address (URL) fields to use https://.

9.8. Enable Automatic SSL Certificate Renewal

Let’s Encrypt certificates expire every 90 days, but Certbot can handle automatic renewal.

To test automatic renewal, run:

Certbot automatically sets up a cron job to manage renewals. You can also check the cron job with:

9.9. Verify SSL Security

Use a service like SSL Labs to test your site’s SSL configuration and ensure it is secure.

Your WordPress site is now protected with HTTPS using a free SSL certificate!

10. Configuring phpMyAdmin as a Separate Site

To enhance security and organization on your server, it is advisable to configure phpMyAdmin as a separate site, accessible via a dedicated domain or subdomain. This prevents phpMyAdmin from being accessible as a subpage of other sites hosted on the same server.

10.1. Install phpMyAdmin

If you haven’t installed phpMyAdmin yet, run the following commands:

During installation:

  • When prompted to configure automatically, select apache2 and press OK.
  • Choose “Yes” to configure the phpMyAdmin database with dbconfig-common.
  • Set an administrative password for phpMyAdmin or leave it blank to generate one automatically.

10.2. Create a Subdomain for phpMyAdmin

To isolate phpMyAdmin, create a dedicated subdomain, for example, phpmyadmin.miosito.com.

10.2.1. Configure DNS

Add a DNS record for the subdomain phpmyadmin.miosito.com pointing to your server’s IP address.

10.2.2. Create a Directory for phpMyAdmin

Ensure that phpMyAdmin is installed in the correct directory. Typically, phpMyAdmin is installed in /usr/share/phpmyadmin.

10.3. Configure Apache Virtual Host for phpMyAdmin

Create a new configuration file for the Virtual Host dedicated to phpMyAdmin.

Add the following content, replacing phpmyadmin.miosito.com with your subdomain:

Save and close the file by pressing Ctrl + O, then Ctrl + X.

10.3.1. Enable the Virtual Host and Necessary Modules

Enable the new Virtual Host and ensure that the necessary Apache modules are active:

10.4. Protect phpMyAdmin with HTTP Authentication

Add an additional layer of security by requiring HTTP authentication to access phpMyAdmin.

10.4.1. Create a Password File

Use htpasswd to create a password file:

You will be prompted to enter a password for the admin user.

10.4.2. Update Apache Configuration for phpMyAdmin

Edit the Virtual Host configuration file for phpMyAdmin to add authentication:

Add the following lines within the <Directory /usr/share/phpmyadmin> block:

Save and close the file.

Reload Apache to apply the changes:

10.5. Configure SSL for the phpMyAdmin Subdomain

To ensure that the connection to phpMyAdmin is secure, configure SSL for the dedicated subdomain.

10.5.1. Obtain an SSL Certificate with Certbot

Run Certbot to automatically obtain and configure an SSL certificate for the subdomain:

During installation, you will be prompted for the following information:

  • Enter your email address to receive certificate expiration notifications.
  • Agree to the terms of service.
  • Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).

10.5.2. Verify SSL Configuration

After completing the installation, visit https://phpmyadmin.miosito.com to verify that the SSL certificate is active and that the connection is secure.

10.6. Additional Access Restrictions (Optional)

To further enhance security, you can restrict access to phpMyAdmin to specific IP addresses or IP ranges.

10.6.1. Limit Access to Specific IPs

Edit the Virtual Host configuration file for phpMyAdmin:

Add the following lines within the <Directory /usr/share/phpmyadmin> block:

In this example, only the IP address 192.168.1.100 will be able to access phpMyAdmin. You can add more Require ip directives to include additional IP addresses or ranges.

Save and close the file, then reload Apache:

10.7. Test Access to phpMyAdmin

1. **Access the Dedicated Subdomain:**

2. **HTTP Authentication:**

  • You will be prompted to enter the credentials created with htpasswd.
  • Enter the correct Username and Password to access.

3. **Verify Isolation:**

  • Attempt to access phpMyAdmin through another domain or subdomain and verify that it is not accessible.

10.8. Final Considerations

Configuring phpMyAdmin as a separate site offers several advantages:

  • Enhanced Security: By isolating phpMyAdmin, you reduce the risk of it being compromised through other web applications.
  • Simplified Management: Having a dedicated access point makes it easier to manage and monitor access to phpMyAdmin.
  • Flexibility: You can apply specific security configurations without affecting other sites hosted on the same server.

By following these steps, you will have securely and independently configured phpMyAdmin, improving your database management and overall server security.