Configurare un Server Multi-Sito con Apache e WordPress su Ubuntu 24.04
1. Prerequisites
- A server with Ubuntu 24.04 LTS.
- Access with
sudoprivileges. - A domain name pointing to your server’s IP address (e.g., miosito.com).
2. Update the System
Run the command to update your system:
|
1 |
sudo apt update && sudo apt upgrade -y |
3. Install Apache
Install Apache as the web server:
|
1 |
sudo apt install apache2 -y |
Start and enable Apache:
|
1 2 3 4 |
sudo systemctl start apache2 sudo systemctl enable apache2 |
4. Install MariaDB and Configure the Database
Install MariaDB:
|
1 |
sudo apt install mariadb-server mariadb-client -y |
Attiva MariaDB:
|
1 2 3 |
sudo systemctl start mariadb sudo systemctl enable mariadb |
Run the security script:
|
1 |
sudo mysql_secure_installation |
Create a database and user for your site:
|
1 2 3 4 5 6 7 8 |
sudo mysql -u root -p CREATE DATABASE miosito_db; GRANT ALL PRIVILEGES ON miosito_db.* TO 'mioutente'@'localhost' IDENTIFIED BY 'mia password'; FLUSH PRIVILEGES; EXIT; |
5. Install PHP
WordPress requires PHP. Install PHP and the necessary extensions:
|
1 2 3 |
sudo apt install php php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip -y |
6. Download and Configure WordPress
Create a directory for your site:
|
1 |
sudo mkdir -p /var/www/html/miosito.com |
Download WordPress and move the files to your site’s directory:
|
1 2 3 4 5 6 |
cd /tmp wget https://wordpress.org/latest.tar.gz tar -xzvf latest.tar.gz sudo mv wordpress/* /var/www/html/miosito.com/ |
Set the correct permissions:
|
1 2 3 4 |
sudo chown -R www-data:www-data /var/www/html/miosito.com sudo chmod -R 755 /var/www/html/miosito.com |
Configure the wp-config.php file:
|
1 2 3 4 5 |
cd /var/www/html/miosito.com sudo cp wp-config-sample.php wp-config.php sudo nano wp-config.php |
Update the database details:
|
1 2 3 4 5 6 |
define('DB_NAME', 'miosito_db'); define('DB_USER', 'mioutente'); define('DB_PASSWORD', 'mia password'); define('DB_HOST', 'localhost'); |
7. Configure Apache for Multi-Site
Create a Virtual Host for your site:
|
1 2 3 |
sudo nano /etc/apache2/sites-available/miosito.com.conf |
Add the following content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
<VirtualHost *:80> ServerAdmin admin@tuo_dominio.com DocumentRoot /var/www/html/ ServerName tuo_dominio.com ServerAlias www.tuo_dominio.com <Directory /var/www/html/> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> |
Enable the site and the rewrite module:
|
1 2 3 4 |
sudo a2ensite miosito.com.conf sudo a2enmod rewrite |
Disable the Default site:
|
1 2 3 |
sudo a2dissite 000-default.conf |
Restart Apache:
|
1 |
sudo systemctl restart apache2 |
8. Add Additional Sites
To add more sites, repeat the steps above, changing the directory names, database names, and configuration files.
9. SSL Configuration for Apache and WordPress
Enabling SSL on your Apache server ensures that communications between your WordPress site and visitors are secure and encrypted. This section will guide you through the necessary steps to configure SSL using Certbot and Let’s Encrypt.
9.1. Install Certbot
Certbot is a tool that simplifies obtaining and automatically renewing free SSL certificates provided by Let’s Encrypt.
|
1 2 |
sudo apt update sudo apt install certbot python3-certbot-apache -y |
9.2. Obtain an SSL Certificate
Run Certbot to automatically obtain and install an SSL certificate for your domain.
|
1 |
sudo certbot --apache |
During the installation, you will be prompted for the following information:
- Enter your email address to receive certificate expiration notifications.
- Agree to the terms of service.
- Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).
9.3. Verify SSL Configuration
After completing the installation, verify that the SSL certificate is active by visiting your domain with HTTPS:
You can also check the certificate status with the following command:
|
1 |
sudo certbot certificates |
9.4. Configure Apache for HTTPS
If you are setting up multiple sites, ensure that each Virtual Host has the correct SSL settings. Here is an example configuration for a site with SSL:
|
1 |
sudo nano /etc/apache2/sites-available/miosito.com.conf |
Add or modify the Virtual Host to include SSL directives:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<VirtualHost *:443> ServerAdmin admin@miosito.com DocumentRoot /var/www/html/miosito.com ServerName miosito.com ServerAlias www.miosito.com <Directory /var/www/html/miosito.com> Options FollowSymLinks AllowOverride All Require all granted </Directory> SSLEngine on SSLCertificateFile /etc/letsencrypt/live/miosito.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/miosito.com/privkey.pem ErrorLog ${APACHE_LOG_DIR}/miosito.com_error.log CustomLog ${APACHE_LOG_DIR}/miosito.com_access.log combined </VirtualHost> |
Ensure you replace miosito.com with your actual domain and that the SSL certificate paths are correct.
9.5. Force HTTP to HTTPS Redirection
To ensure all traffic uses HTTPS, configure Apache to automatically redirect HTTP requests to HTTPS.
|
1 |
sudo nano /etc/apache2/sites-available/miosito.com.conf |
Add the following Virtual Host for traffic on port 80:
|
1 2 3 4 5 6 |
<VirtualHost *:80> ServerName miosito.com ServerAlias www.miosito.com Redirect permanent / https://miosito.com/ </VirtualHost> |
9.6. Restart Apache
After making all changes, restart Apache to apply the new configurations:
|
1 |
sudo systemctl restart apache2 |
9.7. Configure WordPress for HTTPS
Ensure that WordPress correctly recognizes and uses HTTPS.
9.7.1. Modify the wp-config.php File
Add the following lines to your wp-config.php to enforce the use of HTTPS:
|
1 2 3 4 5 |
define('FORCE_SSL_ADMIN', true); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; } |
9.7.2. Update Site URLs
Log in to the WordPress dashboard and navigate to Settings > General. Update the WordPress Address (URL) and Site Address (URL) fields to use https://.
9.8. Enable Automatic SSL Certificate Renewal
Let’s Encrypt certificates expire every 90 days, but Certbot can handle automatic renewal.
To test automatic renewal, run:
|
1 |
sudo certbot renew --dry-run |
Certbot automatically sets up a cron job to manage renewals. You can also check the cron job with:
|
1 |
sudo systemctl list-timers |
9.9. Verify SSL Security
Use a service like SSL Labs to test your site’s SSL configuration and ensure it is secure.
Your WordPress site is now protected with HTTPS using a free SSL certificate!
10. Configuring phpMyAdmin as a Separate Site
To enhance security and organization on your server, it is advisable to configure phpMyAdmin as a separate site, accessible via a dedicated domain or subdomain. This prevents phpMyAdmin from being accessible as a subpage of other sites hosted on the same server.
10.1. Install phpMyAdmin
If you haven’t installed phpMyAdmin yet, run the following commands:
|
1 2 |
sudo apt update sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl -y |
During installation:
- When prompted to configure automatically, select apache2 and press OK.
- Choose “Yes” to configure the phpMyAdmin database with dbconfig-common.
- Set an administrative password for phpMyAdmin or leave it blank to generate one automatically.
10.2. Create a Subdomain for phpMyAdmin
To isolate phpMyAdmin, create a dedicated subdomain, for example, phpmyadmin.miosito.com.
10.2.1. Configure DNS
Add a DNS record for the subdomain phpmyadmin.miosito.com pointing to your server’s IP address.
10.2.2. Create a Directory for phpMyAdmin
Ensure that phpMyAdmin is installed in the correct directory. Typically, phpMyAdmin is installed in /usr/share/phpmyadmin.
10.3. Configure Apache Virtual Host for phpMyAdmin
Create a new configuration file for the Virtual Host dedicated to phpMyAdmin.
|
1 |
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.conf |
Add the following content, replacing phpmyadmin.miosito.com with your subdomain:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
<VirtualHost *:80> ServerName phpmyadmin.miosito.com DocumentRoot /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options SymLinksIfOwnerMatch AllowOverride None Require all granted # Add additional access restrictions if necessary # For example, limit access to specific IP addresses # Require ip 192.168.1.0/24 </Directory> ErrorLog ${APACHE_LOG_DIR}/phpmyadmin_error.log CustomLog ${APACHE_LOG_DIR}/phpmyadmin_access.log combined </VirtualHost> |
Save and close the file by pressing Ctrl + O, then Ctrl + X.
10.3.1. Enable the Virtual Host and Necessary Modules
Enable the new Virtual Host and ensure that the necessary Apache modules are active:
|
1 2 3 4 |
sudo a2ensite phpmyadmin.miosito.com.conf sudo a2enmod rewrite sudo a2enmod headers sudo systemctl reload apache2 |
10.4. Protect phpMyAdmin with HTTP Authentication
Add an additional layer of security by requiring HTTP authentication to access phpMyAdmin.
10.4.1. Create a Password File
Use htpasswd to create a password file:
|
1 2 |
sudo apt install apache2-utils -y sudo htpasswd -c /etc/phpmyadmin/.htpasswd admin |
You will be prompted to enter a password for the admin user.
10.4.2. Update Apache Configuration for phpMyAdmin
Edit the Virtual Host configuration file for phpMyAdmin to add authentication:
|
1 |
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.conf |
Add the following lines within the <Directory /usr/share/phpmyadmin> block:
|
1 2 3 4 5 6 7 8 9 10 |
<Directory /usr/share/phpmyadmin> Options SymLinksIfOwnerMatch AllowOverride None Require all granted AuthType Basic AuthName "Restricted Access" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user </Directory> |
Save and close the file.
Reload Apache to apply the changes:
|
1 |
sudo systemctl reload apache2 |
10.5. Configure SSL for the phpMyAdmin Subdomain
To ensure that the connection to phpMyAdmin is secure, configure SSL for the dedicated subdomain.
10.5.1. Obtain an SSL Certificate with Certbot
Run Certbot to automatically obtain and configure an SSL certificate for the subdomain:
|
1 |
sudo certbot --apache -d phpmyadmin.miosito.com |
During installation, you will be prompted for the following information:
- Enter your email address to receive certificate expiration notifications.
- Agree to the terms of service.
- Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).
10.5.2. Verify SSL Configuration
After completing the installation, visit https://phpmyadmin.miosito.com to verify that the SSL certificate is active and that the connection is secure.
10.6. Additional Access Restrictions (Optional)
To further enhance security, you can restrict access to phpMyAdmin to specific IP addresses or IP ranges.
10.6.1. Limit Access to Specific IPs
Edit the Virtual Host configuration file for phpMyAdmin:
|
1 |
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.conf |
Add the following lines within the <Directory /usr/share/phpmyadmin> block:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
<Directory /usr/share/phpmyadmin> Options SymLinksIfOwnerMatch AllowOverride None Require all granted AuthType Basic AuthName "Restricted Access" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user # Limit access to specific IP Require ip 192.168.1.100 </Directory> |
In this example, only the IP address 192.168.1.100 will be able to access phpMyAdmin. You can add more Require ip directives to include additional IP addresses or ranges.
Save and close the file, then reload Apache:
|
1 |
sudo systemctl reload apache2 |
10.7. Test Access to phpMyAdmin
1. **Access the Dedicated Subdomain:**
2. **HTTP Authentication:**
- You will be prompted to enter the credentials created with
htpasswd. - Enter the correct Username and Password to access.
3. **Verify Isolation:**
- Attempt to access phpMyAdmin through another domain or subdomain and verify that it is not accessible.
10.8. Final Considerations
Configuring phpMyAdmin as a separate site offers several advantages:
- Enhanced Security: By isolating phpMyAdmin, you reduce the risk of it being compromised through other web applications.
- Simplified Management: Having a dedicated access point makes it easier to manage and monitor access to phpMyAdmin.
- Flexibility: You can apply specific security configurations without affecting other sites hosted on the same server.
By following these steps, you will have securely and independently configured phpMyAdmin, improving your database management and overall server security.
