Configurare un Server Multi-Sito con Apache e WordPress su Ubuntu 24.04
1. Prerequisites
- A server with Ubuntu 24.04 LTS.
- Access with
sudoprivileges. - A domain name pointing to your server’s IP address (e.g., miosito.com).
2. Update the System
Run the command to update your system:
sudo apt update && sudo apt upgrade -y3. Install Apache
Install Apache as the web server:
sudo apt install apache2 -yStart and enable Apache:
sudo systemctl start apache2
sudo systemctl enable apache2
4. Install MariaDB and Configure the Database
Install MariaDB:
sudo apt install mariadb-server mariadb-client -yAttiva MariaDB:
sudo systemctl start mariadb
sudo systemctl enable mariadb
Run the security script:
sudo mysql_secure_installationCreate a database and user for your site:
sudo mysql -u root -p
CREATE DATABASE miosito_db;
GRANT ALL PRIVILEGES ON miosito_db.* TO 'mioutente'@'localhost' IDENTIFIED BY 'mia password';
FLUSH PRIVILEGES;
EXIT;
5. Install PHP
WordPress requires PHP. Install PHP and the necessary extensions:
sudo apt install php php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip -y
6. Download and Configure WordPress
Create a directory for your site:
sudo mkdir -p /var/www/html/miosito.comDownload WordPress and move the files to your site’s directory:
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
sudo mv wordpress/* /var/www/html/miosito.com/
Set the correct permissions:
sudo chown -R www-data:www-data /var/www/html/miosito.com
sudo chmod -R 755 /var/www/html/miosito.com
Configure the wp-config.php file:
cd /var/www/html/miosito.com
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
Update the database details:
define('DB_NAME', 'miosito_db');
define('DB_USER', 'mioutente');
define('DB_PASSWORD', 'mia password');
define('DB_HOST', 'localhost');
7. Configure Apache for Multi-Site
Create a Virtual Host for your site:
sudo nano /etc/apache2/sites-available/miosito.com.conf
Add the following content:
<VirtualHost *:80>
ServerAdmin admin@tuo_dominio.com
DocumentRoot /var/www/html/
ServerName tuo_dominio.com
ServerAlias www.tuo_dominio.com
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the site and the rewrite module:
sudo a2ensite miosito.com.conf
sudo a2enmod rewrite
Disable the Default site:
sudo a2dissite 000-default.conf
Restart Apache:
sudo systemctl restart apache28. Add Additional Sites
To add more sites, repeat the steps above, changing the directory names, database names, and configuration files.
9. SSL Configuration for Apache and WordPress
Enabling SSL on your Apache server ensures that communications between your WordPress site and visitors are secure and encrypted. This section will guide you through the necessary steps to configure SSL using Certbot and Let’s Encrypt.
9.1. Install Certbot
Certbot is a tool that simplifies obtaining and automatically renewing free SSL certificates provided by Let’s Encrypt.
sudo apt update
sudo apt install certbot python3-certbot-apache -y9.2. Obtain an SSL Certificate
Run Certbot to automatically obtain and install an SSL certificate for your domain.
sudo certbot --apacheDuring the installation, you will be prompted for the following information:
- Enter your email address to receive certificate expiration notifications.
- Agree to the terms of service.
- Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).
9.3. Verify SSL Configuration
After completing the installation, verify that the SSL certificate is active by visiting your domain with HTTPS:
You can also check the certificate status with the following command:
sudo certbot certificates9.4. Configure Apache for HTTPS
If you are setting up multiple sites, ensure that each Virtual Host has the correct SSL settings. Here is an example configuration for a site with SSL:
sudo nano /etc/apache2/sites-available/miosito.com.confAdd or modify the Virtual Host to include SSL directives:
<VirtualHost *:443>
ServerAdmin admin@miosito.com
DocumentRoot /var/www/html/miosito.com
ServerName miosito.com
ServerAlias www.miosito.com
<Directory /var/www/html/miosito.com>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/miosito.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/miosito.com/privkey.pem
ErrorLog ${APACHE_LOG_DIR}/miosito.com_error.log
CustomLog ${APACHE_LOG_DIR}/miosito.com_access.log combined
</VirtualHost>Ensure you replace miosito.com with your actual domain and that the SSL certificate paths are correct.
9.5. Force HTTP to HTTPS Redirection
To ensure all traffic uses HTTPS, configure Apache to automatically redirect HTTP requests to HTTPS.
sudo nano /etc/apache2/sites-available/miosito.com.confAdd the following Virtual Host for traffic on port 80:
<VirtualHost *:80>
ServerName miosito.com
ServerAlias www.miosito.com
Redirect permanent / https://miosito.com/
</VirtualHost>9.6. Restart Apache
After making all changes, restart Apache to apply the new configurations:
sudo systemctl restart apache29.7. Configure WordPress for HTTPS
Ensure that WordPress correctly recognizes and uses HTTPS.
9.7.1. Modify the wp-config.php File
Add the following lines to your wp-config.php to enforce the use of HTTPS:
define('FORCE_SSL_ADMIN', true);
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}9.7.2. Update Site URLs
Log in to the WordPress dashboard and navigate to Settings > General. Update the WordPress Address (URL) and Site Address (URL) fields to use https://.
9.8. Enable Automatic SSL Certificate Renewal
Let’s Encrypt certificates expire every 90 days, but Certbot can handle automatic renewal.
To test automatic renewal, run:
sudo certbot renew --dry-runCertbot automatically sets up a cron job to manage renewals. You can also check the cron job with:
sudo systemctl list-timers9.9. Verify SSL Security
Use a service like SSL Labs to test your site’s SSL configuration and ensure it is secure.
Your WordPress site is now protected with HTTPS using a free SSL certificate!
10. Configuring phpMyAdmin as a Separate Site
To enhance security and organization on your server, it is advisable to configure phpMyAdmin as a separate site, accessible via a dedicated domain or subdomain. This prevents phpMyAdmin from being accessible as a subpage of other sites hosted on the same server.
10.1. Install phpMyAdmin
If you haven’t installed phpMyAdmin yet, run the following commands:
sudo apt update
sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl -yDuring installation:
- When prompted to configure automatically, select apache2 and press OK.
- Choose “Yes” to configure the phpMyAdmin database with dbconfig-common.
- Set an administrative password for phpMyAdmin or leave it blank to generate one automatically.
10.2. Create a Subdomain for phpMyAdmin
To isolate phpMyAdmin, create a dedicated subdomain, for example, phpmyadmin.miosito.com.
10.2.1. Configure DNS
Add a DNS record for the subdomain phpmyadmin.miosito.com pointing to your server’s IP address.
10.2.2. Create a Directory for phpMyAdmin
Ensure that phpMyAdmin is installed in the correct directory. Typically, phpMyAdmin is installed in /usr/share/phpmyadmin.
10.3. Configure Apache Virtual Host for phpMyAdmin
Create a new configuration file for the Virtual Host dedicated to phpMyAdmin.
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following content, replacing phpmyadmin.miosito.com with your subdomain:
<VirtualHost *:80>
ServerName phpmyadmin.miosito.com
DocumentRoot /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
# Add additional access restrictions if necessary
# For example, limit access to specific IP addresses
# Require ip 192.168.1.0/24
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpmyadmin_error.log
CustomLog ${APACHE_LOG_DIR}/phpmyadmin_access.log combined
</VirtualHost>Save and close the file by pressing Ctrl + O, then Ctrl + X.
10.3.1. Enable the Virtual Host and Necessary Modules
Enable the new Virtual Host and ensure that the necessary Apache modules are active:
sudo a2ensite phpmyadmin.miosito.com.conf
sudo a2enmod rewrite
sudo a2enmod headers
sudo systemctl reload apache210.4. Protect phpMyAdmin with HTTP Authentication
Add an additional layer of security by requiring HTTP authentication to access phpMyAdmin.
10.4.1. Create a Password File
Use htpasswd to create a password file:
sudo apt install apache2-utils -y
sudo htpasswd -c /etc/phpmyadmin/.htpasswd adminYou will be prompted to enter a password for the admin user.
10.4.2. Update Apache Configuration for phpMyAdmin
Edit the Virtual Host configuration file for phpMyAdmin to add authentication:
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following lines within the <Directory /usr/share/phpmyadmin> block:
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
</Directory>Save and close the file.
Reload Apache to apply the changes:
sudo systemctl reload apache210.5. Configure SSL for the phpMyAdmin Subdomain
To ensure that the connection to phpMyAdmin is secure, configure SSL for the dedicated subdomain.
10.5.1. Obtain an SSL Certificate with Certbot
Run Certbot to automatically obtain and configure an SSL certificate for the subdomain:
sudo certbot --apache -d phpmyadmin.miosito.comDuring installation, you will be prompted for the following information:
- Enter your email address to receive certificate expiration notifications.
- Agree to the terms of service.
- Choose whether to automatically redirect all HTTP traffic to HTTPS (recommended).
10.5.2. Verify SSL Configuration
After completing the installation, visit https://phpmyadmin.miosito.com to verify that the SSL certificate is active and that the connection is secure.
10.6. Additional Access Restrictions (Optional)
To further enhance security, you can restrict access to phpMyAdmin to specific IP addresses or IP ranges.
10.6.1. Limit Access to Specific IPs
Edit the Virtual Host configuration file for phpMyAdmin:
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following lines within the <Directory /usr/share/phpmyadmin> block:
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
# Limit access to specific IP
Require ip 192.168.1.100
</Directory>In this example, only the IP address 192.168.1.100 will be able to access phpMyAdmin. You can add more Require ip directives to include additional IP addresses or ranges.
Save and close the file, then reload Apache:
sudo systemctl reload apache210.7. Test Access to phpMyAdmin
1. **Access the Dedicated Subdomain:**
2. **HTTP Authentication:**
- You will be prompted to enter the credentials created with
htpasswd. - Enter the correct Username and Password to access.
3. **Verify Isolation:**
- Attempt to access phpMyAdmin through another domain or subdomain and verify that it is not accessible.
10.8. Final Considerations
Configuring phpMyAdmin as a separate site offers several advantages:
- Enhanced Security: By isolating phpMyAdmin, you reduce the risk of it being compromised through other web applications.
- Simplified Management: Having a dedicated access point makes it easier to manage and monitor access to phpMyAdmin.
- Flexibility: You can apply specific security configurations without affecting other sites hosted on the same server.
By following these steps, you will have securely and independently configured phpMyAdmin, improving your database management and overall server security.
