Compiling and installing from source the awesome stack Nginx with SSL, PHP, MariaDB and WordPress on Debian Wheezy

October 20, 2012

This “howto” will help you install the awesome stack Nginx, PHP, MariaDB and WordPress on minimal base installation of Debian Wheezy. Of course this great software can be installed on all *nix systems and that is why prior to installing the needed libraries I use “# apt-cache search *” so that you will be able to see the exact name of the library to be installed on your particular OS. “#” means you execute the command as root and “$” means you execute the command as normal user.

Compile, build and install Nginx

For compiling from source we need to:

# apt-get install build-essential

which on Debian installs these packges:
binutils build-essential cpp cpp-4.7 dpkg-dev fakeroot g++ g++-4.7 gcc gcc-4.7 libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libc-dev-bin libc6-dev libdpkg-perl libfile-fcntllock-perl libgmp10 libgomp1 libitm1 libmpc2 libmpfr4 libquadmath0 libstdc++6-4.7-dev libtimedate-perl linux-libc-dev make manpages-dev

To satisfy dependencies of Nginx we need to install:

# apt-cache search pcre
# apt-get install libpcre3-dev
# apt-cache search openssl | grep -i dev
# apt-get install libssl-dev

Go to the directory where your source is and extract it:

$ cd /home/debian/programms/nginx/
$ tar xvzf nginx-1.2.3.tar.gz
$ cd nginx-1.2.3/

Now we can compile, build and install it with HTTPS support (which uses SSL/TLS):

$ ./configure --with-http_ssl_module
$ make
# make install

Nginx will be installed in “/usr/local/nginx”. To start the server you execute:

# /usr/local/nginx/sbin/nginx

You can check if it is working by visiting “http://127.0.0.1″. To stop the server you execute:

# /usr/local/nginx/sbin/nginx -s stop

It is very important to not run nginx as root, which means changing the first line in “/usr/local/nginx/conf/nginx.conf” to “www-data” user for example. Initially the server will be run as user “nobody”.

user  www-data;

Now let us create the self-signed SSL certificate. You will need to execute the following commands, enter your pass-phrase when you are asked and also enter some information about you and your website:

# mkdir /usr/local/nginx/conf/ssl
# cd /usr/local/nginx/conf/ssl
# openssl genrsa -aes256 -out server.key 2048
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl x509 -req -days 2000 -in server.csr -signkey server.key -out server.crt

 Compile, build and install MariaDB

The following libraries must be installed, because MariaDB depends on them:

# apt-cache search libncurs | grep -i dev
# apt-get install libncurses5-dev libncursesw5-dev
# apt-get install cmake

We need to create the directory where MariaDB will be installed:

# mkdir /usr/local/mysql

Now go to the directory where your source is, compile, build and install like that:

$ cd /home/debian/programms/mariadb
$ tar xvzf mariadb-5.5.27.tar.gz
$ cd mariadb-5.5.27/
$ cmake -LAH
$ make
# make install

Alright our MariaDB database is installed, now we want to run it under unprivileged “mysql” user and group for securtiy measures. Let us create the new user and change the owner and group of the directory:

# groupadd mysql
# useradd -d /usr/local/mysql -s /bin/false -g mysql mysql
# chown -R mysql:mysql /usr/local/mysql

Now we are going to set up the server with “mysql” user, start it in safe mode, create a strong root pass-phrase, and secure the installation by deleting the “test” database:

# cd /usr/local/mysql
# /usr/local/mysql/scripts/mysql_install_db --user=mysql
# ./bin/mysqld_safe --user=mysql &
# ./bin/mysqladmin -u root password 'your strong passphrase'
# ./bin/mysql_secure_installation

You will need to answer some question for the secure installation. My answers were: “n” “Y” “Y” “Y” “Y”. This is how you start MariaDB:

# /usr/local/mysql/bin/mysqld_safe --user=mysql &

Compile, build and install PHP

First install the dependencies for PHP:

# apt-cache search libxml2
# apt-get install libxml2-dev
# apt-cache search BZip2 | grep -i dev
# apt-get install libbz2-dev
# apt-cache search libcurl
# apt-get install libcurl4-openssl-dev
# apt-cache search libmcrypt
# apt-get install libmcrypt-dev

After that configure, compile, build and install it:

$ tar xvjf php-5.4.6.tar.bz2
$ cd php-5.4.6/
$ export LD_LIBRARY_PATH=/usr/local/mysql/lib:LD_LIBRARY_PATH
$ ./configure --enable-fpm --with-mcrypt --with-zlib --with-curl --disable-debug --disable-rpath --enable-inline-optimization --with-bz2 --enable-sockets --enable-zip --with-fpm-user=www-data --with-fpm-group=www-data --with-mysql=/usr/local/mysql/
$ make
$ make test
# export LD_LIBRARY_PATH=/usr/local/mysql/lib:LD_LIBRARY_PATH
# make install

We need to configure Nginx to be able to serve *.php pages. My configuration looks like this nginx.conf

 Install WordPress

To install WordPress we need to create database and to give write permissions to Nginx to the directory where WordPress will be installed. Let us create first the database:

# /usr/local/mysql/bin/mysql -u root -p
> CREATE DATABASE dbYourDBName;
> SHOW DATABASES;
> GRANT ALL PRIVILEGES ON dbYourDBName.* TO "uWordpress"@"localhost" IDENTIFIED BY "YourStrongPasswordHere";
> SHOW GRANTS FOR 'uWordpress'@'localhost';
> FLUSH PRIVILEGES;

Now create your WordPress directory:

# mkdir /usr/local/nginx/html/blog/

Copy the extracted WordPress files to “/usr/local/nginx/html/blog/” and set owner and group permissions of the Nginx service. My Nginx runs as www-data user so:

# chown www-data:www-data /usr/local/nginx/html/blog/
# chown -R www-data:www-data /usr/local/nginx/html/blog/
then start installing WordPress through your web browser by visiting:
http://127.0.0.1/blog

From here on installing WordPress is self-explanatory. After installing WordPress you can change the ownership for example to root:staff, so that WordPress has no write permissions on the file system. It could only connect to the database, which is enough for creating pages, posts, comments and so on. Have fun.

 

tags: , , ,
posted in GNU/Linux, MariaDB, NginX by admin

Follow comments via the RSS Feed | Leave a comment | Trackback URL

Leave Your Comment


seven + = 16

 
Creative Commons License
Technologies used Debian, Nginx, MariaDB, PHP, Wordpress
Theme inspired by Shlomi Noach and modified by Asen Varsanov