How to renew a LetsEncrypt certificate

So, I received a message by email saying that my LetsEncrypt certificate for this blog is about to expire:

Your certificate (or certificates) for the names listed below will expire in xx days

Now, in order to renew it, I opened the terminal and used this command:

sudo certbot renew

But this one can be used as well:

sudo letsencrypt renew

The message I got was this:

Processing /etc/letsencrypt/renewal/nicolaemarinescu.com.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Cert not yet due for renewal
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
The following certs are not due for renewal yet:
/etc/letsencrypt/live/nicolaemarinescu.com/fullchain.pem expires on 2019-01-21 (skipped)
No renewals were attempted.

That means I need to try again in a couple of weeks using the same command.

Configure Static IP Addresses on Ubuntu 18.04 LTS Server

The way to configure a static IP in Ubuntu 18 is a bit different that the one in Ubuntu 16 and the previous versions. The file that needs to be modified is called 50-cloud-init.yaml and is located here: /etc/netplan. We will edit it.

sudo nano /etc/netplan/50-cloud-init.yaml

Originally, the file looks like this:

We need to add a couple of lines, but – very important – we should not change the indentation. I’ve struggled with some error messages when applying settings just because I’ve used TAB instead of SPACE, or because the indentation was off.

After modifications, the file should look like this:

We apply the new configuration using this command:

sudo netplan apply

NOTE: My netmask is 255.255.240.0, and that translates to 20 bits. If you have the more common netmask in your network, 255.255.255.0, then use 24 bits. Otherwise, use this table to find the number of bits required for you specific configuration:


Installing WordPress on Ubuntu 18.04 LTS

In this post, we will deploy a server with Ubuntu 18.04 LTS and install WordPress on it.

The installation of Ubuntu Server is straightforward. The only step we need to pay attention to, is the static IP. It will make the things easier later.

Once Ubuntu is installed, we need to run the two simple, yet important commands:

sudo apt update
sudo apt upgrade

Once this is done, we will install the Apache web server:

sudo apt install apache2

If everything went well, we should see the Apache default configuration page on our browser:

Next, we will install the MySQL database engine, and secure the installation (we will choose a password for the MySQL root user during this step):

sudo apt install mysql-server
sudo mysql_secure_installation

Then, we will install php and some additional modules:

sudo apt install php libapache2-mod-php php-mysql

Once this is done, we will restart and enable Apache:

sudo systemctl restart apache2
sudo systemctl enable apache2

Next, we are going to create a MySQL database for WordPress:

sudo mysql -u root -p
create database wordpress;
GRANT ALL ON wordpress.* TO ‘wordpressuser’@’localhost’ IDENTIFIED BY ‘password’;
flush privileges;
exit

Next, edit the Apache configuration file:

sudo nano /etc/apache2/apache2.conf

Copy and paste the following block of text at the end of the file:

<Directory /var/www/html/>
AllowOverride All
</Directory>

Ctrl-O to save the changes, and Ctrl-X to close the file.
Next step is to enable mod_rewrite module:

sudo a2enmod rewrite
sudo systemctl restart apache2

Now comes the beautiful part of installing WordPress:

wget -c http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz

After downloading and unzipping the files, we will copy everything in the web directory:

sudo rsync -av wordpress/* /var/www/html/

Give the right permissions for the web directory:

sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

We need to rename the sample configuration file and edit it:

cd  /var/www/html
sudo mv wp-config-sample.php wp-config.php
sudo nano /var/www/html/wp-config.php

Put the values that you choose earlier for your database_name, db_user and db-password. Leave everything else as it is.

Save and close the file.

One more thing: remove the index.html file from the web directory, since wordpress uses an index.php to run.

sudo rm index.html

Reboot.

After reboot, open the IP address of your server in a browser, fill out the required fields, click on Install WordPress and start blogging !

Note: If we want this WordPress installation to be available on the internet, by forwarding port 80 to the IP address of the server and add a domain to it, it is a good practice to add a SSL certificate to our server. Check my post about adding free ssl certificate in ubuntu with let’s encrypt

Adding free SSL certificate in Ubuntu with Let’s Encrypt

So, we have a Virtual Private Server (I prefer Digital Ocean) hosting a website or a WordPress blog, and we want to look serious by adding an SSL certificate, so the visitors could use https instead of http.

There are a couple of easy steps to do that. First, I will assume you only have one site on that VPS, so no virtual hosts are set up. First two commands are for installing certbot:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt-get install python-certbot-apache

Next, we will obtain an SSL certificate:

sudo certbot –apache -d example.com -d www.example.com

Of course, we need to replace example.com with the actual name of the domain.

Enter your email address, then agree with the Terms of Service.

When asked if we want to redirect all http traffic to https, answer yes by choosing number 2.


Also, when asked about the virtual host, choose the second one (since we don’t have virtual hosts configured), that is the one with our domain name next to it. In my case, the virtual host file was named 000-default-le-ssl.conf

Once the certificate is successfully installed, run this:

sudo certbot renew –dry-run

If we see no errors, then the auto-renewal is enabled.

Now, there is a glitch to this: The browser might show a yellow exclamation mark, like this:

If the website already has images or other internal links on it, the URL’s that points to those images have to be changed to https://path_to_image. Yes, just by adding an s to the link, nothing else. So, it is a better practice to add the certificate before deploying the website or installing WordPress.

If all is done, the browser will give a green light. Like this:

Warning messages after installing Nextcloud server

In a previous post, we installed Nextcloud on Ubuntu Server 16.04 LTS. All good, but once we go to User  – Settings – Basic Settings we see several messages written in red, telling us we need to perform additional tasks.

Now, Nextcloud will work without those corrections, but if we want maximum responsiveness from our server, it’s better to take care of them. Let’s start with the first one:

Your data directory and your files are probably accessible from the internet. Your .htaccess files is not working.

Log in to the server and make a small change in the apache2.conf file:

sudo nano /etc/apache2/apache2.conf

Look for those lines:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Replace None with All. Then save and close the file and restart the apache service:

sudo service apache2 restart

The first warning message is gone. We are going to ignore the second message (Accessing site insecurely via HTTP), since our server is not public and it doesn’t have a domain name, so it doesn’t need and can’t have an SSL certificate.

No memory cache has been configured. To enhance performance, please configure a memcache

We start by installing APCu and Redis to enable caching. That will make our server faster when displaying media files and generating thumbnails:

sudo apt-get install php-apcu redis-server php-redis
sudo nano /etc/redis/redis.conf

In the file, make the following changes:

  • port 6379 to port 0
  • uncomment the line:   unixsocket /var/run/redis/redis.sock
  • uncomment the line:   unixsocketperm 700
  • on the same line, change 700 to 770

Save and close the file, then add the apache user www-data to the redis group, then restart apache service and start the redis service:

sudo usermod -a -G redis www-data
sudo service apache2 restart
sudo service redis-server start
sudo systemctl enable redis-server

Next, we open the Nextcloud configuration file:

sudo nano /var/www/html/nextcloud/config/config.php

Add the following block of code at the end of the file, BEFORE the last closing bracket:

‘memcache.local’ => ‘\\OC\\Memcache\\Redis’,
‘memcache.locking’ => ‘\\OC\\Memcache\\Redis’,
‘filelocking.enabled’ => ‘true’,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘timeout’ => 0.0,
),

Reboot the server for the configuration to take effect.

The PHP OPcache is not properly configured

Open the php.ini configuration file:

sudo nano /etc/php/7.0/apache2/php.ini

Find each one of the following lines, un-comment them and change the settings according to the indications in the warning message. (The Ctr-W combination in the nano editor will help with the search):

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

There is one more consideration. The maximum file size for uploads is set to 2 MB, which is way too small for a photo or a video. So let’s change that to something bigger, like 1 GB or more. In the same file, find and change those two lines:

upload_max_filesize = 1024M
post_max_size = 1050M

We put the second value a little big bigger, to avoid errors when uploading a file that is EXACTLY 1 GB in size.

One more apache2 restart and we’re done.

Install Nextcloud on Ubuntu 16

In this post, we will setup a server and install Nextcloud on it. My distribution of choice is Ubuntu Server, version 16.04 LTS. I happen to like the non-GUI interface, so everything will be done in the terminal. I will make this as short as possible. Let’s start!

The server has 1 virtual processor and 1 GB of memory. More than enough for a home test server running Nextcloud. Use the default settings during install. At the end, when asked about packages to add, choose these three:

When asked, set a password for MySQL root user and remember it.

After installation, update the server:

sudo apt update
sudo apt upgrade

There is a good idea to set up a static IP for the server. Open and edit this file:

sudo nano /etc/network/interfaces

Replace this:

iface [your adapter name] inet dhcp

with this:

iface [your adapter name] inet static
address 192.168.1.10 (or whatever IP you wish to assign to it)
netmask 255.255.255.0
gateway 192.168.1.1 (the address of your router)
dns-nameservers 192.168.1.1

Save and close the file with Ctrl-O and Ctrl-X. Reboot the server to reflect the changes.

Next, we are going to create a MySQL database for Nextcloud:

sudo mysql -u root -p
create database nextcloud;
GRANT ALL ON nextcloud.* TO ‘nextclouduser’@’localhost’ IDENTIFIED BY ‘password’;
flush privileges;
exit

Choose your own database name, user and password. We will need them later.
A good practice is to secure the mysql installation. Run this command:

sudo mysql_secure_installation

Answer no the the first two questions and yes to the rest.

Next, we need to install a set of php modules needed by Nextcloud:

sudo apt-get install php-gd php-json php-curl php-mbstring
sudo apt-get install php-intl php-mcrypt php-imagick php-xml php-zip

Also, enable two additional Apache mods and restart Apache to make them available:

sudo a2enmod rewrite headers

sudo service apache2 restart

We are ready now to download and install Nextcloud. We will use the following commands:

cd /var/www/html
sudo wget https://download.nextcloud.com/server/releases/latest-13.tar.bz2
sudo tar -jxvf latest-13.tar.bz2
sudo chown -R www-data:www-data /var/www/html/nextcloud
sudo rm latest-13.tar.bz2

All done in the command line. Reboot the server and then open the IP address in a browser, like this:

192.168.1.10/nextcloud  (or whatever IP you assigned to it earlier)

You will see the initial configuration for Nextcloud.

Create a user and a password in the first window and enter the database details in the second one. Leave the Data folder as is. Click on Finish setup.

The basic installation is ready. But, additional steps are needed to make the best of our Nextcloud server. Check my other post: Warning messages after installing Nextcloud server

Install WordPress on Ubuntu 16

In this post,  we will setup a server and install WordPress on it. My distribution of choice is Ubuntu Server, version 16.04 LTS. I happen to like the non-GUI interface, so everything will be done in the terminal. I will make this as short as possible. Let’s start!

The server has 1 virtual processor and 1 GB of memory. More than enough for a home test server running WordPress. Use the default settings during install. At the end, when asked about packages to add, choose these three:

When asked, set a password for MySQL root user and remember it.

After installation, update the server:

sudo apt update
sudo apt upgrade

There is a good idea to set up a static IP for the server. Open and edit this file:

sudo nano /etc/network/interfaces

Replace this:

iface [your adapter name] inet dhcp

with this:

iface [your adapter name] inet static
address 192.168.1.10 (or whatever IP you wish to assign to it)
netmask 255.255.255.0
gateway 192.168.1.1 (the address of your router)
dns-nameservers 192.168.1.1

Save and close the file with Ctrl-O and Ctrl-X. Reboot the server to reflect the changes.

Next, we are going to create a MySQL database for WordPress:

sudo mysql -u root -p
create database wordpress;
GRANT ALL ON wordpress.* TO ‘wordpressuser’@’localhost’ IDENTIFIED BY ‘password’;
flush privileges;
exit

Choose your own database name, user and password. We will need them later.
A good practice is to secure the mysql installation. Run this command:

sudo mysql_secure_installation

Answer no the the first two questions and yes to the rest.

Next, edit the Apache configuration file:

sudo nano /etc/apache2/apache2.conf

Copy and paste the following block of text at the end of the file:

<Directory /var/www/html/>
AllowOverride All
</Directory>

Ctrl-O to save the changes, and Ctrl-X to close the file.
Next step is to enable mod_rewrite module:

sudo a2enmod rewrite
sudo systemctl restart apache2

Now comes the beautiful part of installing WordPress:

wget -c http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz

After downloading and unzipping the files, we will copy everything in the web directory:

sudo rsync -av wordpress/* /var/www/html/

Give the right permissions for the web directory:

sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

We need to rename the sample configuration file and edit it:

cd  var/www/html
sudo mv wp-config-sample.php wp-config.php
sudo nano var/www/html/wp-config.php

Put the values that you choose earlier for your database_name, db_user and db-password. Leave everything else as it is.

Save and close the file.

One more thing: remove the index.html file from the web directory, since wordpress uses an index.php to run.

sudo rm index.html

Reboot.

After reboot, open the IP address of your server in a browser, fill out the required fields, click on Install WordPress and start blogging !