After writing a series of blog posts and guides on CentOS for several years now, as part of my Essential Linux Skills with CentOS 7 series, I have decided to publish a free eBook covering the complete guide on setting up your own highly secure web server for blogging (WordPress). Linux is still a hobby, and while it comes in handy for my day job, it has been long since I was a Linux administrator. I once remember someone describing it as an art.
While many of my readers and followers are highly skilled technical consultants and VMware architects, building and maintaining a secure and stable web server for WordPress can pose some challenges. For one, it requires a solid understanding of the Linux operating system and nuances of security with mechanisms such as SELinux. Also it takes time to learn, master and manage. However, I feel the many benefits outweigh these challenges and running your own WordPress blog can be very rewarding. One area I decided to focus heavily on is SELinux. It is often disabled and ignored, and often misunderstood.
Many of us are also on a budget, so simply using AWS Route53, some EC2 nodes and a load-balancer with CloudFront can be costly when considering egress bandwidth charges. I have used various VPS (Virtual Private Server) providers in the past, and recently decided to move back to Linode. I was a customer for several years until I moved to another provider following their ‘Twelve Days of Crisis‘ nightmare. However, the fact that Linode have been so open and having received excellent support in the past I opted to move back and I’m really pleased I did. They are currently offering a $10 a month Linode 2GB plan which comes with 1 vCPU core, 30GB SSD storage, and 2TB transfer per month. For $20 you’ll get 4GB RAM, 2 vCPU cores and 3TB of network transfer.
The primary components used in this guide are CentOS 7.4 (1708.el7) with PHP 7, MariaDB 5.5.x, WordPress 4.8.x, and Apache 2.4.x. I am already planning to update the eBook with Nftables, the successor to IPtables.
Contents:
- Introduction
- Assumptions
- Security Primer
- Do I really have to use SELinux?
- Managing Services with systemd
- systemd
- Let’s Try It
- Understanding IPtables
- firewalld
- Nftables
- Getting Started with IPtables
- What are Chains?
- Flushing the Rules
- Creating Our First IPtables Rules
- Logging
- Set policy to drop all other traffic
- Recap What You Have Learned So Far
- Saving and Restarting IPtables
- Advanced SSH Security
- Limiting Other Attack Vectors
- Host Access (TCP_WRAPPERS)
- Blocking a IP Addresses with IPtables
- Common Firewall Rules for Web Hosts
- Final IPtables Rules
- Monitoring Logs
- Stage 1: Deploying a new virtual private server (VPS)
- Securing Access
- Configuring SSH Key Based Authentication
- Installing Core Packages
- Basic Server Configuration
- Stage 2: IPtables Web Server Configuration
- Installing Fail2Ban
- Stage 3: MariaDB (MySQL)
- Stage 4: Migrating from Another VPS Host (Optional)
- Transferring files from another VPS host
- Stage 5: Configuring LAMP (Linux, Apache, MariaDB/MySQL and PHP)
- Directory Structures and Permissions
- SFTP (SSH File Transfer)
- Apache Configuration
- Adding The First Site (VirtualHost) for CloudWire.info
- Configuring SSL
- Stage 6: Installing WordPress
- Stage 7: Securing WordPress
- Redirecting HTTP to HTTPS using the rewrite module
- Protecting WordPress Admin (wp-admin) with .htaccess
- Protecting wp-login.php with .htaccess
- Configuring SFTP for WordPress Updates
- Stage 8: Configuring SELinux
- Setting Permissive Mode
- How SELinux Works
- Booleans
- Configuring SELinux to Play Nicely with Apache and WordPress
- Troubleshooting SELinux
- Conclusion
- Key Takeaways
- About the Author
- Additional Resources
The post Free eBook: Building a Secure WordPress Server (LAMP) with CentOS 7 appeared first on Ray Heffer.