$_ BSDHowTo.ch
How To... Why not..? Scripts Patches RSS logo

Install WordPress on OpenBSD

Last update: 2019-04-25

Introduction

This post shows you how to install WordPress on OpenBSD. It uses httpd(8) as webserver, PHP, and MariaDB as database.

Installation of packages

You can install all the required software that is not part of OpenBSD base from the packages:

# doas pkg_add -i php-mysqli php-curl php-zip mariadb-server

The PHP packages will present you a list of available versions. I recommend you choose the latest one available. At the time of writing this is 7.2 on OpenBSD 6.5.

Configuration of PHP

The file /etc/php-fpm.conf that comes with the package for PHP 7.2 in OpenBSD 6.5 misses the pool definition. Edit the file and append the following lines to it:

[www]
user = www
group = www
listen = /var/www/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = /var/www

You must make sure that the required PHP extensions are enabled. The easiest way to this is the following:

$ cd /etc/php-7.2.sample/
$ for i in * ; do
> doas ln -sf ../php-7.2.sample/$i ../php-7.2/
> done

Configuration of MariaDB

I recommend that you create a dedicated login group for mysqld - although the package readme tells you that you only need it on busy servers. Append the following to /etc/login.conf:

mysqld:\
    :openfiles-cur=1024:\
    :openfiles-max=2048:\
    :tc=daemon:

Create the initial database for MariaDB:

$ doas mysql_install_db

Now you can start mysqld(8) and secure the installation:

$ doas rcctl enable mysqld
$ doas rcctl start mysqld
$ doas mysql_secure_installation

With httpd(8) chrooted to /var/www you must make sure that the connection to the socket of the MariaDB server is available within the chroot. First create a folder in which the socket will be placed:

$ doas install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql

Second you must change the socket path in /etc/my.cnf. There are two sections in this file which contain the option socket:

[client]
socket = /var/www/var/run/mysql/mysql.sock

[mysqld]
socket = /var/www/var/run/mysql/mysql.sock

I recommend commenting out the existing entries and place the new ones below the existing ones. You must restart mysqld(8) in order to activate the new socket:

$ doas rcctl restart mysqld

The last step is to create the database for WordPress:

$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.0.36-MariaDB OpenBSD port: mariadb-server-10.0.36p0v1

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES on wordpress.* TO "wordpress"@"localhost"
    -> IDENTIFIED BY "password";
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> EXIT
Bye

Configuration of httpd(8)

I assume that you want to run WordPress as the only web application on your server. If this is the case, the following content of /etc/httpd.conf is for you:

types { include "/usr/share/misc/mime.types" }

server "default" {
    listen on egress port http
    root "/wordpress"
    directory index index.php
    location "*.php" { fastcgi socket "/run/php-fpm.sock" }
}

In order to make name resolving work wihtin the chroot(2) you should copy your hosts(5) file and your resolv.conf(5):

$ cd /var/www
$ doas mkdir etc
$ doas cp /etc/resolv.conf etc/

Installation of WordPress

First you must fetch the latest version of WordPress:

$ ftp -o wordpress.tar.gz https://wordpress.org/latest.tar.gz

Next you can unpack the archive into the chroot of httpd(8), set the permissions and prepare for the configuration:

$ cd /var/www
$ doas tar xzf /home/user/wordpress.tar.gz
$ cd wordpress
$ find . -type d -exec doas chown www:daemon {} \;
$ find . -type f -exec doas chown www:bin {} \;
$ doas cp wp-config-sample.php wp-config.php

Edit the new file wp-config.php and add or set the following values:

define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost:/var/run/mysql/mysql.sock');

define('FS_METHOD', 'direct');

WordPress needs access to webservers for downloading of themes and plugins. If you need to use a proxy for accessing webpages you can add the following values to wp-config.php:

define('WP_PROXY_HOST', 'proxy.example.net');
define('WP_PROXY_PORT', '8080');
define('WP_PROXY_USERNAME', '');
define('WP_PROXY_PASSWORD', '');
define('WP_PROXY_BYPASS_HOSTS', 'localhost');

Start services and finish setup

Now it is time to actually start httpd(8) and php-fpm:

$ doas rcctl enable httpd php72_fpm
$ doas rcctl start httpd php72_fpm

If both daemons are started you can finish the setup of WordPress by opening the URL of your webserver in a browser, e. g. http://www.example.net/:

Choose language

Next you create the initial admin account for your new WordPress site and set its title:

Initial account and title

You get a confirmation with a Log In button:

Confirmation page

Clicking on the button you get directed to the backend login page of your WordPress site:

Backend login page

Enable TLS

Before you make your WordPress site accessible to the public you want to setup TLS on your server. You need a valid certificate and the private key belonging to it in PEM format. You can enable TLS by adapting /etc/httpd.conf:

server "www.example.net" {
    listen on egress tls port https
    tls certificate "/etc/ssl/www.example.net.pem"
    tls key "/etc/ssl/private/www.example.net.key"
    hsts subdomains
    root "/wordpress"
    directory index index.php
    location "*.php" { fastcgi socket "/run/php-fpm.sock" }
}

If you like you can also configure a redirection in httpd(8) for clients accesssing your server on 80/tcp. Just add the following block to /etc/httpd.conf:

server "default" {
    listen on egress port http
    location * { block return 301 "https://$HTTP_HOST$REQUEST_URI" }
}

You must make sure that WordPress knows about the correct hostname of the site in its settings:

URL settings