74 LXF249May 2019 http://www.linuxformat.com
TuTorials WordPress to static HTML
opening the website it could well be that the rights are
incorrect. With that in mind, for each website perform
the following commands:
sudo chown -r www-user:www-user /var/www/
livinginstarbucks.com/html
sudo chmod -R 755 /var/www/*
Because we’re using a virtualhost configuration, we
need to make the DNS work as there are several sites
that share the one IP address. If you haven’t yet done
so, it’s time to change DNS records. The reason we’ve
left it until this point is that if there is already a live
website, it will go offline as we update it now.
How you update will depend on your DNS provider.
Most DNS updates will be updated almost instantly. At
this point it should be possible to open a web browser
to navigate to the URL in question. If you haven’t
updated (commented out) the entries in your localhost
file, you may get the wrong results. Just check you are
looking at the right server by pinging the DNS name.
If there are additional websites, repeat the process
for each one. To do things properly we should configure
the entries on the host so that the host can know what
it looks after. Open the hosts file and add all your
entries to the hosts file:
sudo vi /etc/hosts
Look for the line 127.0.0.1 and add both the
hostname and the www alias. Therefore, our example
would be:
127.0.1.1 localhost livinginstarbucks.com http://www.
livinginstarbucks.com
Lastly, implementing the correct firewall rules is
definitely strongly recommended. Implementing a
firewall with a proper policy provides protection from
ports that are open when they shouldn’t be. Using the
firewall can also allow extra security by blocking IP
ranges, or even countries if needed.
If you’ve got a static IP address, it’s pretty simple
to use firewall rules to prevent anyone from any other
network being able to attempt to SSH into the
webserver. The best defence has multiple layers of
security that prevent any one single facet breaking.
With that in mind, we’ll install UFW (Uncomplicated
Firewall) using the following command:
sudo apt-get install ufw -y
Before making it live, we need to make some
modifications, not least because our SSH port was
changed earlier. We also want to allowing inbound
HTTP requests. To add this port use the commands:
sudo ufw allow 999/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
To make the firewall live use the command:
sudo systemctl enable ufw
It’s a good idea to ensure that the webserver can be
reached on port 80 (HTTP), which aids with
troubleshooting later on.
Currently there will be some defaults set up which
are surplus to requirements.
sudo ufw status
We’re assuming that you’re not interested in running
IPv6. Therefore it makes sense to disable IPv6 – if it’s
not used, it should be turned off. To disable IPv6 use
the following commands:
sudo vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1workstation, we can use scp (Secure Copy) to copy
the compressed file to the webserver. Do this with the
following command:
scp /path/to/wordpress_exprt.zip -p 999 /home/
adminuser
As we are now using public/private keys for
authentication, it will ask for your passprase. Once
it’s uploaded, uncompress the Zip file using unzip
wordpress_export.zip. Copy the files from the local
folder to the root folder of the webserver.
cp -r /home/adminuser/uncompressed_word_folder/*
/var/www/livinginstarbucks.com/html
By default, the Apache server runs with highly
restricted rights. It is important to make sure that the
files are owned by the right user (www-user) and that
the rights are correct. For example, if there are errors onContents of the
live website:
pure glorious
HTML files!iMpLeMentinghttpsiseAsy
Most technically savvy readers will know that HTTPS is the way
forward, but historically it has always been tricky to configure. Enter,
stage left, EFF’s Certbot. This is designed to implement HTTPS easily,
and really is super simple. To implement it, do the following:
sudo su -
apt-get install software-properties-common python-software-
properties
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache
The above provides the dependencies, but to actually run and
implement the configuration use the following command:
certbot --apache -d mydomain.com
It will take a few moments to run but will configure everything for
you. Once it’s complete, assuming that you’ve followed the main
guide it should be as simple as reloading the page, simply swapping
HTTP for HTTPS.
Do note, however, that Certbot only approves certificates for a
period of three months. This isn’t too much of an issue because it
gives you the option to log in periodically and re-run Certbot, or
perhaps use crontab to automatically re-run the command every
week – Certbot only performs the renewal when there is a set
amount of time remaining.
Certbot also supports multiple domains at once, removing the
need to manually manage each one – not to mention saving time,
money and complexity!