# Instalacija WordPressa na FreeBSD

No, v sklopu igranja s FreeBSD, ko se odločam kateri sistem uporabljati v bodoče, sem namestil FreeBSD in nekaj programov, ki poganjajo WordPress. Pa poglejmo kako je šlo!

Začnemo z povsem običajno minimalno namestitvijo FreeBSD. In potem nadaljujemo. Prijavimo se kot root, ker bomo zdaj veliko stvari nameščali in nastavljali. se pravi začnemo z ukazom su. Vnesemo geslo in začnemo z namestitvijo. Vnesemo ukaz pkg. Ker še ni nameščen, nam ponudi možnost, da ga namestimo. Potrdimo, pkg se bo namestil.

## Namestitev osnovnih paketov

```
root@turbo:/usr/home/matjaz # pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.6.1...
Extracting pkg-1.6.1: 100%
Message from pkg-1.6.1:
If you are upgrading from the old package format, first run:

  # pkg2ng
pkg: not enough arguments
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c |-r ] [-C ] [-R ] [-o var=value] [-4|-6]  []

For more information on available commands and options see 'pkg help'.
```

Nadaljujemo z namestitvijo paketov, ki jih potrebujemo za strežnik.

```
root@turbo:/usr/home/matjaz # pkg install nginx mysql56-server php56 php56-mysql php56-gd php56-zlib php56-curl wget
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100%    940 B   0.9kB/s    00:01    
Fetching packagesite.txz: 100%    5 MiB   1.1MB/s    00:05    
Processing entries: 100%
FreeBSD repository update completed. 24605 packages processed.
Updating database digests format: 100%
The following 39 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	nginx: 1.8.0_3,2
	mysql56-server: 5.6.27
	php56: 5.6.14
	php56-mysql: 5.6.14
	php56-gd: 5.6.14
...

The process will require 240 MiB more space.
36 MiB to be downloaded.

Proceed with this action? [y/N]: y
Fetching nginx-1.8.0_3,2.txz: 100%  258 KiB 264.4kB/s    00:01    
Fetching mysql56-server-5.6.27.txz: 100%    8 MiB   1.2MB/s    00:07    
Fetching php56-5.6.14.txz: 100%    2 MiB   1.0MB/s    00:02    
Fetching php56-mysql-5.6.14.txz: 100%   17 KiB  17.5kB/s    00:01    
...
Checking integrity... done (0 conflicting)
[1/39] Installing xproto-7.0.27...
[1/39] Extracting xproto-7.0.27: 100%
[2/39] Installing libxml2-2.9.3...
[2/39] Extracting libxml2-2.9.3: 100%
[3/39] Installing libXdmcp-1.1.2...
[3/39] Extracting libXdmcp-1.1.2: 100%
[4/39] Installing libpthread-stubs-0.3_6...
...
===> Creating users and/or groups.
Using existing group 'www'.
Using existing user 'www'.
[33/39] Extracting nginx-1.8.0_3,2: 100%
[34/39] Installing mysql56-server-5.6.27...
===> Creating users and/or groups.
Creating group 'mysql' with gid '88'.
Creating user 'mysql' with uid '88'.
[34/39] Extracting mysql56-server-5.6.27: 100%
[35/39] Installing php56-mysql-5.6.14...
[35/39] Extracting php56-mysql-5.6.14: 100%
[36/39] Installing php56-gd-5.6.14...
[36/39] Extracting php56-gd-5.6.14: 100%
[37/39] Installing php56-zlib-5.6.14...
[37/39] Extracting php56-zlib-5.6.14: 100%
[38/39] Installing php56-curl-5.6.14...
[38/39] Extracting php56-curl-5.6.14: 100%
[39/39] Installing wget-1.16.3...
[39/39] Extracting wget-1.16.3: 100%
Message from ca_root_nss-3.20.1:
********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be 
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from perl5-5.20.3_8:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from mysql56-server-5.6.27:
************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

************************************************************************
```

Na tej točki smo namestili vse, kar strežnik potrebuje za normalno delovanje. Zdaj je treba samo še poskrbeti za pravilne nastavitve in namestitev WordPressa. Namestitveni program je izpisal nekaj splošnih opozoril, s katerimi se za zdaj ne bomo ukvarjali.

## Konfiguracija storitev

Preverimo katere storitve lahko omogočimo na našem strežniku …

```
root@turbo:/usr/home/matjaz # grep rcvar /usr/local/etc/rc.d/*
/usr/local/etc/rc.d/mysql-server:rcvar=mysql_enable
/usr/local/etc/rc.d/nginx:rcvar=nginx_enable
/usr/local/etc/rc.d/php-fpm:rcvar=php_fpm_enable
```

Vidimo, da so to mysql, nginx in php. Omogočimo jih s tem, da uredimo datoteko /etc/rc.conf in dodamo tri vrstice:

```
root@turbo:/usr/home/matjaz # vi /etc/rc.conf
...
mysql_enable="YES"
nginx_enable="YES"
php_fpm_enable="YES"
```

Popravke shranite. Prestavimo se na /usr/local/etc in nadaljujemo z urejanjem nastavitev.

##Konfiguracija PHP

```
root@turbo:/usr/home/matjaz # cd /usr/local/etc
root@turbo:/usr/local/etc # vi php-fpm.conf
```

Poiščemo vrstico listen = 127.0.0.1:9000 in jo spremenimo v listen = /var/run/php-fpm.sock. Spremenimo lastnika in dovoljenja … Spremenimo vrstice:

```
;listen.owner = www
;listen.group = www
;listen.mode = 0660
```

… tako, da jih odkomentiramo (odstranimo podpičje), da izgledajo tako:

```
listen.owner = www
listen.group = www
listen.mode = 0660
```

Shranimo datoteko in jo zapremo. Nadaljujemo z php.ini. Ki pa še ne obstaja. Za začetek bomo skopirali template, ki že obstaja v trenutni mapi.

```
root@turbo:/usr/local/etc # cp php.ini-production php.ini
```

in ga uredili … Poiščemo cgi.fix_pathinfo=1, ga odkomentiramo in nastavimo na 0. Popravimo še ostale parametre

```
cgi.fix_pathinfo=0
...
upload_max_filesize=64M
...
post_max_size = 64M
```

Shranimo in zapremo datoteko. Zaženemo php storitev.

```
root@turbo:/usr/local/etc # service php-fpm start
Starting php_fpm.
```

## Konfiguracija MySQL

Skonfigurirajmo še MySQL … Za začetek zaženemo storitev:

```
root@turbo:/usr/local/etc #  service mysql-server start
Starting mysql.
```

Izvedemo še nastavitev ob prvem zagonu:

```
root@turbo:/usr/local/etc # mysql_secure_installation


NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): [potrdimo prazno geslo]
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password: [vnesemo novo geslo]
Re-enter new password: [vnesemo novo geslo]
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Cleaning up...
```

Tako, končano. Ponovno zaženemo mysql …

```
root@turbo:/usr/local/etc # service mysql-server restart
Stopping mysql.
Waiting for PIDS: 986.
Starting mysql.
```

Z mysql smo končali. Nadaljujemo z Nginx.

## Konfiguracija Nginx

Za začetek zaženemo Nginx:

```
root@turbo:/usr/local/etc # service nginx start
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
```

Nginx teče. Zdaj ga še nastavimo. Prestavimo se v pravi direktorij: cd /usr/local/etc/nginx. Uredimo datoteko nginx.conf.
Userja odkomentiramo in spremenimo v www …

```
user  www;
```

Nastavitev worker_processes nastavimo na število procesorjev v sistemu …

```
worker_processes 2;
```

Odkomentiramo error_log in ga nastavimo na pravo pot …

```
error_log  /var/log/nginx/error.log info;
```

enako z access log v http bloku:

```
access_log /var/log/nginx/access.log;
```

V server bloku spremenimo server_name …

```
server_name  localhost, virtualbox, virtualbox.uplink.si;
```

Spremenimo server blok – dodamo index.php kot možno začetno stran, nastavimo največji dovoljen upload, dodamo ukaze za upravljanje s php …:

```
server {

    . . .

        client_max_body_size 200M;
        root   /usr/local/www/nginx;
        index  index.php index.html index.htm;

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ /\. {
            deny all;
        }

        location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
        }

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
            access_log off; log_not_found off; expires max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
            }
            fastcgi_pass unix:/var/run/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            include fastcgi_params;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    . . .
```

Vse skupaj brez komentarjev zgleda tako:

```
user  www;
worker_processes  2;

error_log  /var/log/nginx/error.log info;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx/access.log;

    sendfile        on;

    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost, virtualbox, virtualbox.uplink.si;
        client_max_body_size 200M;
        root   /usr/local/www/nginx;
        index  index.php index.html index.htm;

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ /\. {
            deny all;
        }

        location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
        }

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
            access_log off; log_not_found off; expires max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
            }
            fastcgi_pass unix:/var/run/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            include fastcgi_params;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    }
}
```

Shranimo in zapremo datoteko. Ustvarimo direktorij za dnevnike:

```
root@turbo:/usr/local/etc/nginx # mkdir -p /var/log/nginx
```

In pripravimo prazne dnevniške datoteke:

```
root@turbo:/usr/local/etc/nginx # touch /var/log/nginx/access.log
root@turbo:/usr/local/etc/nginx # touch /var/log/nginx/error.log
```

Pripravimo direktorij za spletne strani. Ta sicer že obstaja, ampak je samo softlink na direktorij s privzeto vsebino.

```
root@turbo:/usr/local/etc/nginx # rm /usr/local/www/nginx
root@turbo:/usr/local/etc/nginx # mkdir /usr/local/www/nginx
```
Da stestiramo strežnik, skopiramo datoteko iz privzetega imenika …

```
root@turbo:/usr/local/etc/nginx # cp /usr/local/www/nginx-dist/index.html /usr/local/www/nginx
```

Pripravimo še testno datoteko s php vsebino …

```
root@turbo:/usr/local/etc/nginx # vi /usr/local/www/nginx/info.php
...
```

Stestiramo nastavitve:

```
root@turbo:/usr/local/etc/nginx #  nginx -t
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
```

Kot kaže je vse OK. Ponovno zaženemo storitev …

```
root@turbo:/usr/local/etc/nginx # service nginx restart
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Stopping nginx.
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
```

Storitev je ponovno zagnana. Nginx je nameščen in bi že moral delovati. Lahko preverimo v brskalniku.

Nginx deluje!

Po tem še odstranimo info.php … rm /usr/local/www/nginx/info.php

## Namestitev WordPress

Nadaljujemo z namestitvijo wordpressa. Prestavimo se v imenik za spletne strani:

```
root@turbo:/usr/local/etc/nginx #  cd /usr/local/www/nginx/
```

Prenesemo namestitveno datoteko in jo razpakiramo:

```
root@turbo:/usr/local/www/nginx # wget https://wordpress.org/latest.tar.gz
--2015-12-13 00:29:52--  https://wordpress.org/latest.tar.gz
Resolving wordpress.org (wordpress.org)... 66.155.40.249, 66.155.40.250
Connecting to wordpress.org (wordpress.org)|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7079339 (6.8M) [application/octet-stream]
Saving to: 'latest.tar.gz'

latest.tar.gz                                               100%[===========================================================================================================================================>]   6.75M  1.12MB/s   in 13s    

2015-12-13 00:30:06 (520 KB/s) - 'latest.tar.gz' saved [7079339/7079339]

root@turbo:/usr/local/www/nginx # tar xvf latest.tar.gz
x wordpress/
x wordpress/wp-settings.php
x wordpress/wp-cron.php
x wordpress/wp-comments-post.php
x wordpress/wp-activate.php
....
```

Prestavimo vsebino v glavni imenik in pobrišemo nepotrebne datoteke in imenike:

```
root@turbo:/usr/local/www/nginx # cd wordpress/
root@turbo:/usr/local/www/nginx/wordpress # mv * ../
root@turbo:/usr/local/www/nginx/wordpress # cd ..
root@turbo:/usr/local/www/nginx # rm -Rf wordpress/
root@turbo:/usr/local/www/nginx # rm latest.tar.gz
```

Nastavimo še pravice za dostop do datotek …

```
root@turbo:/usr/local/www/nginx # cd ..
root@turbo:/usr/local/www # chown -R www:www nginx
```

Pripravimo bazo podatkov za wordpress:

```
root@turbo:/usr/local/www/nginx # mysql -u root -e 'create database wordpress;' -p
Enter password: [vpišemo gleslo]
```

Pa smo končali. Za nastavitve wordpressa odpremo brskalnik in ga usmerimo na naš strežnik!

Namestitveni program WordPress. Od tukaj naprej je samo še klikanje.

## Zaključek

No, pa nam je uspelo namestiti WordPress v svežo instalacijo sistema FreeBSD. Načeloma poteka zadeva zelo hitro. Že takoj na začetku smo namestili vse potrebne pakete. Če postopka še ne poznate, ali pa nameščate kaj drugega, se lahko zgodi, da bo kakšen paket manjkal. To lahko povzroči, da spletna aplikacija ne bo delovala kot bi morala. Namige o tem lahko najdete v dnevniških datotekah, kamor se vpisujejo napake. Seveda pa lahko vedno najdete namige tudi v dokumentaciji samih spletnih aplikacij.