Installing WordPress on a DigitalOcean Droplet Redux

Installing WordPress on a DigitalOcean Droplet Redux

OK I had a chance to redo a droplet installation and I’m trying to make this the minimum path. There are so many different pieces that you need to know, so here is a guide that should help:

  1. First of all you need to buy a domain name. I use namecheap.com for this. With some many TLD (top level domains), it’s never been easier to find a good name. The word is way beyond .com now or .io for that matter.
  2. Now you need to go to the domain manager and set the name server to ns1.digitalocean.com and 'ns2.digitalocean.com this redirects the name service to those servers.
  3. Now login to your Digital Ocean console and go to the networking section and choose Add a domain and pick your domain name. Digital Ocean will want some validation from the name server to do this, so you will need to get a code.
  4. You are now ready to create a droplet, so go to Droplet and choose Create and then go to the marketplace section and look for WordPress and then scroll down and choose the droplet size. This is something you can change later. They give you the $40/month as a first option, but don’t be fooled, you can scroll back all the way down to the $5/month option.
  5. Make sure to pick do weekly backup as well, it stores four images and costs 20% of the droplet cost.
  6. You want to upload your SSH public key into the system now, so that you can just ssh in easily.
  7. Once this is up, with that IP address, you want to go back to the network section and for the domain set up an A record that points your_new.domain to droplet_ip_address.
  8. You want to do the same for www by creating a CNAME which is the DNS way of saying an alias points to your_new.domain
  9. Now you have to wait for that to propagate around the internet if this was a change from. I’ve had to wait up to a day for all this to propagate, but you can check with with a ping your_new.domain and see if you get anything.
  10. Now choose create and sit back and wait. Eventually, it will give you an ip address and you want to ssh root@_that_ip_address
  11. You should also create a floating IP address and bind it to this droplet. That way if you lose the droplet or want to test one, the IP address for your site never changes.

Now you are going deep into the WordPress specific installation:

  1. The droplet has some very important facts in the login screen so don’t ignore them. You should get be able to login right in via SSH key if you added that key to your DigitalOcean section.
  2. You will be asked to create an administrator and a password, keep this around in 1Password
  3. Now at each step, you want to stop the droplet and then take a snapshot. That way if you make a mistake, you can just Destroy/Rebuild from that image. It saves lots of debugging time to have checkpoints!!!!
  4. The first is that if you are going to use WordPress.com and JetPack, you need to turn on XMLRPC by a2disconf block-xmlrpc
  5. Also it will run certbot automatically, this requires the DNS is set properly and it will grab an free SSL certificate from let’s encrypt. Also, it will setup automatic renewal.
  6. Also it will ask you if it should redirect all unencrypted http traffic to https this is really recommended for security reasons.
  7. At this point, you should be able to browser to get to the wp-admin user interface.
  8. Beware, if you think this is a good time to change the URL to something that you like. For instance the default is just newsite.com which works way better. If you change it to www.newsite.com, then you get a confused WordPress that thinks you are going to the wrong site. The reason is that when ou type netsite.com, it doesn’t know to redirect to www.newsite.com, but does it correctly the other way around.

Now if you want to go to multisite, you need to turn that on by editing /var/www/html/wp-config.php and adding just above the “That’s all” line and make sure you have the semicolon, the site will not come up with it as all php syntax errors cause WordPress to fail.

define('WP_ALLOW_MULTISITE', true);

Now when you refresh or go to https://your_site.domain/wp-admin to get to the administrative user interface:

  1. You should see a new entry in Tools/Network/Setup. You now need to deactivate plugins, the default one is WP fail2ban
  2. You will now have a set of tough choices that are a little confusing. That is do you want sub-domains or sub-directory organization. If you have a true network of sites like cars.directory.com and bikes.directory.com and so forth like a Myspace or Facebook site, then subdomains make sense, but then you will need to add something to your DNS system. However, if you really want it to be separate systems, then using sub-directories makes more sense
  3. Note that if you already have content in your WordPress installation, then you will have to use subdomains because your site will already have names like yoursite.com/blogpost and this will conflict with the subdirectory view of the world
  4. The main advantage of the subdomain world is that if you are really hosting multiple domains on a single site, then this makes the most sense. It is also how bluehost works. What you see as calvintong.com for instance is really calvin.richtong.com there although you never see that real name.
  5. However to do this your DNS must be able to support wildcarding of CNAMES, so you need to set * to point to your main domain.
  6. After you set this up, go to Tools/Network/SEtup and choose subdomains and press install. Note you need to do this *AFTER* you setup the wildcard domains.
  7. If it is working, it should say all is good and then you need to add some things to config files above the ‘That’s all line’ in /var/www/html/wp-config.php and then replace .htacess
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'democracy.partners');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

Now put into .htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

If you ever have any problems, here's how to recover. Now you will reboot. So if you have a problem, you can start again by going to the DigitalOcean console and then go to Destroy and choose rebuild and reselect the WordPress image.

Now when you relogin, you will see that Settings/Network Setup disappears and instead, you will now see a My Sites entry. At first this confused me since I don't normally expect to see this happen.

With multisite domain mapping and WordPress 5.0, this domain mapping is now native, so no more plugins are required. The user interface is also dramatically different. Now on the top bar, you will see the entry My Sites, then you choose Network Admin/Dashboard and you can then create a new site very easily with Create a New Site

The one complexity is dealing with certbot and having multiple virtual hosts. If you have used certbot for you core site and did not say it also authenticated with the subdomain, you will get a bunch of complaints from your browser because the certificates do not match

There is some hacking to be done where you need to create separate conf files for each virtual host rather than glomming them all together. The thing seems to work. Here is what you need to do. Find the 000-default.conf in /etc/apache2/sitesavailable this is the template. Note that with the October version of WordPress, it incorrectly just writes this file in /etc/apache2/sitesenabled so you need to move thme to sites available and then run a2ensite 000-default and then a2ensite 000-default-le-ssl to make it all work.

Now comes the manual hacking for each site that you want to redirect, you need to copy 000-default to 001-newsite and then do a global search and replace for the mainsite and replace with the new site with sed s/old.site/new.site/g < 000-default.conf > 000-new.site.conf. Note that certbot does something not very good which is that it takes the 000-default which has parameters and doesn't rename it, that's why you want to change what it produces to 001-old.site.conf and the sames the secure file named 000-default-le-ssl.conf

This basically makes a copy of each virtual host. Certbot needs this because it doesn't know how to read multiple vhosts in a single file. Now you want to enable the site so certbot can find it with a2ensite 001-newsite.conf Then you run certbot -d newsite,www.newsite and it should automatically find the sites and install the certificates.

Note that if you forget one of the domains, then you have a bit of a problem in that you can different certificates for www.new.site and new.site, so if that happens, running certbot delete and you can get rid of the one for www and then make sure that in the /etc/apache2/sitesavailable/newsite.conf that it points to the right certificate.

The final thing to do is to bind the vanity domain newsite with the actual underlying site newsite.networksite.com . You do this in the Network Admin Dashboard where in the sites, you edit the site URL and just change it from to the new vanity domain

The final issue is logging into all of these sites. With the multisite WordPress, there is just a single user database, so you can have access to lots of different sites with the same password. Also, if you do a JetPack installation, then in the network admin section, you connect all of them to wordpress.com authentication. Very handy!

And the last thing for logins, is that you can get a cookies are not enabled error with your vanity domain, you need to add to your wp-config.php

define('COOKIE_DOMAIN', false);

Note the default is no registration is allowed. That is you cannot create new users or new sites. if this is true, then you need to add the line so that any sites that don't exist go to your parent site. One obscure bug here is that if the website is named www.domain.com and the NOBLOGREDIRECT is calling out to https://domain.com you will generate infinite 302 redirects. This is because the www is not recognized and it keeps rewriting over and over. It is impossible to change this in the multisite user interface once you move to it. So you either have to hack away at the MySQL tables or start all over. so be warned.

// Point this wherever you'd like, but consider using your install's parent domain.
define( 'NOBLOGREDIRECT', 'https://domain.com/' );

Setting up Jetpack

NOw that the site is up, you want to get Jetpack going. This is the key utility that does authentication with WordPress and many other things.

First thing to note is that if you make a mistake then delete all the sites from wordpress.com, otherwise you end up with strange inconsistencies.

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.