Setting up the target environment - amauran/project-giskard GitHub Wiki

Installing Wordpress as a test target

Main instructions can be found here:
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-22-04

1. Add a sudo capable user

Log in as root and run:

sudo adduser anne
usermod -a -G sudo anne

Move the authorized_keys from root to regular user:

mkdir /home/anne/.ssh/
mv ~/.ssh/authorized_keys /home/anne/.ssh/
chown -R anne: /home/anne/.ssh

Prevent root logging in.

echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/prevent_root_login.conf
systemctl restart sshd.service

Log out and log in as regular user.

2. Create database

Install MariaDB:

sudo apt install mariadb-server
sudo mysql_secure_installation

Log into MariaDB as root and create database & user:

sudo mariadb

create database happy_robot default character set utf8 collate utf8_unicode_ci;
grant all privileges on happy_robot.* to 'happy_robot'@'localhost' identified by '********';
flush privileges;

3. Install PHP

sudo apt install php8.1-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-imagick

Follow these instructions to make nginx to execute PHP code:
https://www.digitalocean.com/community/tutorials/php-fpm-nginx

Edit /etc/php/8.1/fpm/php.ini and make sure the following lines exists:

extension=mysqli
extension=php_imagemagick

4. Add nginx configuration

server {
        listen 443 ssl;
        server_name happy-robot.nimbus.fi;

        ssl_certificate /etc/letsencrypt/live/happy-robot.nimbus.fi/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/happy-robot.nimbus.fi/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        root /var/www/happy-robot;

        index index.php index.html;

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt {
                add_header Content-Type text/plain;
                return 200 "User-agent: *\nDisallow: /\n";
        }

        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
        }

        location / {
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php8.1-fpm-wordpress-site.sock;
                fastcgi_index index.php;
                include fastcgi.conf;
        }
}

server {
        listen 80 default_server;

        if ($host = happy-robot.nimbus.fi) {
                return 301 https://$host$request_uri;
        }

        server_name _;
        return 404;
}

5. Install Wordpress

Follow the instructions on the side of the package.