Install Bitnami WordPress MultiSite From Amazon Lightsail - NETSEC

Latest

NETSEC

Learning, Sharing, Creating

Cybersecurity Memo

Monday, July 13, 2020

Install Bitnami WordPress MultiSite From Amazon Lightsail

,

Amazon Lightsail. Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable price.





Architecture




Create Lightsail Instance

Just some screenshots with straightforward steps:








Browse Website Test and SSH Log into Console

Use browser to open public ip website and click terminal icon to launch browser ssh session:


Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1102-aws x86_64)
       ___ _ _                   _
      | _ |_) |_ _ _  __ _ _ __ (_)
      | _ \ |  _| ' \/ _` | '  \| |
      |___/_|\__|_|_|\__,_|_|_|_|_|
  
  *** Welcome to the Bitnami WordPress Multisite 5.3.2-3                     ***
  *** Documentation:  https://docs.bitnami.com/aws/apps/wordpress-multisite/ ***
  ***                 https://docs.bitnami.com/aws/                          ***
  *** Bitnami Forums: https://community.bitnami.com/                         ***

#######################################################
###    For frequently used commands, please run:    ###
###         sudo /opt/bitnami/bnhelper-tool         ###
#######################################################

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

bitnami@ip-172-26-5-206:~$

Remove the Bitnami Banner


  • Log in to into your server console using SSH and execute the following command. Remember to replace APPNAME with the actual name or directory location of your application.
    sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
  • Restart the Web server.
    • If you’re using Apache, execute the command below:
      sudo /opt/bitnami/ctlscript.sh restart apache

bitnami@ip-172-26-5-206:~$ sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
bitnami@ip-172-26-5-206:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache
bitnami@ip-172-26-5-206:~$



Get application password

SSH username: bitnami

Wordpress Username: user

mysql username : root
The application (Wordpress and MySql) credentials are stored in a standalone file. To obtain the credentials at any time, follow these instructions:

bitnami@ip-172-26-5-206:~$ sudo cat /home/bitnami/bitnami_credentials
Welcome to the Bitnami WordPress Multisite Stack

******************************************************************************
The default username and password is 'user' and 'DgKQegPHT2zR'.
******************************************************************************

You can also use this password to access the databases and any other component the stack includes.

Please refer to https://docs.bitnami.com/ for more details.

bitnami@ip-172-26-5-206:~$

Access phpMyAdmin

Once you have your SSH client correctly configured and you have confirmed that you can successfully access your instance using SSH, you need to create an SSH tunnel in order to access phpMyAdmin. Follow these steps:
  • In the “Connection -> SSH -> Tunnels” section, add a new forwarded port by introducing the following values:
    • Source port: 8888
    • Destination: localhost:80
    Remember that if you are redirecting HTTP requests to the HTTPS port, you must use destination port 443 instead of 80.
    This will create a secure tunnel by forwarding a port (the “destination port”) on the remote server to a port (the “source port”) on the local host (127.0.0.1 or localhost).
  • Click the “Add” button to add the secure tunnel configuration to the session. You’ll see the added port in the list of “Forwarded ports”.
    PuTTY configuration
  • In the “Session” section, save your changes by clicking the “Save” button.
  • Click the “Open” button to open an SSH session to the server. The SSH session will now include a secure SSH tunnel between the two specified ports.
  • Access the phpMyAdmin console through the secure SSH tunnel you created, by browsing to http://127.0.0.1:8888/phpmyadmin.
  • Log in to phpMyAdmin by using the following credentials:
    • Username: root
    • Password: application password. 

Basically MySQL Root password is same as your application initial password which you can get from following command:
sudo cat /home/bitnami/bitnami_credentials
Change MySQL Root User password
bitnami@ip-172-26-5-206:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 247
Server version: 8.0.18 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password2020!';
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye



Change Multisite Primary Domain

By default, after you installed your AWS lightsail Bitnami Wordpress Multisite image, you will get a x.x.x.x.xip.io domain name. To change domain name to the one you purchased, here are steps:
  1. wp_options
    Select the options table and look for the entries named “siteurl” and “home”
  2. wp_site
  3. wp_sitemeta:
    Select the option named "siteurl"
  4. wp_blogs:
    Select any entries in the "domains" column that have the old domain name.
  5. wp_#options
    Each sub-site will have sets of tables that correspond to the blog_id in the wp_blogs table. You need to go to the wp#_options table, where # corresponds to the blog_id, and update the "siteurl" and "home" settings in that table.
WordPress has different rules for different fields. The wp_site and wp_blogs tables can NOT have http:// or a trailing slash at the end of the domain name, whereas in the wp_options table, it is required to have the http:// at the beginning. In the wp_sitemeta table it is required to have http:// at the beginning and a trailing slash at the end.
Be sure to comment out any pre-defined constants in your /home/bitnami/apps/wordpress/htdocswp-config.php file, as they will override settings in the database. Constants referring to your URL resemble the following lines of code:
define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );
In most cases you will need to update an entry in your wp-config.php file. The following code provides a common configuration example:
define('WP_ALLOW_MULTISITE', true);
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true );
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'old.siteurl.com' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );
On the line that has “define(‘DOMAIN_CURRENT_SITE’,'old.siteurl.com’);”
You will replace “old.siteurl.com” with your domain. So for example:
define('WP_ALLOW_MULTISITE', true);
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true );
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'newdomain.com' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );


Disable bnconfig program which will automatically overwrite your mysql db and wp-config.php file during starting your server.
bitnami@ip-172-26-5-217:~/apps/wordpress$ ls
bin  bnconfig  conf  htdocs  licenses  properties.ini  tmp
bitnami@ip-172-26-5-217:~/apps/wordpress$ sudo mv bnconfig bnconfig.disable
bitnami@ip-172-26-5-217:~/apps/wordpress$ ls
bin  bnconfig.disable  conf  htdocs  licenses  properties.ini  tmp
bitnami@ip-172-26-5-217:~/apps/wordpress$ pwd
/home/bitnami/apps/wordpress
bitnami@ip-172-26-5-217:~/apps/wordpress$


Configure Outbound SMTP


  • Go to the “Settings -> WP Mail SMTP” panel and the “Settings” tab to configure the SMTP settings of your email provider. Select “Other SMTP” as the mailer.
    Mailer selection
  • Here is an example of configuring WordPress to use a Gmail account. Replace USERNAME and PASSWORD with your Gmail account username and password respectively.
    • SMTP Host: smtp.gmail.com
    • SMTP Port: 587
    • Encryption: TLS
    • Authentication: On
    • SMTP Username: [email protected]
    • SMTP Password: PASSWORD
  • Click “Save Settings” to save the changes.
  • Send a test email using the “Email Test” tab to ensure that everything is working smoothly.
Note: Please turn on Google Account settings: Less Secure app access








    Acquire Certificates 

    1  Automate Configure
    • Run the Bitnami HTTPS Configuration Tool:
      sudo /opt/bitnami/bncert-tool
    Note: https://docs.bitnami.com/aws/how-to/understand-bncert/



    2  Manual Configure
    cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_v3.8.0_linux_amd64.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego




    bitnami@ip-172-26-0-136:/tmp$ sudo /opt/bitnami/letsencrypt/lego --tls --email="[email protected]" --domains="ccuugroup.com" --domains="www.ccuugroup.com" --domains="cn.ccuugroup.com" --path="/opt/bitnami/letsencrypt" run
2020/07/12 18:31:44 No key found for account [email protected]. Generating a P384 key.
2020/07/12 18:31:44 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2020/07/12 18:31:44 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
y
2020/07/12 18:31:50 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/opt/bitnami/letsencrypt/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2020/07/12 18:31:50 [INFO] [ccuugroup.com, www.ccuugroup.com, cn.ccuugroup.com] acme: Obtaining bundled SAN certificate
2020/07/12 18:31:51 [INFO] [ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463099
2020/07/12 18:31:51 [INFO] [cn.ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463100
2020/07/12 18:31:51 [INFO] [www.ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463102
2020/07/12 18:31:51 [INFO] [ccuugroup.com] acme: use tls-alpn-01 solver
2020/07/12 18:31:51 [INFO] [www.ccuugroup.com] acme: use tls-alpn-01 solver
2020/07/12 18:31:51 [INFO] [cn.ccuugroup.com] acme: use tls-alpn-01 solver
2020/07/12 18:31:51 [INFO] [ccuugroup.com] acme: Trying to solve TLS-ALPN-01
2020/07/12 18:31:55 [INFO] [www.ccuugroup.com] acme: Trying to solve TLS-ALPN-01
2020/07/12 18:31:56 [INFO] [cn.ccuugroup.com] acme: Trying to solve TLS-ALPN-01
2020/07/12 18:31:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463099
2020/07/12 18:31:57 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463099
2020/07/12 18:31:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463100
2020/07/12 18:31:57 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463100
2020/07/12 18:31:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463102
2020/07/12 18:31:57 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836463102
2020/07/12 18:31:57 Could not obtain certificates:
        error: one or more domains had a problem:
[ccuugroup.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:
[cn.ccuugroup.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:
[www.ccuugroup.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:
bitnami@ip-172-26-0-136:/tmp$ cd /opt/





    bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo /opt/bitnami/letsencrypt/lego --http --email="[email protected]" --domains="ccuugroup.com" --path="/opt/bitnami/letsencrypt" run
2020/07/12 18:42:14 [INFO] [ccuugroup.com] acme: Obtaining bundled SAN certificate
2020/07/12 18:42:14 [INFO] [ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836604977
2020/07/12 18:42:14 [INFO] [ccuugroup.com] acme: Could not find solver for: tls-alpn-01
2020/07/12 18:42:14 [INFO] [ccuugroup.com] acme: use http-01 solver
2020/07/12 18:42:14 [INFO] [ccuugroup.com] acme: Trying to solve HTTP-01
2020/07/12 18:42:15 [INFO] [ccuugroup.com] Served key authentication
2020/07/12 18:42:15 [INFO] [ccuugroup.com] Served key authentication
2020/07/12 18:42:15 [INFO] [ccuugroup.com] Served key authentication
2020/07/12 18:42:15 [INFO] [ccuugroup.com] Served key authentication
2020/07/12 18:42:21 [INFO] [ccuugroup.com] The server validated our request
2020/07/12 18:42:21 [INFO] [ccuugroup.com] acme: Validations succeeded; requesting certificates
2020/07/12 18:42:22 [INFO] [ccuugroup.com] Server responded with a certificate.
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo /opt/bitnami/letsencrypt/lego --http --email="[email protected]" --domains="ccuugroup.com" --domains="www.ccuugroup.com" --domains="cn.ccuugroup.com" --path="/opt/bitnami/letsencrypt" run
2020/07/12 18:43:08 [INFO] [ccuugroup.com, www.ccuugroup.com, cn.ccuugroup.com] acme: Obtaining bundled SAN certificate
2020/07/12 18:43:09 [INFO] [ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836604977
2020/07/12 18:43:09 [INFO] [cn.ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836616772
2020/07/12 18:43:09 [INFO] [www.ccuugroup.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5836616773
2020/07/12 18:43:09 [INFO] [ccuugroup.com] acme: authorization already valid; skipping challenge
2020/07/12 18:43:09 [INFO] [cn.ccuugroup.com] acme: Could not find solver for: tls-alpn-01
2020/07/12 18:43:09 [INFO] [cn.ccuugroup.com] acme: use http-01 solver
2020/07/12 18:43:09 [INFO] [www.ccuugroup.com] acme: Could not find solver for: tls-alpn-01
2020/07/12 18:43:09 [INFO] [www.ccuugroup.com] acme: use http-01 solver
2020/07/12 18:43:09 [INFO] [cn.ccuugroup.com] acme: Trying to solve HTTP-01
2020/07/12 18:43:10 [INFO] [cn.ccuugroup.com] Served key authentication
2020/07/12 18:43:10 [INFO] [cn.ccuugroup.com] Served key authentication
2020/07/12 18:43:10 [INFO] [cn.ccuugroup.com] Served key authentication
2020/07/12 18:43:10 [INFO] [cn.ccuugroup.com] Served key authentication
2020/07/12 18:43:12 [INFO] [cn.ccuugroup.com] The server validated our request
2020/07/12 18:43:12 [INFO] [www.ccuugroup.com] acme: Trying to solve HTTP-01
2020/07/12 18:43:13 [INFO] [www.ccuugroup.com] Served key authentication
2020/07/12 18:43:13 [INFO] [www.ccuugroup.com] Served key authentication
2020/07/12 18:43:13 [INFO] [www.ccuugroup.com] Served key authentication
2020/07/12 18:43:13 [INFO] [www.ccuugroup.com] Served key authentication
2020/07/12 18:43:16 [INFO] [www.ccuugroup.com] The server validated our request
2020/07/12 18:43:16 [INFO] [ccuugroup.com, www.ccuugroup.com, cn.ccuugroup.com] acme: Validations succeeded; requesting certificates
2020/07/12 18:43:17 [INFO] [ccuugroup.com] Server responded with a certificate.


    sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old
    sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt
    sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
    sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*


    
bitnami@ip-172-26-0-136:/opt/bitnami/letsencrypt$ cd /opt/bitnami/apache2/conf/bitnami/
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ ls
bitnami-apps-prefix.conf  bitnami-apps-vhosts.conf  bitnami.conf  httpd-2xlarge.conf  httpd.conf  httpd-large.conf  httpd-medium.conf  httpd-micro.conf  httpd-small.conf  httpd-xlarge.conf
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ mkdir certs
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*mv: cannot stat '/opt/bitnami/apache2/conf/bitnami/certs/server.crt': No such file or directory
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old
mv: cannot stat '/opt/bitnami/apache2/conf/bitnami/certs/server.key': No such file or directory
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/ccuugroup.com.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$ sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*
bitnami@ip-172-26-0-136:/opt/bitnami/apache2/conf/bitnami$







    bitnami@ip-172-26-5-217:~/apps/wordpress$ ls
bin  bnconfig  conf  htdocs  licenses  properties.ini  tmp
bitnami@ip-172-26-5-217:~/apps/wordpress$ sudo mv bnconfig bnconfig.disable
bitnami@ip-172-26-5-217:~/apps/wordpress$ ls
bin  bnconfig.disable  conf  htdocs  licenses  properties.ini  tmp
bitnami@ip-172-26-5-217:~/apps/wordpress$ pwd
/home/bitnami/apps/wordpress
bitnami@ip-172-26-5-217:~/apps/wordpress$


    References




    Read more

    Subscribe via email

    Author Image

    About Netsec
    Netsec - Learning, Sharing, Creating!

    -
    Tags: ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)