Professional WordPress Site Setup (for less than 1$) – Part 2

Part 2 – Connecting to the WordPress Host in Virtual Machine Instance

I will keep connecting VM IP to a domain name for the last (next) tutorial. Since, It is the only part require spending some money and inasmuch as, someone might not like that. But if you are intended to have a site with domain name it is better to jump to that tutorial connect your domain name and then return back to this one. The only change you have to do is to replace all the IP addresses mentioned here with  domain name and that will save you a lot of time later.

For now, we need to know how to connect to the virtual machine instance and apply changes we need. The easy way is to use the web based option e.g. this http://<ip address>/amexlogin.php will take you to the administration of WordPress and http://<ip address>/phpmyadmin will take you to phpMyAdmin home page to access your database. You could do almost anything with these options but we hired a virtual machine from Google, so we might be interested to have further access to our host. Like an access to it’s shell and do some file transfer. Actually, Google provides an access to the shell via web too. This could be used for installing new software, control services and execute commands. The following figure shows how to access this web based shell using SSH button available at your VM instance page. You can access this page from Google Cloud platform menu in the Cloud console page. In the menu select Compute Engine option and then VM instances. Click on SSH button and a new web-based SSH popup with show up.

This is not what we seeking, we need to access the shell through a client software like PuTTY, so we won’t need to login to our Google account every time we need to execute a command in our VM. Or suppose you need to give some one access to your server without providing him or her your Google account information. For the whole tutorial in this section we will use three software: PuTTY, FileZilla, NetBeans IDE. You can download them by clicking on the links, They are all free and open source. In case of NetBeans don’t forget to download the one with PHP support or you can just download the one which include All options. We will use PuTTY to connect to the shell in virtual machine instance hosting our site in order to perform some commands (like granting permissions to some files) & configuration purposes. Moreover, we will use FileZilla to transfer files between our local host and the remote one and finally we will use NetBeans in case we want to write some custom PHP code or change any existing PHP in our WordPress site.

For all these software we will use the same type of authentication to provide them access to the remote host: SSH connection with Key. In this type of authentication we need to provide two pair of keys Public and Private. The Compute Engine in Google Cloud Platform had to be configured  to use the public key and the client software in our PC will use the private one. First we need to generate a pair of public and private key. If you already installed PuTTY in your MS Windows, a software called PuTTYgen is also available (search for this app in your start button search box) but if are using portable version of PuTTY or you couldn’t find it you can download puttygen.exe from this link or this direct link to software. Run the PuTTYgen software. In the Parameters section at the bottom area of the software select RSA and then in the middle section hit the button Generate.

Now PuTTYgen is ready to generate the key pairs; All you need to do is to move your mouse cursor in the upper section (Key) with random movements and your key will be generated, do this until the progress to complete.

While the generation is done. In the key comment box enter the username you like (I entered user1). Actually, this is not a username this is the nickname (comment) we use to identify the key but since after login it appears in the shell with the format of <keyname>@<vm-instancename>$ it looks like a username and so lets call it username. As if what described, this does not need to match any other usernames (local or remote) and you could enter anything you like). In the next fields PuTTYgen will ask for “Key passphrase”  and its confirmation, you could consider this as a password for the username (key). You could skip entering passphrase to your key or username, but that will increase unauthorised access risk to your server. Any one who could access the key could gain access to your server shell. If you are using this key only for your own connection and you are sure about the safety of it’s location you could skip the passphrase. But if this key is not only for your own usage and other colleges of you may use it too. I highly recommend  you to set a passphrase for it.

Back to PuTTYgen we need to save the private key generated by PuTTYgen. Use the button ‘Save private key’. Putty will warn you that you are saving the key without passphrase (in case you skipped setting of passphrase), if you are sure about the safety of location you are saving the private key (just remember any one who could access this file could gain access to your server) confirm the warning. And Still not done with PuTTYgen. Go to conversions menu and select “Export OpenSSH Key” file and save the same key with OpenSSH format beside your private key, make sure to give it a name that you could recall later which one was in OpenSSH format and which was not.

Copy the whole string in the box under ‘Public Key…’

Enter your Google Cloud Console go to the menu, Compute Engine and then Metadata

In the Metadata page choose ‘SSH Keys’ Tab and then click “Add SSH Keys”. (If any key exists from before click Edit and then Add item).

Paste the copied key form PuTTYgen to the newly added item area. You should see the username (key comment) on the left hand of the item.

Click save and now every thing is done on the remote side.

In this moment, we are going to configure PuTTY to connect it to our VM. In the left “Category” panel go to the “Connection|SSH|Auth” and in the “Authentication Parameters” Browse the file you have for private key.

Again in category go to the “Connection|Data” and in the “Login details” fill in the username box with the one you provided for the public key as a comment.

Back to the “Session” branch in category, fill the address box with the External IP address of your VM available in the VM instances page (domain name in case you have connected your IP to domain). And of course the connection type should be left SSH. It’s better for you to save the configuration with a proper name or just as a Default Settings, so you would n’t need to go through these steps every time you want to connect your VM.

Load the connection you have saved and click open in the PuTTY. You should login to your VM without requiring password if you have skipped setting passphrase, otherwise the server will ask you for it.

 

In the PuTTY terminal we change the curren directory to the folder where WordPress files are stored and list them.

 

user1@wordpress-1-vm: PuTTY

  • cd /var/www/html
  • ls -la

One of the folders within this location is “wp-includes” and if you nvigate to that address http://[ipaddress]/wp-includes/ you’ll find that your whole directory listing is available for public, where there is no index.php file. This is a security issue and it’s better for us to fix it now.

We will create a .htacess file in this folder by the follwoing command.

 

user1@wordpress-1-vm: PuTTY

  • sudo nano .htaccess

And enter the following contents in the file:

DirectoryIndex index.php
Options -Indexes

Press Ctrl+X, confirm the question for saving the file with entering ‘Y’ and exit the nano (Linux editor).

Now navigating to the same URL will take you to the Apache 2 Forbidden page.

The next software is FileZilla. And we want to provide access of FileZilla to web folder (/var/www/html), so we could easily transfers files between our local PC and the remote server. First we configure the FileZilla and then we will deal with a permission issue within /var/www/html/ location. Run FileZilla program:

In the menubar go to the “File | Site Manager …”

In the Site Manager dialog click on New Site button

In “Select Entity” enter a friendly name for your site and then on the right hand side enter the IP address of your site (in case you connected your VM to a domain your domain name). In the Protocol field select “SFTP – SSH File Transfer Protocol”. And in the “Logon Type:” select “Key file”. For the “User:” field enter the key username (comment) and browse the “Key file:” to the location where you stored your regular (not Open-SSH) private key.

Go to “Advanced” tab and enter “/var/www/html” in the “Default remote directory:” field

Now you could click on “Connect” button. A dialog will appear about how to treat passphrase step of login (save, not save and …)

Another dialog will indicate that “server’s host key is unknown”, since we trust our DNS providers just confirm the warning and it’s better to enable the “Always trust this host, add the key to the cache”.

Finally, we are connected to our host and you could see the directory tree of server on the right hand side.

Suppose, I want to upload a sample file test.txt to site’s public root folder. In the left side I browsed to the test.txt file location and on the context menu (right-click menu) selected the option “Upload”

As you see the upload will fail.

This happened because user1 does not have write permission to this folder and only had the read permission. We could see that by taking another look at the shell listing (That we have done before). If you need more information in Linux users and groups go to this link.

The owner of the file is www-data (the apache2 user) and only the owner have read/write/execute permissions. This is nothing to do with our user1. However, there is a allegation of security issues on owning web content with www-data user.


Refere to: /usr/share/doc/base-passwd/users-and-groups.html
Some web servers run as www-data. Web content should not be owned by this user, or a compromised web server would be able to rewrite a web site. Data written out by web servers will be owned by www-data.

Anyway, that is how it is in the default configuration of WordPress deployment in Google Cloud. And I think it is because if you take the ownership of some folders from www-data (write permision) some WordPress plugins may fail to update. Basically we do every operation related to write in this folder with the sudo perfix (like what we did when creating .htaccess file) but since we need to provide write access to FileZill using user1, (with the mentioned configuration of users) you only need to add user1 to www-data group and grant the write permission for the whole group instead of only www-data user. This could be simply done by the following commands:

user1@wordpress-1-vm: PuTTY

  • sudo adduser user1 www-data
  • sudo chmod -R g+rw /var/www/html

As you see in the following figure the file transfer would be done successfully.

 

Before moving on from this already solved problem, I think It is better to mention some points for your later reference. If in your deployment www-data does not have ownership of the web content, you could grant it using the following command:

user1@wordpress-1-vm: PuTTY

  • sudo chown -R www-data:www-data /var/www/html

But a better practice (to solve security issues as well ) in this scenario would be to change the ownership to user1 instead of www-data. In that case you don’t need to grant the write permission for the whole www-data group (Like what we have done above). If a WordPress plugin failed to update you could change the ownership temporarily to www-data and after you have done with update change it back to user1. The other command below will provide the owner read and write permission while giving the group only read access (- rw- r– —) to the files. The last command will provide execute permission (d rwx r-x —) for both owner and group for folders (Apache needs execute permissions on folders to access their content).

user1@wordpress-1-vm: PuTTY

  • sudo chown -R user1:www-data /var/www/html
  • find /var/www/html -type f -exec chmod 0640 {} \;
  • sudo find /var/www/html -type d -exec chmod 2750 {} \;

 

In the last section of this tutorial we will connect Netbeans IDE to the host so that we could easily develop some custom PHP code whenever we need! Run the NetBeans IDE.

 

In the menu-bar select “File | New Project …”, among available categories select PHP and then in Projects box “PHP Applications from Remote Server” and then click Next button.

Give your project a name an choose a local directory for Netbeans to store the files retrieved from server.

In the next wizard step (Remote Connection), in the remote connection field click on “Manage …” button

In the “Manage Remote Connection”, another dialog named “Create New Connection” will appear otherwise click “Add …”. Enter a name for the connection and select SFTP as type (just like FileZilla)

For the host name use IP address (or domain name), in username provide your key comment and in private key file use the Open SSH formatted private key (It is important to use Open SSH format otherwise it will fail). This was the reason we stored private key in two formats. Don’t forget to set the initial directory to /var/www/html.

Click “Test connection” and confirm warning. Make sure the connection setup is successful.

In the Remote Connection step of the wizard make sure to set the “/” for upload directory. Otherwise the files would be synchronise with a wrong location in the remote host.

In the confirmation step of the wizard as you press the finish the Netbeans will began to synchronise the remote content with local location you have provided.

It will take a while for the whole files to be downloaded to your local directory. You could prepare yourself a coffee while the whole process is in progress.

Now you could enjoy developing your custom PHP code in Netbeans and while you done you only need to right clik on the “Source Files” filter and perform a “Synchronize” operation.

Cite this article as: Amir Mehrafsa, "Professional WordPress Site Setup (for less than 1$) – Part 2," in MEXUAZ, August 23, 2017, http://mexuaz.com/professional-wordpress-setup-02/.

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Spelling error report

The following text will be sent to our editors: