1 files changed, 212 insertions, 0 deletions
diff --git a/server-build/Server-Build-Instructions.md b/server-build/Server-Build-Instructions.md
new file mode 100644
index 0000000..eb9ec0f
--- /dev/null
+++ b/server-build/Server-Build-Instructions.md
@@ -0,0 +1,212 @@
+# Purpose of this document
+
+This document is an instruction manual to install WordPress, WooCommerce, and the Taler WooComerce plugin on a bare system and have it serve a Taler-enabled WordPress/WooCommerce site using HTTPS withi a LetsEncrypt SSL certificate.
+
+## Assumptions
+
+* The target system for this build is a Debian 10 stable system.
+
+* You have root-level access to this system.
+
+* Apache2 will be the default web server.
+
+* Your server will have a domain name such as _domain.com_.  This is necessary for the LetsEncrypt SSL certificate.  If you will use this server locally or using the raw IP address, you may choose to configure a self-signed certificate instead.
+
+## Configure firewall
+
+You may use the file in `scripts/ufw-setup.sh` to install ufw (uncomplicated firewall) and automatically open ports 80 and 443 (needed for LetsEncrypt and for access to the WordPress/WooComerce site.)
+
+Alternatively, configure your firewall of choice to accept requests on ports 80 and 443 (and whatever port(s) you may be using to access your server, ex: SSH port 22.)
+
+##  Software from Debian Repositories
+
+Please note that all software can be installed at one time.  The separations are only to make the instructions more clear.
+
+### Install Apache2
+
+`$ sudo apt install apache2`
+
+### Install PHP and Supporting Packages for Wordpress
+
+`$ sudo apt install php-pear php-fpm php-dev php-zip php-curl php-xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php
+
+### Install Certbot for LetsEncrypt
+
+`$ sudo apt install certbot`
+
+### mariaDB
+
+`sudo apt install mariadb-server`
+
+
+## Configure SSLEngine
+
+###  Using LetsEncrypt
+
+#### Get the certificate:
+
+You must have ports 80 and 443 open on your firewall before running this command:
+
+`$ sudo certbot certonly -d _domain.com_`
+
+LetsEncrypt will save the certificate and key as:
+
+`/etc/letsencrypt/live/_domain.com_/fullchain.pem` and
+`/etc/letsencrypt/live/_domain.com_/privkey.pem`
+
+#### Set the certificate to auto-renew:
+
+Become `root`:
+
+`$ su`
+
+(Now enter the root user's password)
+
+`# crontab -e`
+
+Add these lines to the crontab (please note you can change the date by adjusting this command.  Look up _cron_ jobs for details):
+
+```
+# Weekly Certbot Renewal Check
+25 11 4 * * certbot renew --rsa-key-size 4096 --pre-hook "service apache2 stop" --post-hook "service apache2 start"
+```
+
+### Using a self-signed certificate
+
+If you prefer to use a self-signed SSL certificate (for example, if your server does not have a public IP address), you may use the script in `/scripts/ssl-create-selfsigned.sh`.  You can also do this manually as follows:
+
+`$ openssl req -x509 -newkey rsa:4096 -keyout selfsigned-key.pem -out selfsigned-cert.pem -days 365 -nodes -subj '/CN=localhost'`
+
+Leave off the `-subj '/CN=localhost'` flag if you prefer to add identifying information to the certificate.
+
+The output will look something like this:
+
+```
+Generating a RSA private key
+.................................................................................++++
+..............................................................................................................................................................................................................................................................................................................................................++++
+writing new private key to 'key.pem'
+Enter PEM pass phrase:
+123976305214592:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:905:You must type in 4 to 1024 characters
+123976305214592:error:2807106B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:545:while reading strings
+123976305214592:error:0906406D:PEM routines:PEM_def_callback:problems getting password:../crypto/pem/pem_lib.c:59:
+123976305214592:error:0907E06F:PEM routines:do_pk8pkey:read key:../crypto/pem/pem_pk8.c:83:
+```
+
+Next, copy the certificate and key to a location where you will keep them permanently:
+
+`$ sudo mv selfsigned-key.pem selfsigned-cert.pem /etc/ssl/certs/``
+
+Remember this location for inclusion in your web server configuration files.
+
+
+## Configure Apache2
+
+### Apache2 modules
+
+#### Enable modules for Apache2 to support PHP
+
+`$ sudo a2enmod actions fastcgi alias proxy_fcgi php7.2 a2enmod proxy_fcgi setenvif php7.2-fpm`
+
+Please note that you may need to change the version from php7.2, depending on your system.
+
+#### Install modules for HTTP -> HTTPS, and SSL
+
+`$ sudo a2enmod rewrite ssl`
+
+#### Restart Apache2
+
+`$ sudo systemctl restart apache2`
+
+### .conf file
+
+Copy the `wordpress.conf` file in `/tools/wordpress.conf` and customize for your system.
+
+Save this file as _wordpress.conf_ and put it in `/etc/apache2/sites-available`. To make it active, issue this command:
+
+`$ sudo a2ensite wordpress && sudo systemctl reload apache2`
+
+You may also wish to remove the default `000-default.conf` apache2 configuration with this:
+
+`$ sudo a2dissite 000-default`
+
+Now reload apache2:
+
+`$ sudo systemctl reload apache2`
+
+
+## Install WordPress
+
+You are recommended to follow the official Wordpress instructions at https://wordpress.org/support/article/how-to-install-wordpress/
+
+Alternatively, instructions follow:
+
+### Download the latest Wordpress version:
+
+`$ wget https://wordpress.org/latest.tar.gz`
+
+### Unpack to /var/www/wordpress
+
+Untar WordPress to this directory (all files should be in `wordpress/` subdirectory):
+
+`$ sudo tar -xf latest.tar.gz -C /var/www`
+
+Set permissions and ownership:
+
+`$ sudo chmod -R 755 /var/www/wordpress`
+
+`$ sudo chown -R www-data:www-data /var/www/wordpress`
+
+### Create mariaDB database and password
+
+1. (Optional but highly recommended:) Secure the mariaDB installation:
+
+`$ sudo mysql_secure_installation`
+
+You will be prompted to accept some security defaults, and to set the root password.  Make sure to write this down.
+
+2. Create the WordPress database and user
+
+a. Log into the mySQL/mariaDB command line interface
+
+`$ sudo mysql -u root -p`
+
+Enter your password.  You should now be at the `MariaDB [(none)]>` prompt.
+
+b. Create the database:
+
+`MariaDB [(none)]> CREATE DATABASE wordpress;`
+
+c. Create the user to use the _wordpress_ database:
+
+`MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "somepassword";`
+
+Please note that you should choose a secure password instead of "somepassword".  You will need to remember this password later when installing WordPress.
+
+d. Flush Privileges
+
+`MariaDB [(none)]> FLUSH PRIVILEGES;`
+
+e. quit
+
+`MariaDB [(none)]> quit`
+
+### Configure WordPress to use the database
+
+`$ sudo cp /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php`
+
+Now open your favorite text editor and edit `/var/www/wordpress/wp-config.php`.  Change the values for the `database_name_here`, `username_here`, and `password_here` to match the values you created in mariaDB.
+
+Save this file and exit.
+
+## Test the WordPress installation
+
+At this point, you should have an Apache2 web server, using a LetsEncrypt certificate, pointing to a WordPress installation on your server.
+
+If everything is correct, you should be able to open a web browser to _domain.com_ (or a local IP address if you are not using a public IP) and see a default WordPress site.  If you do not see this, please troubleshoot by looking back over the instructions above.  They have been tested on a Debian 10 system.
+
+If you do see Wordpress, please configure your Wordpress site and proceed to the next step when complete.
+
+## Install WooCommerce plugin
+
+You can install the WooCommerce plugin using the admin interface at `https://_domain.com_/wp-admin`