In this post I will explain the steps needed to create a WordPress blog on OCI free tier. But before that, a couple of disclaimers:
- Even though it says “completely free” in the title, you will still need to pay for the domain name of your choice. You can use any domain registrar of your choice and add A-record pointing to the public IP of your OCI compute instance once it is provisioned
- his guide explains the steps to set up a blog in a single compute instance. There are a lot of additional steps that need to be done in order to secure the WordPress installation and to scale the infrastructure. But for a simple blog, the OCI free tier compute instance should be enough
The high level steps you need to perform are:
- Create a new OCI free tier Tenancy
- Create OCI compute instances and setup WordPress blog
- Get let’s encrypt SSL certificate for your domain
Lets get to these steps in detail. I will be linking to external guides or blogs to do most of these steps, as these are explained in details in those blogs.
Step 1: Setup OCI compute nodes with WordPress installation
Follow the steps mentioned in the blog below:
In addition to the steps listed in the above post, since we are planning to setup https using let’s encrypt certificate, you will need to open port 443 as well, both in the OCI console, and in the compute instance which hosts apache/httpd
[opc@mywordpress www]$ sudo firewall-cmd --zone=public --permanent --add-port=443/tcp success [opc@mywordpress www]$ sudo firewall-cmd --reload success
Step 2: Setup Let’s encrypt certificate
Before using certbot tool, you will need to configure a VirtualHost in your /etc/httpd/conf/httpd.conf file, and restart httpd. After restart, your website should be accessible over http.
<VirtualHost *:80> ServerName sitename.com ServerAlias *.sitename.com DocumentRoot /var/www/html </VirtualHost>
Use certbot tool to get the certificate for your domain, and add the redirect rules to redirect http traffic to https (This can be done as part of the certbot auto-config).https://certbot.eff.org/lets-encrypt/pip-apache
The certbot tool is used to automate the certificate installation. It will perform most of the steps needed to install the certificate. After certificate is installed, you will need to manually edit one conf file to add the cert file manually
Add/change the below lines to point to the certificate files created by certbot output. The fill path of cert, key and chain file will be displayed as the output of certbot script
SSLCertificateFile /etc/letsencrypt/live/sitename.com-0003/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sitename.com-0003/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sitename.com-0003/chain.pem
That’s it. You should now be able to access your website over https without any certificate errors or warnings.
I had just one single problem to solve with the installation of WordPress, which is that I was never able to upgrade the WordPress installation, using the “Upgrade” button in the WordPress dashboard.
When I click on the “Upgrade” button, it will download all the necessary files, and then an error will popup, which says something like – unable to delete/replace some files. This looked to me like an OS user permission issue. A lot of guides and blogs also seem to agree with me. But whatever I do (I have even set 777 permission to ALL files in the WordPress directory recursively, which you should NEVER do), the automatic upgrade did not work.
That is when I found one flag to set at the OS which resolved all of the automatic upgrade problems with WordPress. This below is the command which resolved the problem for me
chcon -R -t httpd_sys_rw_content_t /var/www/html
That’s it. You now have a perfectly working, auto-upgradeable WordPress website. Enjoy 🙂