Question

WordPress One-Click Application Quickstart - whats going on here

I have been using your one click WP app for years now, starting with 14LTS to now 18LTS.

I use this for all of my WP setups because it is a decent setup that allows me to shave start up time.

Now you have added the Quickstart script and changed some of the default configuration in the vhosts. I would like to know how this is going to work with specific setups and what is happening with the setup.

Where is the $domain variable being pulled and how does that work. How does this affect custom vhost configurations and setting up my own SSL (I have sites that utilize wildcard ssl certs and subdomains that are created on the fly)

Moving this into production without more knowing what has changed is not responsible. I know the differences between 16 - 18 and where to get them, this new Quickstart though not so much.

I could investigate this more but hoping that someone can break it down for me or give me a link to more thorough documentation on the new Quickstart script.

Thanks!!


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Ryan Quinn
DigitalOcean Employee
DigitalOcean Employee badge
January 14, 2019
Accepted Answer

Hello. First, I apologize if the recent changes caused issues with your automation. The change that was made to the vhost file had two parts:

  • Rather than just using a default the file uses the $domain variable as a placeholder for the FQDN to be used on the site. This is filled in by the interactive script triggered on the first login.

  • UseCanonicalName is now set in the configuration.

These changes were put in place to address CVE-2017-8295 which can allow an attacker to cause WordPress to send a password reset email allowing the installation to be compromised.

Adding the interactive script also allowed us to add a prompt to kick off certbot automatically based on the FQDN provided.

It is possible to use cloud-init user data provided via the API or the option on the create page to get around this. The script that is run on first login is located at /opt/digitalocean/wp_setup.sh in the image. This bash script can be used as an example to write a user data script to fill in the variable and disable the script during first boot.

To do this in the most simple way you could use:

#!/bin/bash
sed -i "s/\$domain/[FQDN]/g"  /etc/apache2/sites-enabled/000-default.conf
a2enconf block-xmlrpc

service apache2 restart
cp /etc/skel/.bashrc /root

replacing [FQDN] with your domain. This snippet will

  • Write the domain in place of $domain in the vhost config
  • enable the xmlrpc.php block which prevents some methods of attack
  • restarts apache to load the changes
  • copies the default .bashrc from skel back to the root user (the interactive script is otherwise called by .bashrc on first login)
jarland
DigitalOcean Employee
DigitalOcean Employee badge
January 14, 2019

Hey friend,

Great questions. The one-click is more tailored to the new user who just wants to spin up a working system, or the advanced user who just wants to skip some steps and go straight to production. If you need to automate deployments it makes more sense to build your own deploy scripts. We may frequently update our one-click images to address software updates, vulnerabilities, new practices, or to address common misunderstandings that drive ticket volume. These can happen without notice, and we do not keep a public change-log (not against it, just not something we currently do), as they have no impact on previously deployed systems.

While there are other systems out there to assist in automating software deployments, we offer a function that can help you deploy direct from our control panel or API:

https://www.digitalocean.com/docs/droplets/resources/metadata/

We actually have an example for using this to deploy Wordpress on Ubuntu 16 (shouldn’t be much adjustment for 18):

https://github.com/digitalocean/do_user_scripts/blob/master/Ubuntu-16.04/cms/wordpress.sh

With that said, I’ll ping @ryanpq and see if he can provide some answers about the current iteration of the Wordpress one-click.

Jarland

Pradeep P
DigitalOcean Employee
DigitalOcean Employee badge
April 3, 2024

Hello everyone,

If you’re having trouble running the WordPress setup script on your DigitalOcean Droplet, here’s a quick guide to help you get started:

  1. Locate the Script: The WordPress setup script is typically located at /root/wp_setup.sh on your Droplet.

  2. Execute the Script: You can manually run the setup script by using the following command in your terminal: sh /root/wp_setup.sh

  3. Follow the Prompts: Running this command will initiate the WordPress installation process, guiding you through the configuration of your website.

For your ease, you can copy the below code to an executable file on your Droplet to run the WP setup process. The below code is actually the default wp_setup.sh content available with every WordPress image on Marketplace.

#!/bin/bash
#
# WordPress activation script
#
# This script will configure Apache with the domain
# provided by the user and offer the option to set up
# LetsEncrypt as well.

# Enable WordPress on first login
if [[ -d /var/www/wordpress ]]
then
  mv /var/www/html /var/www/html.old
  mv /var/www/wordpress /var/www/html
fi
chown -Rf www-data:www-data /var/www/html

# if applicable, configure wordpress to use mysql dbaas
if [ -f "/root/.digitalocean_dbaas_credentials" ] && [ "$(sed -n "s/^db_protocol=\"\([^:]*\):.*\"$/\1/p" /root/.digitalocean_dbaas_credentials)" = "mysql" ]; then
  # grab all the data from the password file
  username=$(sed -n "s/^db_username=\"\(.*\)\"$/\1/p" /root/.digitalocean_dbaas_credentials)
  password=$(sed -n "s/^db_password=\"\(.*\)\"$/\1/p" /root/.digitalocean_dbaas_credentials)
  host=$(sed -n "s/^db_host=\"\(.*\)\"$/\1/p" /root/.digitalocean_dbaas_credentials)
  port=$(sed -n "s/^db_port=\"\(.*\)\"$/\1/p" /root/.digitalocean_dbaas_credentials)
  database=$(sed -n "s/^db_database=\"\(.*\)\"$/\1/p" /root/.digitalocean_dbaas_credentials)

  # update the wp-config.php with stored credentials
  sed -i "s/'DB_USER', '.*'/'DB_USER', '$username'/g" /var/www/html/wp-config.php;
  sed -i "s/'DB_NAME', '.*'/'DB_NAME', '$database'/g" /var/www/html/wp-config.php;
  sed -i "s/'DB_PASSWORD', '.*'/'DB_PASSWORD', '$password'/g" /var/www/html/wp-config.php;
  sed -i "s/'DB_HOST', '.*'/'DB_HOST', '$host:$port'/g" /var/www/html/wp-config.php;

  # add required SSL flag
  cat >> /var/www/html/wp-config.php <<EOM
/** Connect to MySQL cluster over SSL **/
define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL );
EOM

  # wait for db to become available
  echo -e "\nWaiting for your database to become available (this may take a few minutes)"
  while ! mysqladmin ping -h "$host" -P "$port" --silent; do
      printf .
      sleep 2
  done
  echo -e "\nDatabase available!\n"

  # cleanup
  unset username password host port database
  rm -f /root/.digitalocean_dbaas_credentials

  # disable the local MySQL instance
  systemctl stop mysql.service
  systemctl disable mysql.service
fi

echo "This script will copy the WordPress installation into"
echo "Your web root and move the existing one to /var/www/html.old"
echo "--------------------------------------------------"
echo "This setup requires a domain name.  If you do not have one yet, you may"
echo "cancel this setup, press Ctrl+C.  This script will run again on your next login"
echo "--------------------------------------------------"
echo "Enter the domain name for your new WordPress site."
echo "(ex. example.org or test.example.org) do not include www or http/s"
echo "--------------------------------------------------"

a=0
while [ $a -eq 0 ]
do
 read -p "Domain/Subdomain name: " dom
 if [ -z "$dom" ]
 then
  a=0
  echo "Please provide a valid domain or subdomain name to continue or press Ctrl+C to cancel"
 else
  a=1
fi
done
sed -i "s/\$domain/$dom/g"  /etc/apache2/sites-enabled/000-default.conf
a2enconf block-xmlrpc

service apache2 restart

echo -en "Now we will create your new admin user account for WordPress."

function wordpress_admin_account(){

  while [ -z $email ]
  do
    echo -en "\n"
    read -p "Your Email Address: " email
  done

  while [ -z $username ]
  do
    echo -en "\n"
    read -p  "Username: " username
  done

  while [ -z $pass ]
  do
    echo -en "\n"
    read -s -p "Password: " pass
    echo -en "\n"
  done

  while [ -z "$title" ]
  do
    echo -en "\n"
    read -p "Blog Title: " title
  done
}

wordpress_admin_account

while true
do
    echo -en "\n"
    read -p "Is the information correct? [Y/n] " confirmation
    confirmation=${confirmation,,}
    if [[ "${confirmation}" =~ ^(yes|y)$ ]] || [ -z $confirmation ]
    then
      break
    else
      unset email username pass title confirmation
      wordpress_admin_account
    fi
done

echo -en "\n\n\n"
echo "Next, you have the option of configuring LetsEncrypt to secure your new site.  Before doing this, be sure that you have pointed your domain or subdomain to this server's IP address.  You can also run LetsEncrypt certbot later with the command 'certbot --apache'"
echo -en "\n\n\n"
 read -p "Would you like to use LetsEncrypt (certbot) to configure SSL(https) for your new site? (y/n): " yn
    case $yn in
        [Yy]* ) certbot --apache; echo "WordPress has been enabled at https://$dom  Please open this URL in a browser to complete the setup of your site.";break;;
        [Nn]* ) echo "Skipping LetsEncrypt certificate generation";break;;
        * ) echo "Please answer y or n.";;
    esac

echo "Finalizing installation..."
wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/bin/wp
chmod +x /usr/bin/wp

echo -en "Completing the configuration of WordPress."
wp core install --allow-root --path="/var/www/html" --title="$title" --url="$dom" --admin_email="$email"  --admin_password="$pass" --admin_user="$username"

wp plugin install wp-fail2ban --allow-root --path="/var/www/html"
wp plugin activate wp-fail2ban --allow-root --path="/var/www/html"
chown -Rf www-data.www-data /var/www/
cp /etc/skel/.bashrc /root

echo "Installation complete. Access your new WordPress site in a browser to continue."

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more