Category: Hosting

Package Management

Repositories, Packages, Package Managers

Software for Unix and Unix-like systems can be obtained and installed in a variety of ways. Source code can be obtained, compiled and installed. Binary files can be obtained and installed. And “packages,” designed to simply the software installation process, can be used. It’s similar for Windows – but the nomenclature is different.

Because of their simplicity and reliability – software packages are the most common form of software distribution and installation.

“Package” is the term used for a file containing software modules and scripts that install them properly. Linux operating systems use the term “package” – some other operating systems use other terms.

Linux distributions maintain a “repository” – a central collection of packages. The distribution’s repository contain packages known to be compatible and stable with that distribution. Not all Linux distributions have the same packages in their repositories. Not all Linux distributions have the same versions of packages in their repositories.

A utility program called a “package manger” installs software from the repository. Debian distributions of Linux use APT (Advanced Package Tool) – a package manager designed for interactive use. A variation called “APT-GET” is designed for scripted use.

Many tutorials and references for installing a stack on Debian family Linux distributions for WordPress depict using APT-GET. I strongly encourage using APT. Make use of its interactive features and informative reports.

reference: https://en.wikipedia.org/wiki/APT_(software)

Note: The Red Hat family of Linux distributions use YUM package manager.
reference: https://en.wikipedia.org/wiki/Yum_(software)

Debian family package managers resolve dependencies when software modules are installed. If a new module depends on other modules also being installed, the package manager checks for them and installs them automatically as necessary.

For some packages, repositories contain multiple version numbers. This allows the package manager use an earlier version if other software modules have dependencies that require it. By default, the newest version will be installed as long as there are no conflicts.

Because package managers will automatically install the appropriate version of a package, you never have to specify the version number of a package to install. Be careful of postings and tutorials that direct you to install packages that have versions in their name. It is likely to be a mistaken or obsolete information.

Here’s an example from a tutorial book that is wrong:

This tutorial erroneously directs you to install “php7.2-curl”. Instead, you should install “php-curl”. APT will then install the appropriate version of this package in your repository.

One challenge can be knowing the correct name for a package. The “APT list” command can be useful – especially if using the “*” wildcard. If you use the command: APT list *curl*

This will generate a list of all packages in your repository containing the letters “curl”. In the middle of a list of about 30 entries is:

....
libwww-curl-perl/stable 4.17-5 armhf
lua-curl-dev/stable 0.3.0-9.2 armhf
lua-curl/stable 0.3.0-9.2 armhf
php-curl/stable,now 2:7.3+69 all [installed]
php7.1-curl/stable 7.1.20-1+b2 armhf
php7.2-curl/stable 7.2.9-1+b2 armhf
php7.3-curl/stable,now 7.3.14-1~deb10u1 armhf [installed]
python-pycurl-dbg/stable 7.43.0.2-0.1 armhf
python-pycurl-doc/stable 7.43.0.2-0.1 all
python-pycurl/stable 7.43.0.2-0.1 armhf
....

Notice there are four entries containing both “php” and “curl”: php-curl, php7.1-curl, php7.2-curl and php7.3-curl.

Since APT will automatically install the appropriate version, all we have to do is issue the command: sudo apt install php-curl

wp-ops@seebylooking:~ $ sudo apt install php-curl↵
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  php-curl
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,992 B of archives.
After this operation, 12.3 kB of additional disk space will be used.
Get:1 http://mirror.pit.teraswitch.com/raspbian/raspbian buster/main armhf php-curl all 2:7.3+69 [5,992 B]
Fetched 5,992 B in 1s (9,052 B/s)
Selecting previously unselected package php-curl.
(Reading database ... 157231 files and directories currently installed.)
Preparing to unpack .../php-curl_2%3a7.3+69_all.deb ...
Unpacking php-curl (2:7.3+69) ...
Setting up php-curl (2:7.3+69) ...
wp-ops@seebylooking:~ $

Using the “*” wildcard again we can verify which modules (and version) were installed using the command: APT list php*curl –installed

wp-ops@seebylooking:~ $ apt list php*curl --installed↵
Listing... Done
php-curl/stable,now 2:7.3+69 all [installed]
php7.3-curl/stable,now 7.3.14-1~deb10u1 armhf [installed]
wp-ops@seebylooking:~ $

Notice that two package modules are installed: php-curl and php7.3-curl

PPA – Personal Package Archive

There are instances where software modules you want are not in your distribution’s repository.

For example, at the time of this writing, the newest version of PHP in the Ubuntu version 18.04 distribution repository is version 7.2. The WordPress “Site Health Status” tool says that this version is out of date.

Unfortunately, attempting to re-install PHP to upgrade to a newer version comes back with the report that PHP version 7.2 is the newest version available.

wp-ops@seebylooking:~$ sudo apt install php↵
Reading package lists... Done
Building dependency tree       
Reading state information... Done
php is already the newest version (1:7.2+60ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
wp-ops@seebylooking:~$

reference: https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software

At this point there are two options: 1) Accept PHP version 7.2 until a newer version is available in the repository. Or 2) Use a PPA to install a newer version of PHP.

A PPA can be developed by anyone. There are several PPA in wide use that are maintained by individuals with good reputations.

reference: https://itsfoss.com/ppa-guide/
reference: https://linuxconfig.org/install-packages-from-an-ubuntu-ppa-on-debian-linux
reference: https://www.rosehosting.com/blog/how-to-install-php-7-3-on-ubuntu-16-04/
reference: https://php.watch/articles/Ubuntu-PHP-7.3

Using a PPA introduces new administration complexities. The benefits may not outweigh the work and responsibility.

If you’re new to managing a Unix or Unix-like server host software – using the standard package repository, at the cost of missing some WordPress performance gains from newer software versions, may be the wiser choice.

PHP Extensions

PHP Extensions are software modules that extend the capabilities of PHP. WordPress provides a list of extensions it may use.

Reference: https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions

Unfortunately, there’s not a corresponding list of package names for each of these extensions.

Some of them are easy to figure out. The graphics extension “GD” exists in the package php-gd.

The APT “show” option is a good way to see what’s contained in a package. For example APT show php-gd confirms that this package contains the GD module.

wp-ops@seebylooking:~$ apt show php-gd↵
Package: php-gd
Version: 1:7.2+60ubuntu1
Priority: optional
Section: php
Source: php-defaults (60ubuntu1)
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 12.3 kB
Depends: php-common, php7.2-gd
Supported: 5y
Download-Size: 1996 B
APT-Sources: http://mirrors.digitalocean.com/ubuntu bionic/main amd64 Packages
Description: GD module for PHP [default]
 This package provides a GD module for PHP.
 .
 PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used
 open source general-purpose scripting language that is especially suited
 for web development and can be embedded into HTML.
 .
 This package is a dependency package, which depends on Ubuntu's default
 PHP version (currently 7.2).

wp-ops@seebylooking:~$

Sometimes it’s not so simple. For example, one extension on the WordPress list of requirements is the DOM module. There is no PHP extension or module containing the letters “DOM”. It happens that this module is included in the php-xml package. It took a few google searches to find that.

reference: https://www.littlebizzy.com/blog/wordpress-php-extensions
reference: https://www.php.net/manual/en/refs.xml.php

To confirm that DOM is within the php-xml module, use the APT list php-xml command.

wp-ops@seebylooking:~$ apt show php-xml↵
Package: php-xml
Version: 1:7.2+60ubuntu1
Priority: optional
Section: universe/php
Source: php-defaults (60ubuntu1)
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 12.3 kB
Depends: php-common, php7.2-xml
Download-Size: 2024 B
APT-Sources: http://mirrors.digitalocean.com/ubuntu bionic/universe amd64 Packages
Description: DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
 This package provides a DOM, SimpleXML, WDDX, XML, and XSL module for PHP.
 .
 PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used
 open source general-purpose scripting language that is especially suited
 for web development and can be embedded into HTML.
 .
 This package is a dependency package, which depends on Ubuntu's default
 PHP version (currently 7.2).

wp-ops@seebylooking:~$

Another technique for finding extensions is to use the “search” option of APT. The command APT search php- will return a list of package modules in your repository pertaining to PHP along with a brief description.

This may be long list. You can either redirect the output to a file, or pipe the output to the MORE command, or the more useful LESS command. For example: APT search php- | less

The text in the box below is scrollable.

This scrollable file is similar to what you might get using the by piping to search to the MORE command. You can escape out of MORE by pressing “q”.

Beware of Conflicting Information

One tutorial I found instructs installing DOM by installing the extension module php-dom. This module however does not exist in my repository.

reference: https://zoomadmin.com/HowToInstall/UbuntuPackage/php-dom

I verified that the php-dom module doesn’t exist using the command APT list php-dom

It returns no modules with that name.

wp-ops@seebylooking:~$ apt list php-dom↵
Listing... Done
wp-ops@seebylooking:~$

In this particular case, it appears that php-com is a “virtual package.”

reference: https://packages.ubuntu.com/bionic/php7.2-dom

Clicking on the link regarding Virtual Packages takes you to a page containing this explanation:

This may explain why the tutorial mistakenly directs the installation of a module that exists only “virtually” and not “physically” – hence can’t be installed.

No matter how much confidence you have in the tutorial you’re using (including this one) its important to verify each step. In the case of installing software on a Debian distribution (such as Ubuntu) it pays off having good working knowledge of APT command to validate modules.

Automatic Extension Installation

Many of extension modules may be installed automatically when PHP is installed. Some of these are necessary for WordPress. Each distribution’s repository may have different extension modules that are installed along with PHP. It’s suggested that you make note of the ones that get installed. In my installation example, the following are installed:

  • libapache2-mod-php7.3
  • php-common
  • php-7.3
  • php7.3-cli
  • php7.3-common
  • php7.3-jason
  • php7.3-opache
  • php7.3-readline
wp-ops@seebylooking:~ $ sudo apt install php↵
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libapache2-mod-php7.3 php-common php7.3 php7.3-cli php7.3-common php7.3-json
  php7.3-opcache php7.3-readline
Suggested packages:
  php-pear
The following NEW packages will be installed:
  libapache2-mod-php7.3 php php-common php7.3 php7.3-cli php7.3-common
  php7.3-json php7.3-opcache php7.3-readline
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,969 kB of archives.
After this operation, 14.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]

If the latest PHP version and the requisite extensions aren’t installed, WordPress may run, but some WordPress restrictions and limitations.

The WordPress “Site Health Status” tool helps identify missing extension modules:

Following most WordPress and stack installation tutorials is likely to get a basic WordPress installation up and running. Then by using “Site Health Status” you can fine tune your PHP extensions and software versions as necessary.

SSH Keys

SSH Keys allow a secure SSH connection from a client to a host without using passwords. These same keys work with some other communication utilities such as SFTP.

In some instances the reason for using SSH Keys is the convenience of not having to enter passwords. This may also enable some automated connections to function securely because passwords do not have to be included in the automation.

A key reason to use SSH Keys is that it allows disabling a login to a root account (or other sensitive account) with the requirement of a password only – protecting against a malicious root account login using a discovered password.

The first time a client initiates a SSH connection to a host, the client’s user is prompted with information about the host, and the user is asked to agree that it’s the valid host before establishing the connection. Once accepted, a “public key” from the host is stored on the client in a file named known_hosts.

On future connections, the client user is only asked to validate the host identification again is if host sends a public key that no longer matches the one stored in the client’s known_hosts file. This could indicate a security breech.

A key point in properly implementing SSH Keys is knowing that a public key is placed on the client computer and a private key is placed on the host computer. And neither of these keys are the same key that was automatically stored in the known_hosts file used in establishing the identity the host computer.

These SSH public and private keys are typically generated once on the client’s computer using the command: ssh-keygen

The public key is a file generated by the ssh-keygen command – and it’s implemented on the client by simply moving it to the .ssh directory of the client’s user’s home directory.

The private key is a second file generated by the ssh-keygen command. To implement this private key, it has to be appended to host’s known_keys file. This file is in the .ssh directory of the home directory on the host once the connection is established.

There are several way to append the private key file to the host’s known_keys file. The first article referenced below describes this process using the ssh-copy-id command.

It can also be done by first getting a copy of the private key file from the client to the host computer (via ftp, email, etc.) and then using standard UNIX commands to append the contents of the private key file to the known_keys file.

For example: cat private_key_file >> known_hosts

For examples of these procedures, with use of some of the command options, the following references are suggested:

In the case where a host experiences a change of it’s SSH public key (such as re-installing the operating system on a machine) a SSH connection will be prevented do to risk of “man in the middle” security breech. This is addressed and corrective actions offered here:

Sorting out POSTFIX

POSTFIX is installed automatically by the RKHUNTER installation unless an option is taken:

sudo apt-get -y --no-install-recommends install rkhunter

reference: https://hostpresto.com/community/tutorials/how-to-install-and-use-rkhunter-on-ubuntu-14-04/

POSTFIX can be tested by using:

echo “it works!” | mail -s “testing” your@e-mail.address.elsewhere

https://www.linode.com/community/questions/4242/how-do-i-check-if-postfix-setup-correctly

Sending a test email to my gmail account resulted in a rejected email response due to failing one or more of several possible checks designed to protect gmail accounts from spam:

Gmail rejection of POSTFIX emailDownload

The redirection email suggests the following reference to diagnose what rejection criteria was triggered:

https://support.google.com/mail/answer/81126#authentication

The first rejection criteria was the lack of reverse DNS. This could be checked on this handy website:

https://www.debouncer.com/reverse-dns-check?ip=64.225.13.42

This check shows that reverse-DNS is not active for www.seebylooking.com

Researching how to enable reverse-DNS, there were many posts and articles. Some directed users to enable a “PTR” record of domain host service.

Other posts directed users to make modifications on the server itself – in my case, digital ocean.com.

https://www.digitalocean.com/community/questions/how-do-i-create-a-reverse-dns-ptr-record

This post also noted changes to be made in the /etc/hosts and /etc/hostname files

I’ve done one:

This one needs figuring out… (note the reference that the file is in two places…)

Here’s a link to a tutorial on using two third party mail facilities:

https://www.wpbeginner.com/wp-tutorials/how-to-fix-wordpress-not-sending-email-issue/

asdf