Manual Wordpress on SELinux

Install Apache, PHP and MariaDB:

yum install httpd
service httpd start
systemctl enable httpd.service

yum install php php-mysql php-gd php-pear

yum install mariadb-server
systemctl enable mariadb.service

Configure MariaDB:


Download latest Wordpress version:

curl --proxy=$http_proxy > latest.tar.gz

Prevent write rights to Apache user:

chown -R root:apache *

Create database and Wordpress user:

create database wordpress;

grant all on wordpress.* to wordpress@'%' identified by "<insert random generated and secure password here>"

Update /etc/httpd/http.conf to allow .htaccess overrides (for url rewrite).

AllowOverride Options FileInfo

Remove Options and enable FollowSymLinks (don't allow directory browsing).

Options None
Options +FollowSymLinks

Make sure Apache can connect to external networks (remember SELinux):

getsebool -a
setsebool httpd_can_network_connect on

Enable sendmail for http user.

setsebool -P httpd_can_sendmail on

Enable write rights for wp-content folder and wp-config.php:

cd /var/www/html/
chmod -R u+rwX,go+rX,o-w ./wp-content
chmod -R u+rwX,go+rX,o-w ./wp-config.php

Configure Envelope-From address for sendmail:

<Directory "/var/www/.../">
                DirectoryIndex index.php
                Options None
                Options +FollowSymLinks

                php_admin_value mail.force_extra_parameters ""
                AllowOverride Options FileInfo
                # Controls who can get stuff from this server file
                Order allow,deny
                Allow from all
        <IfModule mpm_peruser_module>
                ServerEnvironment x x