WordPress on IIS

These are my notes for getting WordPress on IIS 10 (1809) on Windows Server 2019 Core working.  I ran into a problem with MySQL 8.0 so I reverted back to MySQL 5.6 until I can spend a little more time troubleshooting and document my experience.

[This is a running draft currently]

  1. Install and Configure: IIS 10 (1809)
    1. IIS Role
      1. Features > CGI, Dynamic Compression
    2. Configure IIS FastCGI parameters – can be done with Administration pack, but I’m running Core and did from commandline.
      1. %windir%\system32\inetsrv\appcmd set config -section:system.webServer/fastCgi /[fullPath='c:\{php_folder}\php-cgi.exe'].instanceMaxRequests:10000
      2. %windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/fastCgi /+"[fullPath='C:\{php_folder}\php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS',value='10000']"
    3. GZIP (static/dynamic compression)
  2. Install and Configure: PHP 7.3
    1. Non-thread safe PHP 7.3 x64 installed to C:\PHP
    2. Needs VC15 redistributable (x64)
    3. Configure date.timezone, upload_tmp_dir, etc.
      1. Set permissions for tmp file location using icacls
        1. icacls tmppath /grant "IIS_IUSRS":(OI)(CI)F
  3. Install and Configure: MySQL Community Server 5.6.42
    1. Needs VC13 redistributable
    2. Configure bind-address for in C:\ProgramData\MySQL\my.cnf
  4. Install and Configure WordPress
    1. Folder permissions required (IIS_IUSR) using icacls
      1. icacls websiteroot /grant "IIS_IUSRS":(OI)(CI)F
    2. Download latest ZIP
      1. Tip: PowerShell Extract-Archive latest.zip works great – seemed slow, but it worked.
    3. IIS Rewrites (2.1 is required – I used x64 download)
      1. Permissions
        1. Note:  example.com is the name of  a website I created in IIS, so permissions use the App Pool Identity.
        2.   icacls "C:\inetpub\example.com" /grant:r "IIS APPPOOL\example.com:(OI)(CI)(RX,W)" /T
        3. Some notes I need to revise:
          1. iis permissions setup
            icacls PATH /remove "UserOrGroup" /t (removes recursively)
            i use:
            icacls httproot /inheritance:d
            icacls httproot /remove "BUILTIN\Users" /t
            icacls httproot /grant "IIS APPPOOL\domain.com" (this will propagate via inheritance to httproot\*)
            icacls httproot /grant "IIS APPPOOL\domain.com:(OI)(CI)F" /t
            PS C:\inetpub\domain.com> icacls httproot
            httproot IIS APPPOOL\domain.com:(F)
            NT SERVICE\TrustedInstaller:(F)
            NT SERVICE\TrustedInstaller:(OI)(CI)(IO)(F)
            CREATOR OWNER:(OI)(CI)(IO)(F)
            create site
            authentication > anonymouse authentication > edit > change to Application Pool Identity > OK
            right click on site > manage > advanced > ensure application pool is selected for correct application pool (domain.com)
            application pools > right click domain.com pool > ensure Process Model section > Identity is set to ApplicationPoolIdentity
  5. LetsEncrypt SSL
  6. benchmark
  7. Php 5.7 on old iis 7.5 (2008R2) vs new server (2019 core) with php 7.3