WordPress on IIS

These are my notes for getting WordPress on IIS 10 (1809) on Windows Server 2019 Core working.  I ran into a problem with MySQL 8.0 so I reverted back to MySQL 5.6 until I can spend a little more time troubleshooting and document my experience.

[This is a running draft currently]

  1. Install and Configure: IIS 10 (1809)
    1. IIS Role
      1. Features > CGI, Dynamic Compression
    2. Configure IIS FastCGI parameters – can be done with Administration pack, but I’m running Core and did from commandline.
      1. %windir%\system32\inetsrv\appcmd set config -section:system.webServer/fastCgi /[fullPath='c:\{php_folder}\php-cgi.exe'].instanceMaxRequests:10000
      2. %windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/fastCgi /+"[fullPath='C:\{php_folder}\php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS',value='10000']"
    3. GZIP (static/dynamic compression)
  2. Install and Configure: PHP 7.3
    1. Non-thread safe PHP 7.3 x64 installed to C:\PHP
    2. Needs VC15 redistributable (x64)
    3. Configure date.timezone, upload_tmp_dir, etc.
      1. Set permissions for tmp file location using icacls
        1. icacls tmppath /grant "IIS_IUSRS":(OI)(CI)F
  3. Install and Configure: MySQL Community Server 5.6.42
    1. Needs VC13 redistributable
    2. Configure bind-address for in C:\ProgramData\MySQL\my.cnf
  4. Install and Configure WordPress
    1. Folder permissions required (IIS_IUSR) using icacls
      1. icacls websiteroot /grant "IIS_IUSRS":(OI)(CI)F
    2. Download latest ZIP
      1. Tip: PowerShell Extract-Archive latest.zip works great – seemed slow, but it worked.
    3. IIS Rewrites (2.1 is required – I used x64 download)
      1. Permissions
        1. Note:  example.com is the name of  a website I created in IIS, so permissions use the App Pool Identity.
        2.   icacls "C:\inetpub\example.com" /grant:r "IIS APPPOOL\example.com:(OI)(CI)(RX,W)" /T
        3. Some notes I need to revise:
          1. iis permissions setup
            icacls PATH /remove "UserOrGroup" /t (removes recursively)
            i use:
            icacls httproot /inheritance:d
            icacls httproot /remove "BUILTIN\Users" /t
            icacls httproot /grant "IIS APPPOOL\domain.com" (this will propagate via inheritance to httproot\*)
            icacls httproot /grant "IIS APPPOOL\domain.com:(OI)(CI)F" /t
            PS C:\inetpub\domain.com> icacls httproot
            httproot IIS APPPOOL\domain.com:(F)
            NT SERVICE\TrustedInstaller:(F)
            NT SERVICE\TrustedInstaller:(OI)(CI)(IO)(F)
            CREATOR OWNER:(OI)(CI)(IO)(F)
            create site
            authentication > anonymouse authentication > edit > change to Application Pool Identity > OK
            right click on site > manage > advanced > ensure application pool is selected for correct application pool (domain.com)
            application pools > right click domain.com pool > ensure Process Model section > Identity is set to ApplicationPoolIdentity
  5. LetsEncrypt SSL
  6. benchmark
  7. Php 5.7 on old iis 7.5 (2008R2) vs new server (2019 core) with php 7.3


IIS Migration Tool

Had to migrate a few sites today from Server 2000 to Server 2003 IIS6. Microsoft has a tool called iismt that will assist in migrating.

First thing I had to do on the Server 2000 server was enable DCOM so I could remotely transfer the files. Access DCOM configuration in 2000 from Start -> Run -> dcomcnfg. Here’s a screenshot of what the settings were.

After enabling DCOM, I rebooted the Windows 2000 server after I experienced some errors trying to remotely access it. Once rebooted, I was able to successfully migrate sites.

Here’s a quick batch script I made to copy multiple sites over. Pretty generic. Main point is that there were multiple sites so I needed a loop to do this. I only copied the configuration over. Next step after copying configuration over I then copied all data and made adjustments through IIS Administration tool for each individual site ensuring I had the document home directories properly setup post-migration.

@echo off
FOR %%s IN (13 17 18 20 21 23 25 29 32 34 36 39 8) DO iismt.exe OLDSERVER w3svc/%%s 
/user OLDSERVER\administrator /password s3cr3tpass /configonly

I determined which w3svc files I needed by browsing to C:\WINNT\system32\logfiles.

Hope this helps anyone with similar needs.