config | ||
.env.sample | ||
.gitmodules | ||
docker-compose.yml | ||
Dockerfile | ||
entrypoint.sh | ||
README.md |
Simple custom template for a clean Wordpress installation.
Config
Create data directories:
$ mkdir db data
$ chown 1000:1000 db
$ chown 1000:1000 data
Database credentials may edit on ENVIRONMENT on docker-compose.yml or use .env file:
$ cp .env.sample .env
$ vim .env
Add SSH submodule
$ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd
Build and Pull images
$ docker-compose pull
$ docker-compose build
Run
$ docker-compose up -d
$ docker-compose logs -f
Auto update Wordpress
User crontab on your hoster server.
Use this script as template:
#!/bin/bash
echo "Update Wordrpress"
docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"
Wordpress MultiUser Config
wp-config.php
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
Worpress Cerber Config for Proxy Reverse
wp-config.php
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
Nginx Proxy Reverse
Example:
server {
listen 443 ssl http2;
server_name domain.new;
ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
include snippets/xss.conf;
access_log /var/log/nginx/domain.access.log;
location / {
include snippets/proxy_headers.conf;
proxy_pass https://localhost:8243;
proxy_redirect https://localhost:8243 https://domain.new;
}
}
server {
listen 80;
server_name domain.new;
access_log /var/log/nginx/domain.access.log;
return 301 https://$host$request_uri;
}
/etc/nginx/snippets/xss.conf
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
/etc/nginx/snippets/proxy_headers.conf
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;