lafundicio-wordpress/README.md

Simple custom template for a clean Wordpress installation.

# Config

Create data directories:

```
 $ mkdir db data
 $ chown 1000:1000 db
 $ chown 1000:1000 data
```

Database credentials may edit on ENVIRONMENT on docker-compose.yml or use _.env_ file:

``` 
 $ cp .env.sample .env
 $ vim .env
```

# Add SSH submodule

``` 
 $ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd
```

# Build and Pull images

```
 $ docker-compose pull
 $ docker-compose build
```

# Run

```
 $ docker-compose up -d
 $ docker-compose logs -f
```

# Auto update Wordpress

User crontab on your hoster server.

Use this script as template:

```
#!/bin/bash

echo "Update Wordrpress"
docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"
```

# Wordpress MultiUser Config

wp-config.php

```
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
```

# Worpress Cerber Config for Proxy Reverse

wp-config.php

```
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
```

# Nginx Proxy Reverse 

Example:

```
server {
    	listen 443 ssl http2;
	server_name domain.new;

   	ssl_certificate           /etc/letsencrypt/live/domain.new/fullchain.pem;
    	ssl_certificate_key       /etc/letsencrypt/live/domain.new/privkey.pem;

    	ssl on;
    	ssl_session_cache  builtin:1000  shared:SSL:10m;
    	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    	ssl_prefer_server_ciphers on;

	include snippets/xss.conf;

	access_log            /var/log/nginx/domain.access.log;

        location / {

		include snippets/proxy_headers.conf; 
		proxy_pass          https://localhost:8243;
		proxy_redirect	https://localhost:8243 https://domain.new;
        }
}


server {
    	listen 80;
	server_name domain.new;
	access_log /var/log/nginx/domain.access.log;
  	return 301 https://$host$request_uri;
}

```

/etc/nginx/snippets/xss.conf

```
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
```

/etc/nginx/snippets/proxy_headers.conf

```
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
```
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			`Simple custom template for a clean Wordpress installation.`

			`# Config`

			`Create data directories:`

			```
Update README 2022-02-26 20:59:02 +01:00			`$ mkdir db data`
			`$ chown 1000:1000 db`
			`$ chown 1000:1000 data`
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			```

Update README 2022-02-26 20:59:02 +01:00			`Database credentials may edit on ENVIRONMENT on docker-compose.yml or use _.env_ file:`
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00
			```
Update README 2022-02-26 20:59:02 +01:00			`$ cp .env.sample .env`
			`$ vim .env`
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			```

			`# Add SSH submodule`

			```
Update README 2022-02-26 20:59:02 +01:00			`$ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd`
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			```

			`# Build and Pull images`

Update README 2022-02-26 20:59:02 +01:00			```
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			`$ docker-compose pull`
			`$ docker-compose build`
Update README 2022-02-26 20:59:02 +01:00			```
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00
			`# Run`

Update README 2022-02-26 20:59:02 +01:00			```
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			`$ docker-compose up -d`
Update README 2022-02-26 20:59:02 +01:00			`$ docker-compose logs -f`
			```
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00
			`# Auto update Wordpress`

			`User crontab on your hoster server.`

			`Use this script as template:`

			```
			`#!/bin/bash`

			`echo "Update Wordrpress"`
Update README 2022-02-26 20:59:02 +01:00			`docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"`
			`docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"`
			`docker-compose exec wordpress wp core update --path="/app/wordpress/"`
Update: SSH/WPCLI/Worpress/... 2022-02-26 20:43:43 +01:00			```
Update: Multisite / Network Wordpress Config 2022-03-01 21:24:21 +01:00
			`# Wordpress MultiUser Config`

			`wp-config.php`

			```
			`/* Multisite */`
			`define( 'WP_ALLOW_MULTISITE', true );`

			`define('MULTISITE', true);`
			`define('SUBDOMAIN_INSTALL', false);`
			`define('DOMAIN_CURRENT_SITE', 'domain.new');`
			`define('PATH_CURRENT_SITE', '/');`
			`define('SITE_ID_CURRENT_SITE', 1);`
			`define('BLOG_ID_CURRENT_SITE', 1);`
			```

			`# Worpress Cerber Config for Proxy Reverse`

			`wp-config.php`

			```
			`define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );`
			```

			`# Nginx Proxy Reverse`

			`Example:`

			```
			`server {`
			`listen 443 ssl http2;`
			`server_name domain.new;`

			`ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;`

			`ssl on;`
			`ssl_session_cache builtin:1000 shared:SSL:10m;`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;`
			`ssl_prefer_server_ciphers on;`

			`include snippets/xss.conf;`

			`access_log /var/log/nginx/domain.access.log;`

			`location / {`

			`include snippets/proxy_headers.conf;`
			`proxy_pass https://localhost:8243;`
			`proxy_redirect https://localhost:8243 https://domain.new;`
			`}`
			`}`


			`server {`
			`listen 80;`
			`server_name domain.new;`
			`access_log /var/log/nginx/domain.access.log;`
			`return 301 https://$host$request_uri;`
			`}`

			```

			`/etc/nginx/snippets/xss.conf`

			```
			`add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;`
			`add_header Referrer-Policy "no-referrer" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-Download-Options "noopen" always;`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Permitted-Cross-Domain-Policies "none" always;`
			`add_header X-Robots-Tag "none" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			```

			`/etc/nginx/snippets/proxy_headers.conf`

			```
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host $host;`

			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forward-Proto $scheme;`
			`proxy_set_header X-Nginx-Proxy true;`
			```