2022-02-26 20:43:43 +01:00
|
|
|
Simple custom template for a clean Wordpress installation.
|
|
|
|
|
|
|
|
# Config
|
|
|
|
|
|
|
|
Create data directories:
|
|
|
|
|
|
|
|
```
|
2022-02-26 20:59:02 +01:00
|
|
|
$ mkdir db data
|
|
|
|
$ chown 1000:1000 db
|
|
|
|
$ chown 1000:1000 data
|
2022-02-26 20:43:43 +01:00
|
|
|
```
|
|
|
|
|
2022-02-26 20:59:02 +01:00
|
|
|
Database credentials may edit on ENVIRONMENT on docker-compose.yml or use _.env_ file:
|
2022-02-26 20:43:43 +01:00
|
|
|
|
|
|
|
```
|
2022-02-26 20:59:02 +01:00
|
|
|
$ cp .env.sample .env
|
|
|
|
$ vim .env
|
2022-02-26 20:43:43 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
# Add SSH submodule
|
|
|
|
|
|
|
|
```
|
2022-02-26 20:59:02 +01:00
|
|
|
$ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd
|
2022-02-26 20:43:43 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
# Build and Pull images
|
|
|
|
|
2022-02-26 20:59:02 +01:00
|
|
|
```
|
2022-02-26 20:43:43 +01:00
|
|
|
$ docker-compose pull
|
|
|
|
$ docker-compose build
|
2022-02-26 20:59:02 +01:00
|
|
|
```
|
2022-02-26 20:43:43 +01:00
|
|
|
|
|
|
|
# Run
|
|
|
|
|
2022-02-26 20:59:02 +01:00
|
|
|
```
|
2022-02-26 20:43:43 +01:00
|
|
|
$ docker-compose up -d
|
2022-02-26 20:59:02 +01:00
|
|
|
$ docker-compose logs -f
|
|
|
|
```
|
2022-02-26 20:43:43 +01:00
|
|
|
|
|
|
|
# Auto update Wordpress
|
|
|
|
|
|
|
|
User crontab on your hoster server.
|
|
|
|
|
|
|
|
Use this script as template:
|
|
|
|
|
|
|
|
```
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
echo "Update Wordrpress"
|
2022-02-26 20:59:02 +01:00
|
|
|
docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
|
|
|
|
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
|
|
|
|
docker-compose exec wordpress wp core update --path="/app/wordpress/"
|
2022-02-26 20:43:43 +01:00
|
|
|
```
|
2022-03-01 21:24:21 +01:00
|
|
|
|
|
|
|
# Wordpress MultiUser Config
|
|
|
|
|
|
|
|
wp-config.php
|
|
|
|
|
|
|
|
```
|
|
|
|
/* Multisite */
|
|
|
|
define( 'WP_ALLOW_MULTISITE', true );
|
|
|
|
|
|
|
|
define('MULTISITE', true);
|
|
|
|
define('SUBDOMAIN_INSTALL', false);
|
|
|
|
define('DOMAIN_CURRENT_SITE', 'domain.new');
|
|
|
|
define('PATH_CURRENT_SITE', '/');
|
|
|
|
define('SITE_ID_CURRENT_SITE', 1);
|
|
|
|
define('BLOG_ID_CURRENT_SITE', 1);
|
|
|
|
```
|
|
|
|
|
|
|
|
# Worpress Cerber Config for Proxy Reverse
|
|
|
|
|
|
|
|
wp-config.php
|
|
|
|
|
|
|
|
```
|
|
|
|
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
|
|
|
|
```
|
|
|
|
|
|
|
|
# Nginx Proxy Reverse
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name domain.new;
|
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;
|
|
|
|
|
|
|
|
ssl on;
|
|
|
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
|
|
include snippets/xss.conf;
|
|
|
|
|
|
|
|
access_log /var/log/nginx/domain.access.log;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
|
|
|
include snippets/proxy_headers.conf;
|
|
|
|
proxy_pass https://localhost:8243;
|
|
|
|
proxy_redirect https://localhost:8243 https://domain.new;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name domain.new;
|
|
|
|
access_log /var/log/nginx/domain.access.log;
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
/etc/nginx/snippets/xss.conf
|
|
|
|
|
|
|
|
```
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
|
|
|
add_header Referrer-Policy "no-referrer" always;
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
add_header X-Download-Options "noopen" always;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
|
|
add_header X-Robots-Tag "none" always;
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
```
|
|
|
|
|
|
|
|
/etc/nginx/snippets/proxy_headers.conf
|
|
|
|
|
|
|
|
```
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forward-Proto $scheme;
|
|
|
|
proxy_set_header X-Nginx-Proxy true;
|
|
|
|
```
|