Update: Multisite / Network Wordpress Config

2022-03-01 20:24:21 +00:00 · 2022-03-01 20:24:21 +00:00 · 84006b61fc
commit 84006b61fc
parent 37e404f575
7 changed files with 125 additions and 96 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "sshd"]
+	path = sshd
+	url = https://git.audio-lab.org/lrullo/sshd.git
--- a/9
+++ b/9
@ -1,9 +1,12 @@
 FROM registry.sindominio.net/php-fpm

+ENV TZ=Europe/Madrid
+
 RUN apt-get update && \
-                apt-get -qy install \
-                  php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
-									wget less tar curl ca-certificates &&\
+    apt-get -qy install \
+    php-mysql php-curl php-gd php-imagick php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
+    wget less tar curl ca-certificates\
+    mailutils sendmail &&\
    apt-get clean

 RUN mkdir -p /app/
--- a/README.md
+++ b/README.md
@ -51,3 +51,94 @@ docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
 docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
 docker-compose exec wordpress wp core update --path="/app/wordpress/"
 ```
+
+# Wordpress MultiUser Config
+
+wp-config.php
+
+```
+/* Multisite */
+define( 'WP_ALLOW_MULTISITE', true );
+
+define('MULTISITE', true);
+define('SUBDOMAIN_INSTALL', false);
+define('DOMAIN_CURRENT_SITE', 'domain.new');
+define('PATH_CURRENT_SITE', '/');
+define('SITE_ID_CURRENT_SITE', 1);
+define('BLOG_ID_CURRENT_SITE', 1);
+```
+
+# Worpress Cerber Config for Proxy Reverse
+
+wp-config.php
+
+```
+define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
+```
+
+# Nginx Proxy Reverse 
+
+Example:
+
+```
+server {
+    	listen 443 ssl http2;
+	server_name domain.new;
+
+   	ssl_certificate           /etc/letsencrypt/live/domain.new/fullchain.pem;
+    	ssl_certificate_key       /etc/letsencrypt/live/domain.new/privkey.pem;
+
+    	ssl on;
+    	ssl_session_cache  builtin:1000  shared:SSL:10m;
+    	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+    	ssl_prefer_server_ciphers on;
+
+	include snippets/xss.conf;
+
+	access_log            /var/log/nginx/domain.access.log;
+
+        location / {
+
+		include snippets/proxy_headers.conf; 
+		proxy_pass          https://localhost:8243;
+		proxy_redirect	https://localhost:8243 https://domain.new;
+        }
+}
+
+
+server {
+    	listen 80;
+	server_name domain.new;
+	access_log /var/log/nginx/domain.access.log;
+  	return 301 https://$host$request_uri;
+}
+
+```
+
+/etc/nginx/snippets/xss.conf
+
+```
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    add_header Referrer-Policy                      "no-referrer"   always;
+    add_header X-Content-Type-Options               "nosniff"       always;
+    add_header X-Download-Options                   "noopen"        always;
+    add_header X-Frame-Options                      "SAMEORIGIN"    always;
+    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+    add_header X-Robots-Tag                         "none"          always;
+    add_header X-XSS-Protection                     "1; mode=block" always;
+```
+
+/etc/nginx/snippets/proxy_headers.conf
+
+```
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_set_header Host $host;
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forward-Proto $scheme;
+proxy_set_header X-Nginx-Proxy true;
+``` 
--- a/config/apache-wordpress.conf
+++ b/config/apache-wordpress.conf
@ -0,0 +1,18 @@
+<VirtualHost *:80>
+    ServerName default
+    DocumentRoot /app/wordpress
+ 
+    <Directory /app/wordpress>
+        Options -Indexes +FollowSymLinks +MultiViews
+        AllowOverride All
+        Require all granted
+    </Directory>
+ 
+    <FilesMatch \.php$>
+        # 2.4.10+ can proxy to unix socket
+        SetHandler "proxy:fcgi://wordpress:9000"
+    </FilesMatch>
+ 
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
--- a/config/wordpress.conf
+++ b/config/wordpress.conf
@ -1,88 +0,0 @@
-  server {
-	listen 80;
-	
-        root /app/wordpress/;
-
-        index index.php;
-
-        server_name _;
-
-        access_log /var/log/nginx/access.log;
-
-	location = /favicon.ico {
-                log_not_found off;
-                access_log off;
-        }
-
-        location = /robots.txt {
-                allow all;
-                log_not_found off;
-                access_log off;
-        }
-
-        location / {
-                try_files $uri $uri/ /index.php?$args;
-        }
-
-        location ~ \.php$ {
-		try_files $uri /index.php =404;
-		fastcgi_pass  wordpress:9000;
-		fastcgi_index index.php;
-		include fastcgi_params;
-								
-		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-		set $path_info $fastcgi_path_info;
-		fastcgi_param PATH_INFO $path_info;
-                fastcgi_param REMOTE_ADDR $http_x_real_ip;
-                fastcgi_read_timeout 300; 
-		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        }
-
- 	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
-                expires max;
-                access_log off;
-                log_not_found off;
-        }
-
-  }
-
-
-  server {
-	listen 443 ssl default_server;
-	
-	include snippets/snakeoil.conf;
-
-        root /app/wordpress/;
-
-        index index.php index.html;
-
-        server_name _;
-
-        access_log /var/log/nginx/access.log;
-
-        location / {
-                try_files $uri $uri/ /index.php?$args ;
-        }
-
-        location ~ \.php$ {
-								try_files $uri /index.php =404;
-								fastcgi_pass  wordpress:9000;
-								fastcgi_index index.php;
-								include        fastcgi_params;
-								
-								fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-								set $path_info $fastcgi_path_info;
-								fastcgi_param PATH_INFO $path_info;
-                fastcgi_param REMOTE_ADDR $http_x_real_ip;
-                fastcgi_read_timeout 300; 
-								fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        }
-
-			  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
-                expires max;
-                access_log off;
-                log_not_found off;
-        }
-
-  }
-
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -28,11 +28,11 @@ services:
  nginx:
    image: registry.sindominio.net/nginx
    ports:
-      - ${NGINX_PORT_HTTP}:80
-      - ${NGINX_PORT_HTTPS}:443
+        - ${NGINX_PORT_HTTP}:8081
+        - ${NGINX_PORT_HTTPS}:4443
    volumes:
      - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./config/wordpress.conf:/etc/nginx/conf.d/wordpress.conf:ro
+      - ./config/nginx-wordpress-multisite.conf:/etc/nginx/conf.d/wordpress.conf:ro
      - ./data:/app
    restart: always

--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -17,8 +17,10 @@ config() {
 	if [ -n $MYSQL_PASSWORD ]; then sed -i "s:MYSQL_PASSWORD:$MYSQL_PASSWORD:" /app/wordpress/wp-config.php; fi
 	if [ -n $MYSQL_HOST ]; then sed -i "s:MYSQL_HOST:$MYSQL_HOST:" /app/wordpress/wp-config.php; fi

-	SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
-	echo $SALT_KEYS >> /app/wordpress/wp-config.php;
+	curl -s https://api.wordpress.org/secret-key/1.1/salt | tee -a /app/wordpress/wp-config.php
+
+	#SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
+	#echo $SALT_KEYS >> /app/wordpress/wp-config.php;
 }

 update() {