Update: Multisite / Network Wordpress Config

This commit is contained in:
Luca 2022-03-01 20:24:21 +00:00
parent 37e404f575
commit 84006b61fc
7 changed files with 125 additions and 96 deletions

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "sshd"]
path = sshd
url = https://git.audio-lab.org/lrullo/sshd.git

View File

@ -1,9 +1,12 @@
FROM registry.sindominio.net/php-fpm
ENV TZ=Europe/Madrid
RUN apt-get update && \
apt-get -qy install \
php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
wget less tar curl ca-certificates &&\
php-mysql php-curl php-gd php-imagick php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
wget less tar curl ca-certificates\
mailutils sendmail &&\
apt-get clean
RUN mkdir -p /app/

View File

@ -51,3 +51,94 @@ docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"
```
# Wordpress MultiUser Config
wp-config.php
```
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
```
# Worpress Cerber Config for Proxy Reverse
wp-config.php
```
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
```
# Nginx Proxy Reverse
Example:
```
server {
listen 443 ssl http2;
server_name domain.new;
ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
include snippets/xss.conf;
access_log /var/log/nginx/domain.access.log;
location / {
include snippets/proxy_headers.conf;
proxy_pass https://localhost:8243;
proxy_redirect https://localhost:8243 https://domain.new;
}
}
server {
listen 80;
server_name domain.new;
access_log /var/log/nginx/domain.access.log;
return 301 https://$host$request_uri;
}
```
/etc/nginx/snippets/xss.conf
```
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
```
/etc/nginx/snippets/proxy_headers.conf
```
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
```

View File

@ -0,0 +1,18 @@
<VirtualHost *:80>
ServerName default
DocumentRoot /app/wordpress
<Directory /app/wordpress>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:fcgi://wordpress:9000"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

View File

@ -1,88 +0,0 @@
server {
listen 80;
root /app/wordpress/;
index index.php;
server_name _;
access_log /var/log/nginx/access.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
access_log off;
log_not_found off;
}
}
server {
listen 443 ssl default_server;
include snippets/snakeoil.conf;
root /app/wordpress/;
index index.php index.html;
server_name _;
access_log /var/log/nginx/access.log;
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
access_log off;
log_not_found off;
}
}

View File

@ -28,11 +28,11 @@ services:
nginx:
image: registry.sindominio.net/nginx
ports:
- ${NGINX_PORT_HTTP}:80
- ${NGINX_PORT_HTTPS}:443
- ${NGINX_PORT_HTTP}:8081
- ${NGINX_PORT_HTTPS}:4443
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/wordpress.conf:/etc/nginx/conf.d/wordpress.conf:ro
- ./config/nginx-wordpress-multisite.conf:/etc/nginx/conf.d/wordpress.conf:ro
- ./data:/app
restart: always

View File

@ -17,8 +17,10 @@ config() {
if [ -n $MYSQL_PASSWORD ]; then sed -i "s:MYSQL_PASSWORD:$MYSQL_PASSWORD:" /app/wordpress/wp-config.php; fi
if [ -n $MYSQL_HOST ]; then sed -i "s:MYSQL_HOST:$MYSQL_HOST:" /app/wordpress/wp-config.php; fi
SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
echo $SALT_KEYS >> /app/wordpress/wp-config.php;
curl -s https://api.wordpress.org/secret-key/1.1/salt | tee -a /app/wordpress/wp-config.php
#SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
#echo $SALT_KEYS >> /app/wordpress/wp-config.php;
}
update() {