Simple custom template for a clean Wordpress installation.

# Config

Create data directories:

```
 $ mkdir db data
 $ chown 1000:1000 db
 $ chown 1000:1000 data
```

Database credentials may edit on ENVIRONMENT on docker-compose.yml or use _.env_ file:

``` 
 $ cp .env.sample .env
 $ vim .env
```

# Add SSH submodule

``` 
 $ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd
```

# Build and Pull images

```
 $ docker-compose pull
 $ docker-compose build
```

# Run

```
 $ docker-compose up -d
 $ docker-compose logs -f
```

# Auto update Wordpress

User crontab on your hoster server.

Use this script as template:

```
#!/bin/bash

echo "Update Wordrpress"
docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"
```

# Wordpress MultiUser Config

wp-config.php

```
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
```

# Worpress Cerber Config for Proxy Reverse

wp-config.php

```
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
```

# Nginx Proxy Reverse 

Example:

```
server {
    	listen 443 ssl http2;
	server_name domain.new;

   	ssl_certificate           /etc/letsencrypt/live/domain.new/fullchain.pem;
    	ssl_certificate_key       /etc/letsencrypt/live/domain.new/privkey.pem;

    	ssl on;
    	ssl_session_cache  builtin:1000  shared:SSL:10m;
    	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    	ssl_prefer_server_ciphers on;

	include snippets/xss.conf;

	access_log            /var/log/nginx/domain.access.log;

        location / {

		include snippets/proxy_headers.conf; 
		proxy_pass          https://localhost:8243;
		proxy_redirect	https://localhost:8243 https://domain.new;
        }
}


server {
    	listen 80;
	server_name domain.new;
	access_log /var/log/nginx/domain.access.log;
  	return 301 https://$host$request_uri;
}

```

/etc/nginx/snippets/xss.conf

```
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
```

/etc/nginx/snippets/proxy_headers.conf

```
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
```