Go to file
2022-03-01 20:25:27 +00:00
config Update: Multisite / Network Wordpress Config 2022-03-01 20:25:27 +00:00
.env.sample Update: Multisite / Network Wordpress Config 2022-03-01 20:25:27 +00:00
.gitmodules Update: Multisite / Network Wordpress Config 2022-03-01 20:24:21 +00:00
docker-compose.yml Update: Multisite / Network Wordpress Config 2022-03-01 20:24:21 +00:00
Dockerfile Update: Multisite / Network Wordpress Config 2022-03-01 20:24:21 +00:00
entrypoint.sh Update: Multisite / Network Wordpress Config 2022-03-01 20:24:21 +00:00
README.md Update: Multisite / Network Wordpress Config 2022-03-01 20:24:21 +00:00

Simple custom template for a clean Wordpress installation.

Config

Create data directories:

 $ mkdir db data
 $ chown 1000:1000 db
 $ chown 1000:1000 data

Database credentials may edit on ENVIRONMENT on docker-compose.yml or use .env file:

 $ cp .env.sample .env
 $ vim .env

Add SSH submodule

 $ git submodule add https://git.audio-lab.org/lrullo/sshd.git sshd

Build and Pull images

 $ docker-compose pull
 $ docker-compose build

Run

 $ docker-compose up -d
 $ docker-compose logs -f

Auto update Wordpress

User crontab on your hoster server.

Use this script as template:

#!/bin/bash

echo "Update Wordrpress"
docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"

Wordpress MultiUser Config

wp-config.php

/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

Worpress Cerber Config for Proxy Reverse

wp-config.php

define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );

Nginx Proxy Reverse

Example:

server {
    	listen 443 ssl http2;
	server_name domain.new;

   	ssl_certificate           /etc/letsencrypt/live/domain.new/fullchain.pem;
    	ssl_certificate_key       /etc/letsencrypt/live/domain.new/privkey.pem;

    	ssl on;
    	ssl_session_cache  builtin:1000  shared:SSL:10m;
    	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    	ssl_prefer_server_ciphers on;

	include snippets/xss.conf;

	access_log            /var/log/nginx/domain.access.log;

        location / {

		include snippets/proxy_headers.conf; 
		proxy_pass          https://localhost:8243;
		proxy_redirect	https://localhost:8243 https://domain.new;
        }
}


server {
    	listen 80;
	server_name domain.new;
	access_log /var/log/nginx/domain.access.log;
  	return 301 https://$host$request_uri;
}

/etc/nginx/snippets/xss.conf

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

/etc/nginx/snippets/proxy_headers.conf

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;