User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
computing:selfhostedwp [2019/08/18 15:42] oemb1905computing:selfhostedwp [2023/06/22 23:09] oemb1905
Line 11: Line 11:
 ------------------------------------------- -------------------------------------------
-This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux.  This tutorial assumes you already have a LAMP stack with active TLS.  If not, you should read the [[|Apache Survival]] tutorial first.  Once you do that, begin with some common php extensions needed for Word Press to function:+This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux.  This tutorial assumes you already have a LAMP stack with active TLS.  If not, you should read the [[|Apache Survival]] tutorial first.  Once you do that, begin with some common php extensions needed for Word Press to function well:
-  sudo apt install php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-mbstring php-imagick php-xml php-xmlrpc wget unzip php-gd php-zip+  sudo apt install php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-mbstring php-imagick php-xml php-xmlrpc wget unzip php-gd php-zip libapache2-mod-php 
 +Or ... 
 +  sudo apt-get install php7.4-{cgi,cli,zip,mysql,mbstring,intl,fpm,curl,gd,imagick,xml,xmlrpc,gpm}
 Okay, let's now enable fast cgi and rewrite php modules and then check your config. Okay, let's now enable fast cgi and rewrite php modules and then check your config.
Line 42: Line 46:
   sudo mysql -u root -p   sudo mysql -u root -p
-  mysql> CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; +  CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; 
-  mysql> GRANT ALL ON databasename.* TO 'databaseuser'@'localhost' IDENTIFIED BY 'passwordhere'; +  GRANT ALL ON databasename.* TO 'databaseuser'@'localhost' IDENTIFIED BY 'passwordhere'; 
-  mysql> EXIT;+  EXIT;
 Next up, it is time to allow overrides in your primary apache configuration: Next up, it is time to allow overrides in your primary apache configuration:
Line 82: Line 86:
   sudo nano /var/www/   sudo nano /var/www/
-Let's also add the following line to the ''wp-config.php'' file for updates:+Let's also add the following line to the ''wp-config.php'' file for updates. Note//This only needs to be added if you are not using libapachemod sfaik.//
   sudo nano /var/www/   sudo nano /var/www/
   <define('FS_METHOD','direct');>   <define('FS_METHOD','direct');>
-Plug-ins and other WP services can mess with the ''.htaccess'' file often, so use this default configuration below //when that happens//; more templates can be found here:  [[|WP Codex]] 
-  sudo nano /var/www/ wordpress site and configure by opening a web browser of your choice and entering If you need more than one site, but do not want to set up a separate virtual host, for example using '''', then you should read [[|Word Press Multisite]]. Optimizing WP is a different matter, for caching and header security, and other best practices, consider the following. 
 +  apt install memcached 
 +  nano /etc/default/memcached 
 +  a2enmod cache
-  BEGIN WordPress+Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:   
 +  sudo systemctl restart proftpd.service 
 +Optimizing and securing WordPress usually boils down to some cache and header settings. Cache and/or page expiry settings: 
 +  apt install memcached 
 +  nano /etc/default/memcached 
 +  a2enmod cache 
 +  a2enmod expires 
 +  <IfModule mod_expires.c> 
 +          ExpiresActive On 
 +          ExpiresByType image/jpg "access 1 year" 
 +          ExpiresByType image/jpeg "access 1 year" 
 +          ExpiresByType image/gif "access 1 year" 
 +          ExpiresByType image/png "access 1 year" 
 +          ExpiresByType text/css "access 1 week" 
 +          ExpiresByType text/html "access 1 month" 
 +          ExpiresByType text/x-javascript "access 1 week" 
 +          ExpiresDefault "access 1 month" 
 +  </IfModule> 
 +Enable re-writes: 
 +  a2enmod rewrite
   <IfModule mod_rewrite.c>   <IfModule mod_rewrite.c>
-  RewriteEngine On +          RewriteEngine On 
-  RewriteBase / +          RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 
-  RewriteRule ^index\.php$ - [L] +          RewriteBase / 
-  RewriteCond %{REQUEST_FILENAME} !-f +          RewriteRule ^index\.php$ - [L] 
-  RewriteCond %{REQUEST_FILENAME} !-d +          RewriteCond %{REQUEST_FILENAME} !-f 
-  RewriteRule . /index.php [L]+          RewriteCond %{REQUEST_FILENAME} !-d 
 +          RewriteRule . /index.php [L] 
 +          <FilesMatch "\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$"> 
 +                  Header set Timing-Allow-Origin "*" 
 +          </FilesMatch>
   </IfModule>   </IfModule>
-  # END WordPress 
-Visit wordpress site and configure by opening a web browser of your choice and entering site1.comIf you need more than one site, but do not want to set up a separate virtual hostfor example using '''', then you should read [[|Word Press Multisite]].  +Enable headers: 
 +  a2enmod headers 
 +  <IfModule mod_headers.c> 
 +          Header always set X-Content-Type-Options "nosniff" 
 +          <IfModule mod_setenvif.c> 
 +                  SetEnvIf Origin "^(.+)$" CORS=$0 
 +          </IfModule> 
 +          Header set Access-Control-Allow-Origin %{CORS}e env=CORS 
 +          Header set Access-Control-Allow-Credentials "true" env=CORS 
 +          <FilesMatch "\.(php|html)$"> 
 +                  Header set X-Frame-Options "ALLOW" 
 +                  Header set X-XSS-Protection "0" 
 +                  Header set X-Download-Options "noopen" 
 +                  Header set X-Permitted-Cross-Domain-Policies "none" 
 +                  Header set X-DNS-Prefetch-Control "on" 
 +                  Header set Pragma "no-cache" 
 +                  Header set Age "0" 
 +                  Header set Cache-Control "" 
 +                  Header set Strict-Transport-Security "max-age=0" env=HTTPS 
 +                  Header set Referrer-Policy "" 
 +                  Header set Cross-Origin-Embedder-Policy "unsafe-none" 
 +                  Header set Cross-Origin-Opener-Policy "unsafe-none" 
 +                  Header set Report-To '{"max_age": 0"endpoints": [{"url": ""}]}' 
 +                  Header set Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'" 
 +                  Header set Referrer-Policy "no-referrer-when-downgrade" 
 +                  Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' https://plaza.pvpfrontier/*" 
 +          </FilesMatch> 
 +  </IfModule> 
 +Personally, I don't think anyone should be using ftp or even sftp right now, but many still doIf so, here's how to make an sftp server for updating WordPress that way:
 You can optionally require an sftp server instead of using the default installer.  Here's an example using proftp, which is still maintained: You can optionally require an sftp server instead of using the default installer.  Here's an example using proftp, which is still maintained:
Line 110: Line 174:
   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem
   sudo nano /etc/proftpd/proftpd.conf   sudo nano /etc/proftpd/proftpd.conf
 +  a2enmod tls
   <IfModule mod_tls.c>   <IfModule mod_tls.c>
Line 123: Line 188:
      TLSOptions NoSessionReuseRequired      TLSOptions NoSessionReuseRequired
   </IfModule>   </IfModule>
-Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:   
-  sudo systemctl restart proftpd.service 
-Happy hacking! 
- --- //[[|oemb1905]] 2019/08/09 05:32//+ --- //[[|oemb1905]] 2023/06/22 17:00//
computing/selfhostedwp.txt · Last modified: 2023/12/16 20:33 by oemb1905