This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
computing:selfhostedwp [2020/04/20 22:28] – oemb1905 | computing:selfhostedwp [2023/06/29 04:40] – oemb1905 | ||
---|---|---|---|
Line 11: | Line 11: | ||
------------------------------------------- | ------------------------------------------- | ||
- | This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/ | + | This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https:// |
- | sudo apt install php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd | + | sudo apt install |
| | ||
- | Or ... | + | Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need as follows: |
| | ||
- | sudo apt-get install | + | sudo apt-get install |
| | ||
- | Okay, let' | + | Apache2 will set up a 000-default.conf automatically and your host should now resolve. Be sure to set up TLS with certbot. Here' |
+ | |||
+ | sudo apt install certbot letsencrypt python3-certbot-apache | ||
+ | sudo certbot --authenticator standalone --installer apache -d wordpress.com --pre-hook " | ||
+ | crontab -e | ||
+ | <30 2 * * 1 / | ||
+ | |||
+ | Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler | ||
| | ||
+ | sudo apt remove libapache2-mod-php --purge | ||
+ | sudo a2enmod ssl | ||
+ | sudo a2enmod headers | ||
+ | sudo a2enmod cache | ||
sudo a2enmod rewrite | sudo a2enmod rewrite | ||
+ | sudo a2enmod setenvif | ||
+ | sudo a2dismod php8.2 | ||
+ | sudo a2dismod mpm_prefork | ||
+ | sudo a2enmod mpm_event | ||
+ | sudo a2enmod proxy | ||
sudo a2enmod proxy_fcgi | sudo a2enmod proxy_fcgi | ||
- | sudo a2enconf | + | sudo a2enconf |
+ | sudo a2enconf php8.2-cgi | ||
sudo apache2ctl configtest | sudo apache2ctl configtest | ||
- | + | | |
- | Move index.php to the top priority as follows: | + | sudo systemctl restart php8.2-fpm |
+ | |||
+ | There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, | ||
+ | |||
+ | < | ||
+ | SetHandler " | ||
+ | </ | ||
+ | |||
+ | That takes care of configuring php-fpm and mpm_event. Before proceeding, navigate to your tld.domain in a web browser and make sure that your site resolves properly. Now, to make sure that your WordPress index.php file resolves properly to display your home page, make sure to move index.php to the top priority as follows: | ||
| | ||
sudo nano / | sudo nano / | ||
< | < | ||
- | | + | |
+ | *** | ||
Optionally, we can install phpmyadmin, and if you do, you should secure as follows: | Optionally, we can install phpmyadmin, and if you do, you should secure as follows: | ||
Line 46: | Line 73: | ||
sudo mysql -u root -p | sudo mysql -u root -p | ||
- | | + | CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; |
- | | + | GRANT ALL ON databasename.* TO ' |
- | | + | FLUSH PRIVILEGES; |
- | | + | EXIT; |
Next up, it is time to allow overrides in your primary apache configuration: | Next up, it is time to allow overrides in your primary apache configuration: | ||
Line 86: | Line 113: | ||
sudo nano / | sudo nano / | ||
| | ||
- | Let's also add the following line to the '' | + | Let's also add the following line to the '' |
sudo nano / | sudo nano / | ||
< | < | ||
- | | ||
- | Plug-ins and other WP services can mess with the '' | ||
- | sudo nano /var/www/site1.com/public_html/.htaccess | + | Visit wordpress site and configure by opening a web browser of your choice and entering |
+ | |||
+ | apt install memcached | ||
+ | nano / | ||
+ | a2enmod cache | ||
| | ||
- | | + | Put this snippet under '' |
+ | |||
+ | sudo systemctl restart proftpd.service | ||
+ | |||
+ | Optimizing and securing | ||
+ | |||
+ | apt install memcached | ||
+ | nano / | ||
+ | a2enmod cache | ||
+ | a2enmod expires | ||
+ | |||
+ | < | ||
+ | ExpiresActive On | ||
+ | ExpiresByType image/jpg " | ||
+ | ExpiresByType image/jpeg " | ||
+ | ExpiresByType image/gif " | ||
+ | ExpiresByType image/png " | ||
+ | ExpiresByType text/css " | ||
+ | ExpiresByType text/html " | ||
+ | ExpiresByType text/ | ||
+ | ExpiresDefault " | ||
+ | </ | ||
+ | |||
+ | Enable re-writes: | ||
+ | |||
+ | a2enmod rewrite | ||
< | < | ||
- | | + | |
- | RewriteBase / | + | |
- | RewriteRule ^index\.php$ - [L] | + | |
- | RewriteCond %{REQUEST_FILENAME} !-f | + | RewriteRule ^index\.php$ - [L] |
- | RewriteCond %{REQUEST_FILENAME} !-d | + | RewriteCond %{REQUEST_FILENAME} !-f |
- | RewriteRule . /index.php [L] | + | RewriteCond %{REQUEST_FILENAME} !-d |
+ | RewriteRule . /index.php [L] | ||
+ | < | ||
+ | Header set Timing-Allow-Origin " | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Enable headers: | ||
+ | |||
+ | a2enmod headers | ||
+ | < | ||
+ | Header always set X-Content-Type-Options " | ||
+ | < | ||
+ | SetEnvIf Origin " | ||
+ | </ | ||
+ | Header set Access-Control-Allow-Origin %{CORS}e env=CORS | ||
+ | Header set Access-Control-Allow-Credentials " | ||
+ | < | ||
+ | Header set X-Frame-Options " | ||
+ | Header set X-XSS-Protection " | ||
+ | Header set X-Download-Options " | ||
+ | Header set X-Permitted-Cross-Domain-Policies " | ||
+ | Header set X-DNS-Prefetch-Control " | ||
+ | Header set Pragma " | ||
+ | Header set Age " | ||
+ | Header set Cache-Control "" | ||
+ | Header set Strict-Transport-Security " | ||
+ | Header set Referrer-Policy "" | ||
+ | Header set Cross-Origin-Embedder-Policy " | ||
+ | Header set Cross-Origin-Opener-Policy " | ||
+ | Header set Report-To ' | ||
+ | Header set Content-Security-Policy " | ||
+ | Header set Referrer-Policy " | ||
+ | Header set Feature-Policy " | ||
+ | </ | ||
</ | </ | ||
- | # END WordPress | ||
- | Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using '' | + | Personally, I don't think anyone should be using ftp or even sftp right now, but many still do. If so, here's how to make an sftp server |
You can optionally require an sftp server instead of using the default installer. | You can optionally require an sftp server instead of using the default installer. | ||
Line 114: | Line 201: | ||
sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | ||
sudo nano / | sudo nano / | ||
+ | a2enmod tls | ||
| | ||
< | < | ||
Line 127: | Line 215: | ||
| | ||
</ | </ | ||
- | | ||
- | Put this snippet under ''# | ||
- | | ||
- | sudo systemctl restart proftpd.service | ||
- | |||
- | Happy hacking! | ||
- | --- //[[oemb1905@jonathanhaack.com|oemb1905]] | + | --- //[[jonathan@haacksnetworking.org|oemb1905]] |