Differences

This shows you the differences between two versions of the page.

--- computing:selfhostedwp [2021/11/20 21:35] – oemb1905
+++ computing:selfhostedwp [2023/06/29 04:29] – oemb1905
@@ Line 11: / Line 11: @@
 -------------------------------------------
-This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux.  This tutorial assumes you already have a LAMP stack with active TLS.  If not, you should read the [[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survival]] tutorial first.  Once you do that, begin with some common php extensions needed for Word Press to function well:
+This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survival]]. Alright, let's install our LAMP stack and required/optional php modules. //Make sure to review what your instance requires and don't install or configure modules you don't need.//
-  sudo apt install php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-mbstring php-imagick php-xml php-xmlrpc wget unzip php-gd php-zip libapache2-mod-php
+  sudo apt install apache2 mariadb-server php8.x php-common php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd php-imagick php-xml php-xmlrpc php-soap php-opcache php-apcu php-bcmath memcached wget unzip
-Or ...
+Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need as follows:
-  sudo apt-get install php7.4-{cgi,cli,zip,mysql,mbstring,intl,fpm,curl,gd,imagick,xml,xmlrpc,gpm}
+  sudo apt-get install php8.2-{common,cgi,cli,zip,mysql,mbstring,intl,fpm,curl,gd,imagick,xml,xmlrpc,gpm,soap,opcache,apcu,bcmath}
-Okay, let's now enable fast cgi and rewrite php modules and then check your config.
+In this particular configuration, I am not using libapache2-mod-php. Instead I am using mpm_event and php-fpm. This is not necessary for many smaller instances or self-hosted scenarios. If you are new to self-hosting, then in addition to the above steps, you should do ''sudo apt install libapache2-mod-php8.x'' and ignore the fpm-based steps below.
+  sudo apt remove libapache2-mod-php --purge
+  sudo a2enmod ssl
+  sudo a2enmod headers
+  sudo a2enmod cache
   sudo a2enmod rewrite
+  sudo a2enmod setenvif
+  sudo a2dismod php8.2
+  sudo a2dismod mpm_prefork
+  sudo a2enmod mpm_event
+  sudo a2enmod proxy
   sudo a2enmod proxy_fcgi
-  sudo a2enconf php7.3-fpm
+  sudo a2enconf php8.2-fpm
+  sudo a2enconf php8.2-cgi
   sudo apache2ctl configtest
+  sudo systemctl restart apache2
+  sudo systemctl restart php8.2-fpm
 Move index.php to the top priority as follows:
@@ Line 46: / Line 58: @@
   sudo mysql -u root -p
-  mysql> CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
+  CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
-  mysql> GRANT ALL ON databasename.* TO 'databaseuser'@'localhost' IDENTIFIED BY 'passwordhere';
+  GRANT ALL ON databasename.* TO 'databaseuser'@'localhost' IDENTIFIED BY 'passwordhere';
-  mysql> FLUSH PRIVILEGES;
+  FLUSH PRIVILEGES;
-  mysql> EXIT;
+  EXIT;
 Next up, it is time to allow overrides in your primary apache configuration:
@@ Line 86: / Line 98: @@
   sudo nano /var/www/site1.com/public_html/wp-config.php
-Let's also add the following line to the ''wp-config.php'' file for updates:
+Let's also add the following line to the ''wp-config.php'' file for updates. Note: //This only needs to be added if you are not using libapachemod sfaik.//
   sudo nano /var/www/site1.com/public_html/wp-config.php
   <define('FS_METHOD','direct');>
-Plug-ins and other WP services can mess with the ''.htaccess'' file often, so use this default configuration below //when that happens//; more templates can be found here:  [[https://codex.wordpress.org/htaccess|WP Codex]]
-  sudo nano /var/www/site1.com/public_html/.htaccess
+Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using ''subdomain.site1.com'', then you should read [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]]. Optimizing WP is a different matter, for caching and header security, and other best practices, consider the following.
+  apt install memcached
+  nano /etc/default/memcached
+  a2enmod cache
-  # BEGIN WordPress
+Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:
+  sudo systemctl restart proftpd.service
+Optimizing and securing WordPress usually boils down to some cache and header settings. Cache and/or page expiry settings:
+  apt install memcached
+  nano /etc/default/memcached
+  a2enmod cache
+  a2enmod expires
+  <IfModule mod_expires.c>
+          ExpiresActive On
+          ExpiresByType image/jpg "access 1 year"
+          ExpiresByType image/jpeg "access 1 year"
+          ExpiresByType image/gif "access 1 year"
+          ExpiresByType image/png "access 1 year"
+          ExpiresByType text/css "access 1 week"
+          ExpiresByType text/html "access 1 month"
+          ExpiresByType text/x-javascript "access 1 week"
+          ExpiresDefault "access 1 month"
+  </IfModule>
+Enable re-writes:
+  a2enmod rewrite
   <IfModule mod_rewrite.c>
-  RewriteEngine On
+          RewriteEngine On
-  RewriteBase /
+          RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-  RewriteRule ^index\.php$ - [L]
+          RewriteBase /
-  RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteRule ^index\.php$ - [L]
-  RewriteCond %{REQUEST_FILENAME} !-d
+          RewriteCond %{REQUEST_FILENAME} !-f
-  RewriteRule . /index.php [L]
+          RewriteCond %{REQUEST_FILENAME} !-d
+          RewriteRule . /index.php [L]
+          <FilesMatch "\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$">
+                  Header set Timing-Allow-Origin "*"
+          </FilesMatch>
   </IfModule>
-  # END WordPress
-Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using ''subdomain.site1.com'', then you should read [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]].
+Enable headers:
+  a2enmod headers
+  <IfModule mod_headers.c>
+          Header always set X-Content-Type-Options "nosniff"
+          <IfModule mod_setenvif.c>
+                  SetEnvIf Origin "^(.+)$" CORS=$0
+          </IfModule>
+          Header set Access-Control-Allow-Origin %{CORS}e env=CORS
+          Header set Access-Control-Allow-Credentials "true" env=CORS
+          <FilesMatch "\.(php|html)$">
+                  Header set X-Frame-Options "ALLOW"
+                  Header set X-XSS-Protection "0"
+                  Header set X-Download-Options "noopen"
+                  Header set X-Permitted-Cross-Domain-Policies "none"
+                  Header set X-DNS-Prefetch-Control "on"
+                  Header set Pragma "no-cache"
+                  Header set Age "0"
+                  Header set Cache-Control ""
+                  Header set Strict-Transport-Security "max-age=0" env=HTTPS
+                  Header set Referrer-Policy ""
+                  Header set Cross-Origin-Embedder-Policy "unsafe-none"
+                  Header set Cross-Origin-Opener-Policy "unsafe-none"
+                  Header set Report-To '{"max_age": 0, "endpoints": [{"url": ""}]}'
+                  Header set Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"
+                  Header set Referrer-Policy "no-referrer-when-downgrade"
+                  Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' https://plaza.pvpfrontier/*"
+          </FilesMatch>
+  </IfModule>
+Personally, I don't think anyone should be using ftp or even sftp right now, but many still do. If so, here's how to make an sftp server for updating WordPress that way:
 You can optionally require an sftp server instead of using the default installer.  Here's an example using proftp, which is still maintained:
@@ Line 114: / Line 186: @@
   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem
   sudo nano /etc/proftpd/proftpd.conf
+  a2enmod tls
   <IfModule mod_tls.c>
@@ Line 127: / Line 200: @@
      TLSOptions NoSessionReuseRequired
   </IfModule>
-Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:
-  sudo systemctl restart proftpd.service
-Happy hacking!
- --- //[[oemb1905@jonathanhaack.com|oemb1905]] 2019/08/09 05:32//
+ --- //[[jonathan@haacksnetworking.org|oemb1905]] 2023/06/29 04:09//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools