This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
computing:selfhostedwp [2023/06/10 05:09] – oemb1905 | computing:selfhostedwp [2023/06/29 04:58] – oemb1905 | ||
---|---|---|---|
Line 11: | Line 11: | ||
------------------------------------------- | ------------------------------------------- | ||
- | This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/ | + | This tutorial is for setting up a self-hosted WordPress instance on Debian GNU/Linux. This tutorial assumes you have some familiarity setting up a LAMP stack. If you need help with that, check out [[https:// |
- | sudo apt install php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-curl php-gd | + | sudo apt install |
| | ||
- | Or ... | + | Sometimes dpkg can choose which version of php you want and it's not always the version you want. In those cases, you can explicitly specify the version you need as follows: |
| | ||
- | sudo apt-get install | + | sudo apt-get install |
| | ||
- | Okay, let's now enable fast cgi and rewrite php modules and then check your config. | + | Apache2 will set up a 000-default.conf automatically |
+ | |||
+ | sudo apt install certbot letsencrypt python3-certbot-apache | ||
+ | sudo certbot --authenticator standalone --installer apache -d wordpress.com --pre-hook " | ||
+ | crontab -e | ||
+ | <30 2 * * 1 / | ||
| | ||
+ | Once you have the LAMP stack setup and TLS properly configured, it's time to make some decisions on your php handler and your apache2 multi-processing module (mpm). There' | ||
+ | | ||
+ | sudo apt remove libapache2-mod-php --purge | ||
+ | sudo a2enmod ssl | ||
+ | sudo a2enmod headers | ||
+ | sudo a2enmod cache | ||
sudo a2enmod rewrite | sudo a2enmod rewrite | ||
+ | sudo a2enmod setenvif | ||
+ | sudo a2dismod php8.2 | ||
+ | sudo a2dismod mpm_prefork | ||
+ | sudo a2enmod mpm_event | ||
+ | sudo a2enmod proxy | ||
sudo a2enmod proxy_fcgi | sudo a2enmod proxy_fcgi | ||
- | sudo a2enconf | + | sudo a2enconf |
+ | sudo a2enconf php8.2-cgi | ||
sudo apache2ctl configtest | sudo apache2ctl configtest | ||
- | | + | sudo systemctl restart |
- | Move index.php to the top priority as follows: | + | |
- | + | ||
- | | + | |
- | | + | |
- | + | ||
- | Optionally, we can install phpmyadmin, and if you do, you should secure as follows: | + | |
+ | There are two standard ways to configure php-fpm. One of those is to use ProxyPassReverse, | ||
+ | |||
+ | < | ||
+ | SetHandler " | ||
+ | </ | ||
+ | |||
+ | That takes care of configuring php-fpm and mpm_event. Before proceeding, navigate to your tld.domain in a web browser and make sure that your site resolves properly. If it does not, then you should debug your setup. To do that, there' | ||
+ | |||
+ | sudo apt install phpmyadmin | ||
sudo htpasswd -c / | sudo htpasswd -c / | ||
- | sudo nano / | + | sudo nano / |
- | + | ||
- | Enter the following in the file that opens: | + | |
- | + | ||
< | < | ||
< | < | ||
< | < | ||
<Require valid-user> | <Require valid-user> | ||
+ | |||
+ | If you don't need phpmyadmin, you can optionally make a phpinfo page instead: | ||
+ | |||
+ | sudo nano / | ||
+ | sudo htpasswd -c / | ||
+ | sudo nano / | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <Require valid-user> | ||
+ | |||
+ | Now, to make sure that your WordPress index.php file resolves properly to display your home page, make sure to move index.php to the top priority as follows: | ||
| | ||
+ | sudo nano / | ||
+ | < | ||
+ | |||
Close and save the file. Let's set up a database now for the WordPress instance: | Close and save the file. Let's set up a database now for the WordPress instance: | ||
Line 86: | Line 119: | ||
sudo nano / | sudo nano / | ||
| | ||
- | Let's also add the following line to the '' | + | Let's also add the following line to the '' |
sudo nano / | sudo nano / | ||
< | < | ||
- | | ||
- | Plug-ins and other WP services can mess with the '' | ||
- | sudo nano /var/www/site1.com/public_html/.htaccess | + | Visit wordpress site and configure by opening a web browser of your choice and entering |
+ | |||
+ | apt install memcached | ||
+ | nano / | ||
+ | a2enmod cache | ||
| | ||
- | | + | Put this snippet under '' |
+ | |||
+ | sudo systemctl restart proftpd.service | ||
+ | |||
+ | Optimizing and securing | ||
+ | |||
+ | apt install memcached | ||
+ | nano / | ||
+ | a2enmod cache | ||
+ | a2enmod expires | ||
+ | |||
+ | < | ||
+ | ExpiresActive On | ||
+ | ExpiresByType image/jpg " | ||
+ | ExpiresByType image/jpeg " | ||
+ | ExpiresByType image/gif " | ||
+ | ExpiresByType image/png " | ||
+ | ExpiresByType text/css " | ||
+ | ExpiresByType text/html " | ||
+ | ExpiresByType text/ | ||
+ | ExpiresDefault " | ||
+ | </ | ||
+ | |||
+ | Enable re-writes: | ||
+ | |||
+ | a2enmod rewrite | ||
< | < | ||
- | | + | |
- | RewriteBase / | + | |
- | RewriteRule ^index\.php$ - [L] | + | |
- | RewriteCond %{REQUEST_FILENAME} !-f | + | RewriteRule ^index\.php$ - [L] |
- | RewriteCond %{REQUEST_FILENAME} !-d | + | RewriteCond %{REQUEST_FILENAME} !-f |
- | RewriteRule . /index.php [L] | + | RewriteCond %{REQUEST_FILENAME} !-d |
+ | RewriteRule . /index.php [L] | ||
+ | < | ||
+ | Header set Timing-Allow-Origin " | ||
+ | </ | ||
</ | </ | ||
- | # END WordPress | ||
- | Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using '' | + | Enable headers: |
- | | + | |
+ | < | ||
+ | Header always set X-Content-Type-Options " | ||
+ | < | ||
+ | SetEnvIf Origin " | ||
+ | </ | ||
+ | Header set Access-Control-Allow-Origin %{CORS}e env=CORS | ||
+ | Header set Access-Control-Allow-Credentials " | ||
+ | < | ||
+ | Header set X-Frame-Options " | ||
+ | Header set X-XSS-Protection " | ||
+ | Header set X-Download-Options " | ||
+ | Header set X-Permitted-Cross-Domain-Policies " | ||
+ | Header set X-DNS-Prefetch-Control " | ||
+ | Header set Pragma " | ||
+ | Header set Age " | ||
+ | Header set Cache-Control "" | ||
+ | Header set Strict-Transport-Security " | ||
+ | Header set Referrer-Policy "" | ||
+ | Header set Cross-Origin-Embedder-Policy " | ||
+ | Header set Cross-Origin-Opener-Policy " | ||
+ | Header set Report-To ' | ||
+ | Header set Content-Security-Policy " | ||
+ | Header set Referrer-Policy " | ||
+ | Header set Feature-Policy " | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Personally, I don't think anyone should be using ftp or even sftp right now, but many still do. If so, here's how to make an sftp server for updating WordPress that way: | ||
You can optionally require an sftp server instead of using the default installer. | You can optionally require an sftp server instead of using the default installer. | ||
Line 116: | Line 207: | ||
sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem | ||
sudo nano / | sudo nano / | ||
+ | a2enmod tls | ||
| | ||
< | < | ||
Line 129: | Line 221: | ||
| | ||
</ | </ | ||
- | | ||
- | Put this snippet under ''# | ||
- | | ||
- | sudo systemctl restart proftpd.service | ||
- | |||
- | Happy hacking! | ||
- | --- //[[oemb1905@jonathanhaack.com|oemb1905]] | + | --- //[[jonathan@haacksnetworking.org|oemb1905]] |