Haack's Wiki

User Tools

Site Tools

Trace: miscadmin selfhostedwp nextcloud zfsreminders
computing:selfhostedwp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:selfhostedwp [2025/10/29 22:37] oemb1905computing:selfhostedwp [2026/04/12 15:53] (current) oemb1905
Line 51: Line 51:
  
   <FilesMatch ".+\.ph(ar|p|tml)$">   <FilesMatch ".+\.ph(ar|p|tml)$">
-      SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"+      SetHandler "proxy:unix:/run/php/php8.4-fpm.sock|fcgi://localhost"
   </FilesMatch>   </FilesMatch>
  
Line 140: Line 140:
 After isntalling memcached and enabling those modules, navigate to your web root and adjust your .htaccess as follows: After isntalling memcached and enabling those modules, navigate to your web root and adjust your .htaccess as follows:
  
-  <IfModule mod_expires.c> +<code> 
-          ExpiresActive On +<IfModule mod_expires.c> 
-          ExpiresByType image/jpg "access 1 year" +    ExpiresActive On 
-          ExpiresByType image/jpeg "access 1 year" +    ExpiresByType image/jpg "access 1 year" 
-          ExpiresByType image/gif "access 1 year" +    ExpiresByType image/jpeg "access 1 year" 
-          ExpiresByType image/png "access 1 year" +    ExpiresByType image/gif "access 1 year" 
-          ExpiresByType text/css "access 1 week" +    ExpiresByType image/png "access 1 year" 
-          ExpiresByType text/html "access 1 month" +    ExpiresByType text/css "access 1 week" 
-          ExpiresByType text/x-javascript "access 1 week" +    ExpiresByType text/html "access 1 month" 
-          ExpiresDefault "access 1 month" +    ExpiresByType text/x-javascript "access 1 week" 
-  </IfModule>+    ExpiresDefault "access 1 month" 
 +</IfModule
 +</code>
  
-  <IfModule mod_rewrite.c> +<code> 
-          RewriteEngine On +<IfModule mod_rewrite.c> 
-          RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +    RewriteEngine On 
-          RewriteBase / +    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 
-          RewriteRule ^index\.php$ - [L] +    RewriteBase / 
-          RewriteCond %{REQUEST_FILENAME} !-f +    RewriteRule ^index\.php$ - [L] 
-          RewriteCond %{REQUEST_FILENAME} !-d +    RewriteCond %{REQUEST_FILENAME} !-f 
-          RewriteRule . /index.php [L] +    RewriteCond %{REQUEST_FILENAME} !-d 
-          <FilesMatch "\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$"> +    RewriteRule . /index.php [L] 
-                  Header set Timing-Allow-Origin "*" +    <FilesMatch "\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$"> 
-          </FilesMatch> +        Header set Timing-Allow-Origin "*" 
-  </IfModule>+    </FilesMatch> 
 +</IfModule
 +</code>
  
-  <IfModule mod_headers.c> +<code> 
-          Header always set X-Content-Type-Options "nosniff" +<IfModule mod_headers.c> 
-          <IfModule mod_setenvif.c> +    # X-origin core security headers 
-                  SetEnvIf Origin "^(.+)$CORS=$0 +    Header always set X-Content-Type-Options "nosniff" 
-          </IfModule> +    Header always set X-Frame-Options "SAMEORIGIN
-          Header set Access-Control-Allow-Origin %{CORS}e env=CORS +    Header always set Referrer-Policy "strict-origin-when-cross-origin" 
-          Header set Access-Control-Allow-Credentials "true" env=CORS +    # HSTS 
-          <FilesMatch "\.(php|html)$"> +    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS 
-                  Header set X-Frame-Options "ALLOW+    # Feature Policy 
-                  Header set X-XSS-Protection "0+    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=(), fullscreen=*
-                  Header set X-Download-Options "noopen" +    # Cross Origin Openerand Embedder policies permissive for Gutenberg/iframes 
-                  Header set X-Permitted-Cross-Domain-Policies "none" +    Header always set Cross-Origin-Opener-Policy "same-origin-allow-popups
-                  Header set X-DNS-Prefetch-Control "on" +    Header always set Cross-Origin-Embedder-Policy "unsafe-none
-                  Header set Pragma "no-cache" +    # Cache and download protections; limited to dynamic files 
-                  Header set Age "0" +    <FilesMatch "\.(php|html)$"> 
-                  Header set Cache-Control "+        Header set X-Download-Options "noopen" 
-                  Header set Strict-Transport-Security "max-age=0" env=HTTPS +        Header set X-Permitted-Cross-Domain-Policies "none" 
-                  Header set Referrer-Policy "" +        Header set Pragma "no-cache" 
-                  Header set Cross-Origin-Embedder-Policy "unsafe-none" +        Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0" 
-                  Header set Cross-Origin-Opener-Policy "unsafe-none+    </FilesMatch> 
-                  Header set Report-To '{"max_age": 0, "endpoints": [{"url": ""}]}' +    # Safe CSP for WordPress + Gutenberg  
-                  Header set Content-Security-Policy "default-src data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'" +    <FilesMatch "\.(php|html)$"> 
-                  Header set Referrer-Policy "no-referrer-when-downgrade" +        Header set Content-Security-Policy "default-src 'self' https: data: blob:; 
-                  Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' https://plaza.pvpfrontier/*+            script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 
-          </FilesMatch> +            style-src 'self' https: data: 'unsafe-inline'; \ 
-  </IfModule>+            img-src 'self' https: data: blob:; \ 
 +            font-src 'self' https: data:; \ 
 +            connect-src 'self' https: data: blob:; \ 
 +            frame-src 'self' https: data: blob:; \ 
 +            media-src 'self' https: data: blob:; \ 
 +            object-src 'none'; 
 +            base-uri 'self'; 
 +            form-action 'self'; \ 
 +            upgrade-insecure-requests;
 +    </FilesMatch> 
 +</IfModule
 +</code>
  
 I was getting a stubborn TLS redirect error for images. To address this, I went into ''/wp-content/themes/mytheme/header.php'' and added: I was getting a stubborn TLS redirect error for images. To address this, I went into ''/wp-content/themes/mytheme/header.php'' and added:
Line 226: Line 241:
 Refresh WordPress and it should see the sftp server and allow you to make changes that way. Note: The sftp server is public and anyone can access this with proper credentials even if it not for WordPress so use a proper password and make sure your TLS configuration is working. Your instance should now be pretty solid. The only other thing you might want is more than one WordPress site subdomain, for example, site1.cooldomain.com, site2.cooldomain.com, etc. If that's the case, then hop on over to my [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]] tutorial.  Refresh WordPress and it should see the sftp server and allow you to make changes that way. Note: The sftp server is public and anyone can access this with proper credentials even if it not for WordPress so use a proper password and make sure your TLS configuration is working. Your instance should now be pretty solid. The only other thing you might want is more than one WordPress site subdomain, for example, site1.cooldomain.com, site2.cooldomain.com, etc. If that's the case, then hop on over to my [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]] tutorial. 
  
- --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/10/29 22:36//+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2026/04/12 15:47//
computing/selfhostedwp.1761777448.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki