====== Information ======
* WordPress ((https://wordpress.org))
* [[Information:Realm of Espionage]]
* https://blog.realmofespionage.xyz
===== Prerequisites =====
* [[distros:fedora_server|Fedora Server]]
* [[servers:mariadb|MariaDB]]
* [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
* [[servers:nginx:lets_encrypt|Let's Encrypt]]
===== Notes =====
* :!: Do not initiate any updates from the Admin/wp-admin web page as this may cause local file changes and break [[#updater|the automatic update service]]
====== Dependencies ======
* https://wordpress.org/about/requirements/
* https://make.wordpress.org/hosting/handbook/server-environment/#php-extensions
sudo dnf install php-mysqlnd php-xml php-pecl-igbinary php-imagick php-intl php-mbstring php-pecl-zip php-sodium php-bcmath php-gd php-process
====== Download Source ======
****
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/WordPress/WordPress.git' '/var/www/blog' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/blog(/.*)?' && sudo restorecon -F -I -R '/var/www/blog' && sudo chown -R 'nginx':'nginx' '/var/www/blog' && sync
====== Database ======
sudo mariadb
CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* to 'wordpress'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT
====== nginx + PHP-FPM Configuration ======
===== PHP-FPM Socket =====
sudo -e '/etc/php-fpm.d/blog.conf' && sudo systemctl restart 'php-fpm'
[blog]
; User/Group
user = nginx
group = nginx
; Socket
listen = /run/php-fpm/blog.sock
listen.acl_users = nginx
listen.allowed_clients = 127.0.0.1
; Process Management
pm = ondemand
pm.max_children = 4
pm.process_idle_timeout = 30
; Fedora php.ini Defaults
php_value[session.save_handler] = "files"
php_value[session.save_path] = "/var/lib/php/session"
; General
php_value[date.timezone] = "America/New_York"
php_value[max_execution_time] = "200"
php_value[memory_limit] = "512M"
php_value[post_max_size] = "10M"
php_value[upload_max_filesize] = "10M"
php_value[max_file_uploads] = "100"
; End
php_value[upload_tmp_dir] = "/tmp"
===== FastCGI =====
sudo -e '/etc/nginx/default.d/blog.conf'
# PHP-FPM
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/blog.sock;
}
===== Server Block =====
* 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
sudo -e '/etc/nginx/vhosts.d/blog.conf' && sudo systemctl reload 'nginx' && sync
server {
listen '443' 'ssl' 'http2';
server_name 'blog.realmofespionage.xyz';
root '/var/www/blog';
index 'index.php';
include '/etc/nginx/default.d/blog.conf';
include '/etc/nginx/default.d/headers.conf';
client_max_body_size '10M';
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: s.w.org" always;
# access_log /var/log/nginx/media-access.log;
# error_log /var/log/nginx/media-error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
}
====== Initial Setup ======
* https://blog.realmofespionage.xyz
====== Settings ======
* Date Format: Y/m/d
====== Services ======
===== Updater =====
==== Service ====
sudo -e '/etc/systemd/system/blog-up.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/blog' pull origin 'master'
ExecStartPost='/usr/bin/sync'
==== Timer ====
* Every day at ''04:00:00''
sudo -e '/etc/systemd/system/blog-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-up.timer' --now && sudo systemctl start 'blog-up' && sudo systemctl status 'blog-up' -l
[Unit]
Description=WordPress Git Updater
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-* 04:00:00
Persistent=true
[Install]
WantedBy=timers.target
===== Maintenance =====
==== Service ====
sudo -e '/etc/systemd/system/blog-m.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/blog' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/blog' fsck --full --strict
ExecStartPost='/usr/bin/sync'
==== Timer ====
* ''01'' day of every month at ''04:20:00'' ((8-)))
sudo -e '/etc/systemd/system/blog-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-m.timer' --now && sudo systemctl start 'blog-m' && sudo systemctl status 'blog-m' -l
[Unit]
Description=WordPress Maintenance
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-01 04:20:00
Persistent=true
[Install]
WantedBy=timers.target
===== Backup =====
==== Files ====
=== Service ===
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/blog-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/blog-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/www
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/wordpress-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "blog"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* ''01'' day of every month at ''04:35:00''
sudo -e '/etc/systemd/system/blog-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-fb.timer' --now && sudo systemctl start 'blog-fb' && sudo systemctl status 'blog-fb' -l
[Unit]
Description=WordPress Files Backup
[Timer]
OnCalendar=*-*-01 04:35:00
Persistent=true
[Install]
WantedBy=timers.target
==== Database ====
=== Database Auth ===
sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/wordpress' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/wordpress' && sudo chmod '600' '/var/lib/mysql/auth/wordpress' && sync
[mariadb-dump]
user=wordpress
password=x
=== Service ===
mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/blog-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/blog-db.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib/mysql/tmp
ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/wordpress' --single-transaction 'wordpress' -r '/var/lib/mysql/tmp/wordpress.sql'
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/wordpress.sql'
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/wordpress.sql.gz" "/home/CHANGEME/backups/wordpress-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* Every day at ''04:45:00''
sudo -e '/etc/systemd/system/blog-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-db.timer' --now && sudo systemctl start 'blog-db' && sudo systemctl status 'blog-db' -l
[Unit]
Description=WordPress Database Backup
After=mariadb.service
[Timer]
OnCalendar=*-*-* 04:45:00
Persistent=true
[Install]
WantedBy=timers.target
====== Backup ======
* Create backup archive on server and transfer to client computer
===== Server =====
==== Stop Services ====
****
sudo systemctl stop nginx php-fpm
==== Backup Folder ====
****
cd '/var/www' && sudo tar -cvzf ~/'wordpress-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'blog' && cd ~ && sync
==== Backup Database ====
****
sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/wordpress' --single-transaction 'wordpress' -r ~/'wordpress-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
==== Start Services ====
****
sudo systemctl start nginx php-fpm
===== Client =====
==== Transfer Files To Client ====
****
scp espionage724@192.168.1.152:~/'wordpress-files-'*'.tar.gz' espionage724@192.168.1.152:~/'wordpress-database-'*'.sql' ~/'Downloads' && sync
====== Restore ======
===== Client =====
==== Uncompress Database ====
* This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
gunzip ~/'Downloads/wordpress-database-'*'.sql.gz'
==== Transfer Files To Server ====
****
scp ~/'Downloads/wordpress-files-'*'.tar.gz' ~/'Downloads/wordpress-database-'*'.sql' espionage724@192.168.1.152:~
==== Remove Files ====
****
rm -f ~/'Downloads/wordpress-files-'*'.tar.gz' ~/'Downloads/wordpress-database-'*'.sql' && sync
===== Server =====
==== Stop Services ====
****
sudo systemctl stop nginx php-fpm
==== Remove Previous Folder ====
****
sudo rm -Rf '/var/www/blog'
==== Restore WordPress Folder ====
****
cd '/var/www' && sudo tar -xvzf ~/'wordpress-files-'*'.tar.gz' 'blog' && sudo chown -R 'nginx':'nginx' '/var/www/blog' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/blog(/.*)?' && sudo restorecon -F -I -R '/var/www/blog' && cd ~ && sync
==== Drop Previous Database ====
sudo mariadb
DROP DATABASE wordpress;
FLUSH TABLES;
EXIT
==== Re-create Databases ====
sudo mariadb
CREATE DATABASE wordpress;
EXIT
==== Restore Database ====
****
sudo mariadb 'wordpress' < ~/'wordpress-database-'*'.sql' && sync
==== Reapply Permissions ====
sudo mariadb
GRANT ALL PRIVILEGES ON wordpress.* to 'wordpress'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT
==== Start Services ====
****
sudo systemctl start nginx php-fpm
==== Remove Backups ====
* Verify that WordPress works before running
rm ~/'wordpress-files-'*'.tar.gz' ~/'wordpress-database-'*'.sql' && sync