Differences

This shows you the differences between two versions of the page.

--- servers:bsd:nginx:wordpress [2025/05/16 19:44] – Sean Rhone
+++ servers:bsd:nginx:wordpress [2026/01/15 03:41] (current) – [Database] Sean Rhone
@@ Line 2: / Line 2: @@
   * WordPress ((https://wordpress.org))
-  * [[Information:Realm of Espionage]]
+  * [[information:realm_of_espionage|Realm of Espionage]]
   * https://blog.realmofespionage.xyz
-  * 2025/05/16: WIP
 ===== Prerequisites =====
-  * [[bsd:server:freebsd_14.2|FreeBSD 14.2]]
+  * [[bsd:server:freebsd_16.0|FreeBSD 16.0]]
+  * [[servers:bsd:freenginx_php_php-fpm|freenginx + PHP + PHP-FPM]]
+  * [[servers:bsd:nginx:lets_encrypt|Certbot (Let's Encrypt)]]
   * [[servers:bsd:mariadb|MariaDB]]
-  * [[servers:bsd:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
-  * [[servers:bsd:nginx:lets_encrypt|Let's Encrypt]]
 ====== Dependencies ======
@@ Line 21: / Line 19: @@
   su -
-  pkg install git-lite php84-mysqli php84-intl php84-mbstring php84-xml
+  pkg install git-lite php85-mysqli php85-intl php85-mbstring php85-xml php85-curl php85-dom php85-zlib php85-sodium php85-fileinfo php85-zip php85-iconv
 ====== Download Source ======
+  * https://github.com/WordPress/WordPress/commits/master/
   su -
-  git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/WordPress/WordPress.git' '/usr/local/www/blog' && chown -R 'www':'www' '/usr/local/www/blog' && sync
+  git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/WordPress/WordPress.git' '/usr/local/www/blog' && chown -R 'www':'www' '/usr/local/www/blog'
 ====== Database ======
-  mariadb -u 'root' -p
+  su -
+  mariadb
   CREATE DATABASE wordpress;
@@ Line 39: / Line 41: @@
   GRANT ALL PRIVILEGES ON wordpress.* to wordpress@localhost;
-  FLUSH PRIVILEGES;
+  FLUSH PRIVILEGES;EXIT;
-  EXIT
 ====== nginx + PHP-FPM Configuration ======
@@ Line 49: / Line 49: @@
   su -
-  ee '/usr/local/etc/php-fpm.d/blog.conf' && service 'php_fpm' restart
+  ee '/usr/local/etc/php-fpm.d/blog.conf' && service 'php_fpm' reload
 <code>
@@ Line 55: / Line 55: @@
 ; User/Group
-user = www
+user = "www"
-group = www
+group = "www"
 ; Socket
-listen = 127.0.0.1:9004
+listen = "127.0.0.1:9004"
-listen.allowed_clients = 127.0.0.1
+listen.allowed_clients = "127.0.0.1"
 ; Process Management
-pm = ondemand
+pm = "ondemand"
-pm.max_children = 4
+pm.max_children = "4"
-pm.process_idle_timeout = 30
+pm.process_idle_timeout = "30"
+; Logging
+php_value[log_errors] = "Off"
+php_value[error_reporting] = "~E_ALL"
+php_value[display_errors] = "Off"
+php_value[display_startup_errors] = "Off"
+php_value[html_errors] = "Off"
 ; General
 php_value[date.timezone] = "America/New_York"
+; WordPress
+php_value[post_max_size] = "10M"
+php_value[upload_max_filesize] = "10M"
 ; End</code>
@@ Line 76: / Line 87: @@
   su -
-  ee '/usr/local/etc/nginx/default.d/blog.conf'
+  ee '/usr/local/etc/freenginx/default.d/blog.conf'
 <code>
-# PHP-FPM
+location '~' '\.(php|phar)(/.*)?$' {
-location ~ \.(php|phar)(/.*)?$ {
+ fastcgi_split_path_info '^(.+\.(?:php|phar))(/.*)$';
-    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
+ fastcgi_intercept_errors 'on';
-    fastcgi_intercept_errors on;
+ fastcgi_index 'index.php';
-    fastcgi_index index.php;
+ include 'fastcgi_params';
-    include fastcgi_params;
+ fastcgi_param 'SCRIPT_FILENAME' '$document_root$fastcgi_script_name';
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param 'PATH_INFO' '$fastcgi_path_info';
-    fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param 'HTTPS' 'on';
-    fastcgi_param HTTPS on;
-    fastcgi_pass 127.0.0.1:9004;
+ fastcgi_pass '127.0.0.1:9004';
 }
@@ Line 95: / Line 106: @@
 ===== Server Block =====
-  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
+  su -
-  sudo -e '/etc/nginx/vhosts.d/blog.conf' && sudo systemctl reload 'nginx' && sync
+  ee '/usr/local/etc/freenginx/vhosts.d/blog.conf' && service 'nginx' reload
 <code>
 server {
-    listen '443' 'ssl' 'http2';
+ listen '443' 'ssl';
-    server_name 'blog.realmofespionage.xyz';
+ http2 'on';
-    root '/var/www/blog';
+ server_name 'blog.realmofespionage.xyz';
-    index 'index.php';
+ root '/usr/local/www/blog';
+ index 'index.php';
-    include '/etc/nginx/default.d/blog.conf';
+ include '/usr/local/etc/freenginx/default.d/blog.conf';
-    include '/etc/nginx/default.d/headers.conf';
+ include '/usr/local/etc/freenginx/default.d/headers.conf';
-    client_max_body_size '10M';
+ client_max_body_size '10M';
-#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: s.w.org" always;
+# access_log '/var/log/nginx/blog-access.log';
+# error_log '/var/log/nginx/blog-error.log';
-#    access_log  /var/log/nginx/media-access.log;
+ location '/' {
-#    error_log  /var/log/nginx/media-error.log;
+  try_files '$uri' '$uri/' '/index.php?$args';
+ }
-    location / {
+ rewrite '/wp-admin$' '$scheme://$host$uri/' 'permanent';
-        try_files $uri $uri/ /index.php?$args;
+}
-    }
-    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+# End</code>
-    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-          access_log off; log_not_found off; expires max;
-    }
-}</code>
 ====== Initial Setup ======
   * https://blog.realmofespionage.xyz
+  * Database Host: ''127.0.0.1''
 ====== Settings ======
@@ Line 135: / Line 144: @@
   * Date Format: Y/m/d
-====== Services ======
+===== wp-config.php =====
-===== Updater =====
+  * https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
+  * https://developer.wordpress.org/advanced-administration/wordpress/wp-config/
+  * ''SCRIPT_DEBUG'' at ''true'' loads non-minified scripts/CSS ([[https://github.com/WordPress/WordPress/blob/master/wp-includes/script-loader.php#L6|source]]) ((2026/01/06: Fixed 2025 theme loading odd buttons in header))
-==== Service ====
+  * :!: Change ''DB_PASSWORD''
-  sudo -e '/etc/systemd/system/blog-up.service'
+  su -
+  su -m 'www' -c "ee '/usr/local/www/blog/wp-config.php'" && clear
 <code>
-[Service]
+<?php
-User=nginx
-Group=nginx
-Type=oneshot
-ExecStart='/usr/bin/git' -C '/var/www/blog' pull origin 'master'
-ExecStartPost='/usr/bin/sync'</code>
-==== Timer ====
+define( 'DB_NAME', 'wordpress' );
+define( 'DB_USER', 'wordpress' );
+define( 'DB_PASSWORD', 'x' );
+define( 'DB_HOST', '127.0.0.1' );
+define( 'DB_CHARSET', 'utf8mb4' );
+$table_prefix = 'wp_';
-  * Every day at ''04:00:00''
+define( 'AUTOMATIC_UPDATER_DISABLED', true );
+define( 'WP_DEBUG', false );
+define( 'WP_DEBUG_DISPLAY', false );
-  sudo -e '/etc/systemd/system/blog-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-up.timer' --now && sudo systemctl start 'blog-up' && sudo systemctl status 'blog-up' -l
+define( 'SCRIPT_DEBUG', true );
-<code>
+if ( ! defined( 'ABSPATH' ) ) {
-[Unit]
+        define( 'ABSPATH', __DIR__ . '/' );
-Description=WordPress Git Updater
+}
-After=network-online.target
-Wants=network-online.target
-[Timer]
+require_once ABSPATH . 'wp-settings.php';
-OnCalendar=*-*-* 04:00:00
-Persistent=true
-[Install]
+// End</code>
-WantedBy=timers.target</code>
-===== Maintenance =====
+====== Scripts ======
-==== Service ====
+===== Updater =====
-  sudo -e '/etc/systemd/system/blog-m.service'
+  mkdir -p ~/'.local/scripts/www/blog' && ee ~/'.local/scripts/www/blog/updater.sh' && chmod +x ~/'.local/scripts/www/blog/updater.sh'
 <code>
-[Service]
+#!/bin/sh
-User=nginx
-Group=nginx
-Type=oneshot
-ExecStart='/usr/bin/git' -C '/var/www/blog' gc --aggressive --prune='all'
-ExecStart='/usr/bin/git' -C '/var/www/blog' fsck --full --strict
-ExecStartPost='/usr/bin/sync'</code>
-==== Timer ====
+cd '/tmp'
-  * ''01'' day of every month at ''04:20:00'' ((8-)))
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' reset --hard 'origin/master'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' pull 'origin' 'master' --rebase"
-  sudo -e '/etc/systemd/system/blog-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-m.timer' --now && sudo systemctl start 'blog-m' && sudo systemctl status 'blog-m' -l
+'/bin/sync'
-<code>
+# End</code>
-[Unit]
-Description=WordPress Maintenance
-After=network-online.target
-Wants=network-online.target
-[Timer]
+  su 'root' -c ~/'.local/scripts/www/blog/updater.sh'
-OnCalendar=*-*-01 04:20:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
 ===== Backup =====
-==== Files ====
+  mkdir -p ~/'backups' ~/'.local/scripts/www/blog' && ee ~/'.local/scripts/www/blog/backup.sh' && chmod +x ~/'.local/scripts/www/blog/backup.sh'
-=== Service ===
-  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/blog-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/blog-fb.service'
 <code>
-[Service]
+#!/bin/sh
-Type=oneshot
-WorkingDirectory=/var/www
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/wordpress-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "blog"'
-ExecStartPost='/usr/bin/sync'</code>
-=== Timer ===
+cd '/tmp'
-  * ''01'' day of every month at ''04:35:00''
+'/usr/bin/tar' -czf '/home/espionage724/backups/wordpress-files-auto-'$(date +%Y-%m-%d)'.tar.gz' -C '/usr/local/www' 'blog'
-  sudo -e '/etc/systemd/system/blog-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-fb.timer' --now && sudo systemctl start 'blog-fb' && sudo systemctl status 'blog-fb' -l
+'/usr/local/bin/mariadb-dump' --single-transaction --quick 'wordpress' -r '/home/espionage724/backups/wordpress-database-auto-'$(date +%Y-%m-%d)'.sql'
-<code>
+'/bin/sync'
-[Unit]
-Description=WordPress Files Backup
-[Timer]
+# End</code>
-OnCalendar=*-*-01 04:35:00
-Persistent=true
-[Install]
+  su 'root' -c ~/'.local/scripts/www/blog/backup.sh'
-WantedBy=timers.target</code>
-==== Database ====
+===== Maintenance =====
-=== Database Auth ===
+  mkdir -p ~/'.local/scripts/www/blog' && ee ~/'.local/scripts/www/blog/maintenance.sh' && chmod +x ~/'.local/scripts/www/blog/maintenance.sh'
-  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/wordpress' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/wordpress' && sudo chmod '600' '/var/lib/mysql/auth/wordpress' && sync
 <code>
-[mariadb-dump]
+#!/bin/sh
-user=wordpress
-password=x</code>
-=== Service ===
+cd '/tmp'
-  mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/blog-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/blog-db.service'
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' gc --aggressive --prune='all'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' fsck --full --strict"
-<code>
+# End</code>
-[Service]
-Type=oneshot
-WorkingDirectory=/var/lib/mysql/tmp
-ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/wordpress' --single-transaction 'wordpress' -r '/var/lib/mysql/tmp/wordpress.sql'
-ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/wordpress.sql'
-ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/wordpress.sql.gz" "/home/CHANGEME/backups/wordpress-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
-ExecStartPost='/usr/bin/sync'</code>
-=== Timer ===
+  su 'root' -c ~/'.local/scripts/www/blog/maintenance.sh'
-  * Every day at ''04:45:00''
+===== Git Fix =====
-  sudo -e '/etc/systemd/system/blog-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'blog-db.timer' --now && sudo systemctl start 'blog-db' && sudo systemctl status 'blog-db' -l
+  * :!: Set email for ''user.email''
+  mkdir -p ~/'.local/scripts/www/blog' && ee ~/'.local/scripts/www/blog/git-fix.sh' && chmod +x ~/'.local/scripts/www/blog/git-fix.sh'
 <code>
-[Unit]
+#!/bin/sh
-Description=WordPress Database Backup
-After=mariadb.service
-[Timer]
+cd '/tmp'
-OnCalendar=*-*-* 04:45:00
-Persistent=true
-[Install]
+####################
-WantedBy=timers.target</code>
+# Content Back-up
+####################
-====== Backup ======
+'/usr/bin/su' -m 'www' -c "'/bin/rm' -Rf '/tmp/blog'"
+'/usr/bin/su' -m 'www' -c "'/bin/mkdir' -p '/tmp/blog'"
+'/usr/bin/su' -m 'www' -c "'/bin/cp' -Rf '/usr/local/www/blog/wp-content/uploads' '/usr/local/www/blog/wp-config.php' '/tmp/blog'"
-  * Create backup archive on server and transfer to client computer
+####################
+# WordPress
+####################
-===== Server =====
+'/usr/bin/su' -m 'www' -c "'/bin/rm' -Rf '/usr/local/www/blog/.git'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' init --initial-branch='master'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' add '.'"
-==== Stop Services ====
+##################################################
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' config 'user.email' 'espionage724@x'"
+##################################################
-****
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' commit --message='x'"
-  sudo systemctl stop nginx php-fpm
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' remote add 'origin' 'https://github.com/WordPress/WordPress.git'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' pull --depth '1' --recurse-submodules 'origin' 'master' --rebase"
-==== Backup Folder ====
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' reset --hard 'origin/master'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' gc --aggressive --prune='all'"
+'/usr/bin/su' -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/blog' fsck --full --strict"
-****
+####################
+# Content Restore
+####################
-  cd '/var/www' && sudo tar -cvzf ~/'wordpress-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'blog' && cd ~ && sync
+'/usr/bin/su' -m 'www' -c "'/bin/cp' -Rf '/tmp/blog/uploads' '/usr/local/www/blog/wp-content'"
+'/usr/bin/su' -m 'www' -c "'/bin/cp' -f '/tmp/blog/wp-config.php' '/usr/local/www/blog/wp-config.php'"
+'/usr/bin/su' -m 'www' -c "'/bin/rm' -Rf '/tmp/blog'"
-==== Backup Database ====
+'/bin/sync'
-****
+# End</code>
-  sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/wordpress' --single-transaction 'wordpress' -r ~/'wordpress-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
+  su 'root' -c ~/'.local/scripts/www/blog/git-fix.sh'
-==== Start Services ====
+====== cron ======
-****
+===== Updater =====
-  sudo systemctl start nginx php-fpm
+  * Daily ''02:00:00 AM''
-===== Client =====
+  su -
-==== Transfer Files To Client ====
+  ee '/etc/cron.d/blog-updater'
-****
+<code>
+#
+SHELL=/bin/sh
-  scp espionage724@192.168.1.152:~/'wordpress-files-'*'.tar.gz' espionage724@192.168.1.152:~/'wordpress-database-'*'.sql' ~/'Downloads' && sync
+2 * * * root '/home/espionage724/.local/scripts/www/blog/updater.sh'
-====== Restore ======
+# End</code>
-===== Client =====
+===== Backup =====
-==== Uncompress Database ====
+  * Monthly (3rd) ''02:10:00 AM''
-  * This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
+  su -
-  gunzip ~/'Downloads/wordpress-database-'*'.sql.gz'
+  ee '/etc/cron.d/blog-backup'
-==== Transfer Files To Server ====
+<code>
+#
+SHELL=/bin/sh
-****
+2 3 * * root '/home/espionage724/.local/scripts/www/blog/backup.sh'
-  scp ~/'Downloads/wordpress-files-'*'.tar.gz' ~/'Downloads/wordpress-database-'*'.sql' espionage724@192.168.1.152:~
+# End</code>
-==== Remove Files ====
+===== Maintenance =====
-****
+  * Monthly (3rd) ''02:30:00 AM''
-  rm -f ~/'Downloads/wordpress-files-'*'.tar.gz' ~/'Downloads/wordpress-database-'*'.sql' && sync
+  su -
-===== Server =====
+  ee '/etc/cron.d/blog-maintenance'
-==== Stop Services ====
+<code>
+#
+SHELL=/bin/sh
-****
+2 3 * * root '/home/espionage724/.local/scripts/www/blog/maintenance.sh'
-  sudo systemctl stop nginx php-fpm
+# End</code>
-==== Remove Previous Folder ====
+====== Backup ======
-****
+===== Folder =====
-  sudo rm -Rf '/var/www/blog'
+  su -
-==== Restore WordPress Folder ====
+  tar -czf '/home/espionage724/wordpress-files-manual-'$(date +%Y-%m-%d)'.tar.gz' -C '/usr/local/www' 'blog'
-****
+===== Database =====
-  cd '/var/www' && sudo tar -xvzf ~/'wordpress-files-'*'.tar.gz' 'blog' && sudo chown -R 'nginx':'nginx' '/var/www/blog' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/blog(/.*)?' && sudo restorecon -F -I -R '/var/www/blog' && cd ~ && sync
+  su -
-==== Drop Previous Database ====
+  mariadb-dump --single-transaction --quick 'wordpress' -r '/home/espionage724/wordpress-database-manual-'$(date +%Y-%m-%d)'.sql'
-  sudo mariadb
+===== scp =====
-  DROP DATABASE wordpress;
+****
-  FLUSH TABLES;
+  scp espionage724@192.168.1.152:~/'wordpress-files-'*'.tar.gz' espionage724@192.168.1.152:~/'wordpress-database-'*'.sql' ~/'Downloads'
-  EXIT
+====== Restore ======
-==== Re-create Databases ====
+===== scp =====
-  sudo mariadb
+****
-  CREATE DATABASE wordpress;
+  scp ~/'Downloads/wordpress-files-'*'.tar.gz' ~/'Downloads/wordpress'*'.sql' espionage724@192.168.1.152:~
-  EXIT
+===== Folder =====
-==== Restore Database ====
+  su
-****
+  ls '/home/'$USER'/wordpress-files-'*'.tar.gz' && rm -Rf '/usr/local/www/blog'
-  sudo mariadb 'wordpress' < ~/'wordpress-database-'*'.sql' && sync
+  tar -xzf '/home/'$USER'/wordpress-files-'*'.tar.gz' -C '/usr/local/www' 'blog' && chown -R 'www':'www' '/usr/local/www/blog' && sync
-==== Reapply Permissions ====
+===== Database =====
-  sudo mariadb
+  * [[#database|Initial set-up]]
-  GRANT ALL PRIVILEGES ON wordpress.* to 'wordpress'@'localhost' IDENTIFIED BY 'x';
+  su
-  FLUSH PRIVILEGES;
+  mariadb --execute='CREATE DATABASE wordpress;'
-  EXIT
+  cat '/home/'$USER/'wordpress'*'.sql' | mariadb 'wordpress'
-==== Start Services ====
+===== MySQL Connection =====
-****
+  su -
-  sudo systemctl start nginx php-fpm
-==== Remove Backups ====
-  * Verify that WordPress works before running
+  su -m 'www' -c "ee '/usr/local/www/blog/wp-config.php'" && clear
-  rm ~/'wordpress-files-'*'.tar.gz' ~/'wordpress-database-'*'.sql' && sync
+  define( 'DB_HOST', '127.0.0.1' );