Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c8c413bd7542510ee879696b4e8cfa265f5363bf
mkdocs/docs/Divers/wordpress.md
Bruno 21 25789f522b 25-07-2021
2021-07-25 13:17:19 +02:00

349 lines
8.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# WordPress sur Debian / nginx
#### Installation nginx/php/mariadb
Ajouter le dépôt PPA pour PHP 7.4
```bash
$ sudo apt-get install apt-transport-https lsb-release ca-certificates
$ sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" >> /etc/apt/sources.list.d/php.list
apt-get update
```
Installer nginx, mariadb, php7.4 et ses modules
```bash
sudo apt-get install nginx mariadb-server mariadb-client unzip wget git -y
sudo apt-get install php7.4-fpm php7.4-cli
sudo apt-get install php7.4-{bcmath,bz2,curl,imagick,intl,gd,mbstring,mcrypt,memcache,mysql,redis,xdebug,xml,zip}
```
Démarrer nginx et mariadb
```bash
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
```
#### PHP
Voir les logs:
```bash
sudo nano /etc/php/7.4/fpm/php.ini
```
#### mariadb
Sécuriser mariadb
```bash
$ sudo mysql_secure_installation
```
Créer la base de donnée wordpress
```bash
$ sudo mysql -u root -p
```
```mysql
# Supprimer une ancienne base:
# DROP DATABASE wordpress;
CREATE DATABASE wordpress;
GRANT ALL ON wordpress.* TO 'adm_wp'@'localhost' IDENTIFIED BY 'Kpm!65YU';
```
#### Installation WordPress
Télécharger WordPress
```bash
cd /var/www/html
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz
```
Corriger les autorisations
```bash
#$ sudo chown -R $USER:$USER /var/www/html/wordpress/
$ sudo chown -R www-data:www-data /var/www/html/wordpress/
$ sudo chmod -R 755 /var/www/html/wordpress/
$ find /var/www/html/wordpress/ -type d -exec chmod 755 {} \;
$ find /var/www/html/wordpress/ -type f -exec chmod 644 {} \;
```
Configurer WordPress
```bash
$ curl -s https://api.wordpress.org/secret-key/1.1/salt/
define('AUTH_KEY', 'nqx$&&2@.PlOv:R-@D5O@1J!fxBV).%}|4$E,<]3V6wK:>s;N*_qZgX1v%Clj.nY');
define('SECURE_AUTH_KEY', 'k/iGx=P!Q,I=-f-_JhI-hNNlvL]036/W;h@,-a>l:DN#w}@.RdqehTDC>Da{$`v,');
define('LOGGED_IN_KEY', 'e!2g+-jFty5(}j>Oxtdt1+krNu&[TIrP}|)G&0jt%Z+q#+?TTP1mM+MVTH-zD5#w');
define('NONCE_KEY', '9 @VoZ.-OVd!wy5mT$?&-$RHIX%xImw]M2jKK+vUet+pImeiNYGx~Jm>shu}p0B7');
define('AUTH_SALT', ':pyo`{Fk*YNww+V-]-8Oy|}daBoedBnlO?AWKw;Gj+X9n|qm#Ndk~?R-d`N!I21v');
define('SECURE_AUTH_SALT', ' +dgn@u/e#rZ.4(t}#.3d<)Y2>d)3c)t$j>_C^}sEwSK&VZ+]C=b2/.gzyA#.$Kz');
define('LOGGED_IN_SALT', 'q1},|Tm|kBb!?H*T`PkGt;}>JF/8fHRRzGaVPB[Et!#gjbm4rjG-}-J`jlzZ<I|E');
define('NONCE_SALT', 'I}Sv1zA>I*rW/[3?d[@/jg$=95NqWDdBMf{N>o: G!R fp10Ynyoq-^Hw>-7|LEK');
```
```bash
$ cp wp-config-sample.php wp-config.php
$ nano wp-config.php
```
```php
### Modifier les réglages de base de donnée ###
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'adm_wp' );
/** MySQL database password */
define( 'DB_PASSWORD', 'Kpm!65YU' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
### Remplacer la section Authentication Unique Keys and Salts. ###
define('AUTH_KEY', 'nqx$&&2@.PlOv:R-@D5O@1J!fxBV).%}|4$E,<]3V6wK:>s;N*_qZgX1v%Clj.nY');
define('SECURE_AUTH_KEY', 'k/iGx=P!Q,I=-f-_JhI-hNNlvL]036/W;h@,-a>l:DN#w}@.RdqehTDC>Da{$`v,');
define('LOGGED_IN_KEY', 'e!2g+-jFty5(}j>Oxtdt1+krNu&[TIrP}|)G&0jt%Z+q#+?TTP1mM+MVTH-zD5#w');
define('NONCE_KEY', '9 @VoZ.-OVd!wy5mT$?&-$RHIX%xImw]M2jKK+vUet+pImeiNYGx~Jm>shu}p0B7');
define('AUTH_SALT', ':pyo`{Fk*YNww+V-]-8Oy|}daBoedBnlO?AWKw;Gj+X9n|qm#Ndk~?R-d`N!I21v');
define('SECURE_AUTH_SALT', ' +dgn@u/e#rZ.4(t}#.3d<)Y2>d)3c)t$j>_C^}sEwSK&VZ+]C=b2/.gzyA#.$Kz');
define('LOGGED_IN_SALT', 'q1},|Tm|kBb!?H*T`PkGt;}>JF/8fHRRzGaVPB[Et!#gjbm4rjG-}-J`jlzZ<I|E');
define('NONCE_SALT', 'I}Sv1zA>I*rW/[3?d[@/jg$=95NqWDdBMf{N>o: G!R fp10Ynyoq-^Hw>-7|LEK');
### Activer les mises à jour ###
define( 'FS_METHOD', 'direct' );
```
#### Configurer nginx
```bash
$ sudo nano /etc/nginx/sites-available/test.conf
```
```nginx
server {
listen 80;
server_name localhost;
#return 302 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}
}
location /wordpress {
try_files $uri $uri/ /wordpress/index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
```
```bash
sudo ln -s /etc/nginx/sites-available/test.conf /etc/nginx/sites-enabled/default
```
Vérifier la configuration et redémarrer PHP/nginx.
```bash
$ sudo /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo systemctl restart nginx php7.4-fpm
```
Aller à http://localhost/wordpress/ pour terminer l'installation de WordPress.
#### Échec dinstallation : Impossible de créer le dossier » dans WordPress
Aller dans Outils -> Santé du site
```bash
$ sudo chown -R www-data:www-data wordpress/
```
#### SSL
Générer clé et certificat auto-signés:
```bash
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
```
Créer un groupe Diffie-Hellman:
```bash
$ sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
```
Créer un snippet contenant les fichiers des clés et certificats:
```bash
$ sudo nano /etc/nginx/snippets/self-signed.conf
```
```nginx
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
```
Créer un snippet contenant les réglages SSL:
```bash
$ sudo nano /etc/nginx/snippets/ssl-params.conf
```
```nginx
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
```
Modifier la config nginx pour gérer SSL:
```bash
$ sudo cp /etc/nginx/sites-available/test.conf /etc/nginx/sites-available/test.conf.bak
$ sudo cp /etc/nginx/sites-available/test.conf
```
```nginx
server {
#listen 80;
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name localhost;
#return 302 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}
}
location /wordpress {
try_files $uri $uri/ /wordpress/index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
listen [::]:80;
server_name localhost;
# redirection provisoire
#return 302 https://$server_name$request_uri;
# redirection permanente
return 301 https://$server_name$request_uri;
}
```
https://slacker.ro/2019/07/15/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-debian-10/
```
bruno / MHxhNZ2Ax*@@cvy6XM
```
Reference in New Issue View Git Blame Copy Permalink