# Host
How servers are configured for this site and others.
# 1 Large File Uploads
Asssuming php-fpm
on nginx
.
Default upload size is small, want to increase.
In /etc/php/8.2/fpm/php.ini
, set:
post_max_size = 100M
upload_max_filesize = 100M
max_input_time = 300
max_execution_time = 300
otherwise large files cannot be uploaded.
Also, in /etc/nginx/nginx.conf
, set:
...
http {
...
client_max_body_size 100M;
...
}
...
otherwise error logged client intended to send too large body
.
Don’t forget to restart the services after changing:
service php8.2-fpm restart
service nginx restart
# 2 WordPress
Assuming Debian wordpress package for single-site, nginx already installed.
Core dependencies:
sudo apt install wordpress curl mariadb-server
Optional dependencies:
sudo apt install php-curl php-dom php-exif php-fileinfo \
php-igbinary php-imagick php-intl php-mbstring php-xml php-zip
# 2.1 Database Configuration
In setup.sql
, set:
CREATE DATABASE wordpress;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER
ON wordpress.*
TO 'wordpress'@'localhost'
IDENTIFIED BY 'passwordgoeshere'
FLUSH PRIVILEGES;
then run
mysql --defaults-extra-file=/etc/mysql/debian.cnf < setup.sql
In /etc/wordpress/config-example.com.php
, set:
<?php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'passwordgoeshere
define('DB_HOST', 'localhost');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
define('FS_METHOD', 'direct');
?>
Without FS_METHOD installing plugins asks for FTP credentials.
# 2.2 Nginx Configuration
In /etc/nginx/sites-available/example.com
upstream php {
server unix:/run/php/php-fpm.sock;
}
server {
server_name example.com;
root /usr/share/wordpress;
index index.php
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files
# such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later
# (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension
# in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later
# (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Separate directory for wp-content
# (in /var/lib/wordpress/wp-content/...)
location /wp-content {
root /var/lib/wordpress;
}
location / {
# include the "?$args" part so non-default permalinks
# doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# 2.3 Site Migration
(TODO)