# Host

How servers are configured for this site and others.

# 1 Large File Uploads

Asssuming php-fpm on nginx.

Default upload size is small, want to increase.

In /etc/php/8.2/fpm/php.ini, set:

post_max_size = 100M
upload_max_filesize = 100M
max_input_time = 300
max_execution_time = 300

otherwise large files cannot be uploaded.

Also, in /etc/nginx/nginx.conf, set:

...
http {
    ...
    client_max_body_size 100M;
    ...
}
...

otherwise error logged client intended to send too large body.

Don’t forget to restart the services after changing:

service php8.2-fpm restart
service nginx restart

# 2 WordPress

Assuming Debian wordpress package for single-site, nginx already installed.

Core dependencies:

sudo apt install wordpress curl mariadb-server

Optional dependencies:

sudo apt install php-curl php-dom php-exif php-fileinfo \
  php-igbinary php-imagick php-intl php-mbstring php-xml php-zip

# 2.1 Database Configuration

In setup.sql, set:

CREATE DATABASE wordpress;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER
ON wordpress.*
TO 'wordpress'@'localhost'
IDENTIFIED BY 'passwordgoeshere'
FLUSH PRIVILEGES;

then run

mysql --defaults-extra-file=/etc/mysql/debian.cnf < setup.sql

In /etc/wordpress/config-example.com.php, set:

<?php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'passwordgoeshere
define('DB_HOST', 'localhost');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
define('FS_METHOD', 'direct');
?>

Without FS_METHOD installing plugins asks for FTP credentials.

# 2.2 Nginx Configuration

In /etc/nginx/sites-available/example.com

upstream php {
	server unix:/run/php/php-fpm.sock;
}

server {
	server_name example.com;
	root /usr/share/wordpress;
	index index.php

	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	# Deny all attempts to access hidden files
	# such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later
	# (or to pass to firewall utilities such as fail2ban)
	location ~ /\. {
		deny all;
	}
 
	# Deny access to any files with a .php extension
	# in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later
	# (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads|files)/.*\.php$ {
		deny all;
	}

	# Separate directory for wp-content
	# (in /var/lib/wordpress/wp-content/...)
	location /wp-content {
		root /var/lib/wordpress;
	}

	location / {
		# include the "?$args" part so non-default permalinks
		# doesn't break when using query string
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
		include fastcgi_params;
		fastcgi_intercept_errors on;
		fastcgi_pass php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}
}

# 2.3 Site Migration

(TODO)

# 2.4 References