WordPress sur Debian / nginx¶
Installation nginx/php/mariadb¶
Ajouter le dépôt PPA pour PHP 7.4
$ sudo apt-get install apt-transport-https lsb-release ca-certificates
$ sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" >> /etc/apt/sources.list.d/php.list
apt-get update
Installer nginx, mariadb, php7.4 et ses modules
sudo apt-get install nginx mariadb-server mariadb-client unzip wget git -y
sudo apt-get install php7.4-fpm php7.4-cli
sudo apt-get install php7.4-{bcmath,bz2,curl,imagick,intl,gd,mbstring,mcrypt,memcache,mysql,redis,xdebug,xml,zip}
Démarrer nginx et mariadb
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
PHP¶
Voir les logs:
sudo nano /etc/php/7.4/fpm/php.ini
mariadb¶
Sécuriser mariadb
$ sudo mysql_secure_installation
Créer la base de donnée wordpress
$ sudo mysql -u root -p
# Supprimer une ancienne base:
# DROP DATABASE wordpress;
CREATE DATABASE wordpress;
GRANT ALL ON wordpress.* TO 'adm_wp'@'localhost' IDENTIFIED BY 'Kpm!65YU';
Installation WordPress¶
Télécharger WordPress
cd /var/www/html
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz
Corriger les autorisations
#$ sudo chown -R $USER:$USER /var/www/html/wordpress/
$ sudo chown -R www-data:www-data /var/www/html/wordpress/
$ sudo chmod -R 755 /var/www/html/wordpress/
$ find /var/www/html/wordpress/ -type d -exec chmod 755 {} \;
$ find /var/www/html/wordpress/ -type f -exec chmod 644 {} \;
Configurer WordPress
$ curl -s https://api.wordpress.org/secret-key/1.1/salt/
define('AUTH_KEY', 'nqx$&&2@.PlOv:R-@D5O@1J!fxBV).%}|4$E,<]3V6wK:>s;N*_qZgX1v%Clj.nY');
define('SECURE_AUTH_KEY', 'k/iGx=P!Q,I=-f-_JhI-hNNlvL]036/W;h@,-a>l:DN#w}@.RdqehTDC>Da{$`v,');
define('LOGGED_IN_KEY', 'e!2g+-jFty5(}j>Oxtdt1+krNu&[TIrP}|)G&0jt%Z+q#+?TTP1mM+MVTH-zD5#w');
define('NONCE_KEY', '9 @VoZ.-OVd!wy5mT$?&-$RHIX%xImw]M2jKK+vUet+pImeiNYGx~Jm>shu}p0B7');
define('AUTH_SALT', ':pyo`{Fk*YNww+V-]-8Oy|}daBoedBnlO?AWKw;Gj+X9n|qm#Ndk~?R-d`N!I21v');
define('SECURE_AUTH_SALT', ' +dgn@u/e#rZ.4(t}#.3d<)Y2>d)3c)t$j>_C^}sEwSK&VZ+]C=b2/.gzyA#.$Kz');
define('LOGGED_IN_SALT', 'q1},|Tm|kBb!?H*T`PkGt;}>JF/8fHRRzGaVPB[Et!#gjbm4rjG-}-J`jlzZ<I|E');
define('NONCE_SALT', 'I}Sv1zA>I*rW/[3?d[@/jg$=95NqWDdBMf{N>o: G!R fp10Ynyoq-^Hw>-7|LEK');
$ cp wp-config-sample.php wp-config.php
$ nano wp-config.php
### Modifier les réglages de base de donnée ###
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'adm_wp' );
/** MySQL database password */
define( 'DB_PASSWORD', 'Kpm!65YU' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
### Remplacer la section Authentication Unique Keys and Salts. ###
define('AUTH_KEY', 'nqx$&&2@.PlOv:R-@D5O@1J!fxBV).%}|4$E,<]3V6wK:>s;N*_qZgX1v%Clj.nY');
define('SECURE_AUTH_KEY', 'k/iGx=P!Q,I=-f-_JhI-hNNlvL]036/W;h@,-a>l:DN#w}@.RdqehTDC>Da{$`v,');
define('LOGGED_IN_KEY', 'e!2g+-jFty5(}j>Oxtdt1+krNu&[TIrP}|)G&0jt%Z+q#+?TTP1mM+MVTH-zD5#w');
define('NONCE_KEY', '9 @VoZ.-OVd!wy5mT$?&-$RHIX%xImw]M2jKK+vUet+pImeiNYGx~Jm>shu}p0B7');
define('AUTH_SALT', ':pyo`{Fk*YNww+V-]-8Oy|}daBoedBnlO?AWKw;Gj+X9n|qm#Ndk~?R-d`N!I21v');
define('SECURE_AUTH_SALT', ' +dgn@u/e#rZ.4(t}#.3d<)Y2>d)3c)t$j>_C^}sEwSK&VZ+]C=b2/.gzyA#.$Kz');
define('LOGGED_IN_SALT', 'q1},|Tm|kBb!?H*T`PkGt;}>JF/8fHRRzGaVPB[Et!#gjbm4rjG-}-J`jlzZ<I|E');
define('NONCE_SALT', 'I}Sv1zA>I*rW/[3?d[@/jg$=95NqWDdBMf{N>o: G!R fp10Ynyoq-^Hw>-7|LEK');
### Activer les mises à jour ###
define( 'FS_METHOD', 'direct' );
Configurer nginx¶
$ sudo nano /etc/nginx/sites-available/test.conf
server {
listen 80;
server_name localhost;
#return 302 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}
}
location /wordpress {
try_files $uri $uri/ /wordpress/index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
sudo ln -s /etc/nginx/sites-available/test.conf /etc/nginx/sites-enabled/default
Vérifier la configuration et redémarrer PHP/nginx.
$ sudo /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo systemctl restart nginx php7.4-fpm
Aller à http://localhost/wordpress/ pour terminer l'installation de WordPress.
Échec d’installation : Impossible de créer le dossier » dans WordPress¶
Aller dans Outils -> Santé du site
$ sudo chown -R www-data:www-data wordpress/
SSL¶
Générer clé et certificat auto-signés:
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
Créer un groupe Diffie-Hellman:
$ sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
Créer un snippet contenant les fichiers des clés et certificats:
$ sudo nano /etc/nginx/snippets/self-signed.conf
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
Créer un snippet contenant les réglages SSL:
$ sudo nano /etc/nginx/snippets/ssl-params.conf
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
Modifier la config nginx pour gérer SSL:
$ sudo cp /etc/nginx/sites-available/test.conf /etc/nginx/sites-available/test.conf.bak
$ sudo cp /etc/nginx/sites-available/test.conf
server {
#listen 80;
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name localhost;
#return 302 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1;
}
}
location /wordpress {
try_files $uri $uri/ /wordpress/index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
listen [::]:80;
server_name localhost;
# redirection provisoire
#return 302 https://$server_name$request_uri;
# redirection permanente
return 301 https://$server_name$request_uri;
}
https://slacker.ro/2019/07/15/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-debian-10/
bruno / MHxhNZ2Ax*@@cvy6XM
Dernière mise à jour:
July 25, 2021