Category: Wordpress

  • Nginx config for webserver

    Nginx config for webserver

    server {
        server_name *.rajubk.com;
        client_max_body_size 1G;
    
        location / {
            proxy_pass http://localhost:9000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
    
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
    
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256';
    
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header Permissions-Policy "geolocation=(), microphone=()" always;
        add_header X-XSS-Protection "1; mode=block" always;
    }
    
    # HTTP redirect block
    server {
        listen 80;
        server_name *.rajubk.com;
        return 301 https://$host$request_uri;
    }
    cd /etc/nginx/sites-enabled/
    ln -s ../sites-available/minio
    nginx -t
    systemctl reload nginx
  • Nginx config for wordpress

    Nginx config for wordpress

    server {
        listen 80;
        server_name *.rajubk.com rajubk.com;
        client_max_body_size 512M;
    
        return 301 https://$host$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        server_name *.rajubk.com rajubk.com;
        client_max_body_size 512M;
    
        root /var/www/html/wordpress;
        index index.php;
    
        # SSL parameters
        ssl_certificate /etc/letsencrypt/live/rajubk.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/rajubk.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/rajubk.com/chain.pem;
    
        # Log files
        access_log /var/log/nginx/sample.com.access.log;
        error_log /var/log/nginx/sample.com.error.log;
    
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }
    
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
    
        location / {
            try_files $uri $uri/ /index.php?$args;
        }
    
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php8.3-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    
        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
            expires max;
            log_not_found off;
        }
    
        # START Nginx Rewrites for Rank Math Sitemaps
        rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
        # END Nginx Rewrites for Rank Math Sitemaps
    }
  • WP Mail SMTP

    WP Mail SMTP

    add_filter( 'wp_mail_smtp_custom_options', function( $phpmailer ) {
        $phpmailer->SMTPOptions = array(
            'ssl' => array(
                'verify_peer' => false,
                'verify_peer_name' => false,
                'allow_self_signed' => true
            )
        );
        return $phpmailer;
    } );

  • Get letsencrypt ssl certificate from cloudflare

    Get letsencrypt ssl certificate from cloudflare

    Method 1:

    sudo apt install certbot python3-certbot-dns-cloudflare -y
    
    sudo nano /etc/letsencrypt/cloudflare.conf
    
    dns_cloudflare_email="<email-id>"
    dns_cloudflare_api_key="<api-key>" # Replace with your Cloudflare API key (Not API Token)
    
    sudo chmod 600 /etc/letsencrypt/cloudflare.conf
    
    sudo certbot certonly --dns-cloudflare --manual-public-ip-logging-ok -d sample.com -d *.sample.com --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py

    Method 2:

    mkdir /root/.secrets/certbot/
    vim /root/.secrets/certbot/cloudflare.ini
    
    dns_cloudflare_api_token = TOKEN
    
    chmod 600 /root/.secrets/certbot/cloudflare.ini 
    
    apt install certbot python3-certbot-dns-cloudflare
    
    sudo certbot certonly \
      --dns-cloudflare \
      --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
      -d '*.domain.tld' -d domain.tld \
      --preferred-challenges dns-01 \
      --agree-tos --no-eff-email --email [email protected]
    
    apt install nginx
    
    cd /etc/nginx/sites-available
    vim mail_domain_tld
    
    cd ../sites-enabled
    ln -s ../sites-available/mail_domain_tld
    
    nginx -t
    
    systemctl reload nginx
  • WordPress with Nginx and ssl

    WordPress with Nginx and ssl

    Install Nginx on Ubuntu 20.04 LTS

    sudo apt update && sudo apt upgrade -y
    sudo apt install nginx -y
    sudo systemctl start nginx
    sudo systemctl enable nginx

    Install PHP 8.3 and its dependencies

    sudo apt install software-properties-common -y
    sudo add-apt-repository ppa:ondrej/php
    sudo apt update
    sudo apt install php8.3-fpm php8.3-mysql php8.3-curl php8.3-mbstring php8.3-xml php8.3-zip php8.3-gd -y
    
    sudo systemctl start php8.3-fpm
    sudo systemctl enable php8.3-fpm
    
    php -v

    Install MariaDB and its dependencies

    sudo apt install mariadb-server -y
    
    sudo systemctl start mariadb
    sudo systemctl enable mariadb
    
    sudo mysql_secure_installation

    Create a new database and user for WordPress

    sudo mysql -u root -p
    
    CREATE DATABASE wordpress;
    CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'secure_password'; # Replace with your desired password
    GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
    FLUSH PRIVILEGES;
    EXIT;

    Download and extract WordPress

    cd /var/www/html
    
    sudo wget https://wordpress.org/latest.tar.gz
    sudo tar -xvzf latest.tar.gz
    sudo rm latest.tar.gz
    
    sudo chown -R www-data:www-data /var/www/html/wordpress
    sudo chmod -R 755 /var/www/html/wordpress
    
    sudo mv /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
    
    sudo nano /var/www/html/wordpress/wp-config.php
    
    define( 'DB_NAME', 'wordpress' );
    define( 'DB_USER', 'wpuser' );
    define( 'DB_PASSWORD', 'secure_password' ); # Replace with your password
    define( 'DB_HOST', 'localhost' );

    Create a new Nginx configuration file for WordPress

    sudo nano /etc/nginx/sites-available/wordpress
    
    server {
        listen 80;
        server_name wp.rajubk.com;
    
        return 301 https://wp.rajubk.com$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        server_name wp.rajubk.com;
    
        root /var/www/html/wordpress;
        index index.php;
    
        # SSL parameters
        ssl_certificate /etc/letsencrypt/live/rajubk.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/rajubk.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/rajubk.com/chain.pem;
    
        # Log files
        access_log /var/log/nginx/sample.com.access.log;
        error_log /var/log/nginx/sample.com.error.log;
    
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }
    
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
    
        location / {
            try_files $uri $uri/ /index.php?$args;
        }
    
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php8.3-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    
        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
            expires max;
            log_not_found off;
        }
    }
    
    sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
    
    sudo nginx -t
    
    sudo systemctl reload nginx