Support letsencrypt
Baohua Yang
parent
c26e1dee94
commit
44747d7871
|
|
@ -16,7 +16,7 @@ docker-compose --env-file ./.env up -d db
|
|||
docker-compose --env-file ./.env up -d wordpress nginx
|
||||
```
|
||||
|
||||
3. Access `https://localhost`
|
||||
3. Access [https://127.0.0.1/wp-admin](https://127.0.0.1/wp-admin).
|
||||
|
||||
## Data path
|
||||
|
||||
|
|
@ -34,8 +34,63 @@ openssl req -x509 -outform pem -out server.pem -keyout privkey.pem \
|
|||
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
|
||||
```
|
||||
|
||||
## Apply ssl certs from Let's Encrypt
|
||||
|
||||
Set `/etc/nginx/conf.d/default.conf` as the following:
|
||||
|
||||
```bash
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
# Load configuration files
|
||||
include /etc/nginx/default.d/*.conf;
|
||||
|
||||
# Let's Encrypt authentication
|
||||
location ~ /.well-known {
|
||||
root /usr/share/nginx;
|
||||
allow all;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Restart nginx.
|
||||
|
||||
```bash
|
||||
nginx -s reload
|
||||
service nginx restart```
|
||||
|
||||
Apply ssl cert and key pair with certbot.
|
||||
|
||||
```bash
|
||||
certbot certonly --webroot --agree-tos -v -t --email xxx@xxx.com -w /usr/share/nginx/ -d xxx.com
|
||||
```
|
||||
|
||||
The new cert will be saved under `/etc/letsencrypt/live/`.
|
||||
|
||||
Renew cert when it's expired.
|
||||
|
||||
```bash
|
||||
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
|
||||
```
|
||||
|
||||
## Common wordpress configs
|
||||
|
||||
* permanent link;
|
||||
* permanent link: use article title only;
|
||||
* theme: astra;
|
||||
* plugins: Contact Form 7, Updraft, Sucuri;
|
||||
* plugins:
|
||||
* Akismet: anti spam posts;
|
||||
* AMP: improve page experience;
|
||||
* Contact Form 7 + Flamingo: contact information form;
|
||||
* Insert Headers and Footers: insert header/footer to every page;
|
||||
* elementor website builder
|
||||
* Limit Login Attempts Reloaded: limit login attempts;
|
||||
* ModuloBox: show figure in large view;
|
||||
* Pinyin Slugs: convert Chinese article title to pinyin in permlink;
|
||||
* Post Views Counter: count page view number;
|
||||
* Sucuri: security protection and audit;
|
||||
* Super Cache: cache support;
|
||||
* Updraft: backup wordpress data;
|
||||
* WP User Profile Avatar: User avatar
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ services:
|
|||
restart: always
|
||||
env_file:
|
||||
- .env
|
||||
cap_add:
|
||||
- SYS_NICE
|
||||
environment:
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE:-wordpress}
|
||||
- MYSQL_USER=${MYSQL_USER:-wordpress}
|
||||
|
|
|
|||
|
|
@ -34,6 +34,9 @@ server {
|
|||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue