Support letsencrypt

pull/142/head
Baohua Yang 2022-07-11 15:58:44 -07:00
parent c26e1dee94
commit 44747d7871
3 changed files with 63 additions and 3 deletions

View File

@ -16,7 +16,7 @@ docker-compose --env-file ./.env up -d db
docker-compose --env-file ./.env up -d wordpress nginx docker-compose --env-file ./.env up -d wordpress nginx
``` ```
3. Access `https://localhost` 3. Access [https://127.0.0.1/wp-admin](https://127.0.0.1/wp-admin).
## Data path ## Data path
@ -34,8 +34,63 @@ openssl req -x509 -outform pem -out server.pem -keyout privkey.pem \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
``` ```
## Apply ssl certs from Let's Encrypt
Set `/etc/nginx/conf.d/default.conf` as the following:
```bash
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files
include /etc/nginx/default.d/*.conf;
# Let's Encrypt authentication
location ~ /.well-known {
root /usr/share/nginx;
allow all;
}
}
```
Restart nginx.
```bash
nginx -s reload
service nginx restart```
Apply ssl cert and key pair with certbot.
```bash
certbot certonly --webroot --agree-tos -v -t --email xxx@xxx.com -w /usr/share/nginx/ -d xxx.com
```
The new cert will be saved under `/etc/letsencrypt/live/`.
Renew cert when it's expired.
```bash
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
```
## Common wordpress configs ## Common wordpress configs
* permanent link; * permanent link: use article title only;
* theme: astra; * theme: astra;
* plugins: Contact Form 7, Updraft, Sucuri; * plugins:
* Akismet: anti spam posts;
* AMP: improve page experience;
* Contact Form 7 + Flamingo: contact information form;
* Insert Headers and Footers: insert header/footer to every page;
* elementor website builder
* Limit Login Attempts Reloaded: limit login attempts;
* ModuloBox: show figure in large view;
* Pinyin Slugs: convert Chinese article title to pinyin in permlink;
* Post Views Counter: count page view number;
* Sucuri: security protection and audit;
* Super Cache: cache support;
* Updraft: backup wordpress data;
* WP User Profile Avatar: User avatar

View File

@ -26,6 +26,8 @@ services:
restart: always restart: always
env_file: env_file:
- .env - .env
cap_add:
- SYS_NICE
environment: environment:
- MYSQL_DATABASE=${MYSQL_DATABASE:-wordpress} - MYSQL_DATABASE=${MYSQL_DATABASE:-wordpress}
- MYSQL_USER=${MYSQL_USER:-wordpress} - MYSQL_USER=${MYSQL_USER:-wordpress}

View File

@ -34,6 +34,9 @@ server {
add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
try_files $uri $uri/ /index.php$is_args$args; try_files $uri $uri/ /index.php$is_args$args;
} }