felds/README.md

## README.md

      
    Raw
  

              README.md
            
          
Pra começar, atualize o sistema:
sudo apt update
sudo apt upgrade -y


Intale o MariaDB:
sudo apt install -y mariadb-server
sudo mysql_secure_installation
Ao logar com sudo mysql:
CREATE USER site@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON site.* TO site@localhost;
FLUSH PRIVILEGES;


Instalar wp-cli
sudo apt install -y php-fpm php-mysql
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp


Instalar o WP
sudo apt install -y sendmail
cd /var/www/html
sudo chown -R `whoami`:www .  # pega a pasta para usuário atual (ubuntu)
rm -fr *  # limpa a pasta
wp core download
wp config create --dbname=site --dbuser=site --force --extra-php <<PHP
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_HOME', "http://{$_SERVER['HTTP_HOST']}" );
define( 'WP_SITEURL', "http://{$_SERVER['HTTP_HOST']}" );
PHP
wp core install --url=0.0.0.0 --title="My site" --admin_user=admin --admin_email=admin@example.com --admin_password=admin


Nginx
sudo apt install -y nginx
Faça o nginx enteder o que é o Wordpress

https://codex.wordpress.org/Nginx#Global_restrictions_file
https://codex.wordpress.org/Nginx#General_WordPress_rules


Certbot
sudo apt install -y certbot python-certbot-nginx


## restrictions.conf
# Global restrictions configuration file.
# Designed to be included in any server {} block.
location = /favicon.ico {
	log_not_found off;
	access_log off;
}

# robots.txt fallback to index.php
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
    allow all;
    try_files $uri $uri/ /index.php?$args @robots;
    access_log off;
    log_not_found off;
}

# additional fallback if robots.txt doesn't exist
location @robots {
   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac) excepted .well-known directory.
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\.(?!well-known\/) {
    deny all;
}

# Deny access to any files with a .php extension in the uploads directory for the single site
location /wp-content/uploads {
    location ~ \.php$ {
        deny all;
    }
}


# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
	deny all;
}


## wordpress.conf
location / {
	# This is cool because no php is touched for static content.
	# include the "$is_args$args" so non-default permalinks
	# doesn't break when using query string
	try_files $uri $uri/ /index.php$is_args$args;
}

location ~ \.php$ {
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi.conf;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	#fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	fastcgi_buffers 16 16k;
	fastcgi_buffer_size 32k;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
	expires max;
	access_log off;
	log_not_found off;
}
	# Global restrictions configuration file.
	# Designed to be included in any server {} block.
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	# robots.txt fallback to index.php
	location = /robots.txt {
	# Some WordPress plugin gererate robots.txt file
	allow all;
	try_files $uri $uri/ /index.php?$args @robots;
	access_log off;
	log_not_found off;
	}

	# additional fallback if robots.txt doesn't exist
	location @robots {
	return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac) excepted .well-known directory.
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\.(?!well-known\/) {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads directory for the single site
	location /wp-content/uploads {
	location ~ \.php$ {
	deny all;
	}
	}


	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}
	location / {
	# This is cool because no php is touched for static content.
	# include the "$is_args$args" so non-default permalinks
	# doesn't break when using query string
	try_files $uri $uri/ /index.php$is_args$args;
	}

	location ~ \.php$ {
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi.conf;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	#fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	fastcgi_buffers 16 16k;
	fastcgi_buffer_size 32k;
	}

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires max;
	access_log off;
	log_not_found off;
	}