====== Container 'wordpress-technikkultur' ======
===== Ressourcen =====

  * 0.5 GB RAM
  * 2 Cores
  * 8 GB HDD (root-fs)

===== System =====

  * interne IPs
    * 10.2.0.5, fd00:10:2:0::5
    * 10.3.0.5, fd00:10:3:0::5

===== Dienste =====

  * Wordpress (via NGINX)

===== Installation =====

  * Standard-Template mit Benutzern

==== NGINX / PHP ====

  - NGINX und PHP-FPM installieren
    * **sudo apt-get install php8.2 php8.2-cli php8.2-fpm php8.2-gd php8.2-xml php8.2-zip php8.2-mbstring php8.2-mysql php8.2-imagick php8.2-curl nginx**
  - Default-Konfiguration anpassen<file|/etc/nginx/sites-available/default>
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/public_html;

	# Add index.php to the list if you are using PHP
	index index.php;

	server_name _;

	# Maximum POST-size and Buffer
	client_max_body_size 20M;
	client_body_buffer_size 128K;

	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location / {
		# This is cool because no php is touched for static content.
		# include the "?$args" part so non-default permalinks doesn't break when using query string
		try_files $uri $uri/ /index.php?$args;
	}

	# pass PHP scripts to FastCGI server
        location ~ \.php$ {
		#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
		include fastcgi_params;
		fastcgi_intercept_errors on;
		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
		#The following parameter can be also included in fastcgi_params file
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}
</file> 
  - PHP-Konfiguration für Upload anpassen<file|/etc/php/8.2/fpm/conf.d/99-local.ini>
post_max_size = 20M
upload_max_filesize = 20M
</file>
  - Dienste aktivieren und neustarten
    * **sudo systemctl enable nginx.service php8.2-fpm.service**
    * **sudo systemctl restart nginx.service php8.2-fpm.service**

==== Wordpress ====

  - Wordpress-Verzeichnisse erstellen
    * **sudo mkdir /var/www/public_html**
  - Datenbank erstellen
  - Wordpress installieren 
    * nach [[https://wordpress.org/support/article/how-to-install-wordpress/|Anleitung]]
      * Entpacken in das Verzeichnis /var/www/public_html
  - Berechtigungen anpassen
    * **sudo chown -R www-data:www-data /var/www/public_html**
  - Konfigurationsvorlage kopieren
    * **sudo cp /var/www/public_html/wp-config-sample.php /var/www/public_html/wp-config.php**
  - DB-Konfiguration anpassen<file|/var/www/public_html/wp-config.php>
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress_technikkultur' );

/** MySQL database username */
define( 'DB_USER', 'XXXXXXXXX' );

/** MySQL database password */
define( 'DB_PASSWORD', 'XXXXXXXXXX' );

/** MySQL hostname */
define( 'DB_HOST', '10.3.0.100' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
</file>
  - Salt-Konfiguration anpassen: Ausgabe von https://api.wordpress.org/secret-key/1.1/salt/ in Konfiguration schreiben<file|/var/www/public_html/wp-config.php>
define('AUTH_KEY',         '****************************************************************');
define('SECURE_AUTH_KEY',  '****************************************************************');
define('LOGGED_IN_KEY',    '****************************************************************');
define('NONCE_KEY',        '****************************************************************');
define('AUTH_SALT',        '****************************************************************');
define('SECURE_AUTH_SALT', '****************************************************************');
define('LOGGED_IN_SALT',   '****************************************************************');
define('NONCE_SALT',       '****************************************************************');
</file>
  - Verwendung eines SSL-Proxies konfigurieren<file|/var/www/public_html/wp-config.php>
...
/* Accept SSL behind proxy */
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
	$_SERVER['HTTPS'] = 'on';
}

/* Use X-Forwarded-For HTTP Header to get visitors Real IP Address */
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  $http_x_headers = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
  $_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
</file>
  - Installer aufrufen unter [[https://technikkultur-erfurt.de/wp-admin/install.php]]
    * Titel: **Verein zur Förderung der Technikkultur in Erfurt e.V.**
    * Mail-Adresse: **webmaster@XXXXXX.de**
    * Benutzername und Passwort sicher wählen und dokumentieren
  - Im Admin-Backend einloggen und HTTPS konfigurieren
    * Unter Einstellungen - Allgemein die Parameter **WordPress-Adresse (URL)** und **Website-Adresse (URL)** anpassen

==== Backup mit Borgmatic ====

  - Installation siehe [[mariadb]]
  - Konfiguration <file|/etc/borgmatic/config.yaml>
...
location:
    # List of source directories to backup (required). Globs and
    # tildes are expanded.
    source_directories:
        - /etc
        - /home
        - /root
        - /var/log
        - /var/www
...
</file>