Wordpress 2023: verschil tussen versies
(→Backups) |
|||
Regel 93: | Regel 93: | ||
PASSPHRASE="XX" LANG=en_US.UTF8 LC_CTYPE=C HOME=$DIR GNUPGHOME=$DIR PYTHONWARNINGS="ignore::DeprecationWarning" \ | PASSPHRASE="XX" LANG=en_US.UTF8 LC_CTYPE=C HOME=$DIR GNUPGHOME=$DIR PYTHONWARNINGS="ignore::DeprecationWarning" \ | ||
− | + | python3 -W ignore::DeprecationWarning /usr/bin/duplicity $W $* \ | |
− | + | \ | |
− | + | -v $VERBOSE \ | |
− | + | --hidden-encrypt-key XXX \ | |
− | + | --sign-key XXX \ | |
− | + | --use-agent \ | |
− | + | --ssh-options="-i $DIR/backup.sftp -oUserKnownHostsFile=$DIR/knownhosts" \ | |
− | + | --no-print-statistics \ | |
− | + | \ | |
--include /var/www \ | --include /var/www \ | ||
--include /etc \ | --include /etc \ | ||
− | + | --include /var/lib/mysql/mysql-dump.gz \ | |
− | + | --exclude /etc/duplicity/.cache \ | |
− | + | --exclude '**' \ | |
− | + | \ | |
− | + | $T \ | |
− | + | sftp://mslwp@crimson.webweaving.org/backups 2>&1 |tee /var/log/last-duplcity-backup.new | grep -v DeprecationWarning | grep -v algorithm=hashes.SHA1 | |
− | + | mv /var/log/last-duplcity-backup.new /var/log/duplicity.log | |
− | + | mv /var/log/duplicity.log.gz /var/log/duplicity.prevlog.gz || true | |
− | + | gzip /var/log/duplicity.log || true | |
exit $? | exit $? | ||
Versie van 25 okt 2023 om 15:11
New setup for Wordpress 2023.
Standard Hetzner setup. Enable firewall. Move SSH to port 2222.
apt update apt upgrade apt install apache2 php php-mysql apt install mariadb-server mariadb-client
Then disable external access, remove anon users, etc, etc:
mysql_secure_installation
Create baseline setup with:
mysql -u root -p
And give the SQL commands:
CREATE DATABASE wordpress_db; CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'XXXX'; GRANT ALL ON wordpress_db.* TO 'wp_user'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; Exit;
Fetch the latest Wordpress and check:
cd /tmp && wget https://wordpress.org/latest.tar.gz openssl sha256 https://wordpress.org/latest.tar.gz
- Check sha256 against the Wordpress website.
cd /var/www/html tar zxf /tmp/latest.tar.gz cp -R wordpress /var/www/html rm /tmp/latest.tar.gz chown -R www-data:www-data /var/www/html/wordpress/ chmod -R 755 /var/www/html/wordpress/ mkdir /var/www/html/wordpress/wp-content/uploads chown -R www-data:www-data /var/www/html/wordpress/wp-content/uploads/
Updated the docroot to Wordpress:
vi sites-enabled/000-default.conf
Add settings to /etc/php/*/php.ini:
upload_max_filesize=128M post_max_size=128M memory_limit=256M
Backups
Backups have been set up as a variation on MTA-Backups / Duplicty. The main change is that only wordpress and its database are backed up.
The GPG key was set up with the commands:
mkdir /etc/duplicity cd /etc/duplicity export GNUPGHOME=`pwd` gpg --generate-key
Obtain key ID:
gpg --list-secret-keys
The trustee decruption key was taken from the MTA-Backups / Duplicty process and its key id also obtained:
gpg --list-keys
The standard run.sh script was adapted as per below. Note a different MySQL location (change in ubuntu) and the extra agent argument (change in gpg).
#!/bin/sh set -e umask 077 DIR=/etc/duplicity W=incremental if [ $# != 0 ]; then
W=$1 shift
fi T= if [ $W = full -o $W = incremental ];then
T=/ mysqldump --all-databases --single-transaction --quick --lock-tables=false | gzip -9 > /var/lib/mysql/mysql-dump.gz
fi # Verbose level 2 is errors and warnings; this way we skip # notices and quell all output if the backup is a success. # VERBOSE=${VERBOSE:-2}
PASSPHRASE="XX" LANG=en_US.UTF8 LC_CTYPE=C HOME=$DIR GNUPGHOME=$DIR PYTHONWARNINGS="ignore::DeprecationWarning" \ python3 -W ignore::DeprecationWarning /usr/bin/duplicity $W $* \ \ -v $VERBOSE \ --hidden-encrypt-key XXX \ --sign-key XXX \ --use-agent \ --ssh-options="-i $DIR/backup.sftp -oUserKnownHostsFile=$DIR/knownhosts" \ --no-print-statistics \ \ --include /var/www \ --include /etc \ --include /var/lib/mysql/mysql-dump.gz \ --exclude /etc/duplicity/.cache \ --exclude '**' \ \ $T \ sftp://mslwp@crimson.webweaving.org/backups 2>&1 |tee /var/log/last-duplcity-backup.new | grep -v DeprecationWarning | grep -v algorithm=hashes.SHA1 mv /var/log/last-duplcity-backup.new /var/log/duplicity.log mv /var/log/duplicity.log.gz /var/log/duplicity.prevlog.gz || true gzip /var/log/duplicity.log || true exit $?
And the crons where installed:
MAILTO=noc@makerspaceleiden.nl # monthly full, incrementals during the week. # 3 3 1 * * root test -x /etc/duplicity/run.sh && /etc/duplicity/run.sh full 3 3 2-31 * * root test -x /etc/duplicity/run.sh && /etc/duplicity/run.sh incremental # Half year retention for full; 1 months for the incrementals # 1 1 * * 1 root test -x /etc/duplicity/run.sh && /etc/duplicity/run.sh remove-all-but-n-full 6 1 2 * * 1 root test -x /etc/duplicity/run.sh && /etc/duplicity/run.sh remove-all-inc-of-but-n-full 1