ImmersedInDetail

Tag: NGINX

  • How to setup a secure WordPress site in a docker container in OMV

    I have a home server where I use OMV in for various purposes. In the recent years, I tried to setup a WordPress site numerous times. Whenever I tried I had a problem setting a secure site using nginx. Recently, I tried one more time, spent a lot hours and I didn’t give up. Eventually, I was successful. Whenever I was stuck, I searched the internet to find a solution. There are similar setup guides online however none of them worked for me as out of box. In this post, I explain step-by-step what to do to have a secure WordPress website.

    Steps

    1. Create containers
    2. Forward ports
    3. Modify default in site-conf
    4. Restart swag

    Create a docker file as below. We need maria mysql database and swag modules in the file. 

    services:
  db:
    image: mariadb:latest
    container_name: db
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=wordpress
      - MYSQL_USER=${DB_USER}
      - MYSQL_PASSWORD=${DB_PASS}
      - TZ=${TIME_ZONE_VALUE}
      - PUID=${APPUSER_PUID}
      - PGID=${APPUSER_PGID}
    volumes:
      - ${PATH_TO_APPDATA}/wordpress/mysql:/var/lib/MySQL

  swag:
    image: linuxserver/swag:1.26.0-ls123
    container_name: swag
    cap_add:
      - NET_ADMIN
    restart: always
    volumes:
      - ${PATH_TO_APPDATA}/wordpress/swag:/config
      - ${PATH_TO_APPDATA}/wordpress/core:/var/www/html
    environment:
      - EMAIL=contact_email
      - URL=your_domain
      - SUBDOMAINS=www
      - VALIDATION=http
      - CERTPROVIDER=zerossl
      - TZ=${TIME_ZONE_VALUE}
      - PUID=${APPUSER_PUID}
      - PGID=${APPUSER_PGID}
    ports:
      - "444:443"
      - "81:80"

    wget https://WordPress/

    Your default site config should look like this:

    # redirect all traffic to https
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

# main server block
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    root /var/www/html;
    index index.html index.htm index.php;

    server_name _;

    # enable subfolder method reverse proxy confs
    include /config/nginx/proxy-confs/*.subfolder.conf;

    # all ssl related config moved to ssl.conf
    include /config/nginx/ssl.conf;

    # enable for ldap auth
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    client_max_body_size 0;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        try_files $uri $uri/ /index.html /index.php$is_args$args;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
}