WordPress Server Setup, Part II

It is found that the Amalinux is not too stable. The Server setup is redo on Ubuntu. After opened a ticket for the re-installation, it took Racknerd less then half hour to complete. Quite impressive!

Install essential componets

packages: sudo, nvim, htop, python3, ufw, tmux, restic, rclone, tar, pigz, p7zip,

sudo apt update && sudo apt upgrade -y
sudo yum install neovim htop python ufw tmux restic rclone tar pigz p7zip

Hardening

Some minor change has been applied for hardening the security

Add new user and grant with sudo right
Reuse the ssh key previously generated
Disable root and password login
Activate firewall (ufw)
Setup up additional acl for allowing 22/tcp, 80/tcp and 443/tcp

sudo useradd [userid]
sudo usermod -aG sudo $USER
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp

Config docker group

Config environments for easy usage
Create new group docker and dd non root user to the group

sudo groupadd docker
sudo usermod -aG docker $USER

Set up the repository

sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Create docker network bridge

docker network create --driver=bridge --subnet=172.100.156.0/24 --gateway=172.100.156.1 docker-net

docker compose for Wordpress + Mysql

version: "3.9"
services:
  db:
    image: mysql:5.7
    container_name: wp-db  
    volumes:
      - ./db_data:/var/lib/mysql
    restart: always
    networks:
      wp-net:    
    environment:
      MYSQL_ROOT_PASSWORD:  [secret password] 
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    container_name: wp-app
    volumes:
      - ./wordpress:/var/www/html
      - ./plugins:/var/www/html/wp-content/plugins
    networks:
      wp-net:
      priv-lan:
        ipv4_address: 172.100.156.10  
    restart: always
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_DB_NAME: wordpress

networks:
  wp-net:
  priv-lan:
    external:
      name: docker-net

docker compose for Nginx Proxy Manager

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: npm-app
    restart: unless-stopped
    networks:
      priv_lan:
        ipv4_address: 172.100.156.2 
    ports:
      - '80:80'
#     - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

networks:
  priv_lan:
    external:
      name: docker-net

docker network (docker-net)

container	ip addr	port
wp-app	172.100.156.10	80
npm	172.100.156.2	80,443,81