Wordpress環境簡易デプロイツール
当ツールは、Dockerを用いて簡易的にWordPress環境を立ち上げるスクリプトツールです。
- デモ画像等後程記載を予定
- Wordpress:latest
- mysql:5.7
- nginx:latest
- certbot/certbot:latest
- Device: MacBook Air (2020)
- Operating System: macOS Sonoma 14.5
- Browser: Google chrome Version 126.0.6478.127
- git clone https://github.com/makoto-kamimura/docker_wordpress.git
- cd ./docker_wordpress/
- sudo docker-compose down -v && sudo docker-compose build && sudo docker-compose up -d
- "localhost:8000" をブラウザにて入力/実行
- Wordpressにおける初期設定の後、Note内の各種セキュリティの強化を実施
-
ドメイン自動更新の設定
- sudo vi docker-compose.yml
- example.com を別途取得したドメイン名に変更
- :%s/example.com/makoto-kamimura.com/g
- esc
- :wq
- sudo docker-compose down certbot && sudo docker-compose up -d certbot
-
証明書発行用のディレクトリ/ファイルを作成
- sudo sh -c 'echo "<title>Welcome to my site</title>" > ./nginx_data/html/index.html'
- sudo chmod -R 755 ./nginx_data/html
- sudo cp ./nginx_conf/conf.d/default.conf ./nginx_data/conf.d/default.conf
- sudo vi ./nginx_data/conf.d/default.conf
- example.com を取得したドメイン名に変更
- :%s/localhost/makoto-kamimura.com/g
- esc
- :wq
- example.com を取得したドメイン名に変更
- sudo docker-compose down nginx && sudo docker-compose up -d nginx
- もしくは下記
- sudo docker-compose exec nginx nginx -s reload
- もしくは下記
-
Certbotで証明書を取得
- sudo docker exec -it docker_wordpress_certbot_1 sh
- certbot certonly --webroot --webroot-path=/usr/share/nginx/html -d makoto-kamimura.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): m.kamimura.apple@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Requesting a certificate for makoto-kamimura.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/makoto-kamimura.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/makoto-kamimura.com/privkey.pem This certificate expires on 2024-10-11. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - exit
-
default.confファイルを編集
- sudo cp ./nginx_conf/conf.d/default.conf.public ./nginx_data/conf.d/default.conf
- sudo vi ./nginx_data/conf.d/default.conf
- example.com を取得したドメイン名に変更
- :%s/example.com/makoto-kamimura.com/g
- esc
- :wq
- example.com を取得したドメイン名に変更
-
証明書利用の反映
- sudo docker-compose down nginx && sudo docker-compose up -d nginx
- もしくは下記
- sudo docker-compose exec nginx nginx -s reload
- もしくは下記
- sudo docker-compose down nginx && sudo docker-compose up -d nginx
- プライベートキーの発行
- openssl genpkey -algorithm RSA -out ./nginx_data/certs/privkey.pem -pkeyopt rsa_keygen_bits:2048
- 証明書署名要求 (CSR) の作成
- openssl req -new -key ./nginx_data/certs/privkey.pem -out ./nginx_data/certs/cert.csr
- Common Name (e.g. server FQDN or YOUR name)には、localhostと入力
- openssl req -new -key ./nginx_data/certs/privkey.pem -out ./nginx_data/certs/cert.csr
- 自己署名証明書の作成
- openssl x509 -req -days 365 -in ./nginx_data/certs/cert.csr -signkey ./nginx_data/certs/privkey.pem -out ./nginx_data/certs/fullchain.pem
- nginx_data/conf.d/default.confファイルの置換
- cp ./nginx_conf/conf.d/default.conf.local ./nginx_data/conf.d/default.conf
- 証明書の反映
- docker-compose down && docker-compose up -d
sudo chown -R www-data:www-data ./wordpress/wordpress_data/wp-content/uploads
a. "functions.php" を編集
function maintenance_mode() {
if (!current_user_can('edit_themes') || !is_user_logged_in()) {
wp_die('当サイトはメンテナンス中です。');
}
}
add_action('get_header', 'maintenance_mode');
b. "LightStart – Maintenance Mode, Coming Soon and Landing Page Builder" プラグインの利用
a. ".htaccess" を編集
<Files wp-login.php>
order deny,allow
deny from all
allow from xx.xx.xx.xx
</Files>
b. "WPS Hide Login" プラグインの利用
- ".htpasswd" を作成
- ユーザー名とパスワードの生成 ※
- ファイルの配置
- /home/username/.htpasswd ※
- ".htaccess" を作成
- "wp-admin" ディレクトリにファイルを配置
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/.htpasswd # "1.2."のディレクトリを記述
require valid-user
a. "Wordfence Security" プラグインの利用 * https://www.wordfence.com/ * 自動更新有効化を推奨 1. sudo chmod 755 ./wordpress/wordpress_data/wp-content 2. sudo chmod 755 ./wordpress/wordpress_data/wp-content/wflogs 3. sudo chown -R www-data:www-data ./wordpress/wordpress_data/wp-content/wflogs
a. サーバーログ解析 a. リバースプロキシのログ i. tail -f log_data/nginx_logs/access.log ii. tail -f log_data/nginx_logs/error.log b. Wordpressのログ i. tail -f log_data/wordpress_logs/access.log ii. tail -f log_data/wordpress_logs/error.log iii. tail -f log_data/wordpress_logs/other_vhosts_access.log c. ログ解析ツールの利用 i. AWStats ii. Webalizer * sudo docker-compose exec webalizer webalizer /logs/access.log
b. "Google Analytics" プラグインの利用 *
c. "Jetpack" プラグインの利用 *
d. "WP Statistics" プラグインの利用 *
This system is MIT licensed.