Security and deployment
–cloud–
–aws educate–
–ibm–
–ec2–
–dns–
–dns–
–securité–
–ssl–
–cdn–
It is interesting to know both types of deployment, Cloud or local hosting.
Part 1 – Cloud AWS
- Register on AWS Educate
- Deploy an EC2
In case you have a problem with AWS Educate, you can deploy on IBM Cloud.
Installation of PHP
- install PHP and the librairies needed to execute WordPress
sudo apt install php7.4-cli php7.4-curl php7.4-fpm php7.4-common php7.4-gd php7.4-mbstring php7.4-xml php7.4-xmlrpc php7.4-soap php7.4-intl php7.4-zip php7.4-mysql php7.4-bcmath php7.4-gd php7.4-igbinary php7.4-json php7.4-memcached php7.4-msgpack php-pear php7.4-soap php7.4-zip php7.4-readline
- test a PHP page on your server, accessing via a browser
<?php echo "hello";?>
Kinsta
Installation of MariaDB
- install mariadb
- create a user and give him-her all the privileges
- secure mariadb
mysql_secure_installation
- download adminer.php and put it in the html directory of Apache
- connect to adminer.php and create an empty database for WordPress
Deployment of the site
- zip your Zootickon site
- drop the zip in the home of your user session
- move the zip in the www/html
- unzip
- give writing rights to www-data
sudo chown -R www-data:www-data /var/www/html
- configure the logins of the database in wp-config.php
- export the tables of your database with create database and drop+create tables in a sql file
- export what you have saved with use database and truncate+insert in a sql file
- modify the php.ini of Apache to allow the download of bigger files
upload_max_filesize = 64M
- deploy the databases on mariadb
- deploy what you have saved on mariadb
DNS
Do you have a domain ?
- point the domaine on your public ip
- move the files of your site in a dedicated directory /www/zootickoon
- configure the website in Apache, etc/apache2/sites-available/zootick.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port $
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) th$
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName zootick.fr
ServerAlias www.zootick.fr
DocumentRoot /var/www/zootickoon
<Directory /var/www/frebourg/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order deny,allow
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
- activate le site
a2ensite zootick
- tes your site, in case of error, check the Apache logs
Part 2 – Local hosting
You have
- a fixed public IP adresse
- a dedicated computer of 2Go of ram or more
- a good connexion
Installation of Debian
- on a USB key, download a picture from debian
- install debian on your computer, select web server and ssh in service. Give a local IP addresse IP during the installation
- check the computer restarts on its own in case of electric power cut, the bios can be modified.
- connect to the server with mobaXterm in SSH
Installation of PHP
- install PHP and the librairies needed to execute WordPress
sudo apt install php7.4-cli php7.4-curl php7.4-fpm php7.4-common php7.4-gd php7.4-mbstring php7.4-xml php7.4-xmlrpc php7.4-soap php7.4-intl php7.4-zip php7.4-mysql php7.4-bcmath php7.4-gd php7.4-igbinary php7.4-json php7.4-memcached php7.4-msgpack php-pear php7.4-soap php7.4-zip php7.4-readline
- tester une page PHP sur votre serveur en accédant depuis un navigateur
<?php echo "hello";?>
Installation of MariaDB
- install mariadb
- create a user and give him/her all the privileges
- secure mariadb
mysql_secure_installation
- download adminer.php and drop it in the html directory of Apache
- connect to adminer.php and create an empty database for WordPress
Configuration of the network
- configure the nat of your router to allow ports 80 and 443 to be redirected towards the ip of the debian server
- test the access from your public IP, debian and your PHP page PHP must appear
Déployment of the site
- zip your Zootickon site
- drop the zip in the home of your user session
- move the zip in the www/html
- unzip
- give www-data writing rights
sudo chown -R www-data:www-data /var/www/html
- configure the logins of the database in wp-config.php
- export the tables of your database with create database and drop+create tables in a sql file
- export what you have saved with use database and truncate+insert in a sql file
- modify the php.ini of Apache to allow the dowload of bigger files
upload_max_filesize = 64M
- deploy the tables of the database on mariadb
- deploy what you have saved on mariadb
DNS
Do you have a domain ?
- point the domain on your public ip
- move the files from your site in a dedicated library /www/zootickoon
- configure the website web in Apache, etc/apache2/sites-available/zootick.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port $
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) th$
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName zootick.fr
ServerAlias www.zootick.fr
DocumentRoot /var/www/zootickoon
<Directory /var/www/frebourg/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order deny,allow
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
- activate the site
a2ensite zootick
- test your site, in case of error, check the Apache logs.
Part 3 – Speed
Check the speed of your site again.
Parti4 – Security
- test your site with https://securityheaders.com/ then improve the security by adding the headers to htaccess. Start with a Report-only that doesn’t block the content. The content security policy (CSP) is only valid for the site present where htaccess is. You can also add CSP to Apache to apply them to all the sites.
Header add Content-Security-Policy-Report-Only
- https://observatory.mozilla.org/ . This test is more advanced than the other on the CSP.
Part 5 – SSL certificate (if you have a domain name)
- Add with certbot its SSL certificate
- Test its ssl on https://www.wormly.com/
Part 6 – CDN (if you have a domain name)
CloudFlare needs an access to the DNS, it is available only if you have a configurable domain name.
- save your site on CloudFlare
- test twice in a row the speed of your website to put it in cache
- test the security of the site.