-
Notifications
You must be signed in to change notification settings - Fork 9
/
ciderpress.conf
98 lines (85 loc) · 6.18 KB
/
ciderpress.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
##ciderpress configuration file##
# The options below are configuration options that need to be filled out (unless otherwise noted) for the script to run successfully. Each variable/configuration option will have an explanation as to what it is for, why it needs to be set, and valid configuration options.
# After ciderpress completes and you confirm everything is running correctly, you may delete, or store this file somewhere safe.
##wp_basedir##
# sets the directory where you would like wordpress to be installed.
# Do not place any trailing slashes (/) at the end of the desired directory path. Must be an absolute path
# default setting: /var/www/html/wordpress
wp_basedir=/var/www/html/wordpress
##wp_db_user##
# sets the wordpress database user's username.
# default setting: wpdba
wp_db_user=wpdba
##wp_database_name
# sets the name of the database where wordpress will live.
# generally speaking, changing the name of the database makes it much harder for attackers to use automated sql injection attacks, due to presumptions security tools use to automate such attacks.
# yeah, its security by obscurity, but security is a journey, not a destination, and you wanna fill that road with caltrops and snares.
# default setting: wpblogdb
wp_database_name=wpblogdb
##wp_mysql_password##
# sets the password for the wordpress mysql account. Put your password inside the single quotes
# Because shell scripts are squirrely, make this password alphanumerics only. something like 20+ characters should be good.
# If you wanna change the password in this file later:
# mysqladmin -uwpdba -p[password here] password
# default setting: 'AH4wPwU7YrTVuTP9UwsnmC35a'
# this should go without saying, but for god sake, change the default password.
# and PLEASE consider saving your password to a password manager or notebook or something.
wp_mysql_password=AH4wPwU7YrTVuTP9UwsnmC35a
##wp_site_admin##
# sets the admin username when you attempt to log in to wp-login.php/wp-admin
# default setting: wp_admin
wp_site_admin=wp_admin
##wp_site_password##
# sets the password for the wordpress site admin
# follow the same rules that I laid out for the wp_mysql_password setting (e.g. avoid special characters, make it a long password, use a password manager, change it later if you want)
# default setting: '7JPZQahR8C9SxX6bUvpfZgyC3'
# this should also go without saying, but please change this password.
wp_site_password=7JPZQahR8C9SxX6bUvpfZgyC3
##wp_hostname##
# sets the server_name parameter in the nginx site config
# also sets the WP_SITEURL and WP_HOME parameters, which are EXTREMELY important for reaching your website.
# make sure that this is a fully qualified domain name (e.g. www.example.com, www.toteslegit.edu, etc.)
# If you need a domain name, consider signing up for freenom, or using a dynamic DNS provider.
# You can also /probably/ use an IP address here and you'll be okay.
# note: you will only be able to vist your blog via IP address unless you modify the site url and home in the wp-admin general settings for your wp blog.
# default setting: www.example.com
# you will DEFINITELY need to change this.
wp_hostname=www.example.com
##use_letsencrypt##
# If set to 1, we grab the acme.sh shell script, run it in nginx mode, and assuming successful completion, take the key and cert files and drop them into /etc/nginx/ssl with restricted file permissions.
# If its set to anything else, generate a key and self-signed cert.
# please be aware that the wp_hostname setting above is used for the CN of the self-signed cert. Its important that this CN field and the domain name/site url for your blog all matches up.
# Sure crypto nerds and privacy enthusiasts will scream that self-signed certs are the devil, but who cares.
# Please note that if you want a letsencrypt SSL cert, your wp_hostname MUST be set to a fully qualified domain name. I'm not sure if dynamic DNS domains work, but you can certainly try.
# default setting: 1
use_letsencrypt=1
##max_upload##
# sets the maximum upload size in three different locations:
# client_max_body_size in the wordpress site config, as well as upload_max_filesize, and post_max_size in /etc/php/?.?/fpm/php.ini
# nginx supports appending "g" to the end of the client_max_body_size number to denote gigabytes (e.g. client_max_body_size 1g;)
# however I can't find anything that seems to imply that the php.ini file supports using 'g' to denote gigabytes.
# I recommend expressing this number as a variable with an 'M' for megabytes (e.g. 10M for 10 megabytes, 100M for 100 megabytes, 1024M for 1 gigabyte, etc.)
# default setting: 10M
max_upload=10M
##update_automation##
# if set to 1, installs the updater shell script to /root/adm_scripts, and configures a cron job in /etc/crontab to run at 5am once weekly on Mondays.
# this script reboots the system after updating. So if a reboot at 5am once weekly is not agreeable, either you can modify /etc/crontab yourself, or set update_automation to 0.
# hint: crontab.guru will help you set up crontab entries.
# default setting: 1
update_automation=1
##backup_automation##
# if set to 1, installs backup script to /root/adm_scripts, and configures a cron job in /etc/crontab to run at 5:30am once weekly on Mondays.
# This script will run mysqldump against the wordpress database name you specified, copy the wordpress install directory you specify,
# compress them together in a tarball, store it in /opt/bkups (owned by root, with visibility only available to the root user/group (770 /opt/bkups, 660 backup.tar.gz)
# If thats not a good time, either edit /etc/crontab manually, or set backup_automation to 0
# default setting: 1
backup_automation=1
##backup_trimming##
# if set to 1, installs a script to /root/adm_scripts, and configures a cron job in /etc/crontab to run at 6am once weekly on Mondays.
# this script simply runs find against /opt/bkups and looks for any files that are over 90 days old with the -delete flag.
# This effectively trims your old backups automatically to prevent old backups from consuming all the disk space.
# not a good time for this to run? edit /etc/crontab.
# 90 days not enough time? edit the "mtime" parameter in /root/adm_scripts/bkup_trimmer.sh
# don't want automated backup trimming at all? set back_trimming to 0
# default setting: 1
backup_trimming=1