ITCooky Recipes

First, you need to buy a domain ( name .com – name second-level domain in the zone com) from any Domain Registrar, not an intermediary, by buing it you must become it domain administrator! Previously, in the days of the savage squatters, the best names were already taken and they extorted money for them. But these dark times are now over, domain registrars are officially doing the same thing: all the best names have already been captured, and when you try to buy them, they say this is a VIP domain or auction domain, which means thay will sell it only when you pay a lot of money. The rest of the domain names of the second level have a stable purchase and renewal price, different in different areas.

ou also need to buy a VPS, that is, a server on Linux where you will also be the system administrator! How to configure VPS from scratch, I already wrote here How to move a WordPress website, with the phpBB forum, to the new RUVDS server with everything and letsencrypt, http2!. In this article I will assume that the VPS is already configured (nginx (with http2), php-fpm, MySQL, Let’s Encrypt), you just need to add a new website to it!

How to set up a domain name
Well, domain was bought at the Registrar. All additional offers were rejected: parking, SSL certificates, protection against the evil eye and godzilla attack. All you need to accept is the DNS of the domain registrar. You have to edit the MX records in it. This is done through the domain administrator’s personal account on the domain registrar’s website.

Must be added A records in which we indicate the IP of your VPS server and your domain – in my case artmundo.ru

artmundo.ru.	A				195.133.197.61

This record means that if the DNS is asked to give artmundo.ru it will send it to the IP of our VPS.
But if they ask for www.artmundo.ru it will not send it anywhere, for this it is necessary to add

www.artmundo.ru.	A				195.133.197.61

All DNS servers on the planet can take 24 hours to assume this information. Or maybe just an hour!

Initial site setup for nginx
We connect to the VPS via SSH

In the folder where I have the nginx settings, I make a file
vi /etc/nginx/conf/conf.d/newsite.conf
code

server {
    listen       80;
    server_name artmundo.ru www.artmundo.ru;
    location / {
        root   /usr/local/www/artmundo.ru;
        index  index.php index.html index.htm;
    }
 
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/local/www/artmundo.ru;
    }
 
 
    location ~ \.php$ {
        root           /usr/local/www/artmundo.ru;
        fastcgi_pass   unix:/var/run/php.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
 
    location ~ /\.ht {
        deny  all;
    }
}

In this line we write to what name the site will respond

server_name artmundo.ru www.artmundo.ru;

And everywhere you write the path to the folder with your files.

Create a folder
mkdir /usr/local/www/artmundo.ru
you have to put the file of the nginx examples here – index.html – in it

You have to restart nginx
service nginx restart
Although it would be possible to simply re-read the configuration, but when you restart the errors are better noticed
service nginx reload

We go to Chrome and try to open our site. You can try it in FireFox, but it has wild caching, even CTRL-F doesn’t help refresh everything so it’s not for testing.

If we see that everything is fine

Everything is fine, but the web browser has marked the site as “Not safe” – everyone with no IT experience will be distressed with that and those with it will be simply scared!

Installation of SSL Let’s Encrypt certificates and https
A very handy little thing, all the IT giants have already started discriminating against websites for their absence, but none of the big ones offered it as a free standard service. Many thanks to Let’s Encrypt for doing so!

Everything we need for Let’s Encrypt is already installed, so I run

You can indicate the mail in the command so that it receives warnings that it is time to renew the certificate, adding
--email meganus@itcooky.com
I do it without it

/usr/local/src/certbot-auto certonly --webroot --agree-tos -w /usr/local/www/artmundo.ru -d www.artmundo.ru -d artmundo.ru
The command contains two domains, this is important
artmundo.ru www.artmundo.ru

We receive in response

 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/artmundo.ru/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/artmundo.ru/privkey.pem
   Your cert will expire on 2020-12-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Everything is fine, good job I even donated them when I had money!

Now we need to make new configs for nginx. SSL certificates give us access to the site through the secure https protocol

The first setting throws everyone who came through http to https, it also throws everyone who entered the site without www to www.
In the folder where I have the nginx configurations, I make a file of this type

vi /etc/nginx/conf/conf.d/newsite.conf
code

server {
    listen 80;
    server_name artmundo.ru www.artmundo.ru;
    return 301 https://www.artmundo.ru$request_uri;
access_log  off;
}

The second configuration gives https on port 443 to which everything is now redirected
In the folder where I have the nginx configurations, I make a file of this type
vi /etc/nginx/conf/conf.d/newsitehttps.conf
code

server {
listen       443 ssl http2;
    server_name www.artmundo.ru artmundo.ru;
    ssl_certificate /etc/letsencrypt/live/artmundo.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/artmundo.ru/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/artmundo.ru/chain.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Content-Security-Policy "img-src https: data:; upgrade-insecure-requests";

 
access_log  off;

root   /usr/local/www/artmundo.ru;


location / {
        index  index.php index.html index.htm;
}

error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;  

location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php.sock; 
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors on;
        include        fastcgi_params;
}

location ~ .(gif|png|jpeg|jpg|svg)$ {
     valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.yandex. artmundo.ru *.artmundo.ru;
     if ($invalid_referer) {
        return   403;
    }
}

location ~ /\.ht {
        deny  all;
    }
}

We reread the nginx configuration and look at
service nginx reload

There is a result, we did not do anything on the site, the site did not improve, but Chrome already trusts us, and all other browsers do too!

Let’s Encrypt certificates are valid for 90 days, renewable 30 days before expiration. This process should be automated, we will request an update a couple of times a month.

add to
crontab -e
line

37 18 4,13,22 * * /usr/local/src/certbot-auto renew -q&&/usr/sbin/service nginx reload

three days a month 4,13,22 will try to renew the certificates

Useful nginx settings
Here you can specify which page will show nginx on different errors. You can create your own beautiful error pages!

error_page 404 /404.html;

This does not allow direct links to images on our website. Useful for reducing resource consumption.
Here you need to list which sites can be link photos, for example google for image search to work, well you need to specify your site as well otherwise it won’t allow it!

location ~ .(gif|png|jpeg|jpg|svg)$ {
     valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.yandex. artmundo.ru *.artmundo.ru;
     if ($invalid_referer) {
        return   403;
    }
}

Prohibits issuing files starting with .ht by external requests (eg htaccess, htpassword), maybe out of date that but useful

location ~ /\.ht {
        deny  all;
    }

Some php scripts need URL redirection; this becomes apparent when a 404 error is generated and the link appears to be normal.
This can be corrected by specifying who where to do it

location /phpbb/app.php {
                try_files $uri $uri/ /phpbb/app.php?$query_string;
        }

We install WordPress
Download WordPress
wget https://wordpress.org/latest.tar.gz
we unarchive
tar -xvf latest.tar.gz
and we put everything that was in the wordpress folder here /usr/local/www/artmundo.ru

Change permissions on folders and files
chmod -R 755 /usr/local/www/artmundo.ru/wp-content
chown -R nginx:nginx /usr/local/www/artmundo.ru/

We are going toMySQL
mysql -u root -p
We make a user, a base, we establish a password. One name for all wpartmun
CREATE DATABASE wpartmun;
CREATE USER 'wpartmun'@'localhost' IDENTIFIED BY 'QWErty123!';
GRANT ALL PRIVILEGES ON wpartmun.* TO 'wpartmun'@'localhost';
ALTER USER 'wpartmun'@'localhost' IDENTIFIED WITH mysql_native_password BY 'QWErty123!@#';
exit

Now we go to the site

On the first page, an installation window appears and there you must enter the name of the database, user, password. It will output a file with settings, wordpress won’t be able to write it, you need to create a file
vi /usr/local/www/artmundo.ru/wp-config.pfp
with the text of this configuration.
After that you have to continue with the installation on the website – it will ask to create the administrator name and password

And it’s ready

You can enter the administration panel at
www.artmundo.ru/wp-admin/

Useful plugins for WordPress
Classic Editor
The fifth WP has an amazing and innovative post editor. If you are still not used to it, and it is impossible to get used to it, you can return everything as it was before with this plaguin!

Site Kit от Google
The official Google plugin to see all Google statistics on your site, all in one place!

reCaptcha by BestWebSoft
Protection against spammers: seems to work, the number of spam comments decreased by 99%!

Auto Post Thumbnail
Take a post photo automatically from the first photo if not set manually

Yet Another Related Posts Plugin (YARPP)
Add a list of similar posts to a post, it works fine, better than others

There are three themes that come with WordPress, the new ones can be found right away from the admin panel, just like with the palugins.

Well that’s it, now the author can fill their site with content!

Рубрика PC recepi

---