pothi / wordpress-nginx

WordPress specific Nginx configuration templates and best practices!
https://www.tinywp.in
MIT License
397 stars 82 forks source link

About Rocket-nginx. #20

Closed cheonmux closed 5 years ago

cheonmux commented 5 years ago

Hi,

If I use WIB or Wordpress-nginx, is it okay to not use Rocket Nginx? Also I am using Woocommerce, and is it okay to use it as it is without any additional setting?

Thank you.

pothi commented 5 years ago

Yes, it is okay not to use Rocket Nginx repo. Rocket Nginx just makes things a bit easier to generate the configuration files by generating them automatically. In this repo, the configuration files are split over multiple files and directories. So, everything has to work together, but have the flexibility to change or tweak the setting further.

Yes, you may use this repo or Rocket Nginx without any additional settings for Woocommerce.

cheonmux commented 5 years ago

Hi, I appreciate your kind reply.

I also installed Wp In Box and am using it and I have a few questions with it.

1) Does Redis plugin need to be installed on Redis Object Cache plugin to use Redis Cache? Or is it okay without any plugin?

2) Can I choose a PHP version for installation? I checked file php-installation.sh but could not find out how to change it to 7.2.

3) I logged in Terminal through system_admin, changed to Root authorization, made WP directory and gave www-data authorization, but a window that requests for FTP authorization shows up when installing theme or plugin. Which authorization should I give to stop this window from showing up?

Thank you.

pothi commented 5 years ago

1 - We need any one WP object cache plugin based on Redi to make use of redis for WP. Redis would be still used by the server to store sessions (from what I remember). Apart from what you mentioned, other plugins work too. Here's an example list of plugins based on redis... https://wordpress.org/plugins/tags/redis/ . All may not be object cache plugins.

2 - Most clients do not care about the routine maintenance of the server. So, I kept the PHP version that comes with the OS that usually supports that built-in PHP version for longer time than the official PHP version. So, I don't plan to change it to install a third-party repo to have the latest version of PHP. If you wish to install the latest PHP, such as PHP 7.2, you may choose the OS that comes with that particular version (such as Ubuntu 18.04 for PHP 7.2) or choose a third-party repo such as Ondrej PPA to install the latest version of PHP. Actually, I've made it bit easier, if you have bootstrapped the server using WP In a Box repo. Install the Ondrej PPA and then use https://gist.github.com/pothi/873bc7e95843605ad51f6365f439b9a7 to install whatever version supported by Ondrej. I hope that helps.

3 - You may use system_admin user only to use administer the system (as root for example). For everything related to WP, please use web_developer username. You can check the usernames and their passwords at /root/.envrc file. I plan to improve the documentation in the near future. So, sorry about the lack of documentation at the moment. Basically, PHP runs as web_developer user. Nginx runs as www-data or as simply as nginx. We should never give www-data or nginx to make changes to WP directory. So, please change the permissions to web_developer user.

There are only two users in the server. 1. system_admin user 2. web_developer user. System admin is meant for system admin activities, such as creating a new database (for WordPress) or for creating vhost entry in Nginx. Web developer would never touch the server on normal circumstances. So, web_developer user has the permission to modify only the WP related files. If you are a full-stack developer or a single user who handles everything for your client, then switch between these two users as and when required. I know it may seem complex at first. But, you'd appreciate this structure once you start working with a team of web developers who may just need SFTP and MySQL login details to work on the site.

cheonmux commented 5 years ago

Hi, Your instruction has helped me resolve most of my issues, but I still have trouble with my authorization on SFTP. Though I have tested by web and sys, I can neither upload a file nor create a folder due to the authorization problem(Root). Could you let me know which account I should use to log in? Thank you.

pothi commented 5 years ago

Hello,

For SFTP, please use the username starting with web_.

For SSH, please use the other (sys). You'd always type sudo -i or sudo su - after logging in as `sys` user, as there is nothing to do with this user alone.

If you can not upload or create a folder as SFTP user (web_), either the permissions are incorrect or you are trying to upload to the top-most directory (/home/web) of the SFTP user. This is not possible due to the limitations of built-in SFTP. The built-in SFTP requires the home directories to be owned by root user. You can not circumvent this limitation using ACL or by any other means. That's why most directories that are required by most use-cases are created by default when SFTP user is created at first using /etc/skel. Ref: https://github.com/pothi/wp-in-a-box/blob/master/scripts/linux-tweaks.sh#L32-L38 . If you wish to upload directories and files into the top-most directory of the SFTP user, then there are a few options...

  1. Create the directories and (empty) files manually as root and then change the permissions to the SFTP user (like mkdir /home/web/mydir && chown web_xyz /home/web/mydir.

  2. Convert SFTP user into SSH user by removing SFTP user from the group web and then updating the permission of /home/web from root to web_ user. Please know that this assumes you are the only user in the entire server. If you are going to share the credentials to another web developer, then he or she'd be able to see all the directories of the server, as SSH users do not have much limitation as SFTP users. SFTP users can be limited to $HOME. With SSH users, it is not easy. In such situations, the following option is recommended.

  3. Use some alternative SFTP/SSH implementations such as https://github.com/mysecureshell/mysecureshell that offers both SFTP / SSH without this particular limitation (of not able to upload files / folders into user's $HOME ).

I hope this has helped to resolve most issues.

Since, you've used this repo and WP in a box repo, would you mind sharing your feedback by answering the following questions?

  1. Earlier, I was using the prefex sftp_ and ssh_ to distinguish SFTP user and SSH user. What naming scheme do you prefer for SFTP and SSH user? Would you prefer the current naming scheme for prefix like web_ and sys_ or sftp_ and ssh_ or something entirely different?

  2. Any other feedback (apart from improving the documentation that I'd be working on improving in a few hours from now).

Providing feedback is completely optional. I already learned a few things to change / improve after what you've gone through so far.

Thanks.

pothi commented 5 years ago

Hello,

I'd like to close this issue, as we discussed the actual issue in length and there is no further reply from you for a long time. Also, the title of the issue may be misleading for others.

Thanks, Pothi.