This is how I did it – there may be better ways, but this one is mine.<\/p>\n\n\n\n
Lockdown: Uncomment lines from \/etc\/php\/php.ini: Uncomment line from \/etc\/php\/conf.d\/imagick.ini: https:\/\/wiki.archlinux.org\/title\/Apache_HTTP_Server More lockdown! https:\/\/wiki.archlinux.org\/title\/PHP https:\/\/wiki.archlinux.org\/title\/Apache_HTTP_Server Setup backup user: Make swap a last resort: For each site: Open ports 80, 443 for usage: Setup SSL: Final touches: This is how I did it – there may be better ways, but this one is mine. ln -s \/usr\/bin\/vim \/usr\/bin\/vivi \/etc\/pacman.conf #Enable Parallel downloadspacman -Sypacman -Su Lockdown:iptables -N my-ipsiptables -A my-ips -s IP\/32 -p tcp -j ACCEPTiptables -A my-ips -j RETURNiptables -A INPUT -p tcp -j my-ipsiptables -A INPUT -i lo -j ACCEPTiptables -A … Continue reading LAMP Stack on Arch<\/span> ln -s \/usr\/bin\/vim \/usr\/bin\/vi
vi \/etc\/pacman.conf #Enable Parallel downloads
pacman -Sy
pacman -Su<\/code><\/p>\n\n\n\niptables -N my-ips
iptables -A my-ips -s IP\/32 -p tcp -j ACCEPT
iptables -A my-ips -j RETURN
iptables -A INPUT -p tcp -j my-ips
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -j DROP
iptables -A OUTPUT -j my-ips
iptables -A OUTPUT -o lo -j ACCEPT<\/code><\/p>\n\n\n\npacman -S --needed base-devel apache mariadb mariadb-clients php php-fpm php-gd php-intl imagemagick php-imagick<\/code> git wget<\/code><\/p>\n\n\n\nextension=exif
extension=gd
extension=iconv
extension=intl<\/code><\/p>\n\n\n\nextension = imagick<\/code><\/p>\n\n\n\n
1, 2.4, 3.1, 3.1.3
tested phpinfo, and worked<\/p>\n\n\n\npacman -S logwatch fail2ban<\/code>
config fail2ban, enable, start
setup iptables-save timer and service, enable and start timer
setup wordpress update bash script, execute parts needed for now<\/p>\n\n\n\nmariadb-install-db --user=mysql --basedir=\/usr --datadir=\/var\/lib\/mysql
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation<\/code><\/p>\n\n\n\n
4.1, 4.2, 4.5systemctl restart php-fpm<\/code><\/p>\n\n\n\npacman -S certbot certbot-apache<\/code><\/p>\n\n\n\n
2.3 except the Include<\/p>\n\n\n\nmysql -u root -p
MariaDB> GRANT SELECT, LOCK TABLES ON .<\/em> TO 'backup_user'@'localhost' IDENTIFIED BY '###';MariaDB> <\/code>FLUSH PRIVILEGES;<\/code>MariaDB> EXIT<\/code><\/p>\n\n\n\nsysctl vm.swappiness=1<\/code><\/p>\n\n\n\n
Restore from backups
create database and grant privileges for wp_usermysql -u root -p
MariaDB> CREATE DATABASE wordpress;
MariaDB> GRANT ALL PRIVILEGES ON wordpress.* TO \"wp-user\"@\"localhost\" IDENTIFIED BY \"choose_db_password\";
MariaDB> FLUSH PRIVILEGES;
MariaDB> EXIT
cp -R \/backups\/uncomp*\/www\/site \/srv\/http\/
chown -R http:http \/srv\/http\/site
mysql -u wp_user -p database < backup.sql
create new section in \/etc\/httpd\/conf\/extra\/httpd-vhosts.conf
systemctl restart httpd<\/code><\/p>\n\n\n\n
iptables -I INPUT 3 -p tcp -m tcp –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 4 -p tcp -m tcp –dport 443 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT<\/p>\n\n\n\n
certbot<\/p>\n\n\n\n
setup wordpress update script, timer, and service
setup webbackups script, timer, and service
setup certbot renewal timer and service<\/p>\n","protected":false},"excerpt":{"rendered":"