Linux

РЕД ОС v8 основан на ред Red Hat v12. Пакеты черед dnf

Сайты хранятся в var/www/html ???сразу выдать права для nginx и по умолчанию для всех новых

выдача прав на всякий случай

chmod -R 0700 /var/lib/samba/private/*

Файлы nginx в etc/nginx. Для конфигов сайтов создаем папку sites-available, ее же инклудим в основном конфиге. Возможно общие конфиги для ВП можно вынести еще куда то отдельно

Nginx

systemctl stop nginx
systemctl start nginx
systemctl restart nginx
#после того как пхп установлено
systemctl restart nginx php-fpm
systemctl enable nginx php-fpm

chcon -R -t httpd_sys_rw_content_t /var/www/
chown -R nginx:nginx /var/lib/php/

нижнее сомнительно
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_network_connect 1

в конфиге пхп фпм
listen.acl_users = nginx,apache

после создания папок делаем ссылку
sudo ln -s /etc/nginx/sites-available/road-to-rarus /etc/nginx/sites-enabled/

эту хрень в html конфига нгинкс в начало
client_max_body_size 200M;

PHP

dnf install php81-release
dnf clean all
dnf makecache
dnf update php*
dnf install -y php php-cli php-common php-fpm php-mysqlnd php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-date php-exif php-filter php-ftp php-gd php-hash php-iconv php-json php-libxml php-pecl-imagick php-mbstring php-mysqlnd php-openssl php-pcre php-posix php-sockets php-spl php-tokenizer php-zlib php-zip php-intl
php -v

Правим конфиг php-fpm А ВОТ ЭТО ВОПРОС КОНЕЧНО

kwrite /etc/php-fpm.d/www.conf #под рутом
user = nginx
group = nginx 
проверить нижнее
listen = /run/php-fpm/www.sock

Composer

curl -sS https://getcomposer.org/installer -o composer-setup.php
php composer-setup.php --install-dir=/usr/local/bin --filename=composer

SSL/TLS

dnf install certbot python3-certbot-nginx

certbot -nginx -d linuh-second.viro35.ru -register-unsafely-without-email

MySql

dnf install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb.service
mysql_secure_installation #че это за хрень выяснить

К основному линку добавляем

$link->set_charset('utf8mb4');
# если PDO через DSN $dbh = new PDO('mysql:host=...;charset=utf8mb4');

При создании схемы ставим utf8mb4

Проверить что за кодировка можно командой

SHOW CREATE TABLE table_name

WordPress

В конфиге добавляем в конец

define("FS_METHOD", "direct");

В консоли под рутом

setenforce 1 #вкл/выкл SELinux местную защиту (должна работать)

#Возможно нужно но не факт (это для апача, так что хз...)
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/mywebsite(/.*)?"
restorecon -Rv /var/www/mywebsite
#если не помогло с доступом к файлам то... 
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_network_connect_db 1

Настройка WP в nginx

##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
server {
        listen 80;
        root /var/www/mywebsite;
        server_name mywebsite.com www.mywebsite.com;      # Set valid & correct domain
	access_log /var/log/nginx/mywebsite_access.log;   # Configure access log file
	error_log /var/log/nginx/mywebsite_error.log;     # Configure error log file

	location / {
    		index                               index.php index.html;
    		try_files                           $uri $uri/ /index.php?$args;
	}

#############
# Specify a charset
############
        charset                         utf-8;

############
# GZIP
###########

        gzip                            on;
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types image/svg+xml text/plain  text/xml text/css text/javascript application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf;

############
# this prevents hidden files (beginning with a period) from being served
############

location ~ /\. {
        access_log                      off;
        log_not_found                   off;
        deny                            all;
}

###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########

        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log                      off;
        log_not_found                   off;
        expires                         max;
}

############
# Pass uploaded files to wp-includes/ms-files.php.
############

#       rewrite                         /files/$ /index.php last;

if ($uri !~ wp-content/plugins) {
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
}


############
# Pass all .php files onto a php-fpm or php-cgi server
############

location ~ \.php$ {

        # Try the files specified in order. In our case, try the requested URI and if
        # that fails, try (successfully) to pass a 404 error.
        # zero day exploit defense

        try_files                       $uri =404;

        # Include the fastcgi_params defaults provided by nginx

        include                         /etc/nginx/fastcgi_params;

        # The amount of time for upstream to wait for a fastcgi process to send data.
        # We keep this *extremely* high so that one can be lazy when remote debugging.

        fastcgi_read_timeout            3600s;

         # Buffer size for reading the header of the backend FastCGI process.
        # This defaults to the value of a single fastcgi_buffers, so does not
        # need to be specified in our case, but it's good to be explicit.

        fastcgi_buffer_size             128k;
	fastcgi_connect_timeout 3s;
	fastcgi_send_timeout 120s;
	fastcgi_temp_file_write_size 256k;



        # The number and size of the buffers into which the reply from the FastCGI
        # process in the backend is read.
        #
        # 4 buffers at 128k means that any reply by FastCGI greater than 512k goes
        # to disk and replies under 512k are handled directly in memory.

        #fastcgi_buffers                 4 128k;
        fastcgi_buffers                 256 16k;

        # SCRIPT_FILENAME is a required parameter for things to work properly,
        # but was missing in the default fastcgi_params on upgrade to nginx 1.4.
        # We define it here to be sure that it exists.

        fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;


 # Use the upstream for php7.0-fpm that we defined in nginx.conf

        fastcgi_pass                    unix:/run/php-fpm/www.sock;
        #fastcgi_pass                    127.0.0.1:9000;

        # And get to serving the file!

        fastcgi_index                   index.php;
}


############
# ROBOTS
###########

         location = /robots.txt {
               allow all;
               log_not_found off;
               access_log off;
        }


############
# RESTRICTIONS
############

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
 deny all;
 }
}