Re: httpd and Wordpress
+1 Wordpress must be installed on the desired path, if you are moving from previous scheme like site/wordpress to wordpress, you have a problem. Refer to wordpress manual and you find how to fix. The best bet is like Todd said: Deploy again. 2017-06-10 20:56 GMT-03:00 Todd <norr...@gmail.com>: > What is in your httpd error log? > My guess is that WP is trying to pull some content from /wordpress which no > longer exists since you moved the docroot. > > My suggestion for having your WP site available without going to the > /wordpress URL is to redeploy the WordPress files to /var/www/html instead > of /var/www/html/wordpress. > Or add a 301 redirect from / to /wordpress > > On Sat, Jun 10, 2017 at 2:32 PM, Jan Betlach <jbetl...@gmail.com> wrote: > > > Hi guys, > > > > I have a small problem with httpd and Wordpress. > > When I go to https://myipaddress I get "Access denied". If I go to > > https://myipaddress/wordpress, everything works as expected. > > I have tried to change the appropriate line in the httpd.conf to: > > root "/htdocs/wordpress". In that case the webpage is loaded, but in the > > "broken" form. > > > > My current httpd.conf: > > > > # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ > > # Macros > > ext_addr="*" > > # Global Options > > # prefork 3 > > # Servers > > # A minimal default server > > server "default" { > > listen on $ext_addr port 80 > > listen on $ext_addr tls port 443 block return 301 "https:// > > $SERVER_NAME$REQUEST_URI" > > tls { > > key "/etc/ssl/private/server.key" > > certificate "/etc/ssl/server.crt" > > } > > directory { > > no auto index, index "index.php" > > } > > location "*.php" { > > fastcgi socket "/run/php-fpm.sock" > > } > > root "/htdocs" > > } > > # Include MIME types instead of the built-in ones > > types { > > include "/usr/share/misc/mime.types" > > } > > > > > > Any ideas where I am making a mistake? > > > > Thank you > > > > Jan > > >
Re: httpd and Wordpress
Hi, # Set a correct root path root "/htdocs/wordpress" # You can set max upload size to 513 M ( in bytes ) connection max request body 537919488 # You can protect files and dir location "/.*" { block } location "/ upload /*. php " { block } location "/ files /*. php " { block } # For any other PHP file location "/*. php *" { fastcgi socket "/ run / php - fpm . sock "} Ilyes Aiouaz Le 11/06/2017 à 00:56, Todd a écrit : > What is in your httpd error log? > My guess is that WP is trying to pull some content from /wordpress which no > longer exists since you moved the docroot. > > My suggestion for having your WP site available without going to the > /wordpress URL is to redeploy the WordPress files to /var/www/html instead > of /var/www/html/wordpress. > Or add a 301 redirect from / to /wordpress > > On Sat, Jun 10, 2017 at 2:32 PM, Jan Betlach <jbetl...@gmail.com> wrote: > >> Hi guys, >> >> I have a small problem with httpd and Wordpress. >> When I go to https://myipaddress I get "Access denied". If I go to >> https://myipaddress/wordpress, everything works as expected. >> I have tried to change the appropriate line in the httpd.conf to: >> root "/htdocs/wordpress". In that case the webpage is loaded, but in the >> "broken" form. >> >> My current httpd.conf: >> >> # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ >> # Macros >> ext_addr="*" >> # Global Options >> # prefork 3 >> # Servers >> # A minimal default server >> server "default" { >> listen on $ext_addr port 80 >> listen on $ext_addr tls port 443 block return 301 "https:// >> $SERVER_NAME$REQUEST_URI" >> tls { >> key "/etc/ssl/private/server.key" >> certificate "/etc/ssl/server.crt" >> } >> directory { >> no auto index, index "index.php" >> } >> location "*.php" { >> fastcgi socket "/run/php-fpm.sock" >> } >> root "/htdocs" >> } >> # Include MIME types instead of the built-in ones >> types { >> include "/usr/share/misc/mime.types" >> } >> >> >> Any ideas where I am making a mistake? >> >> Thank you >> >> Jan >> signature.asc Description: OpenPGP digital signature
Re: httpd and Wordpress
What is in your httpd error log? My guess is that WP is trying to pull some content from /wordpress which no longer exists since you moved the docroot. My suggestion for having your WP site available without going to the /wordpress URL is to redeploy the WordPress files to /var/www/html instead of /var/www/html/wordpress. Or add a 301 redirect from / to /wordpress On Sat, Jun 10, 2017 at 2:32 PM, Jan Betlach <jbetl...@gmail.com> wrote: > Hi guys, > > I have a small problem with httpd and Wordpress. > When I go to https://myipaddress I get "Access denied". If I go to > https://myipaddress/wordpress, everything works as expected. > I have tried to change the appropriate line in the httpd.conf to: > root "/htdocs/wordpress". In that case the webpage is loaded, but in the > "broken" form. > > My current httpd.conf: > > # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ > # Macros > ext_addr="*" > # Global Options > # prefork 3 > # Servers > # A minimal default server > server "default" { > listen on $ext_addr port 80 > listen on $ext_addr tls port 443 block return 301 "https:// > $SERVER_NAME$REQUEST_URI" > tls { > key "/etc/ssl/private/server.key" > certificate "/etc/ssl/server.crt" > } > directory { > no auto index, index "index.php" > } > location "*.php" { > fastcgi socket "/run/php-fpm.sock" > } > root "/htdocs" > } > # Include MIME types instead of the built-in ones > types { > include "/usr/share/misc/mime.types" > } > > > Any ideas where I am making a mistake? > > Thank you > > Jan >
httpd and Wordpress
Hi guys, I have a small problem with httpd and Wordpress. When I go to https://myipaddress I get "Access denied". If I go to https://myipaddress/wordpress, everything works as expected. I have tried to change the appropriate line in the httpd.conf to: root "/htdocs/wordpress". In that case the webpage is loaded, but in the "broken" form. My current httpd.conf: # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ # Macros ext_addr="*" # Global Options # prefork 3 # Servers # A minimal default server server "default" { listen on $ext_addr port 80 listen on $ext_addr tls port 443 block return 301 "https:// $SERVER_NAME$REQUEST_URI" tls { key "/etc/ssl/private/server.key" certificate "/etc/ssl/server.crt" } directory { no auto index, index "index.php" } location "*.php" { fastcgi socket "/run/php-fpm.sock" } root "/htdocs" } # Include MIME types instead of the built-in ones types { include "/usr/share/misc/mime.types" } Any ideas where I am making a mistake? Thank you Jan
Re: httpd and wordpress
A very select few security-focused plugins are worth keeping around, like WordFence. Every plugin, theme and add-on is additional attack surface, and some popular plugins and themes have a horrifying track record with regard to security. WordPress core has gotten a lot better recently, but there are still some whopper vulnerabilities disclosed on occasion. For most people, I recommend giving it lenient enough file permissions that it can automatically apply its own updates. The most severe WP vulnerabilities are Remote Code [Inclusion|Execution]. Disallowing _www write access to the document root isn't going to save you from those, but allowing write access and enabling automatic updates means critical patches are applied faster than you'd normally be able to do it yourself. I have experimented in my development environment with a "split installation" where two different virtual hosts entries serve WP from two different document roots but are pointed to the same database: A full-blown normal install on 127.0.0.1 that you access through something such as an SSH dynamic proxy, then a copied, locked-down install on the public IP address. The locked-down install doesn't even have wp-admin, and uses database credentials that are limited to SELECT queries only. This took a lot of extra work to keep maintained, and updates applied to, and obviously things like user-login and comments won't work on the public-facing site. I'm not convinced this experiment is worth the hassle, because if you're that paranoid, you're likely already looking at static-site generators and getting away from WP by any means possible. On Sun, Jun 4, 2017 at 4:34 PM, flipchanwrote: > Delete ALL readme and don't install plugins > > On June 3, 2017 9:52:13 PM GMT+02:00, Markus Rosjat > wrote: > >Hi there, > > > > > >well if it would be up to me I would skip wordpress for good but well > >it's not my decition. > > > >So I was wondering if there is some recommendations on what to block in > > > >the httpd.conf and what file permissions to use. > > > >For now I have: > > > >- like wordpress suggest 0755 on dirs and 0644 on files > > > >- wp-config.php setting to 0400 is not going to work at all I need at > >least a 0644 or nothing shows up > > > >- in http.conf I blocked /wp_content , /wp-content /uploads/*.php, > >/wp-includes, /wp-includes/*.php and /wp-admin > > > > > >so if there is something I can do further to harden things just let me > >know :) > > > > > >advice is most apreciated > > > > > >Regards > > > > > >-- > >Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de > > > >G+H Webservice GbR Gorzolla, Herrmann > >Königsbrücker Str. 70, 01099 Dresden > > > >http://www.ghweb.de > >fon: +49 351 8107220 fax: +49 351 8107227 > > > >Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! > >Before you print it, think about your responsibility and commitment to > >the ENVIRONMENT > > -- > Take Care Sincerely flipchan layerprox dev
Re: httpd and wordpress
Delete ALL readme and don't install plugins On June 3, 2017 9:52:13 PM GMT+02:00, Markus Rosjatwrote: >Hi there, > > >well if it would be up to me I would skip wordpress for good but well >it's not my decition. > >So I was wondering if there is some recommendations on what to block in > >the httpd.conf and what file permissions to use. > >For now I have: > >- like wordpress suggest 0755 on dirs and 0644 on files > >- wp-config.php setting to 0400 is not going to work at all I need at >least a 0644 or nothing shows up > >- in http.conf I blocked /wp_content , /wp-content /uploads/*.php, >/wp-includes, /wp-includes/*.php and /wp-admin > > >so if there is something I can do further to harden things just let me >know :) > > >advice is most apreciated > > >Regards > > >-- >Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de > >G+H Webservice GbR Gorzolla, Herrmann >Königsbrücker Str. 70, 01099 Dresden > >http://www.ghweb.de >fon: +49 351 8107220 fax: +49 351 8107227 > >Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! >Before you print it, think about your responsibility and commitment to >the ENVIRONMENT -- Take Care Sincerely flipchan layerprox dev
Re: httpd and wordpress
On 06/03/17 20:52, Markus Rosjat wrote: Hi there, well if it would be up to me I would skip wordpress for good but well it's not my decition. So I was wondering if there is some recommendations on what to block in the httpd.conf and what file permissions to use. For now I have: - like wordpress suggest 0755 on dirs and 0644 on files - wp-config.php setting to 0400 is not going to work at all I need at least a 0644 or nothing shows up - in http.conf I blocked /wp_content , /wp-content /uploads/*.php, /wp-includes, /wp-includes/*.php and /wp-admin so if there is something I can do further to harden things just let me know :) advice is most apreciated Regards Running WPScan[1] against your WordPress installation can be useful to check that your WordPress install isn't too full of holes. Cheers Fred [1]https://github.com/wpscanteam/wpscan
httpd and wordpress
Hi there, well if it would be up to me I would skip wordpress for good but well it's not my decition. So I was wondering if there is some recommendations on what to block in the httpd.conf and what file permissions to use. For now I have: - like wordpress suggest 0755 on dirs and 0644 on files - wp-config.php setting to 0400 is not going to work at all I need at least a 0644 or nothing shows up - in http.conf I blocked /wp_content , /wp-content /uploads/*.php, /wp-includes, /wp-includes/*.php and /wp-admin so if there is something I can do further to harden things just let me know :) advice is most apreciated Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Using "Pretty" permalinks with httpd in wordpress
On 06.01.17 15:42, Atanas Vladimirov wrote: On 06.01.2017 13:35, Jiri B wrote: On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: Hi, I can't figure it out. Is it possible to use Wordpress with OpenBSD httpd and configure both for "Pretty" permalinks. Does anyone have a working setup? Thanks for your time, Atanas Help testing this diff http://marc.info/?l=openbsd-tech=148370177214134=2 j. I know about the diff and I'm testing it right now. The problem is that I really don't know what to put in httpd.conf. I try to "translate" Wordpress .htaccess with no luck: # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] ^^^ this rule doesn't rewrite index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] ^^^ this rule rewrites any single character to /index.php if %{REQUEST_FILENAME} is not a real file or directory # END WordPress Do I read/understand the .htaccess file correctly? In my httpd.conf: . # art-katerina.com server "art-katerina.com" { listen on * tls port 443 alias www.art-katerina.com directory index index.php root "/domains/art-katerina.com/" hsts log { access "art-katerina-access.log", error "art-katerina-error.log", style combined } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } tls { certificate "/etc/ssl/acme/art-katerina.com/fullchain.pem" key "/etc/ssl/acme/private/art-katerina.com/privkey.pem" } location "*.php" { fastcgi socket "/run/php-fpm.sock" } location match "(.)" { pass rewrite "/index.php" fastcgi socket "/run/php-fpm.sock" } you seem to be wrong here. location match "(.)" mean exactly _ONE_ single character. may be you mean location match "(.+)" .
Re: Using "Pretty" permalinks with httpd in wordpress
This was my hack. http://www.h-i-r.net/2016/04/pretty-wordpress-permalinks-under.html tl;dr: 1) ln -s index.php posts 2) null out "security.limit_extensions" in the php_fpm config, restart FPM. Beware the potential abuses of this. 3) Set up an explicit location clause for "/posts*" that uses the fastcgi socket for FPM. 4) Configure wordpress permalinks with a custom structure that includes /posts On Fri, Jan 6, 2017 at 7:42 AM, Atanas Vladimirov <vl...@bsdbg.net> wrote: > On 06.01.2017 13:35, Jiri B wrote: > >> On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: >> >>> Hi, >>> >>> I can't figure it out. >>> Is it possible to use Wordpress with OpenBSD httpd and configure both >>> for "Pretty" permalinks. >>> Does anyone have a working setup? >>> Thanks for your time, >>> Atanas >>> >> >> Help testing this diff http://marc.info/?l=openbsd-te >> ch=148370177214134=2 >> >> j. >> > I know about the diff and I'm testing it right now. > The problem is that I really don't know what to put in > httpd.conf. > I try to "translate" Wordpress .htaccess with no luck: > > # BEGIN WordPress > > RewriteEngine On > RewriteBase / > RewriteRule ^index\.php$ - [L] > ^^^ this rule doesn't rewrite index.php > RewriteCond %{REQUEST_FILENAME} !-f > RewriteCond %{REQUEST_FILENAME} !-d > RewriteRule . /index.php [L] > ^^^ this rule rewrites any single character to /index.php > if %{REQUEST_FILENAME} is not a real file or directory > > # END WordPress > > Do I read/understand the .htaccess file correctly? > In my httpd.conf: > . > # art-katerina.com > server "art-katerina.com" { > listen on * tls port 443 > alias www.art-katerina.com > directory index index.php > root "/domains/art-katerina.com/" > hsts > log { > access "art-katerina-access.log", > error "art-katerina-error.log", > style combined > } > location "/.well-known/acme-challenge/*" { > root "/acme" > root strip 2 > } > tls { > certificate "/etc/ssl/acme/art-katerina.com/fullchain.pem" > key "/etc/ssl/acme/private/art-katerina.com/privkey.pem" > } > location "*.php" { > fastcgi socket "/run/php-fpm.sock" > } > location match "(.)" { > pass rewrite "/index.php" > fastcgi socket "/run/php-fpm.sock" > } > .
Re: Using "Pretty" permalinks with httpd in wordpress
On 06.01.2017 13:35, Jiri B wrote: On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: Hi, I can't figure it out. Is it possible to use Wordpress with OpenBSD httpd and configure both for "Pretty" permalinks. Does anyone have a working setup? Thanks for your time, Atanas Help testing this diff http://marc.info/?l=openbsd-tech=148370177214134=2 j. I know about the diff and I'm testing it right now. The problem is that I really don't know what to put in httpd.conf. I try to "translate" Wordpress .htaccess with no luck: # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] ^^^ this rule doesn't rewrite index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] ^^^ this rule rewrites any single character to /index.php if %{REQUEST_FILENAME} is not a real file or directory # END WordPress Do I read/understand the .htaccess file correctly? In my httpd.conf: . # art-katerina.com server "art-katerina.com" { listen on * tls port 443 alias www.art-katerina.com directory index index.php root "/domains/art-katerina.com/" hsts log { access "art-katerina-access.log", error "art-katerina-error.log", style combined } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } tls { certificate "/etc/ssl/acme/art-katerina.com/fullchain.pem" key "/etc/ssl/acme/private/art-katerina.com/privkey.pem" } location "*.php" { fastcgi socket "/run/php-fpm.sock" } location match "(.)" { pass rewrite "/index.php" fastcgi socket "/run/php-fpm.sock" } .
Re: Using "Pretty" permalinks with httpd in wordpress
On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: > Hi, > > I can't figure it out. > Is it possible to use Wordpress with OpenBSD httpd and configure both > for "Pretty" permalinks. > Does anyone have a working setup? > Thanks for your time, > Atanas Help testing this diff http://marc.info/?l=openbsd-tech=148370177214134=2 j.
Using "Pretty" permalinks with httpd in wordpress
Hi, I can't figure it out. Is it possible to use Wordpress with OpenBSD httpd and configure both for "Pretty" permalinks. Does anyone have a working setup? Thanks for your time, Atanas