keith/WP-Ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

📄 docs: Add main project readme

Browse Source
This commit is contained in:
dev
2026-01-01 20:32:25 +00:00
parent 6e1495f839
commit 2722cfb81e
1 changed files with 190 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
README.md Normal file
View File

@@ -0,0 +1,190 @@
# WordOps Dev Project - Server Info
## Requirements
### Server
- Up-to-date Linux OS (built and tested on Ubuntu 24.04)
- [WordOps](https://wordops.net/) installed and working (`/usr/local/bin/wo`)
- [WP-CLI](https://wp-cli.org/) installed and working (`wp` in PATH)
- Nginx + PHP-FPM (WordOps provides this)
- SQLite support for PHP
- Sudo privileges for `www-data` to run WordOps commands without password
### PHP packages
Install SQLite support for PHP (required):
```bash
sudo apt update
sudo apt install -y php-sqlite3
sudo systemctl restart php8.3-fpm || true
sudo systemctl restart php-fpm || true
```
> Adjust `php8.3-fpm` to your PHP version (if needed).
## Install steps
1. Install WordOps
`wget -qO wo wops.cc && sudo bash wo`
2. Install WP-CLI
```bash
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
# check the Phar file to verify that its working
php wp-cli.phar --info
# make the file executable and move it to /usr/local/bin
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
# verify installation
wp --info
```
3. Install bootstrap + helper scripts
```bash
# install helpers
cp helpers/wp-dev-bootstrap.sh /usr/local/bin/wp-dev-bootstrap.sh
cp helpers/wo-fix-perms.sh /usr/local/bin/wo-fix-perms.sh
# make helpers executable
sudo chmod +x /usr/local/bin/wp-dev-bootstrap.sh
sudo chmod +x /usr/local/bin/wo-fix-perms.sh
```
4. Allow www-data to run WordOps + scripts via sudo
```bash
# create sudoers file
sudo visudo -f /etc/sudoers.d/dev-panel
# contents
www-data ALL=(root) NOPASSWD: /usr/local/bin/wo *
www-data ALL=(root) NOPASSWD: /usr/local/bin/wp-dev-bootstrap.sh *
www-data ALL=(root) NOPASSWD: /usr/local/bin/wo-fix-perms.sh *
```
This lets the panel (running as www-data) execute the exact commands it needs as root.
> **Do not add `www-data` to the sudo group.**
Test:
`sudo -u www-data sudo /usr/local/bin/wo site list`
## Ownership & permissions strategy
There are two competing needs:
1. WordPress / PHP needs to write certain files
2. Developers need to edit themes/plugins without being root
A safe, simple model is group-based permissions.
```bash
# Create a shared dev group
sudo groupadd webdev || true
# Add all devs to group
sudo usermod -aG webdev <devUser1>
sudo usermod -aG webdev <devUser2>
...
# Add web server user
sudo usermod -aG webdev www-data
```
Log out and back in for group membership to apply.
### Set group ownership + setgid under `/var/www`
```bash
sudo chown -R root:webdev /var/www
# Directories: 2775 (setgid + group writable)
sudo find /var/www -type d -exec chmod 2775 {} \;
# Files: 664 (group writable)
sudo find /var/www -type f -exec chmod 664 {} \;
```
### Ensure new files stay group-writable
Make sure your bootstrap script starts with `umask 0002` (the includd helper already does this).
If WordOps creates files with different perms, run the optional fixer after site creation:
`sudo /usr/local/bin/wo-fix-perms.sh example.local`
### SSH keys for private repos (bootstrap theme cloning)
If your bootstrap clones private repos, youll need a key that can access them.
**Option A** (recommended): deploy key or bot account key for the server
Create `/var/www/.ssh/` or `/home/<serviceUser>/.ssh/` depending on your model
**Ensure correct perms:**
- `/var/www/.ssh` or `/home/<serviceUser>/.ssh` = 700
- private key = 600
Add to GitHub as a deploy key or bot account key
Ensure `known_hosts` contains github.com to avoid prompts:
`sudo -u www-data ssh-keyscan github.com >> /var/www/.ssh/known_hosts`
**Option B:** keep bootstrap theme cloning optional and run theme cloning from a dev account via VSCode Remote.
**Dont store a personal private key in a shared server environment.**
## Troubleshooting
### “PDOException: could not find driver”
PHP SQLite extension missing:
```bash
sudo apt install -y php-sqlite3
sudo systemctl restart php8.3-fpm
```
### WordOps fails when run as www-data
Dont run wo as www-data directly:
**Correct** (what the panel does):
`sudo -u www-data sudo /usr/local/bin/wo site list`
**Incorrect**:
`sudo -u www-data /usr/local/bin/wo site list`
## Security notes
The `sudoers` file is the main security boundary:
- Keep it as narrow as possible
- Avoid wildcarding unrelated commands
- Consider restricting panel access by:
- Internal network only
- VPN only
- HTTP basic auth in front of it
- Keep OS patches current
- Regularly audit panel users + roles
## Backups (minimum viable)
At minimum, back up:
- /var/www (all site roots)
- Databases (WordOps MariaDB/MySQL)
- `/etc/nginx` and WordOps configs (optional but helpful)
- Panel SQLite DB:
- `/var/www/<dev panelURL>/htdocs/panel.sqlite`