WordpressWebsiteUpdate

Enter a topic name to show or a new topic name to create; then press Enter

The website upgrade will include the following activities:

Step 1: stop website (down 10 - 15 minutes)

docker-compose down -v

Step 2: upgrade docker

apt-get update
apt-get install -only-upgrade docker

Step 3: upgrade docker compose

apt-get install -only-upgrade docker-compose

Step 4: upgrade os

apt-get upgrade

Step 5: upgrade nginx

Edit the file /etc/apt/sources.list and add the following lines

deb http://nginx.org/packages/debian/ jessie nginx
deb-src http://nginx.org/packages/debian/ jessie nginx

after saving the file

apt-get remove --purge nginx nginx-common
apt-get update
apt-get install nginx

Copy the file nginx.conf.nossl shown below to etc/nginx/nginx.conf

systemctl restart nginx

Step 6: restart website

docker-compose up -d

Step 7: install Certbot from Lets' Encrypt

Add the backports reference to the file /etc/apt/sources.list

deb http://ftp.debian.org/debian jessie-backports main

then install Certbot

apt-get update
sudo apt-get install certbot -t jessie-backports

Step 8: Fix missing wp_metadata table

Using the dashboard, update to version 4.7.3, which will trigger a database update to add the missing table

Step 9: Change container to wordpress 4.7.3-php7.1-apache

Update the file docker-compose.yml to the one included below

Step 10: Fix structure of performance data table

Run the following commands

docker exec -it wpdocker_mysql_1 bash
sudo mysql upgrade -u root -p
sudo mysql -u root -p -e 'grant all privileges on wp01.* to "wp01User"@"172.18.0.5" identified by "valcom"'
exit

Step 11: update Wordpress plugins

In the dashboard, update each plugin that is activated

Step 12: run Certbot to get certificates

certbot certonly --webroot -w /var/www/html -d www.valcom.ca -d valcom.ca

Step 13: switch nginx to proxy HTTPS (website will be down 20 - 30 seconds)

Copy the file nginx.copy.ssl to /etc/nginx/nginx.conf

systemctl restart nginx

Step 14: fix HTTPS references (web site will have minor errors until corrections saved)

Change http:// to https:// in the following locations using the dashboard

Envato Toolkit > Themes > Theme Options > General > Logo, Icons
Envato Toolkit > Themes > Theme Options > Skin > Backgrounds
Envato Toolkit > Themes > Theme Options > Skin > Breadcrumbs

Do not change settings in

Settings > General > Wordpress Address (URL)
Settings > General > Site Address (URL)

_____________________________________________________________________

The file: docker-compose.yml

version: '2'
services:
  mysql:
      image: mysql:5.5
      restart: always
      environment: 
       - MYSQL_ROOT_PASSWORD=valcom
       - MYSQL_DATABASE=wp01
       - MYSQL_USER=wp01User
       - MYSQL_PASSWORD=valcom
      networks:
	valcomtest:
	  ipv4_address: 172.18.0.4
      volumes:
       - /home/valcom_web/wp_docker/mysql_data:/var/lib/mysql
  web:
      image: wordpress:4.7.3-php7.1-apache
      restart: always
      links:
       - mysql
      environment:
       - WORDPRESS_DB_PASSWORD=valcom
       - WORDPRESS_DB_NAME=wp01
       - WORDPRESS_DB_USER=wp01User
      ports:
       - "127.0.0.3:8080:80"
      networks:
	valcomtest:
	  ipv4_address: 172.18.0.5
      working_dir: /var/www/html
      volumes:
       - /home/valcom_web/wp_docker/wp-content:/var/www/html/wp-content
networks:
  valcomtest:
    driver: bridge
    ipam:
      driver: default
      config:
	- subnet: 172.18.0.0/24
	  gateway: 172.18.0.1

The file: nginx.conf.nossl

worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid	/var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
		      '$status $body_bytes_sent "$http_referer" '
		      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile	on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;

    server {
	listen		80;
	server_name www.valcom.ca;
	location /.well-known/acme-challenge {
		root	/var/www/html;
	}
	location / {
	proxy_pass http://172.17.0.3:80;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
    }
}

The file nginx.conf.ssl

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid	/var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
		      '$status $body_bytes_sent "$http_referer" '
		      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile	on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    ssl_protocols	TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:!DH+AES;!RSA+AESGCM:!RSA+AES:!aNULL:!MD5:!DSS:!EXP";
    ssl_ecdh_curve	secp384r1;
    ssl_session_cache	shared:SSL:10m;
    ssl_session_tickets	off;
    ssl_prefer_server_ciphers on;
    map $sent_http_content_type $expires {
	default				off;
	text/html.*			epoch;
	text/css			max;
	application/javascript		max;
	image/jpeg			max;
	image/png			max;
	image/vnd.*icon			max;
    }
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
    upstream upstream_server {
	server 172.18.0.5:80;
    }
    server {
	listen 		443 ssl http2 default_server;
	server_name	www.valcom.ca;
	ssl_certificate		/etc/letsencrypt/live/www.valcom.ca/fullchain.pem;
	ssl_certificate_key	/etc/letsencrypt/live/www.valcom.ca/privkey.pem;
	add_header 	Strict-Transport-Security max-age=63072000;
	add_header	X-Frame-Options DENY;
	add_header	X-Content-Type-Options nosniff;
	location /.well-known/acme-challenge {
		root /var/www/html;
	}
	location / {
		proxy_set_header	X-Forwarded_For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $host;
		proxy_set_header	X-Forwarded-Server $host;
		proxy_set_header	X-Forwarded-Proto $scheme;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	Host $http_host;
		proxy_set_header	Upgrade $http_upgrade;
		proxy_redirect		off;
		proxy_pass		http://upstream_server;
		expires 		$expires;
	}
    }
    server {
	listen		80;
	location /.well-known/acme-challenge {
		root	/var/www/html;
	}
	location / {
		return 301 https://$host$request_uri;
	}
    }
}

Version: 23   Revised: 2017-03-16 20:09:28 Last Updated by: 2001:470:1d:80b:bce9:fd56:d009:d788 Rename Show Links to Topic