feat: v2.5.0 - Complete Technology & Security Update

Features:
- PHP 8.4 support (from 8.3)
- WordPress 7.0 (auto-update via WP-CLI)
- Modern TLS 1.3 cipher suites (2026 best practices)
- Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive)
- Auto-update cron job for WordPress (weekly Minor updates)
- Debian 14 Forky support (testing)
- Ubuntu 25.04 support
- Python 3.12 in GitHub Actions

Security:
- Fail2Ban with SSH brute force protection (24h ban)
- WordPress wp-login.php protection (2h ban)
- Nginx bot scanner protection
- Recidive jail for repeat offenders (1 week ban)
- Modern TLS ciphers (AEAD only)
- HSTS 2 years for preload

Documentation:
- docs/autoupdate.md - WordPress auto-update guide
- docs/fail2ban.md - Fail2Ban configuration guide
- docs/troubleshooting.md - Updated with php_version variable

Breaking changes:
- PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
This commit is contained in:
Sebastian Palencsar
2026-05-04 19:37:27 +02:00
parent 2045307d1d
commit dffd8e3b76
41 changed files with 754 additions and 74 deletions

9
docs/production-deployment.md Normal file → Executable file
View File

@@ -188,7 +188,7 @@ sudo ufw enable
### 1. Log Files
Monitor these log files:
- Nginx: `/var/log/nginx/access.log` and `/var/log/nginx/error.log`
- PHP-FPM: `/var/log/php8.3-fpm.log`
- PHP-FPM: `/var/log/php8.4-fpm.log`
- MySQL: `/var/log/mysql/error.log`
- WordPress: `/var/www/html/wp-content/debug.log` (if WP_DEBUG enabled)
@@ -233,12 +233,9 @@ ssh -v deployer@your-server.com
# Check service status
sudo systemctl status nginx
sudo systemctl status mysql
sudo systemctl status php8.3-fpm
sudo systemctl status php{{ php_version | default('8.4') }}-fpm
# View logs
sudo journalctl -u nginx
sudo journalctl -u mysql
sudo journalctl -u php8.3-fpm
sudo journalctl -u php{{ php_version | default('8.4') }}-fpm
```
### WordPress Issues