Files
ansible-lemp-wordpress/inventory/production.yml
Sebastian Palencsar dffd8e3b76 feat: v2.5.0 - Complete Technology & Security Update
Features:
- PHP 8.4 support (from 8.3)
- WordPress 7.0 (auto-update via WP-CLI)
- Modern TLS 1.3 cipher suites (2026 best practices)
- Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive)
- Auto-update cron job for WordPress (weekly Minor updates)
- Debian 14 Forky support (testing)
- Ubuntu 25.04 support
- Python 3.12 in GitHub Actions

Security:
- Fail2Ban with SSH brute force protection (24h ban)
- WordPress wp-login.php protection (2h ban)
- Nginx bot scanner protection
- Recidive jail for repeat offenders (1 week ban)
- Modern TLS ciphers (AEAD only)
- HSTS 2 years for preload

Documentation:
- docs/autoupdate.md - WordPress auto-update guide
- docs/fail2ban.md - Fail2Ban configuration guide
- docs/troubleshooting.md - Updated with php_version variable

Breaking changes:
- PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
2026-05-04 19:37:27 +02:00

33 lines
1.2 KiB
YAML
Executable File

# Production Server Configuration
# SECURITY: Change all passwords before deployment!
---
wordpress_servers:
hosts:
your-server.example.com:
ansible_host: YOUR_SERVER_IP
ansible_user: your_user
# ansible_ssh_pass: "your_password" # Use SSH keys instead!
# ansible_become_pass: "your_sudo_password" # Use passwordless sudo instead!
domain_name: example.com
# SSL Configuration
ssl_enabled: false # Set to true for HTTPS with Let's Encrypt
ssl_email: admin@example.com # Required if ssl_enabled=true
# WordPress Database (CHANGE THESE!)
mysql_root_password: "CHANGE_ME_ROOT_PASSWORD"
wordpress_db_name: "wordpress"
wordpress_db_user: "wp_user"
wordpress_db_password: "CHANGE_ME_WP_PASSWORD"
# WordPress Admin (CHANGE THESE!)
wp_admin_user: "admin"
wp_admin_password: "CHANGE_ME_ADMIN_PASSWORD"
wp_admin_email: "admin@example.com"
wp_site_title: "My WordPress Site"
# Ultimate Performance Features (for lemp-wordpress-ultimate.yml)
enable_redis: false # Redis object caching
enable_opcache: false # PHP OPcache optimization
enable_nginx_optimization: false # Advanced Nginx performance tuning