How to self-host a secure WordPress website on unRAID

Having recently set up my domains and web servers, now seems like a good time to write about it! The high-level steps are as follows:

  1. Get a domain (I like Namecheap best). I got willper.me for $8/yr.
  2. Get a DNS service (duckdns.org is free, but has limitations). I use Namecheap‘s PremiumDNS service for $5/yr.
  3. Install a webserver (I used the letsenctrypt docker for easy SSL setup)
  4. Install WordPress

 

DOMAIN

Wherever you register your domain, I would sign up for WhoIs protection. it’s a cheap or free way to protect yourself online.

DNS

  • Create an A record for host @ pointing to your public IP
  • If you want to set up subdomains, create another A record for host * pointing to your public IP
  • You will likely want to set up dynamic dns updating, as few of us individuals have truly static public IP addresses

 

WEBSERVER

  • install the letsencrypt docker on unRAID. This docker contains an NGINX webserver, as well as certbot for easy SSL.
  • When asked for your domain, be sure you enter both domain.com as well as www.domain.com, as well as any subdomains.
    • note that www.sub.domain.com is distinct from just sub.domain.com
  • You must also forward ports 443 and 80 on your router!

To create more certificates, SSH into your server and run the following:

  1. docker exec -it letsencrypt bash
  2. certbot certonly

follow the instructions for certbot. Note you want to install certificates using webroot.

The critical file for your webserver setup is your /mnt/user/appdata/letsencrypt/nginx/site-confs/default file. This is an example to get you started: default

  • If you have multiple domains running off of one server, as I do, simpy create multiple server{} blocks, and set unique server_name values for each.

At this point you should be able to visit your website, domain.com, and see an nginx test page.

 

WORDPRESS

  1. Download WordPress, and unzip it into the server webroot folder (/mnt/user/appdata/letsencrypt/www for me)
  2. Install the mysql docker. Set your password to something secure. Note the port 3306.
  3. Download MySQL Workbench and connect to the mysql docker using your server’s IP address, port 3306, the user root, and the password you set before. Create a new schema, name it, and click finish:

    Click here for a more detailed writeup of this step
  4. Open your website! You may have to delete the test page HTML file to get the wordpress interface to load. It will ask you for your database details (remember the name of your schema!). For the table prefix, you can leave the default “wp_” for your first site, but each WordPress site should have a unique table prefix.

So, that’s how I set up this very website! Comment below with questions!

 

Useful link:

The Complete UnRAID reverse proxy, Duck DNS (dynamic dns) and letsencrypt guide

 

 

2 Replies to “How to self-host a secure WordPress website on unRAID”

  1. It looks like you have had this site for a couple of years now. The only reason that I personally have not hosted my own web server/forum is because of the vulnerability parts of it. I have the knowledge to know that the vulnerabilities are there but not so much on how to secure it. Have you had issues since you have hosted your own site?

    1. I haven’t had any issues personally, but I do definitely try to stay on top of security updates and configuration optimizations to lock things down. That being said, I’m sure I’m slightly more hackable by self-hosting, but overall I am happy I did/do it.

Leave a Reply

Your email address will not be published. Required fields are marked *