A super fast, secure, and scalable web server setup for WordPress with built-in WAF, DDoS protection, and automatic HTTPS.
⚠️ Early Development Notice: This project is in early development and has undergone limited testing. While designed with security and performance in mind, it should be thoroughly tested in your specific environment before production deployment. Use at your own discretion and consider additional security measures for production workloads.
- 🚀 High Performance: Optimized Nginx with OpenResty
- 🛡️ Web Application Firewall: ModSecurity with OWASP Core Rule Set
- 🛡️ DDoS Protection: Rate limiting, connection limiting, and Fail2Ban
- 🔒 Automatic HTTPS: Let's Encrypt integration with ACME protocol
- 📊 Monitoring: Health checks and comprehensive logging
- 🐳 Docker Ready: Easy deployment with Docker Compose
-
Clone and configure:
git clone <repository> cd openpress
-
Configure your domain: Edit
docker-compose.ymland replace:yourdomain.comwith your actual domain[email protected]with your email
-
Start the services:
docker-compose up -d
-
Install WordPress:
- Access your domain
- Follow the WordPress installation wizard
- Database credentials are pre-configured in docker-compose.yml
Set these in your docker-compose.yml:
DOMAIN: Your domain nameEMAIL: Email for Let's Encrypt notifications
- Automatic SSL certificate generation on first run
- Daily renewal checks via cron
- Fallback to self-signed certificates
- OWASP Core Rule Set integration
- Custom WordPress-specific rules
- SQL injection protection
- XSS prevention
- Brute force attack detection
- Rate limiting per IP
- Connection limiting
- Fail2Ban integration
- Suspicious request blocking
- Gzip compression
- Static file caching
- FastCGI optimizations
- Keep-alive connections
- Worker process optimization
openpress/
├── Dockerfile # Main container configuration
├── docker-compose.yml # Service orchestration
├── nginx/ # Nginx configuration
│ ├── nginx.conf # Main nginx config
│ ├── sites-available/ # Site configurations
│ └── sites-enabled/ # Enabled sites
├── modsecurity/ # WAF configuration
│ ├── modsecurity.conf # Main ModSecurity config
│ └── crs-setup.conf # OWASP CRS setup
├── fail2ban/ # DDoS protection
│ ├── jail.local # Fail2Ban jails
│ └── filter.d/ # Custom filters
├── scripts/ # Automation scripts
│ ├── start.sh # Container startup script
│ ├── renew-ssl.sh # SSL renewal script
│ └── cron-ssl-renewal # Cron configuration
├── wordpress/ # WordPress files (mounted)
├── logs/ # Log files (mounted)
└── ssl/ # SSL certificates (mounted)
- HTTP endpoint:
http://yourdomain.com/health - Returns "healthy" when services are running
- Nginx access/error logs:
./logs/nginx/ - ModSecurity logs: Container logs
- Fail2Ban logs: Container logs
- Keep Updated: Regularly update Docker images
- Monitor Logs: Check logs regularly for suspicious activity
- Firewall: Configure host firewall to only allow necessary ports
- Backups: Regular WordPress database and file backups
- SSL: Monitor certificate expiry and renewal
-
SSL Certificate Issues
- Check domain DNS configuration
- Verify email address is valid
- Check Let's Encrypt rate limits
-
Performance Issues
- Monitor resource usage
- Adjust rate limiting if too restrictive
- Check PHP-FPM configuration
-
WordPress Issues
- Verify database connection
- Check file permissions
- Review PHP error logs
# View container logs
docker-compose logs
# View specific service logs
docker-compose logs webserver
# Access container shell
docker-compose exec webserver sh- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
Created by: Chris Bunting
For issues and questions:
- Check the troubleshooting section
- Review Docker and Nginx documentation
- Open an issue on GitHub