Update docs; fine-tune username/s

README.md

@@ -2,6 +2,8 @@
 
 Script/s to install LEMP in a linux box. This LEMP stack is fine-tuned towards WordPress installations. It may work for other PHP based applications, too. For more details, please see the blog post at [https://www.tinywp.in/wp-in-a-box/](https://www.tinywp.in/wp-in-a-box/).
 
+There are a number of similar scripts available on the internet. The unique feature of this repo is in [security considerations](https://github.com/pothi/wp-in-a-box#security-considerations).
+
 ## Supported Platforms
 
 + Ubuntu Bionic Beaver (18.04.x)
@@ -12,17 +14,18 @@ Script/s to install LEMP in a linux box. This LEMP stack is fine-tuned towards W
 
 In sync with WordPress philosophy of “[decision, not options](https://wordpress.org/about/philosophy/)”.
 
-## Performance Checklist
+## Performance Considerations
 
-- Redis for object cache (with memcached as an option)
-- WP Super Cache as full page cache (with Batcache as an alternative)
+- No added bloatware
+- Redis for object cache (available as an optional package)
+- Full page cache support (WP Super Cache, WP Rocket and WP Fastest Cache)
 - PHP 7.x
 - Nginx (no Apache, sorry)
 - Varnish (planned, but no ETA)
+- Swap
 
 ## Security Considerations
 
-- Only ports 80, 443, and port for SSH are open.
 - No phoning home.
 - No external dependencies (such as third-party repositories, unless there is a strong reason to use it).
 - Automatic security updates (with an option to update everything).
@@ -32,6 +35,8 @@ In sync with WordPress philosophy of “[decision, not options](https://wordpres
 - ACL integration.
 - Weekly logwatch (if email is supplied).
 - Isolated user for PhpMyAdmin.
+- PHP user and Nginx user run under different username.
+- Only ports 80, 443, and port for SSH are open.
 
 ## Implementation Details
 
@@ -93,19 +98,19 @@ cat ~/.envrc
 
 ## What you get at the end of the installation
 
-- a SSH user (prefixed with `sys_`) with root privileges (use it only to manage the server such as to create a new MySQL database or to create a new vhost entry for Nginx)
-- a chrooted SFTP user, prefixed with `web_`, with its home directory at `/home/web` along with some common directories(such as ~/log, ~/sites, etc) created already. (you may give it to your developer to access the file system such as to upload a new theme, etc)
+- a SSH user (prefixed with `ssh_`) with root privileges (use it only to manage the server such as to create a new MySQL database or to create a new vhost entry for Nginx)
+- a chrooted SFTP user, prefixed with `sftp_web_`, with its home directory at `/home/web` along with some common directories(such as ~/log, ~/sites, etc) created already. (you may give it to your developer to access the file system such as to upload a new theme, etc)
 
 ## Where to install WordPress & How to install it
 
 - PHP runs as SFTP user. So, please install WordPress **as** SFTP user at `/home/web/sites/example.com/public`.
 - Configure Nginx using pre-defined templates that can be found at the companion repo [WordPress-Nginx](https://github.com/pothi/wordpress-nginx). That repo is already installed. You just have to copy / paste one of [the templates](https://github.com/pothi/wordpress-nginx/tree/master/sites-available) to fit your domain name.
-- If you wish to deploy SSL, a [Let's Encrypt](https://letsencrypt.org/) client is already installed. Just use the command `certbot certonly --webroot -w /home/web/sites/example.com/public -d example.com -d www.example.com`. The renewal script is already in place as a cron entry. So, you don't have to create a new entry. To know more about this client library and to know more about the available options, please visit https://certbot.eff.org/ .
+- If you wish to deploy SSL, a [Let's Encrypt](https://letsencrypt.org/) client is already installed. Please use the command `certbot certonly --webroot -w /home/web/sites/example.com/public -d example.com -d www.example.com`. The renewal script is already in place as a cron entry. So, you don't have to create a new entry. To know more about this client library and to know more about the available options, please visit [https://certbot.eff.org/](https://certbot.eff.org/) .
 
 ## Known Limitations
 
 - SFTP user can not create or upload new files and folders at `$HOME`, but can create or upload inside other existing directories. This is [a known limitation](https://wiki.archlinux.org/index.php/SFTP_chroot#Write_permissions) when we use SFTP capability of built-in OpenSSH server.
 
 ## Wiki
 
-For more documentation, supported / tested hosts, todo, etc, please see the [WP-In-A-Box wiki](https://github.com/pothi/wp-in-a-box/wiki).
+For more documentation, information, supported/tested hosts, todo, etc, please see the [WP-In-A-Box wiki](https://github.com/pothi/wp-in-a-box/wiki).

bootstrap.sh

@@ -3,7 +3,7 @@
 # programming env: these switches turn some bugs into errors
 # set -o errexit -o pipefail -o noclobber -o nounset
 
-# Version: 2
+# Version: 2.1
 
 # to be run as root, probably as a user-script just after a server is installed
 
@@ -13,8 +13,6 @@
 # exit 1
 # fi
 
-# TODO - change the default repo, if needed - mostly not needed on most hosts
-
 # create some useful directories - create them on demand
 mkdir -p /root/{backups,git,log,scripts} &> /dev/null
 

scripts/server-admin-creation.sh

@@ -9,7 +9,7 @@ echo "Creating a 'server admin' user..."
 
 if [ "$system_admin_username" == "" ]; then
     # create SSH username automatically
-    system_admin_username="sys_$(pwgen -A 8 1)"
+    system_admin_username="ssh_$(pwgen -A 8 1)"
     echo "export system_admin_username=$system_admin_username" >> /root/.envrc
 fi
 

scripts/web-developer-creation.sh

@@ -9,7 +9,7 @@ echo 'Creating a "web developer" user...'
 
 if [ "$web_developer_username" == "" ]; then
     # create SFTP username automatically
-    web_developer_username="web_$(pwgen -A 8 1)"
+    web_developer_username="sftp_web_$(pwgen -A 8 1)"
     echo "export web_developer_username=$web_developer_username" >> /root/.envrc
 fi