From 4d2f7c7df5ba786d1ecdb57bc1130dcb458f4eab Mon Sep 17 00:00:00 2001 From: Raphael Martin Date: Fri, 24 Nov 2023 20:04:08 +0100 Subject: [PATCH] inital commit --- .env.sample | 12 +++ .gitignore | 7 ++ README.md | 26 ++++- create_config | 9 ++ docker-compose.yml | 89 ++++++++++++++++ init | 13 +++ nginx-conf/nginx.conf.dummy | 45 ++++++++ php-conf/php.ini | 198 ++++++++++++++++++++++++++++++++++++ 8 files changed, 398 insertions(+), 1 deletion(-) create mode 100644 .env.sample create mode 100644 .gitignore create mode 100755 create_config create mode 100644 docker-compose.yml create mode 100755 init create mode 100644 nginx-conf/nginx.conf.dummy create mode 100644 php-conf/php.ini diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..1cb72e9 --- /dev/null +++ b/.env.sample @@ -0,0 +1,12 @@ +MYSQL_ROOT_PASSWORD=PASSWORD + +MYSQL_DATABASE=gitea +MYSQL_USER=DATABASEUSER +MYSQL_PASSWORD=DATABASEPASSWORD + +PROJECT_URL=wordpress.localhost +PROJECT_NAME=sample + +TRAEFIK_NETWORK=traefik_net + +PROJECT_DATA=./data \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ec1a829 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.env + +data/plugins/* +data/themes/* +data/uploads/* + +nginx-conf/nginx.conf \ No newline at end of file diff --git a/README.md b/README.md index 36a6c6e..70f57ff 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,26 @@ -# traefik_wordpress +# traefik wordpress +### get started + +create a .env file + +sample .env: + + # .env + + MYSQL_ROOT_PASSWORD=PASSWORD + + MYSQL_DATABASE=gitea + MYSQL_USER=DATABASEUSER + MYSQL_PASSWORD=DATABASEPASSWORD + + PROJECT_URL=wordpress.localhost + + PROJECT_NAME=sample + + # the traefik network you want to use + TRAEFIK_NETWORK=traefik_net + + PROJECT_DATA=./data + +then execute the first time the init script diff --git a/create_config b/create_config new file mode 100755 index 0000000..b635310 --- /dev/null +++ b/create_config @@ -0,0 +1,9 @@ +#! /bin/bash + +source ./.env + +while IFS='' read -r a; do + a="${a//'PROJECTURL'/$PROJECT_URL}" + a="${a//'PROJECTNAME'/$PROJECT_NAME}" + echo $a +done < ./nginx-conf/nginx.conf.dummy > ./nginx-conf/nginx.conf \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..5ab8fd7 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,89 @@ +version: '1' + +networks: + default: + name: "${TRAEFIK_NETWORK}" + external: true + db: + name: "${PROJECT_NAME}_wordpress_db_net" + external: false + be: + name: "${PROJECT_NAME}_wordpress_net" + external: false + +services: + webserver: + image: "nginx:alpine" + depends_on: + - "wordpress" + container_name: "${PROJECT_NAME}_wordpress_web" + hostname: "${PROJECT_URL}" + restart: "unless-stopped" + volumes: + - "wordpress:/var/www/html" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/plugins:/var/www/html/wp-content/plugins" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/themes:/var/www/html/wp-content/themes" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/uploads:/var/www/html/wp-content/uploads" + - "./nginx-conf:/etc/nginx/conf.d" + - "./php-conf:/usr/local/etc/php" + #- ./wordpress-data/installer.php:/var/www/html/installer.php + #- ./wordpress-data/earthman_20231010_f058a22d5085e51c3204_20231010103457_archive.zip:/var/www/html/earthman_20231010_f058a22d5085e51c3204_20231010103457_archive.zip:ro + networks: + - "be" + labels: + # Watchtower add to auto update + - "com.centurylinklabs.watchtower.enable=true" + # traefik + - "traefik.enable=true" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + #- "traefik.tcp.routers.${PROJECT_NAME}_sftp.rule=HostSNI(`${PROJECT_URL}`)" # tls + - "traefik.http.services.${PROJECT_NAME}_wordpress.loadbalancer.server.port=80" + - "traefik.http.routers.${PROJECT_NAME}_wordpress.rule=Host(`${PROJECT_URL}`)" + - "traefik.http.routers.${PROJECT_NAME}_wordpress.entrypoints=websecure" + - "traefik.http.routers.${PROJECT_NAME}_wordpress.tls=true" + wordpress: + image: "wordpress:fpm-alpine" + depends_on: + - "db" + container_name: "${PROJECT_NAME}_wordpress_fpm" + restart: "unless-stopped" + volumes: + - "wordpress:/var/www/html" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/plugins:/var/www/html/wp-content/plugins" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/themes:/var/www/html/wp-content/themes" + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/uploads:/var/www/html/wp-content/uploads" + - "./php-conf/php.ini:/usr/local/etc/php/php.ini:ro" + env_file: ".env" + user: "1000" + environment: + - "WORDPRESS_DB_HOST=db" + - "WORDPRESS_DB_USER=${MYSQL_USER}" + - "WORDPRESS_DB_PASSWORD=${MYSQL_PASSWORD}" + - "WORDPRESS_DB_NAME=${MYSQL_DATABASE}" + networks: + - "db" + - "be" + labels: + # Watchtower add to auto update + - "com.centurylinklabs.watchtower.enable=false" + # traefik + - "traefik.enable=false" + db: + image: "mariadb:latest" + container_name: "${PROJECT_NAME}_wordpress_db" + hostname: "${PROJECT_URL}" + restart: "unless-stopped" + command: '--default-authentication-plugin=mysql_native_password' + env_file: ".env" + volumes: + - "${PROJECT_DATA}/${PROJECT_NAME}-wordpress/db/:/var/lib/mysql" + networks: + - "db" + labels: + # Watchtower add to auto update + - "com.centurylinklabs.watchtower.enable=true" + # traefik + - "traefik.enable=false" +volumes: + wordpress: + name: "${PROJECT_NAME}_wordpress" \ No newline at end of file diff --git a/init b/init new file mode 100755 index 0000000..f978efa --- /dev/null +++ b/init @@ -0,0 +1,13 @@ +#!/bin/bash + +source ./.env +source ./create_config + +mkdir -p ${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/plugins +mkdir -p ${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress//themes +mkdir -p ${PROJECT_DATA}/${PROJECT_NAME}-wordpress/wordpress/uploads +mkdir -p ${PROJECT_DATA}/${PROJECT_NAME}-wordpress/db + +docker network create $TRAEFIK_NETWORK + +docker compose up -d diff --git a/nginx-conf/nginx.conf.dummy b/nginx-conf/nginx.conf.dummy new file mode 100644 index 0000000..a579f43 --- /dev/null +++ b/nginx-conf/nginx.conf.dummy @@ -0,0 +1,45 @@ +# nginx.conf + +server { + listen 80; + listen [::]:80; + + server_name PROJECTURL; + + index index.php index.html index.htm; + + allow all; + root /var/www/html; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass PROJECTNAME_wordpress_fpm:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location ~ /\.ht { + deny all; + } + + location = /favicon.ico { + log_not_found off; access_log off; + } + location = /robots.txt { + log_not_found off; access_log off; allow all; + } + location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { + expires max; + log_not_found off; + } + +} diff --git a/php-conf/php.ini b/php-conf/php.ini new file mode 100644 index 0000000..e7b6bcd --- /dev/null +++ b/php-conf/php.ini @@ -0,0 +1,198 @@ +# php.ini +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; php.ini reference: https://git.php.net/?p=php-src.git;a=blob_plain;f=php.ini-production;hb=refs/heads/PHP-7.0 ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +[PHP] +engine = On +short_open_tag = Off +precision = 14 +output_buffering = 4096 +zlib.output_compression = Off +implicit_flush = Off +unserialize_callback_func = +serialize_precision = 17 +disable_functions = +disable_classes = +zend.enable_gc = On +expose_php = Off +; Resource Limits ; +max_execution_time = 600 +request_terminate_timeout = 0 +max_input_time = -1 +;max_input_nesting_level = 64 +max_input_vars = 5000 +memory_limit = 1024M +; Error handling and logging ; +error_reporting = E_ALL +display_errors = On +display_startup_errors = On +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +;xmlrpc_errors = 0 +;xmlrpc_error_number = 0 +html_errors = On +; Data Handling ; +variables_order = "EGPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On +post_max_size = 12M +auto_prepend_file = +auto_append_file = +default_mimetype = "text/html" +default_charset = "UTF-8" +; Paths and Directories ; +doc_root = +user_dir = +enable_dl = Off +cgi.fix_pathinfo=1 +; File Uploads ; +file_uploads = On +upload_max_filesize = 12M +max_file_uploads = 20 +; Fopen wrappers ; +allow_url_fopen = On +allow_url_include = Off +default_socket_timeout = 60 +;auto_detect_line_endings = Off +; Dynamic Extensions ; + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = UTC + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= + +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = On +sendmail_path="/usr/local/bin/mailhog sendmail test@example.org --smtp-addr 127.0.0.1:1025" + +[SQL] +sql.safe_mode = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[Interbase] +ibase.allow_persistent = 1 +ibase.max_persistent = -1 +ibase.max_links = -1 +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" +ibase.dateformat = "%Y-%m-%d" +ibase.timeformat = "%H:%M:%S" + +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.hash_function = 0 +session.hash_bits_per_character = 5 +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[Assertion] +zend.assertions = -1 + +[Tidy] +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 + + +[ldap] +ldap.max_links = -1 + +[opcache] +opcache.enable=1 +opcache.enable_cli=1 +opcache.memory_consumption=500 +opcache.interned_strings_buffer=16 +opcache.max_accelerated_files=1000000 +;opcache.max_wasted_percentage=5 +;opcache.use_cwd=1 +opcache.validate_timestamps=1 +opcache.revalidate_freq=0 +;opcache.revalidate_path=0 +;opcache.save_comments=1 +opcache.fast_shutdown=1 +;opcache.enable_file_override=0 +;opcache.optimization_level=0xffffffff +;opcache.inherited_hack=1 +;opcache.dups_fix=0 +;opcache.blacklist_filename= +;opcache.max_file_size=0 +;opcache.consistency_checks=0 +;opcache.force_restart_timeout=180 +;opcache.error_log= +;opcache.log_verbosity_level=1 +;opcache.preferred_memory_model= +;opcache.protect_memory=0 +;opcache.restrict_api= +;opcache.mmap_base= +;opcache.file_cache= +;opcache.file_cache_only=0 +;opcache.file_cache_consistency_checks=1 +;opcache.file_cache_fallback=1 +;opcache.huge_code_pages=1 +;opcache.validate_permission=0 +;opcache.validate_root=0