Compare commits
2 Commits
37e404f575
...
c79fbabf1c
Author | SHA1 | Date | |
---|---|---|---|
c79fbabf1c | |||
84006b61fc |
14
.env.sample
Normal file
14
.env.sample
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
##
|
||||||
|
## CHANGE VARIABLES ##
|
||||||
|
##
|
||||||
|
|
||||||
|
MYSQL_DATABASE=user
|
||||||
|
MYSQL_USER=user
|
||||||
|
MYSQL_PASSWORD=user
|
||||||
|
MYSQL_HOST=db
|
||||||
|
SSH_USER=user
|
||||||
|
SSH_PASSWORD=user
|
||||||
|
SSH_PORT=2222
|
||||||
|
NGINX_PORT_HTTP=8080
|
||||||
|
NGINX_PORT_HTTPS=8443
|
||||||
|
USER_GROUP=1000:1000
|
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[submodule "sshd"]
|
||||||
|
path = sshd
|
||||||
|
url = https://git.audio-lab.org/lrullo/sshd.git
|
@ -1,9 +1,12 @@
|
|||||||
FROM registry.sindominio.net/php-fpm
|
FROM registry.sindominio.net/php-fpm
|
||||||
|
|
||||||
|
ENV TZ=Europe/Madrid
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get -qy install \
|
apt-get -qy install \
|
||||||
php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
|
php-mysql php-curl php-gd php-imagick php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
|
||||||
wget less tar curl ca-certificates &&\
|
wget less tar curl ca-certificates\
|
||||||
|
mailutils sendmail &&\
|
||||||
apt-get clean
|
apt-get clean
|
||||||
|
|
||||||
RUN mkdir -p /app/
|
RUN mkdir -p /app/
|
||||||
|
91
README.md
91
README.md
@ -51,3 +51,94 @@ docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
|
|||||||
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
|
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
|
||||||
docker-compose exec wordpress wp core update --path="/app/wordpress/"
|
docker-compose exec wordpress wp core update --path="/app/wordpress/"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Wordpress MultiUser Config
|
||||||
|
|
||||||
|
wp-config.php
|
||||||
|
|
||||||
|
```
|
||||||
|
/* Multisite */
|
||||||
|
define( 'WP_ALLOW_MULTISITE', true );
|
||||||
|
|
||||||
|
define('MULTISITE', true);
|
||||||
|
define('SUBDOMAIN_INSTALL', false);
|
||||||
|
define('DOMAIN_CURRENT_SITE', 'domain.new');
|
||||||
|
define('PATH_CURRENT_SITE', '/');
|
||||||
|
define('SITE_ID_CURRENT_SITE', 1);
|
||||||
|
define('BLOG_ID_CURRENT_SITE', 1);
|
||||||
|
```
|
||||||
|
|
||||||
|
# Worpress Cerber Config for Proxy Reverse
|
||||||
|
|
||||||
|
wp-config.php
|
||||||
|
|
||||||
|
```
|
||||||
|
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
|
||||||
|
```
|
||||||
|
|
||||||
|
# Nginx Proxy Reverse
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name domain.new;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
include snippets/xss.conf;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/domain.access.log;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
|
||||||
|
include snippets/proxy_headers.conf;
|
||||||
|
proxy_pass https://localhost:8243;
|
||||||
|
proxy_redirect https://localhost:8243 https://domain.new;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name domain.new;
|
||||||
|
access_log /var/log/nginx/domain.access.log;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
/etc/nginx/snippets/xss.conf
|
||||||
|
|
||||||
|
```
|
||||||
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Download-Options "noopen" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "none" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
```
|
||||||
|
|
||||||
|
/etc/nginx/snippets/proxy_headers.conf
|
||||||
|
|
||||||
|
```
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forward-Proto $scheme;
|
||||||
|
proxy_set_header X-Nginx-Proxy true;
|
||||||
|
```
|
||||||
|
18
config/apache-wordpress.conf
Normal file
18
config/apache-wordpress.conf
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName default
|
||||||
|
DocumentRoot /app/wordpress
|
||||||
|
|
||||||
|
<Directory /app/wordpress>
|
||||||
|
Options -Indexes +FollowSymLinks +MultiViews
|
||||||
|
AllowOverride All
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
<FilesMatch \.php$>
|
||||||
|
# 2.4.10+ can proxy to unix socket
|
||||||
|
SetHandler "proxy:fcgi://wordpress:9000"
|
||||||
|
</FilesMatch>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
</VirtualHost>
|
114
config/nginx-wordpress-multisite.conf
Normal file
114
config/nginx-wordpress-multisite.conf
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
map $uri $blogname{
|
||||||
|
~^(?P<blogpath>/[^/]+/)wp-content/uploads/sites/(.*) $blogpath ;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $blogname $blogid{
|
||||||
|
default -999;
|
||||||
|
|
||||||
|
#Ref: http://wordpress.org/extend/plugins/nginx-helper/
|
||||||
|
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 4443 ssl default_server;
|
||||||
|
include snippets/snakeoil.conf;
|
||||||
|
|
||||||
|
server_name lafundicio.net;
|
||||||
|
server_name www.lafundicio.net;
|
||||||
|
|
||||||
|
root /app/wordpress;
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
client_max_body_size 25M;
|
||||||
|
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* /(?:uploads|files)/.*\.php$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^(/[^/]+/)?wp-content/uploads/sites/(.+) {
|
||||||
|
try_files /wp-content/uploads/sites/$blogid/$2 /wp-includes/ms-files.php?file=$2 ;
|
||||||
|
access_log off;
|
||||||
|
log_not_found off; expires max;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!-e $request_filename) {
|
||||||
|
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
||||||
|
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
|
||||||
|
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$args ;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files $uri =404;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_read_timeout 300;
|
||||||
|
fastcgi_send_timeout 300;
|
||||||
|
fastcgi_pass wordpress:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log /app/wordpress.access.log;
|
||||||
|
error_log /app/wordpress.error.log;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
|
||||||
|
listen 8081;
|
||||||
|
|
||||||
|
server_name lafundicio.net;
|
||||||
|
server_name www.lafundicio.net;
|
||||||
|
|
||||||
|
root /app/wordpress;
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
client_max_body_size 25M;
|
||||||
|
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* /(?:uploads|files)/.*\.php$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^(/[^/]+/)?wp-content/uploads/sites/(.+) {
|
||||||
|
try_files /wp-content/uploads/sites/$blogid/$2 /wp-includes/ms-files.php?file=$2 ;
|
||||||
|
access_log off;
|
||||||
|
log_not_found off; expires max;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!-e $request_filename) {
|
||||||
|
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
||||||
|
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
|
||||||
|
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$args ;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files $uri =404;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_read_timeout 300;
|
||||||
|
fastcgi_send_timeout 300;
|
||||||
|
fastcgi_pass wordpress:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log /app/wordpress.access.log;
|
||||||
|
error_log /app/wordpress.error.log;
|
||||||
|
|
||||||
|
}
|
54
config/nginx-wordpress-site.conf
Normal file
54
config/nginx-wordpress-site.conf
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
map $uri $blogname{
|
||||||
|
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $blogname $blogid{
|
||||||
|
default -999;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 4443 ssl default_server;
|
||||||
|
|
||||||
|
include snippets/snakeoil.conf;
|
||||||
|
|
||||||
|
root /app/wordpress/;
|
||||||
|
|
||||||
|
index index.php index.html;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$args ;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files $uri /index.php =404;
|
||||||
|
fastcgi_pass wordpress:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param REMOTE_ADDR $http_x_real_ip;
|
||||||
|
fastcgi_read_timeout 300;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/files/(.*)$ {
|
||||||
|
try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
|
||||||
|
access_log off; log_not_found off; expires max;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location ^~ /blogs.dir {
|
||||||
|
internal;
|
||||||
|
alias /var/www/example.com/htdocs/wp-content/blogs.dir;
|
||||||
|
access_log off; log_not_found off; expires max;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,88 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
root /app/wordpress/;
|
|
||||||
|
|
||||||
index index.php;
|
|
||||||
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log;
|
|
||||||
|
|
||||||
location = /favicon.ico {
|
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /robots.txt {
|
|
||||||
allow all;
|
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php?$args;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri /index.php =404;
|
|
||||||
fastcgi_pass wordpress:9000;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
include fastcgi_params;
|
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
set $path_info $fastcgi_path_info;
|
|
||||||
fastcgi_param PATH_INFO $path_info;
|
|
||||||
fastcgi_param REMOTE_ADDR $http_x_real_ip;
|
|
||||||
fastcgi_read_timeout 300;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
||||||
expires max;
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl default_server;
|
|
||||||
|
|
||||||
include snippets/snakeoil.conf;
|
|
||||||
|
|
||||||
root /app/wordpress/;
|
|
||||||
|
|
||||||
index index.php index.html;
|
|
||||||
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php?$args ;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri /index.php =404;
|
|
||||||
fastcgi_pass wordpress:9000;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
include fastcgi_params;
|
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
set $path_info $fastcgi_path_info;
|
|
||||||
fastcgi_param PATH_INFO $path_info;
|
|
||||||
fastcgi_param REMOTE_ADDR $http_x_real_ip;
|
|
||||||
fastcgi_read_timeout 300;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
||||||
expires max;
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -28,11 +28,11 @@ services:
|
|||||||
nginx:
|
nginx:
|
||||||
image: registry.sindominio.net/nginx
|
image: registry.sindominio.net/nginx
|
||||||
ports:
|
ports:
|
||||||
- ${NGINX_PORT_HTTP}:80
|
- ${NGINX_PORT_HTTP}:8081
|
||||||
- ${NGINX_PORT_HTTPS}:443
|
- ${NGINX_PORT_HTTPS}:4443
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
|
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||||
- ./config/wordpress.conf:/etc/nginx/conf.d/wordpress.conf:ro
|
- ./config/nginx-wordpress-multisite.conf:/etc/nginx/conf.d/wordpress.conf:ro
|
||||||
- ./data:/app
|
- ./data:/app
|
||||||
restart: always
|
restart: always
|
||||||
|
|
||||||
|
@ -17,8 +17,10 @@ config() {
|
|||||||
if [ -n $MYSQL_PASSWORD ]; then sed -i "s:MYSQL_PASSWORD:$MYSQL_PASSWORD:" /app/wordpress/wp-config.php; fi
|
if [ -n $MYSQL_PASSWORD ]; then sed -i "s:MYSQL_PASSWORD:$MYSQL_PASSWORD:" /app/wordpress/wp-config.php; fi
|
||||||
if [ -n $MYSQL_HOST ]; then sed -i "s:MYSQL_HOST:$MYSQL_HOST:" /app/wordpress/wp-config.php; fi
|
if [ -n $MYSQL_HOST ]; then sed -i "s:MYSQL_HOST:$MYSQL_HOST:" /app/wordpress/wp-config.php; fi
|
||||||
|
|
||||||
SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
|
curl -s https://api.wordpress.org/secret-key/1.1/salt | tee -a /app/wordpress/wp-config.php
|
||||||
echo $SALT_KEYS >> /app/wordpress/wp-config.php;
|
|
||||||
|
#SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
|
||||||
|
#echo $SALT_KEYS >> /app/wordpress/wp-config.php;
|
||||||
}
|
}
|
||||||
|
|
||||||
update() {
|
update() {
|
||||||
|
Loading…
Reference in New Issue
Block a user