lrullo/lafundicio-wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: lrullo:c79fbabf1c851f9ed75952899705b5dd32ed76b8
Branches Tags
lrullo:master
..
compare: lrullo:37e404f575756153e1a7df802e19039b6d4df921
Branches Tags
lrullo:master

No commits in common. "c79fbabf1c851f9ed75952899705b5dd32ed76b8" and "37e404f575756153e1a7df802e19039b6d4df921" have entirely different histories.
c79fbabf1c ... 37e404f575

10 changed files with 96 additions and 307 deletions
Show Stats Expand all files Collapse all files

14
.env.sample
View File

@ -1,14 +0,0 @@
##
## CHANGE VARIABLES ##
##
MYSQL_DATABASE=user
MYSQL_USER=user
MYSQL_PASSWORD=user
MYSQL_HOST=db
SSH_USER=user
SSH_PASSWORD=user
SSH_PORT=2222
NGINX_PORT_HTTP=8080
NGINX_PORT_HTTPS=8443
USER_GROUP=1000:1000

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "sshd"]
path = sshd
url = https://git.audio-lab.org/lrullo/sshd.git

9
Dockerfile
View File

@ -1,12 +1,9 @@
FROM registry.sindominio.net/php-fpm
ENV TZ=Europe/Madrid
RUN apt-get update && \
apt-get -qy install \
php-mysql php-curl php-gd php-imagick php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
wget less tar curl ca-certificates\
mailutils sendmail &&\
apt-get -qy install \
php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip \
wget less tar curl ca-certificates &&\
apt-get clean
RUN mkdir -p /app/

91
README.md
View File

@ -51,94 +51,3 @@ docker-compose exec wordpress wp theme update --all --path="/app/wordpress/"
docker-compose exec wordpress wp plugin update --all --path="/app/wordpress/"
docker-compose exec wordpress wp core update --path="/app/wordpress/"
```
# Wordpress MultiUser Config
wp-config.php
```
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'domain.new');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
```
# Worpress Cerber Config for Proxy Reverse
wp-config.php
```
define('CERBER_IP_KEY', 'HTTP_X_REAL_IP' );
```
# Nginx Proxy Reverse
Example:
```
server {
listen 443 ssl http2;
server_name domain.new;
ssl_certificate /etc/letsencrypt/live/domain.new/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.new/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
include snippets/xss.conf;
access_log /var/log/nginx/domain.access.log;
location / {
include snippets/proxy_headers.conf;
proxy_pass https://localhost:8243;
proxy_redirect https://localhost:8243 https://domain.new;
}
}
server {
listen 80;
server_name domain.new;
access_log /var/log/nginx/domain.access.log;
return 301 https://$host$request_uri;
}
```
/etc/nginx/snippets/xss.conf
```
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
```
/etc/nginx/snippets/proxy_headers.conf
```
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
```

18
config/apache-wordpress.conf
View File

@ -1,18 +0,0 @@
<VirtualHost *:80>
ServerName default
DocumentRoot /app/wordpress
<Directory /app/wordpress>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:fcgi://wordpress:9000"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

114
config/nginx-wordpress-multisite.conf
View File

@ -1,114 +0,0 @@
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)wp-content/uploads/sites/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
#Ref: http://wordpress.org/extend/plugins/nginx-helper/
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}
server {
listen 4443 ssl default_server;
include snippets/snakeoil.conf;
server_name lafundicio.net;
server_name www.lafundicio.net;
root /app/wordpress;
index index.php;
client_max_body_size 25M;
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ ^(/[^/]+/)?wp-content/uploads/sites/(.+) {
try_files /wp-content/uploads/sites/$blogid/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off;
log_not_found off; expires max;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_pass wordpress:9000;
}
access_log /app/wordpress.access.log;
error_log /app/wordpress.error.log;
}
server {
listen 8081;
server_name lafundicio.net;
server_name www.lafundicio.net;
root /app/wordpress;
index index.php;
client_max_body_size 25M;
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ ^(/[^/]+/)?wp-content/uploads/sites/(.+) {
try_files /wp-content/uploads/sites/$blogid/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off;
log_not_found off; expires max;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_pass wordpress:9000;
}
access_log /app/wordpress.access.log;
error_log /app/wordpress.error.log;
}

54
config/nginx-wordpress-site.conf
View File

@ -1,54 +0,0 @@
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
}
server {
listen 4443 ssl default_server;
include snippets/snakeoil.conf;
root /app/wordpress/;
index index.php index.html;
server_name _;
access_log /var/log/nginx/access.log;
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
location ~ ^/files/(.*)$ {
try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
access_log off; log_not_found off; expires max;
}
location ^~ /blogs.dir {
internal;
alias /var/www/example.com/htdocs/wp-content/blogs.dir;
access_log off; log_not_found off; expires max;
}
}

88
config/wordpress.conf Normal file
View File

@ -0,0 +1,88 @@
server {
listen 80;
root /app/wordpress/;
index index.php;
server_name _;
access_log /var/log/nginx/access.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
access_log off;
log_not_found off;
}
}
server {
listen 443 ssl default_server;
include snippets/snakeoil.conf;
root /app/wordpress/;
index index.php index.html;
server_name _;
access_log /var/log/nginx/access.log;
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
access_log off;
log_not_found off;
}
}

6
docker-compose.yml
View File

@ -28,11 +28,11 @@ services:
nginx:
image: registry.sindominio.net/nginx
ports:
- ${NGINX_PORT_HTTP}:8081
- ${NGINX_PORT_HTTPS}:4443
- ${NGINX_PORT_HTTP}:80
- ${NGINX_PORT_HTTPS}:443
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/nginx-wordpress-multisite.conf:/etc/nginx/conf.d/wordpress.conf:ro
- ./config/wordpress.conf:/etc/nginx/conf.d/wordpress.conf:ro
- ./data:/app
restart: always

6
entrypoint.sh
View File

@ -17,10 +17,8 @@ config() {
if [ -n $MYSQL_PASSWORD ]; then sed -i "s:MYSQL_PASSWORD:$MYSQL_PASSWORD:" /app/wordpress/wp-config.php; fi
if [ -n $MYSQL_HOST ]; then sed -i "s:MYSQL_HOST:$MYSQL_HOST:" /app/wordpress/wp-config.php; fi
curl -s https://api.wordpress.org/secret-key/1.1/salt | tee -a /app/wordpress/wp-config.php
#SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
#echo $SALT_KEYS >> /app/wordpress/wp-config.php;
SALT_KEYS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt)
echo $SALT_KEYS >> /app/wordpress/wp-config.php;
}
update() {