-
-
Save MisterDaniels/63b4835b4aa8fe1366dd52a038b02e14 to your computer and use it in GitHub Desktop.
Wordpress Environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SERVER_HTTP_PORT=80 | |
SERVER_HTTPS_PORT=443 | |
MYSQL_ROOT_PASSWORD=test | |
AWS_ACCESS_KEY=test | |
AWS_SECRET_ACCESS_KEY=test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.5' | |
services: | |
server: | |
image: nginx:latest | |
container_name: server | |
restart: unless-stopped | |
env_file: .env | |
working_dir: /etc/nginx | |
ports: | |
- '$SERVER_HTTP_PORT:80' | |
- '$SERVER_HTTPS_PORT:443' | |
volumes: | |
- ./log:/var/logs/nginx | |
- ./nginx.conf:/etc/nginx/nginx.conf | |
- ./sites-available:/etc/nginx/sites-available/ | |
- ./sites-enabled:/etc/nginx/sites-enabled/ | |
- ./certificates:/etc/nginx/certificates/ | |
networks: | |
- server | |
database: | |
image: mariadb:10.3 | |
container_name: database | |
restart: unless-stopped | |
env_file: .env | |
command: --innodb-flush-method=fsync | |
volumes: | |
- ./database:/var/lib/mysql | |
networks: | |
- database | |
environment: | |
- MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD | |
networks: | |
server: | |
name: server | |
driver: bridge | |
database: | |
name: database | |
driver: bridge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
include .env | |
export | |
current_dir = $(shell pwd) | |
build/environment: | |
@docker-compose pull | |
create/environment: | |
@docker-compose up -d | |
start/environment: | |
@docker-compose start | |
stop/environment: | |
@docker-compose stop | |
delete/environment: | |
@docker-compose down | |
clean/environment: | |
@sudo rm sites-enabled/* | |
build/server: | |
@docker-compose build -d server | |
create/server: | |
@docker-compose -d up server | |
start/server: | |
@docker-compose -d start server | |
stop/server: | |
@docker-compose stop server | |
restart/server: | |
@docker-compose -d restart server | |
delete/server: | |
@docker-compose down server | |
bash/server: | |
@docker-compose exec server bash | |
reload/server: | |
@docker-compose exec server nginx -s reload -c /etc/nginx/nginx.conf | |
test/server: | |
@docker-compose exec server nginx -t | |
logs/server: | |
@docker-compose logs server | |
watch/server: | |
@docker-compose logs -f --tail 10 server | |
enable/site: | |
@docker-compose exec server ln -s /etc/nginx/sites-available/$(companyDomain).conf /etc/nginx/sites-enabled/$(companyDomain).conf; \ | |
make reload/server; | |
disable/site: | |
@docker-compose exec server rm /etc/nginx/sites-enabled/$(companyDomain).conf; \ | |
make reload/server; | |
build/database-server: | |
@docker-compose build database | |
create/database-server: | |
@docker-compose -d up database | |
start/database-server: | |
@docker-compose -d start database | |
stop/database-server: | |
@docker-compose stop database | |
restart/database-server: | |
@docker-compose -d restart database | |
delete/database-server: | |
@docker-compose down database | |
bash/database-server: | |
@docker-compose exec database bash | |
logs/database-server: | |
@docker-compose logs database | |
watch/database-server: | |
@docker-compose logs -f --tail 10 database | |
connect/database: | |
@docker-compose exec database \ | |
mysql \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) \ | |
$(dbName) | |
create/database: | |
@docker-compose exec database \ | |
mysql \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) \ | |
-e 'CREATE DATABASE `$(dbName)`; CREATE USER "$(dbUser)"@"172.19.0.%" IDENTIFIED BY "$(dbPassword)"; GRANT ALL PRIVILEGES ON `$(dbName)`.* TO "$(dbUser)"@"172.19.0.%"; FLUSH PRIVILEGES;' | |
remove/database: | |
@docker-compose exec database \ | |
mysql \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) \ | |
-e 'REVOKE ALL PRIVILEGES ON `$(dbName)`.* FROM "$(dbUser)"@"172.19.0.%"; DROP USER "$(dbUser)"@"172.19.0.%"; DROP DATABASE `$(dbName)`;' | |
adapt/database: | |
@docker-compose exec database \ | |
mysql \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) \ | |
-e 'CREATE DATABASE `$(dbName)`; CREATE USER "$(dbUser)"@"172.19.0.%" IDENTIFIED BY "$(dbPassword)"; GRANT ALL PRIVILEGES ON `$(dbName)`.* TO "$(dbUser)"@"172.19.0.%"; FLUSH PRIVILEGES;'; \ | |
docker-compose exec -T database \ | |
mysql \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) $(dbName) < $(sqlFileLocation) | |
dump/database: | |
@docker-compose exec database \ | |
mysqldump \ | |
--user=root \ | |
--password=$(MYSQL_ROOT_PASSWORD) \ | |
$(dbName) \ | |
> $(location) | |
build/wordpress: | |
@docker pull wordpress:php7.4-fpm | |
create/wordpress: | |
@mkdir -p configurations && mkdir -p configurations/$(companyDomain) && touch configurations/$(companyDomain)/.htaccess; \ | |
cat template.htaccess > configurations/$(companyDomain)/.htaccess; \ | |
docker run \ | |
-t \ | |
--name "$(companyName)" \ | |
--network database \ | |
--hostname "$(companyName)" \ | |
--mount type=bind,source=$(current_dir)/configurations/$(companyDomain)/.htaccess,target=/var/www/html/.htaccess \ | |
-e WORDPRESS_DB_HOST=database \ | |
-e WORDPRESS_DB_USER=$(dbUser) \ | |
-e WORDPRESS_DB_PASSWORD=$(dbPassword) \ | |
-e WORDPRESS_DB_NAME=$(dbName) \ | |
-d wordpress:latest; \ | |
docker network connect server "$(companyName)"; \ | |
docker-compose exec server touch /etc/nginx/sites-available/$(companyDomain).conf; \ | |
sed 's/COMPANY_NAME/$(companyName)/g' template.conf | \ | |
sed 's/COMPANY_DOMAIN/$(companyDomain)/g' | \ | |
docker-compose exec -T server bash -c "cat > /etc/nginx/sites-available/$(companyDomain).conf"; | |
prepare/wordpress: | |
@docker exec -it $(companyName) bash -c "chown www-data:www-data -R *"; \ | |
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;"; \ | |
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {}" \; | |
adapt/wordpress: | |
@docker exec -it $(companyName) bash -c "cp /var/www/html/wp-config.php /var/www/wp-config.php"; \ | |
docker exec -it $(companyName) bash -c "rm -rf /var/www/html/*"; \ | |
docker cp $(wordpressFolderLocation)/. $(companyName):/var/www/html; \ | |
docker exec -it $(companyName) bash -c "mv -f /var/www/wp-config.php /var/www/html/wp-config.php"; \ | |
mkdir -p certificates/$(companyDomain); \ | |
cp -r $(fullchainFileLocation) certificates/$(companyDomain)/fullchain.pem; \ | |
cp -r $(privkeyFileLocation) certificates/$(companyDomain)/privkey.pem; \ | |
docker exec -it $(companyName) bash -c "chown www-data:www-data -R *"; \ | |
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;"; \ | |
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {} \;" | |
start/wordpress: | |
@docker start $(companyName) | |
stop/wordpress: | |
@docker stop $(companyName) | |
restart/wordpress: | |
@docker restart $(companyName) | |
delete/wordpress: | |
@docker rm -f $(companyName) && rm -rf configurations/$(companyDomain) | |
bash/wordpress: | |
@docker exec -it $(companyName) bash | |
dump/wordpress: | |
@docker cp $(companyName):/var/www/html/. $(location)/$(companyDomain) \ | |
cd $(location)/$(companyDomain) && zip -r $(companyDomain).zip . && mv $(companyDomain).zip .. \ | |
rm -rf $(location)/$(companyDomain); | |
dump/plugins/wordpress: | |
@docker cp $(companyName):/var/www/html/wp-content/plugins/. $(location)/$(companyDomain)-plugins \ | |
cd $(location)/$(companyDomain)-plugins && zip -r $(companyDomain)-plugins.zip . && mv $(companyDomain)-plugins.zip .. \ | |
rm -rf $(location)/$(companyDomain)-plugins; | |
dump/themes/wordpress: | |
@docker cp $(companyName):/var/www/html/wp-content/themes/. $(location)/$(companyDomain)-themes \ | |
cd $(location)/$(companyDomain)-themes && zip -r $(companyDomain)-themes.zip . && mv $(companyDomain)-themes.zip .. \ | |
rm -rf $(location)/$(companyDomain)-themes; | |
dump/uploads/wordpress: | |
@docker cp $(companyName):/var/www/html/wp-content/uploads/. $(location)/$(companyDomain)-uploads; \ | |
cd $(location)/$(companyDomain)-uploads && zip -r $(companyDomain)-uploads.zip . && mv $(companyDomain)-uploads.zip ..; \ | |
rm -rf $(location)/$(companyDomain)-uploads; | |
import/wordpress: | |
@cd $(location) && rm -rf $(companyDomain) && mkdir $(companyDomain) && mv $(companyDomain).zip $(companyDomain) && cd $(companyDomain) && unzip $(companyDomain).zip && rm -rf .htaccess && mv $(companyDomain).zip ..; \ | |
docker exec -it $(companyName) bash -c "find /var/www/html ! -name '.htaccess' -type f -exec rm -f {} +"; \ | |
docker cp $(location)/$(companyDomain)/. $(companyName):/var/www/html/; \ | |
rm -rf $(location)/$(companyDomain); | |
docker exec -it $(companyName) bash -c "chown -R www-data:www-data /var/www/html && chgrp www-data /var/www/html && chmod g+rwx /var/www/html && chmod 755 /var/www/html/wp-content" | |
import/uploads/wordpress: | |
@cd $(location) && mkdir $(companyDomain)-uploads && mv $(companyDomain)-uploads.zip $(companyDomain)-uploads && cd $(companyDomain)-uploads && unzip $(companyDomain)-uploads.zip && mv $(companyDomain)-uploads.zip ..; \ | |
docker cp $(location)/$(companyDomain)-uploads/. $(companyName):/var/www/html/wp-content/uploads/; \ | |
rm -rf $(location)/$(companyDomain)-uploads; | |
build/certbot: | |
@docker pull cerbot/certbot | |
generate/certificate: | |
@docker run -it --rm --name certbot \ | |
--env AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY) \ | |
--env AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) \ | |
-v "$(current_dir)/letsencrypt:/etc/letsencrypt" \ | |
certbot/dns-route53 certonly \ | |
-m ajuda@auryn.com.br \ | |
--agree-tos --server https://acme-v02.api.letsencrypt.org/directory \ | |
-d $(companyDomain) -d *.$(companyDomain) \ | |
mkdir -p certificates/$(companyDomain); \ | |
mv letsencrypt/archive/$(companyDomain)/fullchain1.pem certificates/$(companyDomain)/fullchain.pem; \ | |
mv letsencrypt/archive/$(companyDomain)/privkey1.pem certificates/$(companyDomain)/privkey.pem; \ | |
rm -rf letsencrypt/archive/$(companyDomain); | |
rm -rf letsencrypt/live/$(companyDomain)* | |
rm -rf letsencrypt/renewal/$(companyDomain)* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user nginx; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log notice; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
client_max_body_size 64M; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
keepalive_timeout 65; | |
#gzip on; | |
server { | |
return 404; | |
} | |
add_header Access-Control-Allow-Origin *; | |
include /etc/nginx/sites-enabled/*.conf; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name COMPANY_DOMAIN www.COMPANY_DOMAIN; | |
return 301 https://COMPANY_DOMAIN$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name www.COMPANY_DOMAIN; | |
access_log /var/log/nginx/COMPANY_DOMAIN-access.log; | |
error_log /var/log/nginx/COMPANY_DOMAIN-error.log; | |
ssl_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem; | |
ssl_certificate_key /etc/nginx/certificates/COMPANY_DOMAIN/privkey.pem; | |
ssl_session_timeout 1d; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_tickets off; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-SSL on; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
return 301 https://COMPANY_DOMAIN$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name COMPANY_DOMAIN; | |
access_log /var/log/nginx/COMPANY_DOMAIN-access.log; | |
error_log /var/log/nginx/COMPANY_DOMAIN-error.log; | |
ssl_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem; | |
ssl_certificate_key /etc/nginx/certificates/COMPANY_DOMAIN/privkey.pem; | |
ssl_session_timeout 1d; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_tickets off; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-SSL on; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
location / { | |
proxy_read_timeout 90; | |
proxy_connect_timeout 90; | |
proxy_redirect off; | |
proxy_pass http://COMPANY_NAME; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_set_header Host $host; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# BEGIN WordPress | |
RewriteEngine On | |
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
RewriteBase / | |
RewriteRule ^index\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule . /index.php [L] | |
# END WordPress | |
# BEGIN Environment | |
php_value upload_max_filesize 64M | |
# END Environment | |
# BEGIN Resources | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css)$"> | |
Header set Access-Control-Allow-Origin "*" | |
</FilesMatch> | |
</IfModule> | |
# END Resources |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment