Skip to content

Instantly share code, notes, and snippets.

@MisterDaniels

MisterDaniels/.env

Last active September 15, 2022 20:19
Show Gist options
  • Save MisterDaniels/63b4835b4aa8fe1366dd52a038b02e14 to your computer and use it in GitHub Desktop.
Save MisterDaniels/63b4835b4aa8fe1366dd52a038b02e14 to your computer and use it in GitHub Desktop.
Download ZIP
Wordpress Environment
Raw
.env
SERVER_HTTP_PORT=80
SERVER_HTTPS_PORT=443
MYSQL_ROOT_PASSWORD=test
AWS_ACCESS_KEY=test
AWS_SECRET_ACCESS_KEY=test
Raw
docker-compose.yml
version: '3.5'
services:
server:
image: nginx:latest
container_name: server
restart: unless-stopped
env_file: .env
working_dir: /etc/nginx
ports:
- '$SERVER_HTTP_PORT:80'
- '$SERVER_HTTPS_PORT:443'
volumes:
- ./log:/var/logs/nginx
- ./nginx.conf:/etc/nginx/nginx.conf
- ./sites-available:/etc/nginx/sites-available/
- ./sites-enabled:/etc/nginx/sites-enabled/
- ./certificates:/etc/nginx/certificates/
networks:
- server
database:
image: mariadb:10.3
container_name: database
restart: unless-stopped
env_file: .env
command: --innodb-flush-method=fsync
volumes:
- ./database:/var/lib/mysql
networks:
- database
environment:
- MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
networks:
server:
name: server
driver: bridge
database:
name: database
driver: bridge
Raw
Makefile
include .env
export
current_dir = $(shell pwd)
build/environment:
@docker-compose pull
create/environment:
@docker-compose up -d
start/environment:
@docker-compose start
stop/environment:
@docker-compose stop
delete/environment:
@docker-compose down
clean/environment:
@sudo rm sites-enabled/*
build/server:
@docker-compose build -d server
create/server:
@docker-compose -d up server
start/server:
@docker-compose -d start server
stop/server:
@docker-compose stop server
restart/server:
@docker-compose -d restart server
delete/server:
@docker-compose down server
bash/server:
@docker-compose exec server bash
reload/server:
@docker-compose exec server nginx -s reload -c /etc/nginx/nginx.conf
test/server:
@docker-compose exec server nginx -t
logs/server:
@docker-compose logs server
watch/server:
@docker-compose logs -f --tail 10 server
enable/site:
@docker-compose exec server ln -s /etc/nginx/sites-available/$(companyDomain).conf /etc/nginx/sites-enabled/$(companyDomain).conf; \
make reload/server;
disable/site:
@docker-compose exec server rm /etc/nginx/sites-enabled/$(companyDomain).conf; \
make reload/server;
build/database-server:
@docker-compose build database
create/database-server:
@docker-compose -d up database
start/database-server:
@docker-compose -d start database
stop/database-server:
@docker-compose stop database
restart/database-server:
@docker-compose -d restart database
delete/database-server:
@docker-compose down database
bash/database-server:
@docker-compose exec database bash
logs/database-server:
@docker-compose logs database
watch/database-server:
@docker-compose logs -f --tail 10 database
connect/database:
@docker-compose exec database \
mysql \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) \
$(dbName)
create/database:
@docker-compose exec database \
mysql \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) \
-e 'CREATE DATABASE `$(dbName)`; CREATE USER "$(dbUser)"@"172.19.0.%" IDENTIFIED BY "$(dbPassword)"; GRANT ALL PRIVILEGES ON `$(dbName)`.* TO "$(dbUser)"@"172.19.0.%"; FLUSH PRIVILEGES;'
remove/database:
@docker-compose exec database \
mysql \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) \
-e 'REVOKE ALL PRIVILEGES ON `$(dbName)`.* FROM "$(dbUser)"@"172.19.0.%"; DROP USER "$(dbUser)"@"172.19.0.%"; DROP DATABASE `$(dbName)`;'
adapt/database:
@docker-compose exec database \
mysql \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) \
-e 'CREATE DATABASE `$(dbName)`; CREATE USER "$(dbUser)"@"172.19.0.%" IDENTIFIED BY "$(dbPassword)"; GRANT ALL PRIVILEGES ON `$(dbName)`.* TO "$(dbUser)"@"172.19.0.%"; FLUSH PRIVILEGES;'; \
docker-compose exec -T database \
mysql \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) $(dbName) < $(sqlFileLocation)
dump/database:
@docker-compose exec database \
mysqldump \
--user=root \
--password=$(MYSQL_ROOT_PASSWORD) \
$(dbName) \
> $(location)
build/wordpress:
@docker pull wordpress:php7.4-fpm
create/wordpress:
@mkdir -p configurations && mkdir -p configurations/$(companyDomain) && touch configurations/$(companyDomain)/.htaccess; \
cat template.htaccess > configurations/$(companyDomain)/.htaccess; \
docker run \
-t \
--name "$(companyName)" \
--network database \
--hostname "$(companyName)" \
--mount type=bind,source=$(current_dir)/configurations/$(companyDomain)/.htaccess,target=/var/www/html/.htaccess \
-e WORDPRESS_DB_HOST=database \
-e WORDPRESS_DB_USER=$(dbUser) \
-e WORDPRESS_DB_PASSWORD=$(dbPassword) \
-e WORDPRESS_DB_NAME=$(dbName) \
-d wordpress:latest; \
docker network connect server "$(companyName)"; \
docker-compose exec server touch /etc/nginx/sites-available/$(companyDomain).conf; \
sed 's/COMPANY_NAME/$(companyName)/g' template.conf | \
sed 's/COMPANY_DOMAIN/$(companyDomain)/g' | \
docker-compose exec -T server bash -c "cat > /etc/nginx/sites-available/$(companyDomain).conf";
prepare/wordpress:
@docker exec -it $(companyName) bash -c "chown www-data:www-data -R *"; \
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;"; \
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {}" \;
adapt/wordpress:
@docker exec -it $(companyName) bash -c "cp /var/www/html/wp-config.php /var/www/wp-config.php"; \
docker exec -it $(companyName) bash -c "rm -rf /var/www/html/*"; \
docker cp $(wordpressFolderLocation)/. $(companyName):/var/www/html; \
docker exec -it $(companyName) bash -c "mv -f /var/www/wp-config.php /var/www/html/wp-config.php"; \
mkdir -p certificates/$(companyDomain); \
cp -r $(fullchainFileLocation) certificates/$(companyDomain)/fullchain.pem; \
cp -r $(privkeyFileLocation) certificates/$(companyDomain)/privkey.pem; \
docker exec -it $(companyName) bash -c "chown www-data:www-data -R *"; \
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;"; \
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {} \;"
start/wordpress:
@docker start $(companyName)
stop/wordpress:
@docker stop $(companyName)
restart/wordpress:
@docker restart $(companyName)
delete/wordpress:
@docker rm -f $(companyName) && rm -rf configurations/$(companyDomain)
bash/wordpress:
@docker exec -it $(companyName) bash
dump/wordpress:
@docker cp $(companyName):/var/www/html/. $(location)/$(companyDomain) \
cd $(location)/$(companyDomain) && zip -r $(companyDomain).zip . && mv $(companyDomain).zip .. \
rm -rf $(location)/$(companyDomain);
dump/plugins/wordpress:
@docker cp $(companyName):/var/www/html/wp-content/plugins/. $(location)/$(companyDomain)-plugins \
cd $(location)/$(companyDomain)-plugins && zip -r $(companyDomain)-plugins.zip . && mv $(companyDomain)-plugins.zip .. \
rm -rf $(location)/$(companyDomain)-plugins;
dump/themes/wordpress:
@docker cp $(companyName):/var/www/html/wp-content/themes/. $(location)/$(companyDomain)-themes \
cd $(location)/$(companyDomain)-themes && zip -r $(companyDomain)-themes.zip . && mv $(companyDomain)-themes.zip .. \
rm -rf $(location)/$(companyDomain)-themes;
dump/uploads/wordpress:
@docker cp $(companyName):/var/www/html/wp-content/uploads/. $(location)/$(companyDomain)-uploads; \
cd $(location)/$(companyDomain)-uploads && zip -r $(companyDomain)-uploads.zip . && mv $(companyDomain)-uploads.zip ..; \
rm -rf $(location)/$(companyDomain)-uploads;
import/wordpress:
@cd $(location) && rm -rf $(companyDomain) && mkdir $(companyDomain) && mv $(companyDomain).zip $(companyDomain) && cd $(companyDomain) && unzip $(companyDomain).zip && rm -rf .htaccess && mv $(companyDomain).zip ..; \
docker exec -it $(companyName) bash -c "find /var/www/html ! -name '.htaccess' -type f -exec rm -f {} +"; \
docker cp $(location)/$(companyDomain)/. $(companyName):/var/www/html/; \
rm -rf $(location)/$(companyDomain);
docker exec -it $(companyName) bash -c "chown -R www-data:www-data /var/www/html && chgrp www-data /var/www/html && chmod g+rwx /var/www/html && chmod 755 /var/www/html/wp-content"
import/uploads/wordpress:
@cd $(location) && mkdir $(companyDomain)-uploads && mv $(companyDomain)-uploads.zip $(companyDomain)-uploads && cd $(companyDomain)-uploads && unzip $(companyDomain)-uploads.zip && mv $(companyDomain)-uploads.zip ..; \
docker cp $(location)/$(companyDomain)-uploads/. $(companyName):/var/www/html/wp-content/uploads/; \
rm -rf $(location)/$(companyDomain)-uploads;
build/certbot:
@docker pull cerbot/certbot
generate/certificate:
@docker run -it --rm --name certbot \
--env AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY) \
--env AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) \
-v "$(current_dir)/letsencrypt:/etc/letsencrypt" \
certbot/dns-route53 certonly \
-m ajuda@auryn.com.br \
--agree-tos --server https://acme-v02.api.letsencrypt.org/directory \
-d $(companyDomain) -d *.$(companyDomain) \
mkdir -p certificates/$(companyDomain); \
mv letsencrypt/archive/$(companyDomain)/fullchain1.pem certificates/$(companyDomain)/fullchain.pem; \
mv letsencrypt/archive/$(companyDomain)/privkey1.pem certificates/$(companyDomain)/privkey.pem; \
rm -rf letsencrypt/archive/$(companyDomain);
rm -rf letsencrypt/live/$(companyDomain)*
rm -rf letsencrypt/renewal/$(companyDomain)*
Raw
nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 64M;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
return 404;
}
add_header Access-Control-Allow-Origin *;
include /etc/nginx/sites-enabled/*.conf;
}
Raw
template.conf
server {
listen 80;
server_name COMPANY_DOMAIN www.COMPANY_DOMAIN;
return 301 https://COMPANY_DOMAIN$request_uri;
}
server {
listen 443 ssl;
server_name www.COMPANY_DOMAIN;
access_log /var/log/nginx/COMPANY_DOMAIN-access.log;
error_log /var/log/nginx/COMPANY_DOMAIN-error.log;
ssl_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/nginx/certificates/COMPANY_DOMAIN/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
return 301 https://COMPANY_DOMAIN$request_uri;
}
server {
listen 443 ssl;
server_name COMPANY_DOMAIN;
access_log /var/log/nginx/COMPANY_DOMAIN-access.log;
error_log /var/log/nginx/COMPANY_DOMAIN-error.log;
ssl_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/nginx/certificates/COMPANY_DOMAIN/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certificates/COMPANY_DOMAIN/fullchain.pem;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_pass http://COMPANY_NAME;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
}
}
Raw
template.htaccess
# BEGIN WordPress
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
# BEGIN Environment
php_value upload_max_filesize 64M
# END Environment
# BEGIN Resources
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
# END Resources
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment