Last active
November 23, 2021 18:52
-
-
Save gavincampbell/f59f61cf98ae597dc56a5bce5b830cea to your computer and use it in GitHub Desktop.
Post-deployment configuration of WordPress in Azure App Service, notes at https://gavincampbell.dev/post/post-deployment-configuration-azure-web-apps/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LOCATION=uksouth | |
RESOURCE_GROUP_NAME=webapp-config-demo | |
SERVICE_PLAN_NAME=app-service-plan-free-wp | |
SERVICE_PLAN_SKU=FREE | |
WEB_APP_NAME=mywpsite-ahfdskf | |
MARIADB_SKU=B_Gen5_1 | |
MARIADB_SERVER_NAME=dbserver-ahfdskf | |
MARIADB_ADMIN_USER=BOSS_HOGG | |
MARIADB_ADMIN_PASSWORD=R05coePColtrane | |
WORDPRESS_DB_NAME=wpdb | |
WORDPRESS_DB_USER=CLETUS | |
WORDPRESS_DB_HOST=$MARIADB_SERVER_NAME.mariadb.database.azure.com | |
WORDPRESS_DB_PASSWORD=Ha55ardC0unty | |
WORDPRESS_SITE_NAME="My Wordpress Site" | |
WORDPRESS_ADMIN_USER=Enos | |
WORDPRESS_ADMIN_PASSWORD=Da15yDuk€ | |
# Simplify script by using alphanumeric keys! | |
WORDPRESS_AUTH_KEY=n2QryNUFHWfbA3u5y7TENYb5LSrEu3w4WyV8HRkD4bKNPPsD7SsexTcFETuSCRhU | |
WORDPRESS_SECURE_AUTH_KEY=BkMzX84KWvCGu8hGc5YtSNJJaGG2vYu7EhY6BrpbGMkaBz4PdL6MskJQ7K3xWRKU | |
WORDPRESS_LOGGED_IN_KEY=4aXsqMUk7kMjypsx2aAhJdMLw28AFmUsDK2LXBPN4CZ87nj9g4VGNzFQuVx8u972 | |
WORDPRESS_NONCE_KEY=mV7LGzV7aXpPm2XZDmCLmzWHP42kyTa94TuTrbhs48ShU2Whk8dA3gKfWERkEMgx | |
WORDPRESS_AUTH_SALT=XNWTuvNM4j6GgXZMDf35BdT4hEw26ytfRSyek5yKdWPQp97bdC2EvR4Xch7qx44x | |
WORDPRESS_SECURE_AUTH_SALT=XNWTuvNM4j6GgXZMDfP5BdT4h2w26ytfRSyek5yKdWPQp97bdC2EvR4Xch7qx44x | |
WORDPRESS_LOGGED_IN_SALT=aC3kCxjEthVJKcuDjrhLi8cDuWPyyvFvj6h4qWXeza8muDdy8q7rHGCW73chaydM | |
WORDPRESS_NONCE_SALT=BhacxQWaauKPv6x8vNCdLN7sxpJaxDsdKMq4rrqb32mDmCM6GjwchBndB6zXZKfs | |
MARIADB_CERT_FOLDER=/home/site/wwwroot/cert | |
MARIADB_CERT_FILENAME=DigiCertGlobalRootG2.crt.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.env | |
*.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ -f .env ]; then | |
source .env | |
fi | |
wget -nc https://en-gb.wordpress.org/latest-en_GB.zip | |
az group create --name $RESOURCE_GROUP_NAME --location $LOCATION | |
az appservice plan create --name $SERVICE_PLAN_NAME --resource-group $RESOURCE_GROUP_NAME \ | |
--sku $SERVICE_PLAN_SKU --is-linux | |
az webapp create --resource-group $RESOURCE_GROUP_NAME --plan $SERVICE_PLAN_NAME --name $WEB_APP_NAME \ | |
--runtime "PHP|7.3" | |
az webapp update --https-only true --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME | |
# set "project" so that Kudu will expand the wordpress subfolder into the root of our site | |
az webapp config appsettings set --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME \ | |
--settings project=wordpress | |
# in real life you might want to use a key vault ref for some of these | |
# https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references | |
az webapp config appsettings set --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME \ | |
--settings MYSQL_SSL_CA=$MARIADB_CERT_FOLDER/$MARIADB_CERT_FILENAME \ | |
WORDPRESS_DB_NAME=$WORDPRESS_DB_NAME \ | |
WORDPRESS_DB_USER=$WORDPRESS_DB_USER \ | |
WORDPRESS_DB_PASSWORD=$WORDPRESS_DB_PASSWORD \ | |
WORDPRESS_DB_HOST=$WORDPRESS_DB_HOST \ | |
WORDPRESS_AUTH_KEY=$WORDPRESS_AUTH_KEY \ | |
WORDPRESS_SECURE_AUTH_KEY=$WORDPRESS_SECURE_AUTH_KEY \ | |
WORDPRESS_LOGGED_IN_KEY=$WORDPRESS_LOGGED_IN_KEY \ | |
WORDPRESS_NONCE_KEY=$WORDPRESS_NONCE_KEY \ | |
WORDPRESS_AUTH_SALT=$WORDPRESS_AUTH_SALT \ | |
WORDPRESS_SECURE_AUTH_SALT=$WORDPRESS_SECURE_AUTH_SALT \ | |
WORDPRESS_LOGGED_IN_SALT=$WORDPRESS_LOGGED_IN_SALT \ | |
WORDPRESS_NONCE_SALT=$WORDPRESS_NONCE_SALT | |
az webapp deployment source config-zip --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME --src latest-en_GB.zip | |
az mariadb server create --location $LOCATION --resource-group $RESOURCE_GROUP_NAME --name $MARIADB_SERVER_NAME \ | |
--admin-user $MARIADB_ADMIN_USER --admin-password $MARIADB_ADMIN_PASSWORD --sku-name $MARIADB_SKU | |
az mariadb server firewall-rule create --resource-group $RESOURCE_GROUP_NAME --server-name $MARIADB_SERVER_NAME \ | |
--name allowazure --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0 | |
az mariadb db create --name $WORDPRESS_DB_NAME --resource-group $RESOURCE_GROUP_NAME --server-name $MARIADB_SERVER_NAME \ | |
--charset utf8 --collation utf8_unicode_ci | |
# hitting the website seems to have some effect on ssh! | |
wget -O /dev/null -q $WEB_APP_NAME.azurewebsites.net | |
sleep 60s | |
#clean up any old ssh tunnels before we start | |
for p in $(pgrep -f "webapp create-remote-connection"); do kill $p; done | |
az webapp create-remote-connection --name $WEB_APP_NAME --resource-group $RESOURCE_GROUP_NAME -p 54321 & | |
# startup time seems to be a bit unpredictable... | |
timeout 600 bash -c 'until echo > /dev/tcp/localhost/54321; do sleep 5; done' | |
expect <(cat <<EOF | |
spawn scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -P 54321 wp-config.php root@localhost:/home/site/wwwroot/ | |
expect "assword:" | |
send "Docker!\r" | |
wait | |
EOF | |
) | |
expect <(cat <<EOF | |
spawn ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -p 54321 root@localhost \ | |
{wget -nc -P $MARIADB_CERT_FOLDER https://cacerts.digicert.com/$MARIADB_CERT_FILENAME && \ | |
mysql -h $MARIADB_SERVER_NAME.mariadb.database.azure.com -u $MARIADB_ADMIN_USER@$MARIADB_SERVER_NAME -p$MARIADB_ADMIN_PASSWORD --ssl \ | |
-e "CREATE DATABASE IF NOT EXISTS $WORDPRESS_DB_NAME character set utf8 collate utf8_unicode_ci;"\ | |
"CREATE USER IF NOT EXISTS '$WORDPRESS_DB_USER'@'%' IDENTIFIED BY '$WORDPRESS_DB_PASSWORD';"\ | |
"GRANT ALL ON $WORDPRESS_DB_NAME.* to '$WORDPRESS_DB_USER'@'%';" && \ | |
wget -nc https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \ | |
chmod +x wp-cli.phar && \ | |
mv wp-cli.phar /home/site/wwwroot/wp | |
} | |
expect "assword:" | |
send "Docker!\r" | |
wait | |
EOF | |
) | |
expect -d <(cat <<EOF | |
set timeout 120 | |
spawn ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -p 54321 root@localhost | |
expect "assword:" | |
send "Docker!\r" | |
expect "home#" | |
send "cd site/wwwroot\r" | |
expect "wwwroot#" | |
send "wp core install --url=https://$WEB_APP_NAME.azurewebsites.net --title='$WORDPRESS_SITE_NAME' --admin_user=$WORDPRESS_ADMIN_USER --admin_password=$WORDPRESS_ADMIN_PASSWORD --admin_email=my@email.com --skip-email --quiet --allow-root\r" | |
expect "wwwroot#" | |
send "wp option update home https://$WEB_APP_NAME.azurewebsites.net --allow-root \r" | |
expect "wwwroot#" | |
send "wp option update siteurl https://$WEB_APP_NAME.azurewebsites.net --allow-root \r" | |
expect "wwwroot#" | |
send "wp cache flush --allow-root \r" | |
expect "wwwroot#" | |
send "logout\r" | |
EOF | |
) | |
# clean up ssh tunnel(s) | |
for p in $(pgrep -f "webapp create-remote-connection"); do kill $p; done | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* The base configuration for WordPress | |
* | |
* The wp-config.php creation script uses this file during the | |
* installation. You don't have to use the web site, you can | |
* copy this file to "wp-config.php" and fill in the values. | |
* | |
* This file contains the following configurations: | |
* | |
* * MySQL settings | |
* * Secret keys | |
* * Database table prefix | |
* * ABSPATH | |
* | |
* @link https://wordpress.org/support/article/editing-wp-config-php/ | |
* | |
* @package WordPress | |
*/ | |
// ** MySQL settings - You can get this info from your web host ** // | |
/** The name of the database for WordPress */ | |
define( 'DB_NAME', getenv('WORDPRESS_DB_NAME') ); | |
/** MySQL database username */ | |
define( 'DB_USER', getenv('WORDPRESS_DB_USER')); | |
/** MySQL database password */ | |
define( 'DB_PASSWORD', getenv('WORDPRESS_DB_PASSWORD') ); | |
/** MySQL hostname */ | |
define( 'DB_HOST', getenv('WORDPRESS_DB_HOST') ); | |
/** Database Charset to use in creating database tables. */ | |
define( 'DB_CHARSET', 'utf8' ); | |
/** The Database Collate type. Don't change this if in doubt. */ | |
define( 'DB_COLLATE', 'utf8_unicode_ci' ); | |
/**#@+ | |
* Authentication Unique Keys and Salts. | |
* | |
* Change these to different unique phrases! | |
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} | |
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. | |
* | |
* @since 2.6.0 | |
*/ | |
define( 'AUTH_KEY', getenv('WORDPRESS_AUTH_KEY') ); | |
define( 'SECURE_AUTH_KEY', getenv('WORDPRESS_SECURE_AUTH_KEY') ); | |
define( 'LOGGED_IN_KEY', getenv('WORDPRESS_LOGGED_IN_KEY') ); | |
define( 'NONCE_KEY', getenv('WORDPRESS_NONCE_KEY') ); | |
define( 'AUTH_SALT', getenv('WORDPRESS_AUTH_SALT') ); | |
define( 'SECURE_AUTH_SALT', getenv('WORDPRESS_SECURE_AUTH_SALT') ); | |
define( 'LOGGED_IN_SALT', getenv('WORDPRESS_LOGGED_IN_SALT') ); | |
define( 'NONCE_SALT', getenv('WORDPRESS_NONCE_SALT') ); | |
/**#@-*/ | |
/** | |
* WordPress Database Table prefix. | |
* | |
* You can have multiple installations in one database if you give each | |
* a unique prefix. Only numbers, letters, and underscores please! | |
*/ | |
$table_prefix = 'wp_'; | |
/** | |
* For developers: WordPress debugging mode. | |
* | |
* Change this to true to enable the display of notices during development. | |
* It is strongly recommended that plugin and theme developers use WP_DEBUG | |
* in their development environments. | |
* | |
* For information on other constants that can be used for debugging, | |
* visit the documentation. | |
* | |
* @link https://wordpress.org/support/article/debugging-in-wordpress/ | |
*/ | |
define( 'WP_DEBUG', false ); | |
/** SSL between web app and database */ | |
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL); | |
define('FORCE_SSL_ADMIN', true); | |
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') | |
$_SERVER['HTTPS'] = 'on'; | |
/* That's all, stop editing! Happy publishing. */ | |
/** Absolute path to the WordPress directory. */ | |
if ( ! defined( 'ABSPATH' ) ) { | |
define( 'ABSPATH', __DIR__ . '/' ); | |
} | |
/** Sets up WordPress vars and included files. */ | |
require_once ABSPATH . 'wp-settings.php'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment