Skip to content

Instantly share code, notes, and snippets.

@gavincampbell
Last active November 23, 2021 18:52
Show Gist options
  • Save gavincampbell/f59f61cf98ae597dc56a5bce5b830cea to your computer and use it in GitHub Desktop.
Save gavincampbell/f59f61cf98ae597dc56a5bce5b830cea to your computer and use it in GitHub Desktop.
Post-deployment configuration of WordPress in Azure App Service, notes at https://gavincampbell.dev/post/post-deployment-configuration-azure-web-apps/
LOCATION=uksouth
RESOURCE_GROUP_NAME=webapp-config-demo
SERVICE_PLAN_NAME=app-service-plan-free-wp
SERVICE_PLAN_SKU=FREE
WEB_APP_NAME=mywpsite-ahfdskf
MARIADB_SKU=B_Gen5_1
MARIADB_SERVER_NAME=dbserver-ahfdskf
MARIADB_ADMIN_USER=BOSS_HOGG
MARIADB_ADMIN_PASSWORD=R05coePColtrane
WORDPRESS_DB_NAME=wpdb
WORDPRESS_DB_USER=CLETUS
WORDPRESS_DB_HOST=$MARIADB_SERVER_NAME.mariadb.database.azure.com
WORDPRESS_DB_PASSWORD=Ha55ardC0unty
WORDPRESS_SITE_NAME="My Wordpress Site"
WORDPRESS_ADMIN_USER=Enos
WORDPRESS_ADMIN_PASSWORD=Da15yDuk€
# Simplify script by using alphanumeric keys!
WORDPRESS_AUTH_KEY=n2QryNUFHWfbA3u5y7TENYb5LSrEu3w4WyV8HRkD4bKNPPsD7SsexTcFETuSCRhU
WORDPRESS_SECURE_AUTH_KEY=BkMzX84KWvCGu8hGc5YtSNJJaGG2vYu7EhY6BrpbGMkaBz4PdL6MskJQ7K3xWRKU
WORDPRESS_LOGGED_IN_KEY=4aXsqMUk7kMjypsx2aAhJdMLw28AFmUsDK2LXBPN4CZ87nj9g4VGNzFQuVx8u972
WORDPRESS_NONCE_KEY=mV7LGzV7aXpPm2XZDmCLmzWHP42kyTa94TuTrbhs48ShU2Whk8dA3gKfWERkEMgx
WORDPRESS_AUTH_SALT=XNWTuvNM4j6GgXZMDf35BdT4hEw26ytfRSyek5yKdWPQp97bdC2EvR4Xch7qx44x
WORDPRESS_SECURE_AUTH_SALT=XNWTuvNM4j6GgXZMDfP5BdT4h2w26ytfRSyek5yKdWPQp97bdC2EvR4Xch7qx44x
WORDPRESS_LOGGED_IN_SALT=aC3kCxjEthVJKcuDjrhLi8cDuWPyyvFvj6h4qWXeza8muDdy8q7rHGCW73chaydM
WORDPRESS_NONCE_SALT=BhacxQWaauKPv6x8vNCdLN7sxpJaxDsdKMq4rrqb32mDmCM6GjwchBndB6zXZKfs
MARIADB_CERT_FOLDER=/home/site/wwwroot/cert
MARIADB_CERT_FILENAME=DigiCertGlobalRootG2.crt.pem
#!/bin/bash
if [ -f .env ]; then
source .env
fi
wget -nc https://en-gb.wordpress.org/latest-en_GB.zip
az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
az appservice plan create --name $SERVICE_PLAN_NAME --resource-group $RESOURCE_GROUP_NAME \
--sku $SERVICE_PLAN_SKU --is-linux
az webapp create --resource-group $RESOURCE_GROUP_NAME --plan $SERVICE_PLAN_NAME --name $WEB_APP_NAME \
--runtime "PHP|7.3"
az webapp update --https-only true --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME
# set "project" so that Kudu will expand the wordpress subfolder into the root of our site
az webapp config appsettings set --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME \
--settings project=wordpress
# in real life you might want to use a key vault ref for some of these
# https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
az webapp config appsettings set --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME \
--settings MYSQL_SSL_CA=$MARIADB_CERT_FOLDER/$MARIADB_CERT_FILENAME \
WORDPRESS_DB_NAME=$WORDPRESS_DB_NAME \
WORDPRESS_DB_USER=$WORDPRESS_DB_USER \
WORDPRESS_DB_PASSWORD=$WORDPRESS_DB_PASSWORD \
WORDPRESS_DB_HOST=$WORDPRESS_DB_HOST \
WORDPRESS_AUTH_KEY=$WORDPRESS_AUTH_KEY \
WORDPRESS_SECURE_AUTH_KEY=$WORDPRESS_SECURE_AUTH_KEY \
WORDPRESS_LOGGED_IN_KEY=$WORDPRESS_LOGGED_IN_KEY \
WORDPRESS_NONCE_KEY=$WORDPRESS_NONCE_KEY \
WORDPRESS_AUTH_SALT=$WORDPRESS_AUTH_SALT \
WORDPRESS_SECURE_AUTH_SALT=$WORDPRESS_SECURE_AUTH_SALT \
WORDPRESS_LOGGED_IN_SALT=$WORDPRESS_LOGGED_IN_SALT \
WORDPRESS_NONCE_SALT=$WORDPRESS_NONCE_SALT
az webapp deployment source config-zip --resource-group $RESOURCE_GROUP_NAME --name $WEB_APP_NAME --src latest-en_GB.zip
az mariadb server create --location $LOCATION --resource-group $RESOURCE_GROUP_NAME --name $MARIADB_SERVER_NAME \
--admin-user $MARIADB_ADMIN_USER --admin-password $MARIADB_ADMIN_PASSWORD --sku-name $MARIADB_SKU
az mariadb server firewall-rule create --resource-group $RESOURCE_GROUP_NAME --server-name $MARIADB_SERVER_NAME \
--name allowazure --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
az mariadb db create --name $WORDPRESS_DB_NAME --resource-group $RESOURCE_GROUP_NAME --server-name $MARIADB_SERVER_NAME \
--charset utf8 --collation utf8_unicode_ci
# hitting the website seems to have some effect on ssh!
wget -O /dev/null -q $WEB_APP_NAME.azurewebsites.net
sleep 60s
#clean up any old ssh tunnels before we start
for p in $(pgrep -f "webapp create-remote-connection"); do kill $p; done
az webapp create-remote-connection --name $WEB_APP_NAME --resource-group $RESOURCE_GROUP_NAME -p 54321 &
# startup time seems to be a bit unpredictable...
timeout 600 bash -c 'until echo > /dev/tcp/localhost/54321; do sleep 5; done'
expect <(cat <<EOF
spawn scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -P 54321 wp-config.php root@localhost:/home/site/wwwroot/
expect "assword:"
send "Docker!\r"
wait
EOF
)
expect <(cat <<EOF
spawn ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -p 54321 root@localhost \
{wget -nc -P $MARIADB_CERT_FOLDER https://cacerts.digicert.com/$MARIADB_CERT_FILENAME && \
mysql -h $MARIADB_SERVER_NAME.mariadb.database.azure.com -u $MARIADB_ADMIN_USER@$MARIADB_SERVER_NAME -p$MARIADB_ADMIN_PASSWORD --ssl \
-e "CREATE DATABASE IF NOT EXISTS $WORDPRESS_DB_NAME character set utf8 collate utf8_unicode_ci;"\
"CREATE USER IF NOT EXISTS '$WORDPRESS_DB_USER'@'%' IDENTIFIED BY '$WORDPRESS_DB_PASSWORD';"\
"GRANT ALL ON $WORDPRESS_DB_NAME.* to '$WORDPRESS_DB_USER'@'%';" && \
wget -nc https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && \
mv wp-cli.phar /home/site/wwwroot/wp
}
expect "assword:"
send "Docker!\r"
wait
EOF
)
expect -d <(cat <<EOF
set timeout 120
spawn ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -p 54321 root@localhost
expect "assword:"
send "Docker!\r"
expect "home#"
send "cd site/wwwroot\r"
expect "wwwroot#"
send "wp core install --url=https://$WEB_APP_NAME.azurewebsites.net --title='$WORDPRESS_SITE_NAME' --admin_user=$WORDPRESS_ADMIN_USER --admin_password=$WORDPRESS_ADMIN_PASSWORD --admin_email=my@email.com --skip-email --quiet --allow-root\r"
expect "wwwroot#"
send "wp option update home https://$WEB_APP_NAME.azurewebsites.net --allow-root \r"
expect "wwwroot#"
send "wp option update siteurl https://$WEB_APP_NAME.azurewebsites.net --allow-root \r"
expect "wwwroot#"
send "wp cache flush --allow-root \r"
expect "wwwroot#"
send "logout\r"
EOF
)
# clean up ssh tunnel(s)
for p in $(pgrep -f "webapp create-remote-connection"); do kill $p; done
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv('WORDPRESS_DB_NAME') );
/** MySQL database username */
define( 'DB_USER', getenv('WORDPRESS_DB_USER'));
/** MySQL database password */
define( 'DB_PASSWORD', getenv('WORDPRESS_DB_PASSWORD') );
/** MySQL hostname */
define( 'DB_HOST', getenv('WORDPRESS_DB_HOST') );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', 'utf8_unicode_ci' );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv('WORDPRESS_AUTH_KEY') );
define( 'SECURE_AUTH_KEY', getenv('WORDPRESS_SECURE_AUTH_KEY') );
define( 'LOGGED_IN_KEY', getenv('WORDPRESS_LOGGED_IN_KEY') );
define( 'NONCE_KEY', getenv('WORDPRESS_NONCE_KEY') );
define( 'AUTH_SALT', getenv('WORDPRESS_AUTH_SALT') );
define( 'SECURE_AUTH_SALT', getenv('WORDPRESS_SECURE_AUTH_SALT') );
define( 'LOGGED_IN_SALT', getenv('WORDPRESS_LOGGED_IN_SALT') );
define( 'NONCE_SALT', getenv('WORDPRESS_NONCE_SALT') );
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/** SSL between web app and database */
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
define('FORCE_SSL_ADMIN', true);
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment