Created
June 4, 2015 22:36
-
-
Save jessetane/91c29b8e5181c25196dd to your computer and use it in GitHub Desktop.
wordpress container based on ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# lamp | |
# | |
augment() { | |
# ls! | |
sed -i 's/alias l=.*/l() { ls -alh --group-directories "$@"; }/' rootfs/root/.bashrc | |
# /etc/network/interfaces | |
cat > rootfs/etc/network/interfaces <<\EOF | |
# This file describes the network interfaces available on your system | |
# and how to activate them. For more information, see interfaces(5). | |
# The loopback network interface | |
auto lo | |
iface lo inet loopback | |
auto eth0 | |
iface eth0 inet manual | |
dns-nameservers 8.8.8.8 8.8.4.4 | |
up ip addr add $(cat /etc/network/ipv4) dev eth0 | |
up ip route add $(cat /etc/network/ipv4.gateway) dev eth0 | |
up ip route add default via $(cat /etc/network/ipv4.gateway) | |
iface eth0 inet6 manual | |
dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844 | |
up ip -6 addr add $(cat /etc/network/ipv6)/64 dev eth0 | |
up ip -6 route add $(cat /etc/network/ipv6.gateway) dev eth0 | |
up ip -6 route add default via $(cat /etc/network/ipv6.gateway) | |
EOF | |
# sources list | |
echo "deb http://archive.ubuntu.com/ubuntu saucy main restricted universe multiverse" > rootfs/etc/apt/sources.list | |
echo "deb http://archive.ubuntu.com/ubuntu saucy-updates main restricted universe multiverse" >> rootfs/etc/apt/sources.list | |
echo "deb http://security.ubuntu.com/ubuntu saucy-security main restricted universe multiverse" >> rootfs/etc/apt/sources.list | |
# prevent services from starting since container isn't runing yet | |
cat > rootfs/usr/sbin/policy-rc.d <<EOF | |
#!/bin/sh | |
exit 101 | |
EOF | |
chmod +x rootfs/usr/sbin/policy-rc.d | |
# locale | |
chroot rootfs locale-gen en_US.UTF-8 | |
chroot rootfs update-locale LANG=en_US.UTF-8 | |
# update | |
chroot rootfs apt-get update | |
chroot rootfs apt-get upgrade -y | |
# deps | |
chroot rootfs <<EOF | |
debconf-set-selections <<< "mysql-server mysql-server/root_password password password" | |
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password password" | |
debconf-set-selections <<< "postfix postfix/mailname string localhost" | |
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" | |
apt-get install -y\ | |
ufw man vim curl git ssh unzip build-essential apache2-mpm-event apache2-utils varnish\ | |
php5-cli php5-fpm php5-json php5-mysql php5-mcrypt php5-gd mysql-server postfix | |
EOF | |
# php5-mcrypt bug | |
cp rootfs/etc/php5/conf.d/mcrypt.ini rootfs/etc/php5/mods-available/ | |
chroot rootfs php5enmod mcrypt | |
# php5-fpm use tcp | |
sed -i 's|listen = /var/run/php5-fpm\.sock|listen = 9000|' rootfs/etc/php5/fpm/pool.d/www.conf | |
# raise annoying 2M max filesize | |
sed -i 's|^upload_max_filesize .*|upload_max_filesize = 100M|' rootfs/etc/php5/fpm/php.ini | |
# ensure pass auth is on for ssh | |
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' rootfs/etc/ssh/sshd_config | |
# apache modules | |
chroot rootfs <<EOF | |
a2enmod rewrite | |
a2enmod proxy | |
a2enmod proxy_fcgi | |
a2enmod vhost_alias | |
EOF | |
# apache listen on 8080 cos varnish | |
sed -i 's/^Listen 80$/Listen 8080/' rootfs/etc/apache2/ports.conf | |
# add our own custom vhost conf | |
cat > rootfs/etc/apache2/sites-available/dynamic-vhosts.conf <<EOF | |
# show host header in logs | |
LogFormat "%{Host}i:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined | |
# respect https when behind a proxy | |
SetEnvIf X-Forwarded-Proto https HTTPS=1 | |
# allow .htaccess | |
<Directory /var/www/> | |
AllowOverride all | |
</Directory> | |
# capture http host header to env | |
RewriteEngine on | |
RewriteRule ^ - [E=HTTP_HOST:%{HTTP_HOST}] | |
# if there is no dir for the host, use default | |
RewriteCond /var/www/%{HTTP_HOST} !-d | |
RewriteRule ^ - [E=HTTP_HOST:default] | |
# pick up any custom conf if existing | |
IncludeOptional /var/www/*/etc*/apache.conf* | |
# dynamic vhosting for static assets | |
RewriteCond %{REQUEST_URI} !^[^?]*\.php | |
RewriteRule ^/(.*)$ /var/www/%{ENV:HTTP_HOST}/www/$1 | |
# catch requests for php files that don't exist so we don't send them to php-fpm | |
RewriteCond %{REQUEST_URI} ^[^?]*\.php | |
RewriteCond /var/www/%{ENV:HTTP_HOST}/www/%{REQUEST_URI} !-f | |
RewriteRule ^ / [PT] | |
# pass *.php to php-fpm via fcgi | |
ProxyPassInterpolateEnv On | |
ProxyPassMatch ^/([^?]*\.php.*)$ fcgi://127.0.0.1:9000/var/www/${HTTP_HOST}/www/$1 interpolate | |
EOF | |
# enable dynamic vhosts | |
rm rootfs/etc/apache2/sites-enabled/000-default.conf | |
ln -s ../sites-available/dynamic-vhosts.conf rootfs/etc/apache2/sites-enabled/dynamic-vhosts.conf | |
# setgid / perms on web root and create default web doc | |
chroot rootfs <<EOF | |
chmod g+s /var/www | |
chgrp www-data /var/www | |
rm /var/www/index.html | |
EOF | |
# varnish | |
sed -i 's/DAEMON_OPTS="-a :6081 \\/DAEMON_OPTS="-a :80 \\/' rootfs/etc/default/varnish | |
# apache ufw stupidity | |
cp rootfs/etc/ufw/applications.d/apache2/apache2-utils.ufw.profile rootfs/etc/ufw/applications.d/ | |
rm -rf rootfs/etc/ufw/applications.d/apache2 | |
mv rootfs/etc/ufw/applications.d/apache2-utils.ufw.profile rootfs/etc/ufw/applications.d/apache2 | |
# setup firewall in rc.local cos ip6tables bug | |
cat > rootfs/etc/rc.local <<EOF | |
#!/bin/sh -e | |
# | |
# rc.local | |
# | |
# This script is executed at the end of each multiuser runlevel. | |
# Make sure that the script will "exit 0" on success or any other | |
# value on error. | |
# | |
# In order to enable or disable this script just change the execution | |
# bits. | |
# | |
# By default this script does nothing. | |
ufw enable | |
ufw allow "OpenSSH" | |
ufw allow "Postfix" | |
ufw allow "Postfix SMTPS" | |
ufw allow "Postfix Submission" | |
ufw allow "Apache Full" | |
exit 0 | |
EOF | |
# nodejs | |
install_node | |
# phpmyadmin | |
install_phpmyadmin | |
# all done | |
rm -f rootfs/usr/sbin/policy-rc.d | |
} | |
install_node() { | |
chroot rootfs <<EOF | |
git clone https://github.com/visionmedia/n.git | |
cd n | |
make install | |
cd .. | |
rm -rf n | |
n $NODE_VERSION | |
EOF | |
} | |
install_phpmyadmin() { | |
# download and unpack source code | |
mkdir -p rootfs/var/www/phpmyadmin/{etc,www/phpmyadmin} | |
cd rootfs/var/www/phpmyadmin/www/phpmyadmin | |
curl -fL# https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_"$(echo "$PHPMYADMIN_VERSION" | sed 's/\./_/g')".tar.gz -o phpmyadmin.tar.gz | |
tar xvzf phpmyadmin.tar.gz --strip-components=1 | |
rm phpmyadmin.tar.gz | |
cp config.sample.inc.php config.inc.php | |
cd "$dir" | |
# apache conf | |
cat > rootfs/var/www/phpmyadmin/etc/apache.conf <<EOF | |
RewriteCond %{REQUEST_URI} ^/phpmyadmin | |
RewriteRule ^ - [E=HTTP_HOST:phpmyadmin] | |
EOF | |
} | |
install_wp() { | |
# create a mysql db | |
mkdir -p rootfs/var/lib/mysql/wordpress | |
cat > rootfs/var/lib/mysql/wordpress/db.opt <<EOF | |
default-character-set=utf8 | |
default-collation=utf8_general_ci | |
EOF | |
chroot rootfs chown -R mysql:mysql /var/lib/mysql/wordpress | |
# download and unpack source code | |
mkdir -p rootfs/var/www/wordpress/www | |
cd rootfs/var/www/wordpress/"$WORDPRESS_VERSION"/www | |
curl -fL# https://wordpress.org/wordpress-"$WORDPRESS_VERSION".tar.gz -o wordpress.tar.gz | |
tar xvzf wordpress.tar.gz --strip-components=1 | |
rm wordpress.tar.gz | |
cd "$dir" | |
# | |
chroot rootfs <<EOF | |
chown -R root:www-data /var/www/wordpress/www | |
find /var/www/worpdress/www -type f -exec chmod g+s {} \; | |
touch /var/www/wordpress/www/.htaccess | |
chmod g+w /var/www/wordpress/www/.htaccess | |
chmod -R g+w /var/www/wordpress/www/wp-content/themes | |
ln -s /var/www/wordpress /var/www/default | |
ln -s /var/www/wordpress/www /root/wordpress | |
EOF | |
} | |
configure_gen_key() { | |
head /dev/urandom | tr -dc 'a-zA-Z0-9-_!@#$%^&*/\()_+{}|:<>?=' | fold -w "$1" | head -n 1 | sed 's/[\&/]/\\&/g' | |
} | |
configure() { | |
# hostname | |
cat > rootfs/etc/hostname <<EOF | |
$hostname | |
EOF | |
# ssh keys | |
rm -f rootfs/root/.ssh/id_rsa* | |
chroot rootfs ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa | |
# ensure pass auth is on for ssh | |
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' rootfs/etc/ssh/sshd_config | |
# phpmyadmin | |
blowfish_secret=$(configure_gen_key 46) | |
sed -i "s/^\(\$cfg\['blowfish_secret'\] = \).*/\1'$blowfish_secret';/" rootfs/var/www/phpmyadmin/www/phpmyadmin/config.inc.php | |
# wp conf | |
wp_auth_key="$(configure_gen_key 64)" | |
wp_secure_auth_key="$(configure_gen_key 64)" | |
wp_logged_in_key="$(configure_gen_key 64)" | |
wp_nonce_key="$(configure_gen_key 64)" | |
wp_auth_salt="$(configure_gen_key 64)" | |
wp_secure_auth_salt="$(configure_gen_key 64)" | |
wp_logged_in_salt="$(configure_gen_key 64)" | |
wp_nonce_salt="$(configure_gen_key 64)" | |
cat > rootfs/var/www/wordpress/www/wp-config.php <<EOF | |
<?php | |
/** | |
* The base configurations of the WordPress. | |
* | |
* This file has the following configurations: MySQL settings, Table Prefix, | |
* Secret Keys, WordPress Language, and ABSPATH. You can find more information | |
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing | |
* wp-config.php} Codex page. You can get the MySQL settings from your web host. | |
* | |
* This file is used by the wp-config.php creation script during the | |
* installation. You don't have to use the web site, you can just copy this file | |
* to "wp-config.php" and fill in the values. | |
* | |
* @package WordPress | |
*/ | |
// ** MySQL settings - You can get this info from your web host ** // | |
/** The name of the database for WordPress */ | |
define('DB_NAME', 'wordpress'); | |
/** MySQL database username */ | |
define('DB_USER', 'root'); | |
/** MySQL database password */ | |
define('DB_PASSWORD', '$password'); | |
/** MySQL hostname */ | |
define('DB_HOST', 'localhost'); | |
/** Database Charset to use in creating database tables. */ | |
define('DB_CHARSET', 'utf8'); | |
/** The Database Collate type. Don't change this if in doubt. */ | |
define('DB_COLLATE', ''); | |
/**#@+ | |
* Authentication Unique Keys and Salts. | |
* | |
* Change these to different unique phrases! | |
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} | |
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. | |
* | |
* @since 2.6.0 | |
*/ | |
define('AUTH_KEY', '$wp_auth_key'); | |
define('SECURE_AUTH_KEY', '$wp_secure_auth_key'); | |
define('LOGGED_IN_KEY', '$wp_logged_in_key'); | |
define('NONCE_KEY', '$wp_nonce_key'); | |
define('AUTH_SALT', '$wp_auth_salt'); | |
define('SECURE_AUTH_SALT', '$wp_secure_auth_salt'); | |
define('LOGGED_IN_SALT', '$wp_logged_in_salt'); | |
define('NONCE_SALT', '$wp_nonce_salt'); | |
/**#@-*/ | |
/** | |
* WordPress Database Table prefix. | |
* | |
* You can have multiple installations in one database if you give each a unique | |
* prefix. Only numbers, letters, and underscores please! | |
*/ | |
\$table_prefix = 'wp_'; | |
/** | |
* WordPress Localized Language, defaults to English. | |
* | |
* Change this to localize WordPress. A corresponding MO file for the chosen | |
* language must be installed to wp-content/languages. For example, install | |
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German | |
* language support. | |
*/ | |
define('WPLANG', ''); | |
/** | |
* For developers: WordPress debugging mode. | |
* | |
* Change this to true to enable the display of notices during development. | |
* It is strongly recommended that plugin and theme developers use WP_DEBUG | |
* in their development environments. | |
*/ | |
define('WP_DEBUG', false); | |
/* That's all, stop editing! Happy blogging. */ | |
/** Absolute path to the WordPress directory. */ | |
if ( !defined('ABSPATH') ) | |
define('ABSPATH', dirname(__FILE__) . '/'); | |
/** Sets up WordPress vars and included files. */ | |
require_once(ABSPATH . 'wp-settings.php'); | |
EOF | |
# permissions | |
chroot rootfs chown root:www-data /var/www/wordpress/www/wp-config.php | |
# unix, mysql password | |
if [ -n "$password" ]; then | |
echo -e "root:$password" | chroot rootfs chpasswd | |
# setting the mysql pass is a bit tricky - we need an upstart task cos the db has to be running! | |
# chroot rootfs mysqladmin -u root -p'password' password "$password" | |
cat > rootfs/etc/init/mysql-set-root-pass.conf <<EOF | |
start on started mysql | |
task | |
script | |
mysqladmin -u root -p'password' password "$password" | |
rm /etc/init/mysql-set-root-pass.conf | |
end script | |
EOF | |
fi | |
} | |
NODE_VERSION="0.10.26" | |
PHPMYADMIN_VERSION="4.1.14" | |
. /etc/smpc/env.sh | |
. argue.sh | |
argue "$*"\ | |
"-n, --name, +"\ | |
"-p, --path, +"\ | |
"-f, --rootfs, +"\ | |
"-h, --hostname, +"\ | |
"-d, --directory, +"\ | |
"-p, --password, +" | |
dir="${opts[4]}" | |
hostname="${opts[3]}" | |
password="${opts[5]}" | |
cd "$dir" | |
# we already have an fs | |
if [ -d rootfs/bin ]; then | |
configure | |
# try to start with debootstrap image in cache | |
elif [ -f "$MNT"/cache/debootstrap.tar.gz ]; then | |
cp "$MNT"/cache/debootstrap.tar.gz ./ | |
cd rootfs | |
tar xvzf ../debootstrap.tar.gz --strip-components=1 | |
cd .. | |
rm debootstrap.tar.gz | |
augment | |
configure | |
# build up rootfs from scratch | |
else | |
debootstrap --arch amd64 saucy wp http://archive.ubuntu.com/ubuntu | |
augment | |
configure | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment