kormat/000 README.md

## 000 README.md

      
    Raw
  

              000 README.md
            
          
    Blog post: 
The directory layout:
/etc/compose/
└── docker-compose.yml
/srv/blogs.example.net/
├── bin
│   └── purge
├── conf
│   ├── nginx.conf
│   ├── ssmtp.conf
│   └── wp-config.php
├── image
│   ├── docker-entrypoint.sh
│   ├── Dockerfile
│   └── php-local.conf
└── www
    └── local
        └── wp-content


## bin-purge
#!/bin/bash

set -euo pipefail

cd "$(dirname $0)/../www"

for i in wp-{admin,content,includes}; do
    [ -d "$i" ] && rm -r "$i";
done

rm -f *.php readme.html license.txt

## conf-nginx.conf
# Heavily based on:
#   https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
#   https://codex.wordpress.org/Nginx#WordPress_Multisite_Subdirectory_rules
#   https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/

root /srv/blogs.example.net/www;
index index.php;

location = /wp-config.php {
    deny all;
}

location / {
    try_files $uri $uri/ /index.php?$args;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, except for /.well-known
location ~ /\.(?!well-known\/) {
    deny all;
}

# Deny access to any files with a .php extension in the uploads or files directories
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

location ~ ^(/[^/]+/)?files/(.+) {
    try_files /local/wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2;
}

# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
    # Don't use `$uri` here, see https://github.com/yandex/gixy/issues/77
    rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}

location ~ \.php$ {
    try_files $uri =404;
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;

    # Mitigate https://httpoxy.org/ vulnerabilities
    fastcgi_param HTTP_PROXY "";
    # Leading . makes all scripts relative to the dir php-fpm runs in.
    fastcgi_param  SCRIPT_FILENAME   .$fastcgi_script_name;
}

## conf-wp-config.php
/* Customized parts of wp-config.php */

/** MySQL hostname */
define('DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock');

/* Look for wp-content under /srv/blogs.example.net/www/local */
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/local/wp-content');
define( 'WP_CONTENT_URL', '/local/wp-content' );

## docker-compose.yml
version: '3.1'
services:
    wordpress:
        container_name: wordpress
        build: /srv/blogs.example.net/image
        image: wordpress-local
        restart: always
        network_mode: bridge
        ports:
            - 127.0.0.1:9000:9000
        # Use the debian standard www-data uid and gid
        user: "33:33"
        volumes:
            - /srv/blogs.example.net/www:/var/www/html
            - /srv/blogs.example.net/conf/wp-config.php:/var/www/html/wp-config.php:ro
            - /srv/blogs.example.net/conf/ssmtp.conf:/etc/ssmtp/ssmtp.conf
            - /var/run/mysqld:/var/run/mysqld
        cap_drop:
            - ALL

## image-docker-entrypoint.sh
#!/bin/bash

set -euo pipefail

ver() {
    sed -rn 's/^\$wp_version = (.+);/\1/p' "$1/wp-includes/version.php"
}

if [ "$(id -u)" = 0 ]; then
    echo "ERROR: this docker image must not be run as root"
    exit 1
fi

if [ "$1" == "php-fpm" ]; then
    if [ -e "wp-includes/version.php" ]; then
        newver="$(ver /usr/src/wordpress)"
        oldver="$(ver .)"
        if [ "$oldver" != "$newver" ]; then
            if [ -n "${IGNORE_VERSION:-}" ]; then
                echo "WARNING: this docker image's version of wordpress ($newver) doesn't match the installed version ($oldver)" >&2;
            else
                echo "ERROR: this docker image's version of wordpress ($newver) doesn't match the installed version ($oldver)" >&2;
                exit 1
            fi
        fi
        echo "Wordpress $newver already installed, skipping copy" >&2
    else
        echo "Installing Wordpress $newver" >&2
        tar cf - --one-file-system -C /usr/src/wordpress . | tar xf -
        echo "Wordpress $newver installation success" >&2
    fi
fi

exec "$@"

## image-Dockerfile
FROM wordpress:5.0-fpm-alpine

ENV PHPDIR=/usr/local/etc

# Install and configure ssmtp
RUN apk add --no-cache ssmtp

# Customize php config
COPY php-local.conf $PHPDIR/conf.d/local.conf

# Comment out undesired settings on the default www.conf
RUN sed -i 's/^\(user\|group\) =/;\1/' $PHPDIR/php-fpm.d/www.conf

# Customize php-fpm config
COPY php-fpm-local.conf $PHPDIR/php-fpm.d/local.conf

COPY docker-entrypoint.sh /usr/local/bin/

## image-php-local.conf
sendmail_path = "/usr/sbin/ssmtp -t -i"
log_errors = on
	#!/bin/bash

	set -euo pipefail

	cd "$(dirname $0)/../www"

	for i in wp-{admin,content,includes}; do
	[ -d "$i" ] && rm -r "$i";
	done

	rm -f *.php readme.html license.txt
	# Heavily based on:
	# https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
	# https://codex.wordpress.org/Nginx#WordPress_Multisite_Subdirectory_rules
	# https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/

	root /srv/blogs.example.net/www;
	index index.php;

	location = /wp-config.php {
	deny all;
	}

	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, except for /.well-known
	location ~ /\.(?!well-known\/) {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads or files directories
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	location ~ ^(/[^/]+/)?files/(.+) {
	try_files /local/wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2;
	}

	# Rewrite multisite '.../wp-.' and '.../.php'.
	if (!-e $request_filename) {
	# Don't use `$uri` here, see https://github.com/yandex/gixy/issues/77
	rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
	rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
	rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
	}

	location ~ \.php$ {
	try_files $uri =404;
	include fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;

	# Mitigate https://httpoxy.org/ vulnerabilities
	fastcgi_param HTTP_PROXY "";
	# Leading . makes all scripts relative to the dir php-fpm runs in.
	fastcgi_param SCRIPT_FILENAME .$fastcgi_script_name;
	}
	/* Customized parts of wp-config.php */

	/** MySQL hostname */
	define('DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock');

	/* Look for wp-content under /srv/blogs.example.net/www/local */
	define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/local/wp-content');
	define( 'WP_CONTENT_URL', '/local/wp-content' );
	version: '3.1'
	services:
	wordpress:
	container_name: wordpress
	build: /srv/blogs.example.net/image
	image: wordpress-local
	restart: always
	network_mode: bridge
	ports:
	- 127.0.0.1:9000:9000
	# Use the debian standard www-data uid and gid
	user: "33:33"
	volumes:
	- /srv/blogs.example.net/www:/var/www/html
	- /srv/blogs.example.net/conf/wp-config.php:/var/www/html/wp-config.php:ro
	- /srv/blogs.example.net/conf/ssmtp.conf:/etc/ssmtp/ssmtp.conf
	- /var/run/mysqld:/var/run/mysqld
	cap_drop:
	- ALL
	#!/bin/bash

	set -euo pipefail

	ver() {
	sed -rn 's/^\$wp_version = (.+);/\1/p' "$1/wp-includes/version.php"
	}

	if [ "$(id -u)" = 0 ]; then
	echo "ERROR: this docker image must not be run as root"
	exit 1
	fi

	if [ "$1" == "php-fpm" ]; then
	if [ -e "wp-includes/version.php" ]; then
	newver="$(ver /usr/src/wordpress)"
	oldver="$(ver .)"
	if [ "$oldver" != "$newver" ]; then
	if [ -n "${IGNORE_VERSION:-}" ]; then
	echo "WARNING: this docker image's version of wordpress ($newver) doesn't match the installed version ($oldver)" >&2;
	else
	echo "ERROR: this docker image's version of wordpress ($newver) doesn't match the installed version ($oldver)" >&2;
	exit 1
	fi
	fi
	echo "Wordpress $newver already installed, skipping copy" >&2
	else
	echo "Installing Wordpress $newver" >&2
	tar cf - --one-file-system -C /usr/src/wordpress . \| tar xf -
	echo "Wordpress $newver installation success" >&2
	fi
	fi

	exec "$@"
	FROM wordpress:5.0-fpm-alpine

	ENV PHPDIR=/usr/local/etc

	# Install and configure ssmtp
	RUN apk add --no-cache ssmtp

	# Customize php config
	COPY php-local.conf $PHPDIR/conf.d/local.conf

	# Comment out undesired settings on the default www.conf
	RUN sed -i 's/^\(user\\|group\) =/;\1/' $PHPDIR/php-fpm.d/www.conf

	# Customize php-fpm config
	COPY php-fpm-local.conf $PHPDIR/php-fpm.d/local.conf

	COPY docker-entrypoint.sh /usr/local/bin/