massayoshi/docker-compose.yml

## docker-compose.yml
version: '2'
services:
  mariadb:
    image: 'docker.io/bitnami/mariadb:10.3-debian-10'
    volumes:
      - 'mariadb_data:/bitnami/mariadb'
      - ./db-dump.sql:/docker-entrypoint-initdb.d/init.sql
    environment:
      - MARIADB_USER=bn_wordpress
      - MARIADB_DATABASE=bitnami_wordpress
      - ALLOW_EMPTY_PASSWORD=yes
  wordpress:
    image: 'docker.io/bitnami/wordpress-nginx:5-debian-10'
    ports:
      - '80:8080'
      - '443:8443'
    volumes:
      - 'wordpress_data:/bitnami/wordpress'
      - './themes:/bitnami/wordpress/wp-content/themes'
      - './plugins:/bitnami/wordpress/wp-content/plugins'
      - './wordpress-server-block.conf:/opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf:ro'
    depends_on:
      - mariadb
    environment:
      - MARIADB_HOST=mariadb
      - MARIADB_PORT_NUMBER=3306
      - WORDPRESS_DATABASE_USER=bn_wordpress
      - WORDPRESS_DATABASE_NAME=bitnami_wordpress
      - ALLOW_EMPTY_PASSWORD=yes
volumes:
  mariadb_data:
    driver: local
  wordpress_data:
    driver: local

## nginx.conf
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  #ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem; # managed by Certbot
  #ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem; # managed by Certbot

  ssl_certificate         /etc/ssl/cert.pem;
  ssl_certificate_key     /etc/ssl/key.pem;
  ssl_client_certificate /etc/ssl/cloudflare.crt;
  ssl_verify_client on;

  server_name sub.domain.tld;

  location / {
    # docker container ip:port
    proxy_pass https://0.0.0.0:8443/;

    # tell http-kit to keep the connection
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}

## wordpress-server-block.conf
server {
  listen 8443 ssl;
  listen [::]:8443 ssl;
  server_name sub.domain.tld;

  ssl_certificate             /opt/bitnami/nginx/conf/bitnami/certs/server.crt;
  ssl_certificate_key         /opt/bitnami/nginx/conf/bitnami/certs/server.key;
  ssl_session_cache           shared:SSL:1m;
  ssl_session_timeout         5m;
  ssl_ciphers                 HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  root /opt/bitnami/wordpress;
  index index.php;

  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  if (!-e $request_filename)
  {
    rewrite ^/(.+)$ /index.php?q=$1 last;
  }

  location ~ \.php$ {
    fastcgi_pass localhost:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}
server {
  listen 8080;
  server_name sub.domain.tld;
  rewrite  ^/(.*)$  https://sub.domain.tld/$1 permanent;
}
	version: '2'
	services:
	mariadb:
	image: 'docker.io/bitnami/mariadb:10.3-debian-10'
	volumes:
	- 'mariadb_data:/bitnami/mariadb'
	- ./db-dump.sql:/docker-entrypoint-initdb.d/init.sql
	environment:
	- MARIADB_USER=bn_wordpress
	- MARIADB_DATABASE=bitnami_wordpress
	- ALLOW_EMPTY_PASSWORD=yes
	wordpress:
	image: 'docker.io/bitnami/wordpress-nginx:5-debian-10'
	ports:
	- '80:8080'
	- '443:8443'
	volumes:
	- 'wordpress_data:/bitnami/wordpress'
	- './themes:/bitnami/wordpress/wp-content/themes'
	- './plugins:/bitnami/wordpress/wp-content/plugins'
	- './wordpress-server-block.conf:/opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf:ro'
	depends_on:
	- mariadb
	environment:
	- MARIADB_HOST=mariadb
	- MARIADB_PORT_NUMBER=3306
	- WORDPRESS_DATABASE_USER=bn_wordpress
	- WORDPRESS_DATABASE_NAME=bitnami_wordpress
	- ALLOW_EMPTY_PASSWORD=yes
	volumes:
	mariadb_data:
	driver: local
	wordpress_data:
	driver: local
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	#ssl_certificate /etc/letsencrypt/live/sub.domain.tld/fullchain.pem; # managed by Certbot
	#ssl_certificate_key /etc/letsencrypt/live/sub.domain.tld/privkey.pem; # managed by Certbot

	ssl_certificate /etc/ssl/cert.pem;
	ssl_certificate_key /etc/ssl/key.pem;
	ssl_client_certificate /etc/ssl/cloudflare.crt;
	ssl_verify_client on;

	server_name sub.domain.tld;

	location / {
	# docker container ip:port
	proxy_pass https://0.0.0.0:8443/;

	# tell http-kit to keep the connection
	proxy_http_version 1.1;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-NginX-Proxy true;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}
	}
	server {
	listen 8443 ssl;
	listen [::]:8443 ssl;
	server_name sub.domain.tld;

	ssl_certificate /opt/bitnami/nginx/conf/bitnami/certs/server.crt;
	ssl_certificate_key /opt/bitnami/nginx/conf/bitnami/certs/server.key;
	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 5m;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	root /opt/bitnami/wordpress;
	index index.php;

	location / {
	try_files $uri $uri/ /index.php?q=$uri&$args;
	}

	if (!-e $request_filename)
	{
	rewrite ^/(.+)$ /index.php?q=$1 last;
	}

	location ~ \.php$ {
	fastcgi_pass localhost:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}
	}
	server {
	listen 8080;
	server_name sub.domain.tld;
	rewrite ^/(.*)$ https://sub.domain.tld/$1 permanent;
	}