maxarouca/docker-compose.yml

## docker-compose.yml
version: '3.3'

services:
  db:
    image: mysql:5.7
    volumes:
      - db_data:/var/lib/mysql
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: wproot
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress

  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    ports:
      - "8000:80"
    volumes:
      - wp_data:/var/www/html
      - ./wp-content:/var/www/html/wp-content
    restart: unless-stopped
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_CONFIG_EXTRA: |
        /* Site URL */
        define('WP_HOME', 'https://chadestefany.maxarouca.com');     # <-- CHANGEME
        define('WP_SITEURL', 'https://chadestefany.maxarouca.com');  # <-- CHANGEME
        /* Developer friendly settings */
        # define('SCRIPT_DEBUG', true);
        # define('CONCATENATE_SCRIPTS', false);
        # define('WP_DEBUG', true);
        # define('WP_DEBUG_LOG', true);
        # define('SAVEQUERIES', true);
        /* Multisite */
        # define('WP_ALLOW_MULTISITE', true );
        # define('MULTISITE', true);
        # define('SUBDOMAIN_INSTALL', false);
        # define('DOMAIN_CURRENT_SITE', 'chadestefany.maxarouca.com');  # <-- CHANGEME
        # define('PATH_CURRENT_SITE', '/');
        # define('SITE_ID_CURRENT_SITE', 1);
        # define('BLOG_ID_CURRENT_SITE', 1);

volumes:
  db_data: {}
  wp_data: {}

## nginx.conf

server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

upstream wordpress {
    server 127.0.0.1:8000 fail_timeout=0;  # <-- CHANGEME
}

# Redirect traffic to SSL
server {
    listen 80;
    listen [::]:80;
    server_name chadestefany.maxarouca.com www.chadestefany.maxarouca.com;     # <-- CHANGEME
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name chadestefany.maxarouca.com www.chadestefany.maxarouca.com;                                  # <-- CHANGEME

  client_max_body_size 100M;

  ssl_certificate /etc/letsencrypt/live/chadestefany.maxarouca.com/fullchain.pem;    # <-- CHANGEME
  ssl_certificate_key /etc/letsencrypt/live/chadestefany.maxarouca.com/privkey.pem;  # <-- CHANGEME

  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

 # ssl_dhparam /etc/letsencrypt/live/chadestefany.maxarouca.com/dhparam.pem;          # <-- CHANGEME

  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;

  resolver 8.8.8.8 8.8.4.4;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/letsencrypt/live/chadestefany.maxarouca.com/fullchain.pem;

  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

  location / {
      proxy_pass http://wordpress;
      proxy_set_header Host $host;
      proxy_redirect off;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Real-IP $remote_addr;
  }
}
	version: '3.3'

	services:
	db:
	image: mysql:5.7
	volumes:
	- db_data:/var/lib/mysql
	restart: unless-stopped
	environment:
	MYSQL_ROOT_PASSWORD: wproot
	MYSQL_DATABASE: wordpress
	MYSQL_USER: wordpress
	MYSQL_PASSWORD: wordpress

	wordpress:
	depends_on:
	- db
	image: wordpress:latest
	ports:
	- "8000:80"
	volumes:
	- wp_data:/var/www/html
	- ./wp-content:/var/www/html/wp-content
	restart: unless-stopped
	environment:
	WORDPRESS_DB_HOST: db:3306
	WORDPRESS_DB_USER: wordpress
	WORDPRESS_DB_PASSWORD: wordpress
	WORDPRESS_CONFIG_EXTRA: \|
	/* Site URL */
	define('WP_HOME', 'https://chadestefany.maxarouca.com'); # <-- CHANGEME
	define('WP_SITEURL', 'https://chadestefany.maxarouca.com'); # <-- CHANGEME
	/* Developer friendly settings */
	# define('SCRIPT_DEBUG', true);
	# define('CONCATENATE_SCRIPTS', false);
	# define('WP_DEBUG', true);
	# define('WP_DEBUG_LOG', true);
	# define('SAVEQUERIES', true);
	/* Multisite */
	# define('WP_ALLOW_MULTISITE', true );
	# define('MULTISITE', true);
	# define('SUBDOMAIN_INSTALL', false);
	# define('DOMAIN_CURRENT_SITE', 'chadestefany.maxarouca.com'); # <-- CHANGEME
	# define('PATH_CURRENT_SITE', '/');
	# define('SITE_ID_CURRENT_SITE', 1);
	# define('BLOG_ID_CURRENT_SITE', 1);

	volumes:
	db_data: {}
	wp_data: {}

	server_tokens off;
	add_header X-Frame-Options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

	upstream wordpress {
	server 127.0.0.1:8000 fail_timeout=0; # <-- CHANGEME
	}

	# Redirect traffic to SSL
	server {
	listen 80;
	listen [::]:80;
	server_name chadestefany.maxarouca.com www.chadestefany.maxarouca.com; # <-- CHANGEME
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name chadestefany.maxarouca.com www.chadestefany.maxarouca.com; # <-- CHANGEME

	client_max_body_size 100M;

	ssl_certificate /etc/letsencrypt/live/chadestefany.maxarouca.com/fullchain.pem; # <-- CHANGEME
	ssl_certificate_key /etc/letsencrypt/live/chadestefany.maxarouca.com/privkey.pem; # <-- CHANGEME

	ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 1d;
	ssl_session_tickets off;

	# ssl_dhparam /etc/letsencrypt/live/chadestefany.maxarouca.com/dhparam.pem; # <-- CHANGEME

	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;

	resolver 8.8.8.8 8.8.4.4;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/live/chadestefany.maxarouca.com/fullchain.pem;

	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

	location / {
	proxy_pass http://wordpress;
	proxy_set_header Host $host;
	proxy_redirect off;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Real-IP $remote_addr;
	}
	}