Instuctions and files to set up Wordpress on a simple Docker host.
Wordpress sits behind a HTTPS reverse proxy (nginx) which can be signed by Let's Encrypt.
- start with a micro instance, we can always increase it later **
- use Container Optimized OS, and a 10GB disk
- no need to reserve a static IP, we will use DDNS instead
- enable deletion protection
- to install
docker-compose
, run the commands indocker-compose-setup.sh
git clone
this gist into a folder in the home dir
- use Snapshots to create a backup every night
- edit
.env
- for instructions on creating a Cloudflare API key, check docs of
oznu/cloudflare-ddns
docker-compose up [-d]
- create a new user 'wordpress' with a secure password
- connect to the mariadb container using
docker exec -it db bash
- run the secure installation script in
usr/bin/
- remote login should still be allowed.
- do not switch to unix_socket auth
- you can now visit wordpress over HTTPS and complete the setup
- when connecting to the db, use these settings:
- server:
db
(internal docker hostname) - password: cf step 6
- username & database:
wordpress
- server:
- after completing the installation, edit
wp-config.php
in the wordpress mount dir - add this line to tell wordpress it's sitting behind an HTTPS proxy:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) { $_SERVER['HTTPS']='on'; }
- also make sure the configured siteurl starts with https.
you can either hardcode this inwp-config.php
, or set it through the wordpress dashboard (Settings -> General).
failure to complete this step will result in HTTPS mixed content errors and/or redirect loops.
- This configuration can run on a Micro (free) GCP instance, but some precautions are needed. Otherwise it will just exhaust rescources without being able to even start
- Set restart policy of all container to 'no'
- Use the
startup-script
to start the containers when the machine boots up - Do not use Autoheal
- Make sure all containers are stable before starting https-portal. Otherwise that one will go into a reboot loop, locking up all resources. And since other containers won't be able to start, you'll have yourself a nice deadlock.