coop-cloud/wordpress-bedrock
coop-cloud
/
wordpress-bedrock
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add secrets, DB_PREFIX, remove nginx.conf

This commit is contained in:
3wc 2021-12-19 22:58:03 +02:00
parent d7aa3f3436
commit cd0f4f9679
3 changed files with 33 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.sample
View File

@ -5,3 +5,8 @@ DOMAIN=wordpress-bedrock.example.com
## Domain aliases ## Domain aliases
#EXTRA_DOMAINS=', `www.wordpress-bedrock.example.com`' #EXTRA_DOMAINS=', `www.wordpress-bedrock.example.com`'
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
# DB_PREFIX=wp_

43
compose.yml
View File

@ -3,16 +3,15 @@ version: "3.8"
services: services:
app: app:
image: nginx:alpine image: "thecoopcloud/nginx:1.21.4-bedrock"
working_dir: /app working_dir: /app
volumes: volumes:
- wordpress:/app:cached - wordpress:/app:cached
networks: networks:
- proxy - proxy
- backend - backend
configs: environment:
- source: nginx_conf - STACK_NAME
target: /etc/nginx/conf.d/default.conf
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
@ -22,10 +21,10 @@ services:
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
## Redirect from EXTRA_DOMAINS to DOMAIN - "backupbot.backup=true"
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "backupbot.backup.path=/var/www/html"
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" # note(3wc): no explicit EXTRA_DOMAINS redirect needed, wordpress does
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" # it for us
# healthcheck: # healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost"] # test: ["CMD", "curl", "-f", "http://localhost"]
# interval: 30s # interval: 30s
@ -36,10 +35,12 @@ services:
php: php:
image: "thecoopcloud/wordpress:5.8.2-php7.4-fpm-bedrock" image: "thecoopcloud/wordpress:5.8.2-php7.4-fpm-bedrock"
working_dir: /app working_dir: /app
secrets:
- db_password
environment: environment:
- DB_NAME=wordpress - DB_NAME=wordpress
- DB_USER=wordpress - DB_USER=wordpress
- DB_PASSWORD=wordpress - DB_PASSWORD_FILE=/run/secrets/db_password
- DB_HOST=db - DB_HOST=db
- WP_ENV=production - WP_ENV=production
- WP_HOME=https://${DOMAIN} - WP_HOME=https://${DOMAIN}
@ -57,12 +58,21 @@ services:
volumes: volumes:
- "mariadb:/var/lib/mysql" - "mariadb:/var/lib/mysql"
environment: environment:
- MYSQL_ROOT_PASSWORD=wordpress - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
- MYSQL_DATABASE=wordpress - MYSQL_DATABASE=wordpress
- MYSQL_USER=wordpress - MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress - MYSQL_PASSWORD_FILE=/run/secrets/db_password
networks: networks:
- backend - backend
secrets:
- db_password
- db_root_password
deploy:
labels:
- "backupbot.backup=true"
- "backupbot.backup.path=/tmp/dump.sql.gz"
- "backupbot.backup.post-hook=rm -f /tmp/dump.sql.gz"
- "backupbot.backup.pre-hook=mysqldump -u root -p`cat /run/secrets/db_root_password` wordpress | gzip > /tmp/dump.sql.gz"
networks: networks:
proxy: proxy:
@ -73,7 +83,10 @@ volumes:
wordpress: wordpress:
mariadb: mariadb:
configs: secrets:
nginx_conf: db_root_password:
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION} external: true
file: nginx.conf name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}

48
nginx.conf
View File

@ -1,48 +0,0 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
client_max_body_size 128M;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
sendfile on;
sendfile_max_chunk 512k;
root /app/web;
access_log off;
location / {
include /etc/nginx/mime.types;
root /app/web;
index index.html index.htm index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ .php$ {
include fastcgi.conf;
fastcgi_read_timeout 300;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /app/web/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
# fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application_php_errors.log";
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
}