Compare commits
	
		
			1 Commits
		
	
	
		
			2.13.3+6.7
			...
			ssh
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| d2a3fc6937 | 
							
								
								
									
										23
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										23
									
								
								.drone.yml
									
									
									
									
									
								
							| @ -3,7 +3,7 @@ kind: pipeline | ||||
| name: deploy to swarm-test.autonomic.zone | ||||
| steps: | ||||
|   - name: deployment | ||||
|     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest | ||||
|     image: decentral1se/stack-ssh-deploy:latest | ||||
|     settings: | ||||
|       host: swarm-test.autonomic.zone | ||||
|       stack: wordpress | ||||
| @ -11,8 +11,6 @@ steps: | ||||
|       purge: true | ||||
|       deploy_key: | ||||
|         from_secret: drone_ssh_swarm_test | ||||
|       networks: | ||||
|         - proxy | ||||
|     environment: | ||||
|       DOMAIN: wordpress.swarm-test.autonomic.zone | ||||
|       STACK_NAME: wordpress | ||||
| @ -21,23 +19,16 @@ steps: | ||||
|       SECRET_DB_ROOT_PASSWORD_VERSION: v1 | ||||
|       PHP_UPLOADS_CONF_VERSION: v1 | ||||
|       ENTRYPOINT_CONF_VERSION: v1 | ||||
|       HTACCESS_CONF_VERSION: v1 | ||||
| trigger: | ||||
|   branch: | ||||
|     - main | ||||
|     - master | ||||
| --- | ||||
| kind: pipeline | ||||
| name: generate recipe catalogue | ||||
| name: recipe release | ||||
| steps: | ||||
|   - name: release a new version | ||||
|     image: plugins/downstream | ||||
|     image: thecoopcloud/drone-abra:latest | ||||
|     settings: | ||||
|       server: https://build.coopcloud.tech | ||||
|       token: | ||||
|         from_secret: drone_abra-bot_token | ||||
|       fork: true | ||||
|       repositories: | ||||
|         - coop-cloud/auto-recipes-catalogue-json | ||||
|  | ||||
| trigger: | ||||
|   event: tag | ||||
|       command: recipe wordpress release | ||||
|       deploy_key: | ||||
|         from_secret: abra_bot_deploy_key | ||||
|  | ||||
							
								
								
									
										83
									
								
								.env.sample
									
									
									
									
									
								
							
							
						
						
									
										83
									
								
								.env.sample
									
									
									
									
									
								
							| @ -1,34 +1,12 @@ | ||||
| TYPE=wordpress | ||||
| TIMEOUT=300 | ||||
| ENABLE_AUTO_UPDATE=true | ||||
| COMPOSE_FILE="compose.yml" | ||||
| ENABLE_BACKUPS=true | ||||
|  | ||||
| DOMAIN=wordpress.example.com | ||||
| ## Domain aliases | ||||
| #EXTRA_DOMAINS=', `www.wordpress.example.com`' | ||||
| # Redirects | ||||
| # All redirect domains have to be added to EXTRA_DOMAINS as well) | ||||
| # multiple redirects can be added by seperating them with a | character | ||||
| #REDIRECTS=www.wordpress.example.com | ||||
| LETS_ENCRYPT_ENV=production | ||||
|  | ||||
| # Setup Wordpress settings on each deploy: | ||||
| #POST_DEPLOY_CMDS="app core_install" | ||||
|  | ||||
| # Optional settings, otherwise can be set in the installer | ||||
| # (Required for `app core_install` | ||||
| #TITLE="My Example Blog" | ||||
| #LOCALE="en_US" # de_DE | ||||
| #ADMIN_EMAIL=admin@example.com | ||||
|  | ||||
| # Every new user is per default subscriber, uncomment to change it | ||||
| #DEFAULT_USER_ROLE=administrator | ||||
|  | ||||
| # PHP composer for plugin installation | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.composer.yml" | ||||
|  | ||||
| #WORDPRESS_DEBUG=true | ||||
| # Necessary for optional features, leave this alone: | ||||
| COMPOSE_FILE="compose.yml" | ||||
|  | ||||
| ## Additional extensions | ||||
| #PHP_EXTENSIONS="calendar" | ||||
| @ -36,15 +14,27 @@ LETS_ENCRYPT_ENV=production | ||||
| SECRET_DB_ROOT_PASSWORD_VERSION=v1 | ||||
| SECRET_DB_PASSWORD_VERSION=v1 | ||||
|  | ||||
| # Mostly for compatibility with existing database dumps... | ||||
| #WORDPRESS_TABLE_PREFIX=wp_ | ||||
| # SSH access | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml" | ||||
| #SSH_PUBLIC_KEY=<your pubkey here> | ||||
|  | ||||
| # Multisite (see README) | ||||
| #MULTISITE=enable # either 'enable', 'subdomain' or 'subfolder' | ||||
| # Multisite | ||||
| #WORDPRESS_CONFIG_EXTRA="\ | ||||
| #	define('WP_CACHE', false);\ | ||||
| #	define('WP_ALLOW_MULTISITE', true );" | ||||
|  | ||||
| # File upload settings | ||||
| #UPLOAD_MAX_SIZE=256M | ||||
| #UPLOAD_MAX_TIME=30 | ||||
| # Multisite phase 2 (see README) | ||||
| #WORDPRESS_CONFIG_EXTRA="\ | ||||
| #	define('WP_CACHE', false);\ | ||||
| #	define('WP_ALLOW_MULTISITE', true );\ | ||||
| #	define('MULTISITE', true);\ | ||||
| #	define('SUBDOMAIN_INSTALL', true);\ | ||||
| #	define('DOMAIN_CURRENT_SITE', '${DOMAIN}');\ | ||||
| #	define('PATH_CURRENT_SITE', '/');\ | ||||
| #	define('SITE_ID_CURRENT_SITE', 1);\ | ||||
| #	define('BLOG_ID_CURRENT_SITE', 1);\ | ||||
| #	define('FORCE_SSL_ADMIN', true );\ | ||||
| #	define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);" | ||||
|  | ||||
| # Local SMTP relay | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml" | ||||
| @ -52,39 +42,10 @@ SECRET_DB_PASSWORD_VERSION=v1 | ||||
| #MAIL_FROM="wordpress@example.com" | ||||
|  | ||||
| # Remote SMTP relay | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" | ||||
| #SMTP_HOST="mail.example.com" | ||||
| #MAIL_FROM="wordpress@example.com" | ||||
| #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM | ||||
| #SMTP_OVERRIDE_FROM=on  # force "From" to MAIL_FROM, usually necessary | ||||
| #SMTP_PORT=587 | ||||
| #SMTP_AUTH=on | ||||
| #SMTP_TLS=on | ||||
| #SECRET_SMTP_PASSWORD_VERSION=v1 | ||||
|  | ||||
| # Authentik SSO | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" | ||||
| #AUTHENTIK_DOMAIN=authentik.example.com | ||||
| #SECRET_AUTHENTIK_SECRET_VERSION=v1 | ||||
| #SECRET_AUTHENTIK_ID_VERSION=v1 | ||||
| #LOGIN_TYPE='auto' | ||||
|  | ||||
| # Allow remote connections to db | ||||
| # 🚩🚩 dangerous, use only for development sites! | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml | ||||
|  | ||||
| # Wide-open CORS | ||||
| # 🚩🚩 dangerous, use only for development sites! | ||||
| #CORS_ALLOW_ALL=1 | ||||
|  | ||||
|  | ||||
| # FTP | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml" | ||||
| #SECRET_FTP_PASS_VERSION=v1 | ||||
| # You can use a Port between 2220-2225 | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2220.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2221.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2223.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2224.yml" | ||||
| #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2225.yml" | ||||
|  | ||||
							
								
								
									
										60
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										60
									
								
								README.md
									
									
									
									
									
								
							| @ -1,13 +1,13 @@ | ||||
| # Wordpress | ||||
|  | ||||
| [](https://build.coopcloud.tech/coop-cloud/wordpress) | ||||
| [](https://drone.autonomic.zone/coop-cloud/wordpress) | ||||
|  | ||||
| Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳 | ||||
|  | ||||
| <!-- metadata --> | ||||
|  | ||||
| * **Category**: Apps | ||||
| * **Status**: 4 | ||||
| * **Status**: 3, stable | ||||
| * **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream | ||||
| * **Healthcheck**: Yes | ||||
| * **Backups**: Yes | ||||
| @ -17,47 +17,43 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳 | ||||
|  | ||||
| <!-- endmetadata --> | ||||
|  | ||||
| ## Basic usage | ||||
|  | ||||
| ## Quick start | ||||
|  | ||||
|  | ||||
| * `abra app new wordpress` | ||||
| * `abra app config <app-name>` | ||||
| * `abra app secret generate -a <app-name>` | ||||
| * `abra app deploy <app-name>` | ||||
| * `abra app cmd <app-name> app core_install` | ||||
|  | ||||
| ### Authentik Integration | ||||
|  | ||||
|  | ||||
| `abra app config <app-name>`  | ||||
| Configure the following envs: | ||||
| ``` | ||||
| COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" | ||||
| AUTHENTIK_DOMAIN=authentik.example.com | ||||
| AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1  # the same as in authentik | ||||
| AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authentik | ||||
| ``` | ||||
|  | ||||
| `abra app cmd <app-name> app set_authentik` | ||||
| 1. Set up Docker Swarm and [`abra`][abra] | ||||
| 2. Deploy [`coop-cloud/traefik`][cc-traefik] | ||||
| 3. `abra app new wordpress --secrets` (optionally with `--pass` if you'd like | ||||
|    to save secrets in `pass`) | ||||
| 4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to | ||||
|    your Docker swarm box | ||||
| 5. `abra app YOURAPPDOMAIN deploy` | ||||
| 6. Open the configured domain in your browser to finish set-up | ||||
| 7. `abra app YOURAPPDOMAIN run app chown www-data:www-data /var/www/html/wp-content` to fix | ||||
|    file permissions (see #3) | ||||
|  | ||||
| ## Running WP-CLI | ||||
|  | ||||
| `abra app cmd <app-name> app wp -- core check-update --major` | ||||
| `abra app YOURAPPDOMAIN wp 'core check-update --major'` | ||||
|  | ||||
| (the WP-CLI arguments need to be quoted, because of how `abra` handles | ||||
| command-line arguments) | ||||
|  | ||||
| ## Network (Multi-site) | ||||
|  | ||||
| _(Only tested using subdomains)_ | ||||
|  | ||||
| 1. Set up as above | ||||
| 2. `abra app config <app-name>`, and uncomment `#MULTISITE=enable` | ||||
| 3. `abra app deploy <app-name>` | ||||
| 2. `abra app YOURAPPDOMAIN config`, and uncomment the first `# Multisite` section | ||||
| 3. `abra app YOURAPPDOMAIN deploy` | ||||
| 4. Log into the Wordpress admin dashboard, go to Tools » Network Setup | ||||
| 5. Don't worry about the suggested file changes | ||||
| 6. `abra app config <app-name>` again and set `MULTISITE` to either `subdomain` or `subfolder` depending on your setup. | ||||
| 7. `abra app deploy <app-name>` | ||||
| 6. `abra app YOURAPPDOMAIN config` again - comment out the first `# Multisite` | ||||
|    section in `.envrc`, uncomment the `# Multisite phase 2` section, and add | ||||
|    your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..) | ||||
| 7. `abra app YOURAPPDOMAIN deploy` | ||||
|  | ||||
| ## Installing a custom theme | ||||
|  | ||||
| `abra app cp <app-name> ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/` | ||||
| `abra app YOURAPPDOMAIN cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/` | ||||
|  | ||||
| ## Email | ||||
|  | ||||
| @ -69,10 +65,10 @@ There is a local or remote SMTP relay configuration available. | ||||
| Below are the instructions for the local relay. | ||||
|  | ||||
| 1. Deploy [`postfix-relay`][cc-postfix-relay] | ||||
| 2. `abra app config <app-name>`, and uncomment the email lines; change | ||||
| 2. `abra app YOURAPPDOMAIN config`, and uncomment the email lines; change | ||||
|    `MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s | ||||
|    `$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS` | ||||
| 3. `abra app deploy <app-name>` | ||||
| 3. `abra app YOURAPPDOMAIN deploy` | ||||
|  | ||||
| [abra]: https://git.autonomic.zone/autonomic-cooperative/abra | ||||
| [cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik | ||||
|  | ||||
							
								
								
									
										148
									
								
								abra.sh
									
									
									
									
									
								
							
							
						
						
									
										148
									
								
								abra.sh
									
									
									
									
									
								
							| @ -1,96 +1,78 @@ | ||||
| export PHP_UPLOADS_CONF_VERSION=v4 | ||||
| export ENTRYPOINT_CONF_VERSION=v7 | ||||
| export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2 | ||||
| export MSMTP_CONF_VERSION=v4 | ||||
| export HTACCESS_CONF_VERSION=v2 | ||||
| export USERS_CONF_VERSION=v1 | ||||
| export PHP_UPLOADS_CONF_VERSION=v3 | ||||
| export ENTRYPOINT_CONF_VERSION=v2 | ||||
| export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1 | ||||
| export MSMTP_CONF_VERSION=v3 | ||||
|  | ||||
| wp() { | ||||
|     su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@" | ||||
| sub_wp() { | ||||
|   CONTAINER=$(docker container ls -f "Name=${STACK_NAME}_app" --format '{{ .ID }}') | ||||
|   if [ -z "$CONTAINER" ]; then | ||||
|     error "Can't find a container for ${STACK_NAME}_app" | ||||
|     exit | ||||
|   fi | ||||
|   debug "Using Container ID ${CONTAINER}" | ||||
|  | ||||
|   # FIXME 3wc: we're fighting the Wordpress image, which recommends a named | ||||
|   # volume for /var/www/html -- this used to work fine using --volumes-from | ||||
|   # because the actual MySQL password was inserted into the generated | ||||
|   # wp-config.php -- but as of Wordpress 5.7.0, wp-config loads data straight | ||||
|   # from the environment, which requires Docker secrets to work, which only work | ||||
|   # in swarm services (not one-off `docker run` commands). Defining a `cli` | ||||
|   # service in compose.yml almost works, but there's no volumes_from: in Compose | ||||
|   # V3, and without it then the `cli` service can't access Wordpress core. | ||||
|   # See https://git.autonomic.zone/coop-cloud/wordpress/issues/21 | ||||
|   warning "Slowly looking up MySQL password..." | ||||
|   silence | ||||
|   abra__service_="app" | ||||
|   DB_PASSWORD="$(sub_app_run cat "/run/secrets/db_password")" | ||||
|   unsilence | ||||
|  | ||||
|   # shellcheck disable=SC2154,SC2086 | ||||
|   docker run -it \ | ||||
| 	--volumes-from "$CONTAINER" \ | ||||
| 	--network "container:$CONTAINER" \ | ||||
| 	-u xfs:xfs \ | ||||
|     -e WORDPRESS_DB_HOST=db \ | ||||
|     -e WORDPRESS_DB_USER=wordpress \ | ||||
|     -e WORDPRESS_DB_PASSWORD="${DB_PASSWORD}" \ | ||||
|     -e WORDPRESS_DB_NAME=wordpress \ | ||||
|     -e WORDPRESS_CONFIG_EXTRA="${WORDPRESS_CONFIG_EXTRA}" \ | ||||
| 	wordpress:cli wp ${abra__args_[*]} | ||||
| } | ||||
|  | ||||
| update() { | ||||
|     wp "core update-db" | ||||
|     wp "plugin update --all" | ||||
|     wp "plugin auto-updates enable --all" | ||||
|     wp "theme update --all" | ||||
|     wp "theme auto-updates enable --all" | ||||
|     wp "language core update" | ||||
|     wp "language plugin update --all" | ||||
|     wp "language theme update --all" | ||||
| abra_backup_app() { | ||||
|   _abra_backup_dir "app:/var/www/html/wp-content" | ||||
| } | ||||
|  | ||||
| core_install(){ | ||||
|     ADMIN=admin | ||||
|     if [ -n "$AUTHENTIK_DOMAIN" ] | ||||
|     then | ||||
|         ADMIN=akadmin | ||||
|     fi | ||||
|     chown www-data:www-data -R /var/www/html/wp-content | ||||
|     wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email" | ||||
|     wp "language core install $LOCALE" | ||||
|     wp "site switch-language $LOCALE" | ||||
|     wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'" | ||||
|     wp "plugin install --activate disable-update-notifications" | ||||
|     wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'" | ||||
|     if [ -n "$DEFAULT_USER_ROLE" ] | ||||
|     then | ||||
|         wp "option set default_role $DEFAULT_USER_ROLE" | ||||
|     else | ||||
|         wp "option set default_role subscriber" | ||||
|     fi | ||||
|     wp "theme auto-updates enable --all" | ||||
|     wp 'plugin auto-updates enable --all' || exit 0 | ||||
| abra_backup_db() { | ||||
|   _abra_backup_mysql "db" "wordpress" | ||||
| } | ||||
|  | ||||
| set_authentik(){ | ||||
|     AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret) | ||||
|     AUTHENTIK_ID=$(cat /run/secrets/authentik_id) | ||||
|     if [ -z $LOGIN_TYPE ] | ||||
|     then | ||||
|         LOGIN_TYPE='button' | ||||
|     fi | ||||
|     wp "user create akadmin admin@example.com --role=administrator" | ||||
|     wp "plugin install --activate daggerhart-openid-connect-generic" | ||||
|     wp 'plugin auto-updates enable daggerhart-openid-connect-generic' | ||||
|     wp "option update --format=json openid_connect_generic_settings ' | ||||
| abra_backup() { | ||||
|   abra_backup_app && abra_backup_db | ||||
| } | ||||
|  | ||||
| abra_restore_app() { | ||||
|   # shellcheck disable=SC2034 | ||||
|   { | ||||
|         \"login_type\":\"$LOGIN_TYPE\", | ||||
|         \"client_id\":\"$AUTHENTIK_ID\", | ||||
|         \"client_secret\":\"$AUTHENTIK_SECRET\", | ||||
|         \"scope\":\"email profile openid\", | ||||
|         \"endpoint_login\":\"https://$AUTHENTIK_DOMAIN/application/o/authorize/\", | ||||
|         \"endpoint_userinfo\":\"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\", | ||||
|         \"endpoint_token\":\"https://$AUTHENTIK_DOMAIN/application/o/token/\", | ||||
|         \"endpoint_end_session\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/\", | ||||
|         \"acr_values\":\"\", | ||||
|         \"identity_key\":\"preferred_username\", | ||||
|         \"no_sslverify\":\"0\", | ||||
|         \"http_request_timeout\":\"30\", | ||||
|         \"enforce_privacy\":\"0\", | ||||
|         \"alternate_redirect_uri\":\"1\", | ||||
|         \"nickname_key\":\"preferred_username\", | ||||
|         \"email_format\":\"{email}\", | ||||
|         \"displayname_format\":\"\", | ||||
|         \"identify_with_username\":\"1\", | ||||
|         \"state_time_limit\":\"\", | ||||
|         \"token_refresh_enable\":\"1\", | ||||
|         \"link_existing_users\":\"1\", | ||||
|         \"create_if_does_not_exist\":\"1\", | ||||
|         \"redirect_user_back\":\"0\", | ||||
|         \"redirect_on_logout\":\"1\", | ||||
|         \"enable_logging\":\"0\", | ||||
|         \"log_limit\":\"1000\" | ||||
|     }'" | ||||
|     wp "rewrite flush" | ||||
|     wp "cache flush" | ||||
|  | ||||
| 	abra__src_="-" | ||||
| 	abra__dst_="app:/var/www/html/" | ||||
|   } | ||||
|  | ||||
| fix_mysql() { | ||||
|   echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password) | ||||
|   zcat "$@" | sub_app_cp | ||||
|  | ||||
|   success "Restored 'app'" | ||||
| } | ||||
|  | ||||
| show_plugins() { | ||||
|   wp "plugin list --fields=name,status,wporg_status,version,update_version,auto_update,tested_up_to,wporg_last_updated" | ||||
| abra_restore_db() { | ||||
|   # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we | ||||
|   # got this far.. | ||||
|  | ||||
|   # shellcheck disable=SC2034 | ||||
|   abra___no_tty="true" | ||||
|  | ||||
|   DB_ROOT_PASSWORD=$(sub_app_run cat /run/secrets/db_root_password) | ||||
|  | ||||
|   zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress | ||||
|  | ||||
|   success "Restored 'db'" | ||||
| } | ||||
|  | ||||
| @ -1,12 +0,0 @@ | ||||
| authentik: | ||||
|     uncomment: | ||||
|         - compose.authentik.yml | ||||
|         - AUTHENTIK_DOMAIN | ||||
|         - SECRET_AUTHENTIK_SECRET_VERSION | ||||
|         - SECRET_AUTHENTIK_ID_VERSION | ||||
|         - LOGIN_TYPE | ||||
|     inital-hooks: | ||||
|         - app set_authentik | ||||
|     shared_secrets: | ||||
|         wordpress_secret: authentik_secret | ||||
|         wordpress_id: authentik_id | ||||
| @ -1,14 +0,0 @@ | ||||
| version: "3.8" | ||||
| services: | ||||
|   app: | ||||
|     secrets: | ||||
|       - authentik_secret | ||||
|       - authentik_id | ||||
|  | ||||
| secrets: | ||||
|   authentik_secret: | ||||
|     external: true | ||||
|     name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION} | ||||
|   authentik_id: | ||||
|     external: true | ||||
|     name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION} | ||||
| @ -1,14 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   app: | ||||
|     volumes: | ||||
|       - "composer:/var/www/html/composer" | ||||
|     environment: | ||||
|       - ENABLE_COMPOSER=1 | ||||
|       - COMPOSER=composer/composer.json | ||||
|       - COMPOSER_VENDOR_DIR=composer/vendor | ||||
|  | ||||
| volumes: | ||||
|   composer: | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2220:22 | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2221:22 | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2222:22 | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2223:22 | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2224:22 | ||||
| @ -1,7 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     ports: | ||||
|         - 2220:22 | ||||
| @ -1,24 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ftp: | ||||
|     image: atmoz/sftp | ||||
|     secrets: | ||||
|       - ftp_pass | ||||
|     volumes: | ||||
|       - "wordpress_content:/home/ftp_user/wp-content" | ||||
|     configs: | ||||
|       - source: users_conf | ||||
|         target: /etc/sftp/users.conf | ||||
|  | ||||
| secrets: | ||||
|   ftp_pass: | ||||
|     name: ${STACK_NAME}_ftp_pass_${SECRET_FTP_PASS_VERSION} | ||||
|     external: true | ||||
|  | ||||
| configs: | ||||
|   users_conf: | ||||
|     name: ${STACK_NAME}_users_conf_${USERS_CONF_VERSION} | ||||
|     file: users.conf.tmpl | ||||
|     template_driver: golang | ||||
| @ -6,7 +6,6 @@ services: | ||||
|     entrypoint: /docker-entrypoint.mailrelay.sh | ||||
|     environment: | ||||
|       - SMTP_HOST=${SMTP_HOST} | ||||
|       - SMTP_PORT=${SMTP_PORT:-25} | ||||
|       - MAIL_FROM=${MAIL_FROM} | ||||
|     configs: | ||||
|       - source: mstmp_conf | ||||
|  | ||||
| @ -1,9 +0,0 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   db: | ||||
|     ports: | ||||
|       - target: 3306 | ||||
|         published: 3306 | ||||
|         mode: host | ||||
| @ -6,12 +6,11 @@ services: | ||||
|     secrets: | ||||
|       - smtp_password | ||||
|     environment: | ||||
|       - SMTP_HOST | ||||
|       - SMTP_HOST=${SMTP_HOST} | ||||
|       - SMTP_PORT=${SMTP_PORT:-25} | ||||
|       - SMTP_AUTH | ||||
|       - SMTP_TLS | ||||
|       - MAIL_FROM | ||||
|       - SMTP_OVERRIDE_FROM | ||||
|       - SMTP_AUTH=${SMTP_AUTH} | ||||
|       - SMTP_TLS=${SMTP_TLS} | ||||
|       - MAIL_FROM=${MAIL_FROM} | ||||
|  | ||||
| secrets: | ||||
|   smtp_password: | ||||
|  | ||||
							
								
								
									
										27
									
								
								compose.ssh.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								compose.ssh.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,27 @@ | ||||
| --- | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   ssh: | ||||
|     image: lscr.io/linuxserver/openssh-server | ||||
|     environment: | ||||
|       - PUID=33 | ||||
|       - PGID=33 | ||||
|       - PUBLIC_KEY=${SSH_PUBLIC_KEY} | ||||
|       - USER_NAME=wordpress | ||||
|       - PASSWORD_ACCESS=false | ||||
|     networks: | ||||
|       - proxy | ||||
|     deploy: | ||||
|       update_config: | ||||
|         failure_action: rollback | ||||
|         order: start-first | ||||
|       labels: | ||||
|         - "traefik.enable=true" | ||||
|         - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)" | ||||
|         - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh" | ||||
|         - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=2222" | ||||
|  | ||||
| networks: | ||||
|   proxy: | ||||
|     external: true | ||||
							
								
								
									
										45
									
								
								compose.yml
									
									
									
									
									
								
							
							
						
						
									
										45
									
								
								compose.yml
									
									
									
									
									
								
							| @ -3,26 +3,19 @@ version: "3.8" | ||||
|  | ||||
| services: | ||||
|   app: | ||||
|     image: "wordpress:6.7.1" | ||||
|     image: "wordpress:5.8.1" | ||||
|     volumes: | ||||
|       - "wordpress_content:/var/www/html/wp-content/" | ||||
|     networks: | ||||
|       - backend | ||||
|       - proxy | ||||
|     environment: | ||||
|       WORDPRESS_CONFIG_EXTRA: | | ||||
|             define( 'AUTOMATIC_UPDATER_DISABLED', false ); | ||||
|             define( 'WP_AUTO_UPDATE_CORE', false ); | ||||
|             ${WORDPRESS_CONFIG_EXTRA} | ||||
|       PAGER: more | ||||
|       WORDPRESS_DB_HOST: db | ||||
|       WORDPRESS_DB_USER: wordpress | ||||
|       WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password | ||||
|       WORDPRESS_DB_NAME: wordpress | ||||
|       WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_} | ||||
|       PHP_EXTENSIONS: ${PHP_EXTENSIONS} | ||||
|       CORS_ALLOW_ALL: | ||||
|       COMPOSER: | ||||
|       - WORDPRESS_DB_HOST=db | ||||
|       - WORDPRESS_DB_USER=wordpress | ||||
|       - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password | ||||
|       - WORDPRESS_DB_NAME=wordpress | ||||
|       - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA} | ||||
|       - PHP_EXTENSIONS | ||||
|     secrets: | ||||
|       - db_password | ||||
|     configs: | ||||
| @ -31,8 +24,6 @@ services: | ||||
|       - source: entrypoint_conf | ||||
|         target: /docker-entrypoint.sh | ||||
|         mode: 0555 | ||||
|       - source: htaccess_conf | ||||
|         target: /var/www/html/.htaccess | ||||
|     entrypoint: /docker-entrypoint.sh | ||||
|     depends_on: | ||||
|       - db | ||||
| @ -57,15 +48,10 @@ services: | ||||
|         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)" | ||||
|         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" | ||||
|         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" | ||||
|         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)" | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}" | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true" | ||||
|         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" | ||||
|         - "coop-cloud.${STACK_NAME}.version=2.13.3+6.7.1" | ||||
|         - "coop-cloud.${STACK_NAME}.version=1.0.0+5.8.1" | ||||
|  | ||||
|   db: | ||||
|     image: "mariadb:11.6" | ||||
|     image: "mariadb:10.6" | ||||
|     volumes: | ||||
|       - "mariadb:/var/lib/mysql" | ||||
|     networks: | ||||
| @ -78,12 +64,6 @@ services: | ||||
|     secrets: | ||||
|       - db_password | ||||
|       - db_root_password | ||||
|     deploy: | ||||
|       labels: | ||||
|         backupbot.backup: "${ENABLE_BACKUPS:-true}" | ||||
|         backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz" | ||||
|         backupbot.backup.volumes.mariadb.path: "dump.sql.gz" | ||||
|         backupbot.restore.post-hook: "gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql" | ||||
|  | ||||
| networks: | ||||
|   backend: | ||||
| @ -109,9 +89,4 @@ configs: | ||||
|     template_driver: golang | ||||
|   php_uploads_conf: | ||||
|     name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION} | ||||
|     file: uploads.ini.tmpl | ||||
|     template_driver: golang | ||||
|   htaccess_conf: | ||||
|     name: ${STACK_NAME}_htaccess_conf_${HTACCESS_CONF_VERSION} | ||||
|     file: htaccess.tmpl | ||||
|     template_driver: golang | ||||
|     file: uploads.ini | ||||
|  | ||||
| @ -3,5 +3,3 @@ | ||||
| apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm -rf /var/lib/apt/lists/* | ||||
|  | ||||
| echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini | ||||
|  | ||||
| /docker-entrypoint.sh | ||||
|  | ||||
| @ -4,44 +4,6 @@ | ||||
| docker-php-ext-install {{ env "PHP_EXTENSIONS" }} | ||||
| {{ end }} | ||||
|  | ||||
| curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar | ||||
| chmod +x /usr/local/bin/wp | ||||
|  | ||||
| {{ if eq (env "ENABLE_COMPOSER") "1" }} | ||||
| mkdir -p /var/www/.composer | ||||
| chown www-data:www-data /var/www/.composer /var/www/html/composer | ||||
|  | ||||
| curl https://getcomposer.org/installer -o /tmp/composer-setup.php | ||||
| php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" | ||||
| php /tmp/composer-setup.php | ||||
| rm /tmp/composer-setup.php | ||||
|  | ||||
| mv /var/www/html/composer.phar /usr/local/bin/composer | ||||
| {{ end }} | ||||
|  | ||||
| {{ if eq (env "CORS_ALLOW_ALL") "1" }} | ||||
| a2enmod headers | ||||
| sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf | ||||
| {{ end }} | ||||
|  | ||||
| {{ if eq (env "MULTISITE") "enable" }} | ||||
| export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA | ||||
| define('WP_CACHE', false); | ||||
| define('WP_ALLOW_MULTISITE', true );" | ||||
| {{ end }} | ||||
|  | ||||
| {{ if or (eq (env "MULTISITE") "subdomain") (eq (env "MULTISITE") "subfolder") }} | ||||
| export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA | ||||
| define('MULTISITE', true); | ||||
| define('SUBDOMAIN_INSTALL', true); | ||||
| define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); | ||||
| define('PATH_CURRENT_SITE', '/'); | ||||
| define('SITE_ID_CURRENT_SITE', 1); | ||||
| define('BLOG_ID_CURRENT_SITE', 1); | ||||
| define('FORCE_SSL_ADMIN', true ); | ||||
| define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);" | ||||
| {{ end }} | ||||
|  | ||||
| if [ -n "$@" ]; then | ||||
| 	"$@" | ||||
| fi | ||||
|  | ||||
| @ -1,57 +0,0 @@ | ||||
| {{ if eq (env "MULTISITE") "" -}} | ||||
| # BEGIN WordPress | ||||
|  | ||||
| RewriteEngine On | ||||
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||||
| RewriteBase / | ||||
| RewriteRule ^index\.php$ - [L] | ||||
| RewriteCond %{REQUEST_FILENAME} !-f | ||||
| RewriteCond %{REQUEST_FILENAME} !-d | ||||
| RewriteRule . /index.php [L] | ||||
|  | ||||
| # END WordPress | ||||
| {{- end -}} | ||||
|  | ||||
| {{- if eq (env "MULTISITE") "subfolder" -}} | ||||
| # BEGIN WordPress Multisite | ||||
| # Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite | ||||
|  | ||||
| RewriteEngine On | ||||
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||||
| RewriteBase / | ||||
| RewriteRule ^index\.php$ - [L] | ||||
|  | ||||
| # add a trailing slash to /wp-admin | ||||
| RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] | ||||
|  | ||||
| RewriteCond %{REQUEST_FILENAME} -f [OR] | ||||
| RewriteCond %{REQUEST_FILENAME} -d | ||||
| RewriteRule ^ - [L] | ||||
| RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] | ||||
| RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] | ||||
| RewriteRule . index.php [L] | ||||
|  | ||||
| # END WordPress Multisite | ||||
| {{- end -}} | ||||
|  | ||||
| {{- if eq (env "MULTISITE") "subdomain" -}} | ||||
| # BEGIN WordPress Multisite | ||||
| # Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite | ||||
|  | ||||
| RewriteEngine On | ||||
| RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||||
| RewriteBase / | ||||
| RewriteRule ^index\.php$ - [L] | ||||
|  | ||||
| # add a trailing slash to /wp-admin | ||||
| RewriteRule ^wp-admin$ wp-admin/ [R=301,L] | ||||
|  | ||||
| RewriteCond %{REQUEST_FILENAME} -f [OR] | ||||
| RewriteCond %{REQUEST_FILENAME} -d | ||||
| RewriteRule ^ - [L] | ||||
| RewriteRule ^(wp-(content|admin|includes).*) $1 [L] | ||||
| RewriteRule ^(.*\.php)$ $1 [L] | ||||
| RewriteRule . index.php [L] | ||||
|  | ||||
| # END WordPress Multisite | ||||
| {{- end }} | ||||
| @ -1,13 +1,9 @@ | ||||
| account default | ||||
| host {{ env "SMTP_HOST" }} | ||||
| from {{ env "MAIL_FROM" }} | ||||
| user {{ or (env "SMTP_USER") (env "MAIL_FROM") }} | ||||
| user {{ env "MAIL_FROM" }} | ||||
| port {{ env "SMTP_PORT" }} | ||||
|  | ||||
| {{ if eq (env "SMTP_OVERRIDE_FROM") "on" }} | ||||
| set_from_header on | ||||
| {{ end }} | ||||
|  | ||||
| {{ if eq (env "SMTP_AUTH") "on" }} | ||||
| auth {{ env "SMTP_AUTH" }} | ||||
| passwordeval "cat /run/secrets/smtp_password" | ||||
|  | ||||
| @ -1 +0,0 @@ | ||||
| Adds redirects and alakazam integration | ||||
| @ -1 +0,0 @@ | ||||
| Breaking change for ftp container: you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml" to open port 2222 again. You can also select between port 2220-2225. | ||||
| @ -1 +0,0 @@ | ||||
| The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more. | ||||
| @ -1 +0,0 @@ | ||||
| Multisite now also works with subpaths instead of subdomains. Also Multisite support was simplified. If you are using a subdomain multisite setup you can remove the `WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true);...` from your config and instead set MULTISITE=subdomain. | ||||
							
								
								
									
										3
									
								
								uploads.ini
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								uploads.ini
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | ||||
| file_uploads = On | ||||
| upload_max_filesize = 256M | ||||
| post_max_size = 256M | ||||
| @ -1,11 +0,0 @@ | ||||
| {{ $upload_max_size := "256M" }} | ||||
| {{ if ne (env "UPLOAD_MAX_SIZE") "" }} {{ $upload_max_size = env "UPLOAD_MAX_SIZE" }} {{ end }} | ||||
| {{ $upload_max_time := "30" }} | ||||
| {{ if ne (env "UPLOAD_MAX_TIME") "" }} {{ $upload_max_time = env "UPLOAD_MAX_TIME" }} {{ end }} | ||||
|  | ||||
| file_uploads = On | ||||
| upload_max_filesize =  {{ $upload_max_size }} | ||||
| post_max_size = {{ $upload_max_size }} | ||||
| memory_limit = {{ $upload_max_size }} | ||||
| max_execution_time = {{ $upload_max_time }} | ||||
| max_input_time = {{ $upload_max_time }} | ||||
| @ -1 +0,0 @@ | ||||
| ftp_user:{{ secret "ftp_pass" }}:33:33 | ||||
		Reference in New Issue
	
	Block a user