Compare commits
1 Commits
2.19.2+6.9
...
anubis
| Author | SHA1 | Date | |
|---|---|---|---|
a3a1db97be
|
@ -28,9 +28,6 @@ LETS_ENCRYPT_ENV=production
|
||||
# PHP composer for plugin installation
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.composer.yml"
|
||||
|
||||
# Self managed Wordpress for automatic updates
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.selfmanaged.yml"
|
||||
|
||||
#WORDPRESS_DEBUG=true
|
||||
|
||||
## Additional extensions
|
||||
@ -84,6 +81,7 @@ SECRET_DB_PASSWORD_VERSION=v1
|
||||
# 🚩🚩 dangerous, use only for development sites!
|
||||
#CORS_ALLOW_ALL=1
|
||||
|
||||
|
||||
# FTP
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
|
||||
#SECRET_FTP_PASS_VERSION=v1
|
||||
@ -94,3 +92,6 @@ SECRET_DB_PASSWORD_VERSION=v1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2223.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2224.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2225.yml"
|
||||
|
||||
# Anubis
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
|
||||
|
||||
@ -77,3 +77,9 @@ Below are the instructions for the local relay.
|
||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
[cc-postfix-relay]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
|
||||
## Protect Wordpress from scrapers with Anubis
|
||||
|
||||
Uncomment the Anubis compose file from the `.env` file and re-deploy the
|
||||
app. Don't forget to actually [enable Anubis on the Traefik app
|
||||
too](https://recipes.coopcloud.tech/traefik)!
|
||||
|
||||
21
abra.sh
21
abra.sh
@ -1,8 +1,8 @@
|
||||
export PHP_UPLOADS_CONF_VERSION=v4
|
||||
export ENTRYPOINT_CONF_VERSION=v8
|
||||
export ENTRYPOINT_CONF_VERSION=v7
|
||||
export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
|
||||
export MSMTP_CONF_VERSION=v4
|
||||
export HTACCESS_CONF_VERSION=v3
|
||||
export HTACCESS_CONF_VERSION=v2
|
||||
export USERS_CONF_VERSION=v1
|
||||
|
||||
wp() {
|
||||
@ -31,6 +31,8 @@ core_install(){
|
||||
wp "language core install $LOCALE"
|
||||
wp "site switch-language $LOCALE"
|
||||
wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
|
||||
wp "plugin install --activate disable-update-notifications"
|
||||
wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'"
|
||||
if [ -n "$DEFAULT_USER_ROLE" ]
|
||||
then
|
||||
wp "option set default_role $DEFAULT_USER_ROLE"
|
||||
@ -38,20 +40,7 @@ core_install(){
|
||||
wp "option set default_role subscriber"
|
||||
fi
|
||||
wp "theme auto-updates enable --all"
|
||||
wp 'plugin auto-updates enable --all' || true
|
||||
}
|
||||
|
||||
enable_auto_updates(){
|
||||
wp "plugin deactivate disable-update-notifications --allow-root"
|
||||
wp "plugin uninstall disable-update-notifications --allow-root"
|
||||
wp "option delete disable_notification_setting --allow-root"
|
||||
wp "plugin auto-updates enable --all --allow-root"
|
||||
wp "theme auto-updates enable --all --allow-root"
|
||||
}
|
||||
|
||||
disable_auto_updates(){
|
||||
wp "plugin install --activate disable-update-notifications"
|
||||
wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'"
|
||||
wp 'plugin auto-updates enable --all' || exit 0
|
||||
}
|
||||
|
||||
set_authentik(){
|
||||
|
||||
7
compose.anubis.yml
Normal file
7
compose.anubis.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname,anubis"
|
||||
@ -1,21 +0,0 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "wordpress:latest"
|
||||
volumes:
|
||||
- "wordpress:/var/www/html/"
|
||||
environment:
|
||||
WORDPRESS_CONFIG_EXTRA: |
|
||||
define( 'AUTOMATIC_UPDATER_DISABLED', false );
|
||||
define( 'WP_AUTO_UPDATE_CORE', true );
|
||||
define( 'FS_METHOD', 'direct' );
|
||||
${WORDPRESS_CONFIG_EXTRA}
|
||||
|
||||
ftp:
|
||||
volumes:
|
||||
- "wordpress:/home/ftp_user/"
|
||||
|
||||
volumes:
|
||||
wordpress:
|
||||
@ -62,7 +62,7 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.19.2+6.9.4"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.19.1+6.9.4"
|
||||
|
||||
db:
|
||||
image: "mariadb:12.2"
|
||||
|
||||
@ -42,19 +42,6 @@ define('FORCE_SSL_ADMIN', true );
|
||||
define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
|
||||
{{ end }}
|
||||
|
||||
|
||||
UPLOADS_HTACCESS=/var/www/html/wp-content/uploads/.htaccess
|
||||
if [ ! -f "$UPLOADS_HTACCESS" ]; then
|
||||
mkdir -p /var/www/html/wp-content/uploads
|
||||
cat > "$UPLOADS_HTACCESS" <<'EOF'
|
||||
# Prevent PHP execution in uploads directory
|
||||
<FilesMatch "\.(?i:php|phtml|phar)$">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
EOF
|
||||
chown www-data:www-data "$UPLOADS_HTACCESS"
|
||||
fi
|
||||
|
||||
if [ -n "$@" ]; then
|
||||
"$@"
|
||||
fi
|
||||
|
||||
@ -1,8 +1,3 @@
|
||||
# Protect sensitive files from direct access
|
||||
<FilesMatch "^(wp-config\.php|\.htaccess|\.htpasswd|readme\.html|license\.txt)$">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
{{ if eq (env "MULTISITE") "" -}}
|
||||
# BEGIN WordPress
|
||||
|
||||
|
||||
Reference in New Issue
Block a user