Compare commits
21 Commits
2.3.2+6.2.
...
dix-db-bac
| Author | SHA1 | Date | |
|---|---|---|---|
| ed77855e7d | |||
| 1c70a89ed4 | |||
| c6be9ecfcf | |||
| f2867c8359 | |||
| 4a7c468806 | |||
| 40d95417e9 | |||
| 37aa0649b9 | |||
| 5723405e51 | |||
| 650d531ed1 | |||
| 9077d0aa86 | |||
| 952044e590 | |||
| 1c03d854b2 | |||
| 38bc51f516 | |||
| 40cbb7d689 | |||
| 16ca5734d7 | |||
| 91335eac3a | |||
| dfaa04131d | |||
| b508b67752 | |||
| 8cc028fc00 | |||
| 55f00a482a | |||
| df821f5017 |
51
.env.sample
51
.env.sample
@ -1,15 +1,29 @@
|
||||
TYPE=wordpress
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
DOMAIN=wordpress.example.com
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.wordpress.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
TITLE="My Example Blog"
|
||||
LOCALE="en_US" # de_DE
|
||||
ADMIN_EMAIL=admin@example.com
|
||||
# Setup Wordpress settings on each deploy:
|
||||
#POST_DEPLOY_CMDS="app core_install"
|
||||
|
||||
# Optional settings, otherwise can be set in the installer
|
||||
# (Required for `app core_install`
|
||||
#TITLE="My Example Blog"
|
||||
#LOCALE="en_US" # de_DE
|
||||
#ADMIN_EMAIL=admin@example.com
|
||||
|
||||
# Every new user is per default subscriber, uncomment to change it
|
||||
#DEFAULT_USER_ROLE=administrator
|
||||
|
||||
# Uncomment to install PHP Composer
|
||||
#COMPOSER=1
|
||||
|
||||
#WORDPRESS_DEBUG=true
|
||||
|
||||
## Additional extensions
|
||||
#PHP_EXTENSIONS="calendar"
|
||||
@ -22,28 +36,39 @@ SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# Multisite
|
||||
#WORDPRESS_CONFIG_EXTRA="\
|
||||
# define('WP_CACHE', false);\
|
||||
# define('WP_ALLOW_MULTISITE', true );"
|
||||
#define('WP_CACHE', false);\
|
||||
#define('WP_ALLOW_MULTISITE', true );"
|
||||
|
||||
# Multisite phase 2 (see README)
|
||||
# WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
|
||||
#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
|
||||
|
||||
# Local SMTP relay
|
||||
#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
|
||||
#SMTP_HOST="postfix_relay_app"
|
||||
#MAIL_FROM="wordpress@example.com"
|
||||
|
||||
# Remote SMTP relay
|
||||
#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_HOST="mail.example.com"
|
||||
#MAIL_FROM="wordpress@example.com"
|
||||
#SMTP_USER="wordpress@example.com" # optional, defaults to MAIL_FROM
|
||||
#SMTP_OVERRIDE_FROM=on # force "From" to MAIL_FROM, usually necessary
|
||||
#SMTP_PORT=587
|
||||
#SMTP_AUTH=on
|
||||
#SMTP_TLS=on
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
# AUTHENTIK_DOMAIN=authentik.example.com
|
||||
# AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1 # the same as in authentik
|
||||
# AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1 # the same as in authentik
|
||||
# LOGIN_TYPE='auto'
|
||||
# Authentik SSO
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
#AUTHENTIK_DOMAIN=authentik.example.com
|
||||
#SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
#SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
#LOGIN_TYPE='auto'
|
||||
|
||||
# Allow remote connections to db
|
||||
# 🚩🚩 dangerous, use only for development sites!
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
|
||||
|
||||
# Wide-open CORS
|
||||
# 🚩🚩 dangerous, use only for development sites!
|
||||
#CORS_ALLOW_ALL=1
|
||||
|
||||
17
abra.sh
17
abra.sh
@ -1,7 +1,7 @@
|
||||
export PHP_UPLOADS_CONF_VERSION=v3
|
||||
export ENTRYPOINT_CONF_VERSION=v3
|
||||
export ENTRYPOINT_CONF_VERSION=v5
|
||||
export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
|
||||
export MSMTP_CONF_VERSION=v3
|
||||
export MSMTP_CONF_VERSION=v4
|
||||
|
||||
wp() {
|
||||
su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
|
||||
@ -9,15 +9,24 @@ wp() {
|
||||
|
||||
core_install(){
|
||||
ADMIN=admin
|
||||
if [ -n $AUTHENTIK_DOMAIN ]
|
||||
if [ -n "$AUTHENTIK_DOMAIN" ]
|
||||
then
|
||||
ADMIN=akadmin
|
||||
fi
|
||||
chown www-data:www-data /var/www/html/wp-content
|
||||
chown www-data:www-data -R /var/www/html/wp-content
|
||||
wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
|
||||
wp "language core install $LOCALE"
|
||||
wp "site switch-language $LOCALE"
|
||||
wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
|
||||
wp "plugin install --activate disable-update-notifications"
|
||||
wp 'option update dwcun_setting on'
|
||||
if [ -n "$DEFAULT_USER_ROLE" ]
|
||||
then
|
||||
wp "option set default_role $DEFAULT_USER_ROLE"
|
||||
else
|
||||
wp "option set default_role subscriber"
|
||||
fi
|
||||
wp 'plugin auto-updates enable --all' || exit 0
|
||||
}
|
||||
|
||||
set_authentik(){
|
||||
|
||||
@ -8,7 +8,7 @@ services:
|
||||
secrets:
|
||||
authentik_secret:
|
||||
external: true
|
||||
name: ${AUTHENTIK_SECRET_NAME}
|
||||
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
|
||||
authentik_id:
|
||||
external: true
|
||||
name: ${AUTHENTIK_ID_NAME}
|
||||
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
|
||||
|
||||
9
compose.public-db.yml
Normal file
9
compose.public-db.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
ports:
|
||||
- target: 3306
|
||||
published: 3306
|
||||
mode: host
|
||||
@ -6,11 +6,12 @@ services:
|
||||
secrets:
|
||||
- smtp_password
|
||||
environment:
|
||||
- SMTP_HOST=${SMTP_HOST}
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT=${SMTP_PORT:-25}
|
||||
- SMTP_AUTH=${SMTP_AUTH}
|
||||
- SMTP_TLS=${SMTP_TLS}
|
||||
- MAIL_FROM=${MAIL_FROM}
|
||||
- SMTP_AUTH
|
||||
- SMTP_TLS
|
||||
- MAIL_FROM
|
||||
- SMTP_OVERRIDE_FROM
|
||||
|
||||
secrets:
|
||||
smtp_password:
|
||||
|
||||
35
compose.yml
35
compose.yml
@ -3,21 +3,26 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "wordpress:6.2.0"
|
||||
image: "wordpress:6.3.0"
|
||||
volumes:
|
||||
- "wordpress_content:/var/www/html/wp-content/"
|
||||
networks:
|
||||
- backend
|
||||
- proxy
|
||||
environment:
|
||||
- PAGER=more
|
||||
- WORDPRESS_DB_HOST=db
|
||||
- WORDPRESS_DB_USER=wordpress
|
||||
- WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- WORDPRESS_DB_NAME=wordpress
|
||||
- WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
|
||||
- WORDPRESS_TABLE_PREFIX
|
||||
- PHP_EXTENSIONS
|
||||
WORDPRESS_CONFIG_EXTRA: |
|
||||
define( 'AUTOMATIC_UPDATER_DISABLED', false );
|
||||
define( 'WP_AUTO_UPDATE_CORE', false );
|
||||
${WORDPRESS_CONFIG_EXTRA}
|
||||
PAGER: more
|
||||
WORDPRESS_DB_HOST: db
|
||||
WORDPRESS_DB_USER: wordpress
|
||||
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
|
||||
WORDPRESS_DB_NAME: wordpress
|
||||
WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
|
||||
PHP_EXTENSIONS: ${PHP_EXTENSIONS}
|
||||
CORS_ALLOW_ALL:
|
||||
COMPOSER:
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
@ -53,10 +58,10 @@ services:
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.3.2+6.2.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.5.1+6.3.0"
|
||||
|
||||
db:
|
||||
image: "mariadb:10.11"
|
||||
image: "mariadb:11.0"
|
||||
volumes:
|
||||
- "mariadb:/var/lib/mysql"
|
||||
networks:
|
||||
@ -72,11 +77,11 @@ services:
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
|
||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz'"
|
||||
backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
|
||||
backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
|
||||
backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"
|
||||
|
||||
networks:
|
||||
backend:
|
||||
|
||||
@ -7,6 +7,23 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
|
||||
curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
|
||||
chmod +x /usr/local/bin/wp
|
||||
|
||||
{{ if eq (env "COMPOSER") "1" }}
|
||||
mkdir -p /var/www/.composer
|
||||
chown www-data:www-data /var/www/.composer
|
||||
|
||||
curl https://getcomposer.org/installer -o /tmp/composer-setup.php
|
||||
php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
php /tmp/composer-setup.php
|
||||
rm /tmp/composer-setup.php
|
||||
|
||||
mv /var/www/html/composer.phar /usr/local/bin/composer
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "CORS_ALLOW_ALL") "1" }}
|
||||
a2enmod headers
|
||||
sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
|
||||
{{ end }}
|
||||
|
||||
if [ -n "$@" ]; then
|
||||
"$@"
|
||||
fi
|
||||
|
||||
@ -1,9 +1,13 @@
|
||||
account default
|
||||
host {{ env "SMTP_HOST" }}
|
||||
from {{ env "MAIL_FROM" }}
|
||||
user {{ env "MAIL_FROM" }}
|
||||
user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
|
||||
port {{ env "SMTP_PORT" }}
|
||||
|
||||
{{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
|
||||
set_from_header on
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "SMTP_AUTH") "on" }}
|
||||
auth {{ env "SMTP_AUTH" }}
|
||||
passwordeval "cat /run/secrets/smtp_password"
|
||||
|
||||
1
release/next
Normal file
1
release/next
Normal file
@ -0,0 +1 @@
|
||||
The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.
|
||||
Reference in New Issue
Block a user