add alakazam integration file alaconnect.yml

With this commit multisite now also works with subpaths instead of subdomains.

It also simpified the multisite deployment in generall by adding a new MULTISITE environment variable. Depending on its value WORDPRESS_CONFIG_EXTRA gets set in the entrypoint. And the correct .htaccess gets deployed.

Closes #34

I am still new to coopcloud and welcome feedback on my approach. The second commit is not required for #34 so I can remove it again.

Reviewed-on: #35
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>

.drone.yml

@@ -21,9 +21,10 @@ steps:
       SECRET_DB_ROOT_PASSWORD_VERSION: v1
       PHP_UPLOADS_CONF_VERSION: v1
       ENTRYPOINT_CONF_VERSION: v1
+      HTACCESS_CONF_VERSION: v1
 trigger:
   branch:
-    - master
+    - main
 ---
 kind: pipeline
 name: generate recipe catalogue

.env.sample

@@ -34,13 +34,8 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Mostly for compatibility with existing database dumps...
 #WORDPRESS_TABLE_PREFIX=wp_
 
-# Multisite
-#WORDPRESS_CONFIG_EXTRA="\
-#define('WP_CACHE', false);\
-#define('WP_ALLOW_MULTISITE', true );"
-
-# Multisite phase 2 (see README)
-#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+# Multisite (see README)
+#MULTISITE=enable # either 'enable', 'subdomain' or 'subfolder'
 
 # Local SMTP relay
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
@@ -48,7 +43,7 @@ SECRET_DB_PASSWORD_VERSION=v1
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
@@ -72,3 +67,9 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
+
+
+# FTP
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
+#SECRET_FTP_PASS_VERSION=v1
+#USERS_CONF_VERSION=v1

README.md

@@ -7,7 +7,7 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
 <!-- metadata -->
 
 * **Category**: Apps
-* **Status**: 3, stable
+* **Status**: 4
 * **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream
 * **Healthcheck**: Yes
 * **Backups**: Yes
@@ -47,16 +47,12 @@ AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authen
 
 ## Network (Multi-site)
 
-_(Only tested using subdomains)_
-
 1. Set up as above
-2. `abra app config <app-name>`, and uncomment the first `# Multisite` section
+2. `abra app config <app-name>`, and uncomment `#MULTISITE=enable`
 3. `abra app deploy <app-name>`
 4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
 5. Don't worry about the suggested file changes
-6. `abra app config <app-name>` again - comment out the first `# Multisite`
-   section in `.envrc`, uncomment the `# Multisite phase 2` section, and add
-   your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..)
+6. `abra app config <app-name>` again and set `MULTISITE` to either `subdomain` or `subfolder` depending on your setup.
 7. `abra app deploy <app-name>`
 
 ## Installing a custom theme

abra.sh

@@ -1,12 +1,24 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v6
+export ENTRYPOINT_CONF_VERSION=v7
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
+export HTACCESS_CONF_VERSION=v2
 
 wp() {
     su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
 }
 
+update() {
+    wp "core update-db"
+    wp "plugin update --all"
+    wp "plugin auto-updates enable --all"
+    wp "theme update --all"
+    wp "theme auto-updates enable --all"
+    wp "language core update"
+    wp "language plugin update --all"
+    wp "language theme update --all"
+}
+
 core_install(){
     ADMIN=admin
     if [ -n "$AUTHENTIK_DOMAIN" ]
@@ -26,6 +38,7 @@ core_install(){
     else
         wp "option set default_role subscriber"
     fi
+    wp "theme auto-updates enable --all"
     wp 'plugin auto-updates enable --all' || exit 0
 }
 
@@ -38,6 +51,7 @@ set_authentik(){
     fi
     wp "user create akadmin admin@example.com --role=administrator"
     wp "plugin install --activate daggerhart-openid-connect-generic"
+    wp 'plugin auto-updates enable daggerhart-openid-connect-generic'
     wp "option update --format=json openid_connect_generic_settings '
     {
         \"login_type\":\"$LOGIN_TYPE\",

alaconnect.yml

@@ -0,0 +1,12 @@
+authentik:
+    uncomment:
+        - compose.authentik.yml
+        - AUTHENTIK_DOMAIN
+        - SECRET_AUTHENTIK_SECRET_VERSION
+        - SECRET_AUTHENTIK_ID_VERSION
+        - LOGIN_TYPE
+    execute:
+        - app set_authentik
+    shared_secrets:
+        wordpress_secret: authentik_secret
+        wordpress_id: authentik_id

compose.ftp.yml

@@ -0,0 +1,26 @@
+---
+version: "3.8"
+
+services:
+  ftp:
+    image: atmoz/sftp
+    secrets:
+      - ftp_pass
+    ports:
+        - 2222:22
+    volumes:
+      - "wordpress_content:/home/ftp_user/wp-content"
+    configs:
+      - source: users_conf
+        target: /etc/sftp/users.conf
+
+secrets:
+  ftp_pass:
+    name: ${STACK_NAME}_ftp_pass_${SECRET_FTP_PASS_VERSION}
+    external: true
+
+configs:
+  users_conf:
+    name: ${STACK_NAME}_users_conf_${USERS_CONF_VERSION}
+    file: users.conf.tmpl
+    template_driver: golang

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "wordpress:6.4.0"
+    image: "wordpress:6.5.3"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
     networks:
@@ -31,6 +31,8 @@ services:
       - source: entrypoint_conf
         target: /docker-entrypoint.sh
         mode: 0555
+      - source: htaccess_conf
+        target: /var/www/html/.htaccess
     entrypoint: /docker-entrypoint.sh
     depends_on:
       - db
@@ -58,10 +60,10 @@ services:
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.6.1+6.4.0"
+        - "coop-cloud.${STACK_NAME}.version=2.9.1+6.5.3"
 
   db:
-    image: "mariadb:11.0"
+    image: "mariadb:11.3"
     volumes:
       - "mariadb:/var/lib/mysql"
     networks:
@@ -108,3 +110,7 @@ configs:
   php_uploads_conf:
     name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION}
     file: uploads.ini
+  htaccess_conf:
+    name: ${STACK_NAME}_htaccess_conf_${HTACCESS_CONF_VERSION}
+    file: htaccess.tmpl
+    template_driver: golang

entrypoint.sh.tmpl

@@ -24,6 +24,24 @@ a2enmod headers
 sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
 {{ end }}
 
+{{ if eq (env "MULTISITE") "enable" }}
+export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
+define('WP_CACHE', false);
+define('WP_ALLOW_MULTISITE', true );"
+{{ end }}
+
+{{ if or (eq (env "MULTISITE") "subdomain") (eq (env "MULTISITE") "subfolder") }}
+export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
+define('MULTISITE', true);
+define('SUBDOMAIN_INSTALL', true);
+define('DOMAIN_CURRENT_SITE', '${DOMAIN}');
+define('PATH_CURRENT_SITE', '/');
+define('SITE_ID_CURRENT_SITE', 1);
+define('BLOG_ID_CURRENT_SITE', 1);
+define('FORCE_SSL_ADMIN', true );
+define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+{{ end }}
+
 if [ -n "$@" ]; then
 	"$@"
 fi

htaccess.tmpl

@@ -0,0 +1,57 @@
+{{ if eq (env "MULTISITE") "" -}}
+# BEGIN WordPress
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.php [L]
+
+# END WordPress
+{{- end -}}
+
+{{- if eq (env "MULTISITE") "subfolder" -}}
+# BEGIN WordPress Multisite
+# Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+
+# add a trailing slash to /wp-admin
+RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
+
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
+RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
+RewriteRule . index.php [L]
+
+# END WordPress Multisite
+{{- end -}}
+
+{{- if eq (env "MULTISITE") "subdomain" -}}
+# BEGIN WordPress Multisite
+# Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+
+# add a trailing slash to /wp-admin
+RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
+
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
+RewriteRule ^(.*\.php)$ $1 [L]
+RewriteRule . index.php [L]
+
+# END WordPress Multisite
+{{- end }}

release/2.7.0+6.4.2

@@ -0,0 +1 @@
+Multisite now also works with subpaths instead of subdomains. Also Multisite support was simplified. If you are using a subdomain multisite setup you can remove the `WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true);...` from your config and instead set MULTISITE=subdomain.

users.conf.tmpl

@@ -0,0 +1 @@
+ftp_user:{{ secret "ftp_pass" }}:33:33