.drone.yml

@@ -21,10 +21,9 @@ steps:
       SECRET_DB_ROOT_PASSWORD_VERSION: v1
       PHP_UPLOADS_CONF_VERSION: v1
       ENTRYPOINT_CONF_VERSION: v1
-      HTACCESS_CONF_VERSION: v1
 trigger:
   branch:
-    - main
+    - master
 ---
 kind: pipeline
 name: generate recipe catalogue
@@ -37,7 +36,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -2,15 +2,10 @@ TYPE=wordpress
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 COMPOSE_FILE="compose.yml"
-ENABLE_BACKUPS=true
 
 DOMAIN=wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
-# Redirects
-# All redirect domains have to be added to EXTRA_DOMAINS as well)
-# multiple redirects can be added by seperating them with a | character
-#REDIRECTS=www.wordpress.example.com
 LETS_ENCRYPT_ENV=production
 
 # Setup Wordpress settings on each deploy:
@@ -39,12 +34,13 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Mostly for compatibility with existing database dumps...
 #WORDPRESS_TABLE_PREFIX=wp_
 
-# Multisite (see README)
+# Multisite
-#MULTISITE=enable # either 'enable', 'subdomain' or 'subfolder'
+#WORDPRESS_CONFIG_EXTRA="\
+#define('WP_CACHE', false);\
+#define('WP_ALLOW_MULTISITE', true );"
 
-# File upload settings
+# Multisite phase 2 (see README)
-#UPLOAD_MAX_SIZE=256M
+#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
-#UPLOAD_MAX_TIME=30
 
 # Local SMTP relay
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
@@ -52,7 +48,7 @@ SECRET_DB_PASSWORD_VERSION=v1
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
@@ -76,15 +72,3 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
-
-
-# FTP
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
-#SECRET_FTP_PASS_VERSION=v1
-# You can use a Port between 2220-2225
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2220.yml"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2221.yml"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2223.yml"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2224.yml"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2225.yml"

README.md

@@ -7,7 +7,7 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
 <!-- metadata -->
 
 * **Category**: Apps
-* **Status**: 4
+* **Status**: 3, stable
 * **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream
 * **Healthcheck**: Yes
 * **Backups**: Yes
@@ -47,12 +47,16 @@ AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authen
 
 ## Network (Multi-site)
 
+_(Only tested using subdomains)_
+
 1. Set up as above
-2. `abra app config <app-name>`, and uncomment `#MULTISITE=enable`
+2. `abra app config <app-name>`, and uncomment the first `# Multisite` section
 3. `abra app deploy <app-name>`
 4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
 5. Don't worry about the suggested file changes
-6. `abra app config <app-name>` again and set `MULTISITE` to either `subdomain` or `subfolder` depending on your setup.
+6. `abra app config <app-name>` again - comment out the first `# Multisite`
+   section in `.envrc`, uncomment the `# Multisite phase 2` section, and add
+   your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..)
 7. `abra app deploy <app-name>`
 
 ## Installing a custom theme

abra.sh

@@ -1,25 +1,12 @@
-export PHP_UPLOADS_CONF_VERSION=v4
+export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v7
+export ENTRYPOINT_CONF_VERSION=v6
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
-export HTACCESS_CONF_VERSION=v2
-export USERS_CONF_VERSION=v1
 
 wp() {
     su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
 }
 
-update() {
-    wp "core update-db"
-    wp "plugin update --all"
-    wp "plugin auto-updates enable --all"
-    wp "theme update --all"
-    wp "theme auto-updates enable --all"
-    wp "language core update"
-    wp "language plugin update --all"
-    wp "language theme update --all"
-}
-
 core_install(){
     ADMIN=admin
     if [ -n "$AUTHENTIK_DOMAIN" ]
@@ -39,7 +26,6 @@ core_install(){
     else
         wp "option set default_role subscriber"
     fi
-    wp "theme auto-updates enable --all"
     wp 'plugin auto-updates enable --all' || exit 0
 }
 
@@ -52,7 +38,6 @@ set_authentik(){
     fi
     wp "user create akadmin admin@example.com --role=administrator"
     wp "plugin install --activate daggerhart-openid-connect-generic"
-    wp 'plugin auto-updates enable daggerhart-openid-connect-generic'
     wp "option update --format=json openid_connect_generic_settings '
     {
         \"login_type\":\"$LOGIN_TYPE\",
@@ -90,7 +75,3 @@ set_authentik(){
 fix_mysql() {
   echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password)
 }
-
-show_plugins() {
-  wp "plugin list --fields=name,status,wporg_status,version,update_version,auto_update,tested_up_to,wporg_last_updated"
-}

alaconnect.yml

@@ -1,12 +0,0 @@
-authentik:
-    uncomment:
-        - compose.authentik.yml
-        - AUTHENTIK_DOMAIN
-        - SECRET_AUTHENTIK_SECRET_VERSION
-        - SECRET_AUTHENTIK_ID_VERSION
-        - LOGIN_TYPE
-    inital-hooks:
-        - app set_authentik
-    shared_secrets:
-        wordpress_secret: authentik_secret
-        wordpress_id: authentik_id

compose.ftp-2220.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2220:22

compose.ftp-2221.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2221:22

compose.ftp-2222.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2222:22

compose.ftp-2223.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2223:22

compose.ftp-2224.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2224:22

compose.ftp-2225.yml

@@ -1,7 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    ports:
-        - 2220:22

compose.ftp.yml

@@ -1,24 +0,0 @@
----
-version: "3.8"
-
-services:
-  ftp:
-    image: atmoz/sftp
-    secrets:
-      - ftp_pass
-    volumes:
-      - "wordpress_content:/home/ftp_user/wp-content"
-    configs:
-      - source: users_conf
-        target: /etc/sftp/users.conf
-
-secrets:
-  ftp_pass:
-    name: ${STACK_NAME}_ftp_pass_${SECRET_FTP_PASS_VERSION}
-    external: true
-
-configs:
-  users_conf:
-    name: ${STACK_NAME}_users_conf_${USERS_CONF_VERSION}
-    file: users.conf.tmpl
-    template_driver: golang

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "wordpress:6.8.1"
+    image: "wordpress:6.4.1"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
     networks:
@@ -31,8 +31,6 @@ services:
       - source: entrypoint_conf
         target: /docker-entrypoint.sh
         mode: 0555
-      - source: htaccess_conf
-        target: /var/www/html/.htaccess
     entrypoint: /docker-entrypoint.sh
     depends_on:
       - db
@@ -57,15 +55,13 @@ services:
         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=2.16.0+6.8.1"
+        - "backupbot.backup=true"
+        - "backupbot.backup.path=/var/www/html"
+        - "coop-cloud.${STACK_NAME}.version=2.6.2+6.4.1"
 
   db:
-    image: "mariadb:11.7"
+    image: "mariadb:11.2"
     volumes:
       - "mariadb:/var/lib/mysql"
     networks:
@@ -80,10 +76,12 @@ services:
       - db_root_password
     deploy:
       labels:
-        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup: "true"
-        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
+        backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz'"
-        backupbot.backup.volumes.mariadb.path: "dump.sql.gz"
+        backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
-        backupbot.restore.post-hook: "gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
+        backupbot.restore: "true"
+        backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"
 
 networks:
   backend:
@@ -109,9 +107,4 @@ configs:
     template_driver: golang
   php_uploads_conf:
     name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION}
-    file: uploads.ini.tmpl
+    file: uploads.ini
-    template_driver: golang
-  htaccess_conf:
-    name: ${STACK_NAME}_htaccess_conf_${HTACCESS_CONF_VERSION}
-    file: htaccess.tmpl
-    template_driver: golang

entrypoint.sh.tmpl

@@ -24,24 +24,6 @@ a2enmod headers
 sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
 {{ end }}
 
-{{ if eq (env "MULTISITE") "enable" }}
-export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
-define('WP_CACHE', false);
-define('WP_ALLOW_MULTISITE', true );"
-{{ end }}
-
-{{ if or (eq (env "MULTISITE") "subdomain") (eq (env "MULTISITE") "subfolder") }}
-export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
-define('MULTISITE', true);
-define('SUBDOMAIN_INSTALL', true);
-define('DOMAIN_CURRENT_SITE', '${DOMAIN}');
-define('PATH_CURRENT_SITE', '/');
-define('SITE_ID_CURRENT_SITE', 1);
-define('BLOG_ID_CURRENT_SITE', 1);
-define('FORCE_SSL_ADMIN', true );
-define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
-{{ end }}
-
 if [ -n "$@" ]; then
 	"$@"
 fi

htaccess.tmpl

@@ -1,57 +0,0 @@
-{{ if eq (env "MULTISITE") "" -}}
-# BEGIN WordPress
-
-RewriteEngine On
-RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-RewriteBase /
-RewriteRule ^index\.php$ - [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule . /index.php [L]
-
-# END WordPress
-{{- end -}}
-
-{{- if eq (env "MULTISITE") "subfolder" -}}
-# BEGIN WordPress Multisite
-# Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite
-
-RewriteEngine On
-RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-RewriteBase /
-RewriteRule ^index\.php$ - [L]
-
-# add a trailing slash to /wp-admin
-RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
-
-RewriteCond %{REQUEST_FILENAME} -f [OR]
-RewriteCond %{REQUEST_FILENAME} -d
-RewriteRule ^ - [L]
-RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
-RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
-RewriteRule . index.php [L]
-
-# END WordPress Multisite
-{{- end -}}
-
-{{- if eq (env "MULTISITE") "subdomain" -}}
-# BEGIN WordPress Multisite
-# Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite
-
-RewriteEngine On
-RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-RewriteBase /
-RewriteRule ^index\.php$ - [L]
-
-# add a trailing slash to /wp-admin
-RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
-
-RewriteCond %{REQUEST_FILENAME} -f [OR]
-RewriteCond %{REQUEST_FILENAME} -d
-RewriteRule ^ - [L]
-RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
-RewriteRule ^(.*\.php)$ $1 [L]
-RewriteRule . index.php [L]
-
-# END WordPress Multisite
-{{- end }}

release/2.10.0+6.5.5

@@ -1 +0,0 @@
-Adds redirects and alakazam integration

release/2.13.2+6.7.1

@@ -1 +0,0 @@
-Breaking change for ftp container: you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml" to open port 2222 again. You can also select between port 2220-2225.

release/2.7.0+6.4.2

@@ -1 +0,0 @@
-Multisite now also works with subpaths instead of subdomains. Also Multisite support was simplified. If you are using a subdomain multisite setup you can remove the `WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true);...` from your config and instead set MULTISITE=subdomain.

uploads.ini

@@ -0,0 +1,3 @@
+file_uploads = On
+upload_max_filesize = 256M
+post_max_size = 256M

uploads.ini.tmpl

@@ -1,11 +0,0 @@
-{{ $upload_max_size := "256M" }}
-{{ if ne (env "UPLOAD_MAX_SIZE") "" }} {{ $upload_max_size = env "UPLOAD_MAX_SIZE" }} {{ end }}
-{{ $upload_max_time := "30" }}
-{{ if ne (env "UPLOAD_MAX_TIME") "" }} {{ $upload_max_time = env "UPLOAD_MAX_TIME" }} {{ end }}
-
-file_uploads = On
-upload_max_filesize =  {{ $upload_max_size }}
-post_max_size = {{ $upload_max_size }}
-memory_limit = {{ $upload_max_size }}
-max_execution_time = {{ $upload_max_time }}
-max_input_time = {{ $upload_max_time }}

users.conf.tmpl

@@ -1 +0,0 @@
-ftp_user:{{ secret "ftp_pass" }}:33:33