Compare commits
67 Commits
ssh
...
2.6.3+6.4.
| Author | SHA1 | Date | |
|---|---|---|---|
| de5455833e | |||
| 81dbeca30d | |||
| 245b800439 | |||
| 540d526914 | |||
| df32ba5141 | |||
| 8d8418a6c0 | |||
| a8d67b063c | |||
| da0f503960 | |||
| 6767d5ee65 | |||
| d5227cc534 | |||
| 45a36ba7b4 | |||
| ed77855e7d | |||
| 1c70a89ed4 | |||
| c6be9ecfcf | |||
| f2867c8359 | |||
| 4a7c468806 | |||
| 40d95417e9 | |||
| 37aa0649b9 | |||
| 5723405e51 | |||
| 650d531ed1 | |||
| 9077d0aa86 | |||
| 952044e590 | |||
| 1c03d854b2 | |||
| 38bc51f516 | |||
| 40cbb7d689 | |||
| 16ca5734d7 | |||
| 91335eac3a | |||
| dfaa04131d | |||
| b508b67752 | |||
| 8cc028fc00 | |||
| 55f00a482a | |||
| df821f5017 | |||
| 9b1e36f8c8 | |||
| f624ef2dc6 | |||
| 40e89c874a | |||
| 7c725fbf85 | |||
| ed587cd983 | |||
| 85d910f7ea | |||
| bcb911c6e0 | |||
| 7281edfd60 | |||
| 87406eb3ab | |||
| db1e7bc88a | |||
| 7962da376c | |||
| 6c97636698 | |||
| 72ff340927 | |||
| 369d962c40 | |||
| 5941680738 | |||
| 112c7a8f03 | |||
| 2550098aee | |||
| ef7bed62dd | |||
| 581cd72a9a | |||
50cd246597
|
|||
| a55be09951 | |||
| 5538ce9c3e | |||
| 981fe85910 | |||
| 1cedb08e46 | |||
| 37a6ff8d7a | |||
| 98f9a4f4d9 | |||
| 76b698bc30 | |||
| dcb3b410ff | |||
| ceffd9ba5d | |||
| 2d8c149b42 | |||
| 08c56a2ad9 | |||
| 2cb9b71e47 | |||
| 88ee8ae05e | |||
| 57122cd677 | |||
| ab3361f46d |
20
.drone.yml
20
.drone.yml
@ -3,7 +3,7 @@ kind: pipeline
|
|||||||
name: deploy to swarm-test.autonomic.zone
|
name: deploy to swarm-test.autonomic.zone
|
||||||
steps:
|
steps:
|
||||||
- name: deployment
|
- name: deployment
|
||||||
image: decentral1se/stack-ssh-deploy:latest
|
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||||
settings:
|
settings:
|
||||||
host: swarm-test.autonomic.zone
|
host: swarm-test.autonomic.zone
|
||||||
stack: wordpress
|
stack: wordpress
|
||||||
@ -11,6 +11,8 @@ steps:
|
|||||||
purge: true
|
purge: true
|
||||||
deploy_key:
|
deploy_key:
|
||||||
from_secret: drone_ssh_swarm_test
|
from_secret: drone_ssh_swarm_test
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
environment:
|
environment:
|
||||||
DOMAIN: wordpress.swarm-test.autonomic.zone
|
DOMAIN: wordpress.swarm-test.autonomic.zone
|
||||||
STACK_NAME: wordpress
|
STACK_NAME: wordpress
|
||||||
@ -24,11 +26,17 @@ trigger:
|
|||||||
- master
|
- master
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: recipe release
|
name: generate recipe catalogue
|
||||||
steps:
|
steps:
|
||||||
- name: release a new version
|
- name: release a new version
|
||||||
image: thecoopcloud/drone-abra:latest
|
image: plugins/downstream
|
||||||
settings:
|
settings:
|
||||||
command: recipe wordpress release
|
server: https://build.coopcloud.tech
|
||||||
deploy_key:
|
token:
|
||||||
from_secret: abra_bot_deploy_key
|
from_secret: drone_abra-bot_token
|
||||||
|
fork: true
|
||||||
|
repositories:
|
||||||
|
- coop-cloud/auto-recipes-catalogue-json
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event: tag
|
||||||
|
|||||||
60
.env.sample
60
.env.sample
@ -1,44 +1,74 @@
|
|||||||
TYPE=wordpress
|
TYPE=wordpress
|
||||||
|
TIMEOUT=300
|
||||||
|
ENABLE_AUTO_UPDATE=true
|
||||||
|
COMPOSE_FILE="compose.yml"
|
||||||
|
|
||||||
DOMAIN=wordpress.example.com
|
DOMAIN=wordpress.example.com
|
||||||
## Domain aliases
|
## Domain aliases
|
||||||
#EXTRA_DOMAINS=', `www.wordpress.example.com`'
|
#EXTRA_DOMAINS=', `www.wordpress.example.com`'
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
# Setup Wordpress settings on each deploy:
|
||||||
|
#POST_DEPLOY_CMDS="app core_install"
|
||||||
|
|
||||||
|
# Optional settings, otherwise can be set in the installer
|
||||||
|
# (Required for `app core_install`
|
||||||
|
#TITLE="My Example Blog"
|
||||||
|
#LOCALE="en_US" # de_DE
|
||||||
|
#ADMIN_EMAIL=admin@example.com
|
||||||
|
|
||||||
|
# Every new user is per default subscriber, uncomment to change it
|
||||||
|
#DEFAULT_USER_ROLE=administrator
|
||||||
|
|
||||||
|
# PHP composer for plugin installation
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.composer.yml"
|
||||||
|
|
||||||
|
#WORDPRESS_DEBUG=true
|
||||||
|
|
||||||
## Additional extensions
|
## Additional extensions
|
||||||
#PHP_EXTENSIONS="calendar"
|
#PHP_EXTENSIONS="calendar"
|
||||||
|
|
||||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# Mostly for compatibility with existing database dumps...
|
||||||
|
#WORDPRESS_TABLE_PREFIX=wp_
|
||||||
|
|
||||||
# Multisite
|
# Multisite
|
||||||
#WORDPRESS_CONFIG_EXTRA="\
|
#WORDPRESS_CONFIG_EXTRA="\
|
||||||
# define('WP_CACHE', false);\
|
#define('WP_CACHE', false);\
|
||||||
# define('WP_ALLOW_MULTISITE', true );"
|
#define('WP_ALLOW_MULTISITE', true );"
|
||||||
|
|
||||||
# Multisite phase 2 (see README)
|
# Multisite phase 2 (see README)
|
||||||
#WORDPRESS_CONFIG_EXTRA="\
|
#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
|
||||||
# define('WP_CACHE', false);\
|
|
||||||
# define('WP_ALLOW_MULTISITE', true );\
|
|
||||||
# define('MULTISITE', true);\
|
|
||||||
# define('SUBDOMAIN_INSTALL', true);\
|
|
||||||
# define('DOMAIN_CURRENT_SITE', '${DOMAIN}');\
|
|
||||||
# define('PATH_CURRENT_SITE', '/');\
|
|
||||||
# define('SITE_ID_CURRENT_SITE', 1);\
|
|
||||||
# define('BLOG_ID_CURRENT_SITE', 1);\
|
|
||||||
# define('FORCE_SSL_ADMIN', true );\
|
|
||||||
# define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
|
|
||||||
|
|
||||||
# Local SMTP relay
|
# Local SMTP relay
|
||||||
#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
|
||||||
#SMTP_HOST="postfix_relay_app"
|
#SMTP_HOST="postfix_relay_app"
|
||||||
#MAIL_FROM="wordpress@example.com"
|
#MAIL_FROM="wordpress@example.com"
|
||||||
|
|
||||||
# Remote SMTP relay
|
# Remote SMTP relay
|
||||||
#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml"
|
||||||
#SMTP_HOST="mail.example.com"
|
#SMTP_HOST="mail.example.com"
|
||||||
#MAIL_FROM="wordpress@example.com"
|
#MAIL_FROM="wordpress@example.com"
|
||||||
|
#SMTP_USER="wordpress@example.com" # optional, defaults to MAIL_FROM
|
||||||
|
#SMTP_OVERRIDE_FROM=on # force "From" to MAIL_FROM, usually necessary
|
||||||
#SMTP_PORT=587
|
#SMTP_PORT=587
|
||||||
#SMTP_AUTH=on
|
#SMTP_AUTH=on
|
||||||
#SMTP_TLS=on
|
#SMTP_TLS=on
|
||||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# Authentik SSO
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||||
|
#AUTHENTIK_DOMAIN=authentik.example.com
|
||||||
|
#SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||||
|
#SECRET_AUTHENTIK_ID_VERSION=v1
|
||||||
|
#LOGIN_TYPE='auto'
|
||||||
|
|
||||||
|
# Allow remote connections to db
|
||||||
|
# 🚩🚩 dangerous, use only for development sites!
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
|
||||||
|
|
||||||
|
# Wide-open CORS
|
||||||
|
# 🚩🚩 dangerous, use only for development sites!
|
||||||
|
#CORS_ALLOW_ALL=1
|
||||||
|
|||||||
54
README.md
54
README.md
@ -1,6 +1,6 @@
|
|||||||
# Wordpress
|
# Wordpress
|
||||||
|
|
||||||
[](https://drone.autonomic.zone/coop-cloud/wordpress)
|
[](https://build.coopcloud.tech/coop-cloud/wordpress)
|
||||||
|
|
||||||
Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
|
Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
|
||||||
|
|
||||||
@ -17,43 +17,51 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
|
|||||||
|
|
||||||
<!-- endmetadata -->
|
<!-- endmetadata -->
|
||||||
|
|
||||||
## Basic usage
|
|
||||||
|
|
||||||
1. Set up Docker Swarm and [`abra`][abra]
|
## Quick start
|
||||||
2. Deploy [`coop-cloud/traefik`][cc-traefik]
|
|
||||||
3. `abra app new wordpress --secrets` (optionally with `--pass` if you'd like
|
|
||||||
to save secrets in `pass`)
|
* `abra app new wordpress`
|
||||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
* `abra app config <app-name>`
|
||||||
your Docker swarm box
|
* `abra app secret generate -a <app-name>`
|
||||||
5. `abra app YOURAPPDOMAIN deploy`
|
* `abra app deploy <app-name>`
|
||||||
6. Open the configured domain in your browser to finish set-up
|
* `abra app cmd <app-name> app core_install`
|
||||||
7. `abra app YOURAPPDOMAIN run app chown www-data:www-data /var/www/html/wp-content` to fix
|
|
||||||
file permissions (see #3)
|
### Authentik Integration
|
||||||
|
|
||||||
|
|
||||||
|
`abra app config <app-name>`
|
||||||
|
Configure the following envs:
|
||||||
|
```
|
||||||
|
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||||
|
AUTHENTIK_DOMAIN=authentik.example.com
|
||||||
|
AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1 # the same as in authentik
|
||||||
|
AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1 # the same as in authentik
|
||||||
|
```
|
||||||
|
|
||||||
|
`abra app cmd <app-name> app set_authentik`
|
||||||
|
|
||||||
## Running WP-CLI
|
## Running WP-CLI
|
||||||
|
|
||||||
`abra app YOURAPPDOMAIN wp 'core check-update --major'`
|
`abra app cmd <app-name> app wp -- core check-update --major`
|
||||||
|
|
||||||
(the WP-CLI arguments need to be quoted, because of how `abra` handles
|
|
||||||
command-line arguments)
|
|
||||||
|
|
||||||
## Network (Multi-site)
|
## Network (Multi-site)
|
||||||
|
|
||||||
_(Only tested using subdomains)_
|
_(Only tested using subdomains)_
|
||||||
|
|
||||||
1. Set up as above
|
1. Set up as above
|
||||||
2. `abra app YOURAPPDOMAIN config`, and uncomment the first `# Multisite` section
|
2. `abra app config <app-name>`, and uncomment the first `# Multisite` section
|
||||||
3. `abra app YOURAPPDOMAIN deploy`
|
3. `abra app deploy <app-name>`
|
||||||
4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
|
4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
|
||||||
5. Don't worry about the suggested file changes
|
5. Don't worry about the suggested file changes
|
||||||
6. `abra app YOURAPPDOMAIN config` again - comment out the first `# Multisite`
|
6. `abra app config <app-name>` again - comment out the first `# Multisite`
|
||||||
section in `.envrc`, uncomment the `# Multisite phase 2` section, and add
|
section in `.envrc`, uncomment the `# Multisite phase 2` section, and add
|
||||||
your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..)
|
your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..)
|
||||||
7. `abra app YOURAPPDOMAIN deploy`
|
7. `abra app deploy <app-name>`
|
||||||
|
|
||||||
## Installing a custom theme
|
## Installing a custom theme
|
||||||
|
|
||||||
`abra app YOURAPPDOMAIN cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/`
|
`abra app cp <app-name> ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/`
|
||||||
|
|
||||||
## Email
|
## Email
|
||||||
|
|
||||||
@ -65,10 +73,10 @@ There is a local or remote SMTP relay configuration available.
|
|||||||
Below are the instructions for the local relay.
|
Below are the instructions for the local relay.
|
||||||
|
|
||||||
1. Deploy [`postfix-relay`][cc-postfix-relay]
|
1. Deploy [`postfix-relay`][cc-postfix-relay]
|
||||||
2. `abra app YOURAPPDOMAIN config`, and uncomment the email lines; change
|
2. `abra app config <app-name>`, and uncomment the email lines; change
|
||||||
`MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s
|
`MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s
|
||||||
`$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS`
|
`$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS`
|
||||||
3. `abra app YOURAPPDOMAIN deploy`
|
3. `abra app deploy <app-name>`
|
||||||
|
|
||||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||||
|
|||||||
137
abra.sh
137
abra.sh
@ -1,78 +1,77 @@
|
|||||||
export PHP_UPLOADS_CONF_VERSION=v3
|
export PHP_UPLOADS_CONF_VERSION=v3
|
||||||
export ENTRYPOINT_CONF_VERSION=v2
|
export ENTRYPOINT_CONF_VERSION=v6
|
||||||
export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1
|
export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
|
||||||
export MSMTP_CONF_VERSION=v3
|
export MSMTP_CONF_VERSION=v4
|
||||||
|
|
||||||
sub_wp() {
|
wp() {
|
||||||
CONTAINER=$(docker container ls -f "Name=${STACK_NAME}_app" --format '{{ .ID }}')
|
su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
|
||||||
if [ -z "$CONTAINER" ]; then
|
|
||||||
error "Can't find a container for ${STACK_NAME}_app"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
debug "Using Container ID ${CONTAINER}"
|
|
||||||
|
|
||||||
# FIXME 3wc: we're fighting the Wordpress image, which recommends a named
|
|
||||||
# volume for /var/www/html -- this used to work fine using --volumes-from
|
|
||||||
# because the actual MySQL password was inserted into the generated
|
|
||||||
# wp-config.php -- but as of Wordpress 5.7.0, wp-config loads data straight
|
|
||||||
# from the environment, which requires Docker secrets to work, which only work
|
|
||||||
# in swarm services (not one-off `docker run` commands). Defining a `cli`
|
|
||||||
# service in compose.yml almost works, but there's no volumes_from: in Compose
|
|
||||||
# V3, and without it then the `cli` service can't access Wordpress core.
|
|
||||||
# See https://git.autonomic.zone/coop-cloud/wordpress/issues/21
|
|
||||||
warning "Slowly looking up MySQL password..."
|
|
||||||
silence
|
|
||||||
abra__service_="app"
|
|
||||||
DB_PASSWORD="$(sub_app_run cat "/run/secrets/db_password")"
|
|
||||||
unsilence
|
|
||||||
|
|
||||||
# shellcheck disable=SC2154,SC2086
|
|
||||||
docker run -it \
|
|
||||||
--volumes-from "$CONTAINER" \
|
|
||||||
--network "container:$CONTAINER" \
|
|
||||||
-u xfs:xfs \
|
|
||||||
-e WORDPRESS_DB_HOST=db \
|
|
||||||
-e WORDPRESS_DB_USER=wordpress \
|
|
||||||
-e WORDPRESS_DB_PASSWORD="${DB_PASSWORD}" \
|
|
||||||
-e WORDPRESS_DB_NAME=wordpress \
|
|
||||||
-e WORDPRESS_CONFIG_EXTRA="${WORDPRESS_CONFIG_EXTRA}" \
|
|
||||||
wordpress:cli wp ${abra__args_[*]}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
abra_backup_app() {
|
core_install(){
|
||||||
_abra_backup_dir "app:/var/www/html/wp-content"
|
ADMIN=admin
|
||||||
|
if [ -n "$AUTHENTIK_DOMAIN" ]
|
||||||
|
then
|
||||||
|
ADMIN=akadmin
|
||||||
|
fi
|
||||||
|
chown www-data:www-data -R /var/www/html/wp-content
|
||||||
|
wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
|
||||||
|
wp "language core install $LOCALE"
|
||||||
|
wp "site switch-language $LOCALE"
|
||||||
|
wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
|
||||||
|
wp "plugin install --activate disable-update-notifications"
|
||||||
|
wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'"
|
||||||
|
if [ -n "$DEFAULT_USER_ROLE" ]
|
||||||
|
then
|
||||||
|
wp "option set default_role $DEFAULT_USER_ROLE"
|
||||||
|
else
|
||||||
|
wp "option set default_role subscriber"
|
||||||
|
fi
|
||||||
|
wp 'plugin auto-updates enable --all' || exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
abra_backup_db() {
|
set_authentik(){
|
||||||
_abra_backup_mysql "db" "wordpress"
|
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
||||||
|
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
||||||
|
if [ -z $LOGIN_TYPE ]
|
||||||
|
then
|
||||||
|
LOGIN_TYPE='button'
|
||||||
|
fi
|
||||||
|
wp "user create akadmin admin@example.com --role=administrator"
|
||||||
|
wp "plugin install --activate daggerhart-openid-connect-generic"
|
||||||
|
wp "option update --format=json openid_connect_generic_settings '
|
||||||
|
{
|
||||||
|
\"login_type\":\"$LOGIN_TYPE\",
|
||||||
|
\"client_id\":\"$AUTHENTIK_ID\",
|
||||||
|
\"client_secret\":\"$AUTHENTIK_SECRET\",
|
||||||
|
\"scope\":\"email profile openid\",
|
||||||
|
\"endpoint_login\":\"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
|
||||||
|
\"endpoint_userinfo\":\"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
|
||||||
|
\"endpoint_token\":\"https://$AUTHENTIK_DOMAIN/application/o/token/\",
|
||||||
|
\"endpoint_end_session\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/\",
|
||||||
|
\"acr_values\":\"\",
|
||||||
|
\"identity_key\":\"preferred_username\",
|
||||||
|
\"no_sslverify\":\"0\",
|
||||||
|
\"http_request_timeout\":\"30\",
|
||||||
|
\"enforce_privacy\":\"0\",
|
||||||
|
\"alternate_redirect_uri\":\"1\",
|
||||||
|
\"nickname_key\":\"preferred_username\",
|
||||||
|
\"email_format\":\"{email}\",
|
||||||
|
\"displayname_format\":\"\",
|
||||||
|
\"identify_with_username\":\"1\",
|
||||||
|
\"state_time_limit\":\"\",
|
||||||
|
\"token_refresh_enable\":\"1\",
|
||||||
|
\"link_existing_users\":\"1\",
|
||||||
|
\"create_if_does_not_exist\":\"1\",
|
||||||
|
\"redirect_user_back\":\"0\",
|
||||||
|
\"redirect_on_logout\":\"1\",
|
||||||
|
\"enable_logging\":\"0\",
|
||||||
|
\"log_limit\":\"1000\"
|
||||||
|
}'"
|
||||||
|
wp "rewrite flush"
|
||||||
|
wp "cache flush"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
abra_backup() {
|
fix_mysql() {
|
||||||
abra_backup_app && abra_backup_db
|
echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password)
|
||||||
}
|
|
||||||
|
|
||||||
abra_restore_app() {
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
{
|
|
||||||
abra__src_="-"
|
|
||||||
abra__dst_="app:/var/www/html/"
|
|
||||||
}
|
|
||||||
|
|
||||||
zcat "$@" | sub_app_cp
|
|
||||||
|
|
||||||
success "Restored 'app'"
|
|
||||||
}
|
|
||||||
|
|
||||||
abra_restore_db() {
|
|
||||||
# 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
|
|
||||||
# got this far..
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
abra___no_tty="true"
|
|
||||||
|
|
||||||
DB_ROOT_PASSWORD=$(sub_app_run cat /run/secrets/db_root_password)
|
|
||||||
|
|
||||||
zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress
|
|
||||||
|
|
||||||
success "Restored 'db'"
|
|
||||||
}
|
}
|
||||||
|
|||||||
14
compose.authentik.yml
Normal file
14
compose.authentik.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
secrets:
|
||||||
|
- authentik_secret
|
||||||
|
- authentik_id
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
authentik_secret:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
|
||||||
|
authentik_id:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
|
||||||
14
compose.composer.yml
Normal file
14
compose.composer.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
volumes:
|
||||||
|
- "composer:/var/www/html/composer"
|
||||||
|
environment:
|
||||||
|
- ENABLE_COMPOSER=1
|
||||||
|
- COMPOSER=composer/composer.json
|
||||||
|
- COMPOSER_VENDOR_DIR=composer/vendor
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
composer:
|
||||||
@ -6,6 +6,7 @@ services:
|
|||||||
entrypoint: /docker-entrypoint.mailrelay.sh
|
entrypoint: /docker-entrypoint.mailrelay.sh
|
||||||
environment:
|
environment:
|
||||||
- SMTP_HOST=${SMTP_HOST}
|
- SMTP_HOST=${SMTP_HOST}
|
||||||
|
- SMTP_PORT=${SMTP_PORT:-25}
|
||||||
- MAIL_FROM=${MAIL_FROM}
|
- MAIL_FROM=${MAIL_FROM}
|
||||||
configs:
|
configs:
|
||||||
- source: mstmp_conf
|
- source: mstmp_conf
|
||||||
|
|||||||
9
compose.public-db.yml
Normal file
9
compose.public-db.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
ports:
|
||||||
|
- target: 3306
|
||||||
|
published: 3306
|
||||||
|
mode: host
|
||||||
@ -6,11 +6,12 @@ services:
|
|||||||
secrets:
|
secrets:
|
||||||
- smtp_password
|
- smtp_password
|
||||||
environment:
|
environment:
|
||||||
- SMTP_HOST=${SMTP_HOST}
|
- SMTP_HOST
|
||||||
- SMTP_PORT=${SMTP_PORT:-25}
|
- SMTP_PORT=${SMTP_PORT:-25}
|
||||||
- SMTP_AUTH=${SMTP_AUTH}
|
- SMTP_AUTH
|
||||||
- SMTP_TLS=${SMTP_TLS}
|
- SMTP_TLS
|
||||||
- MAIL_FROM=${MAIL_FROM}
|
- MAIL_FROM
|
||||||
|
- SMTP_OVERRIDE_FROM
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
smtp_password:
|
smtp_password:
|
||||||
|
|||||||
36
compose.yml
36
compose.yml
@ -3,19 +3,26 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "wordpress:5.8.1"
|
image: "wordpress:6.4.2"
|
||||||
volumes:
|
volumes:
|
||||||
- "wordpress_content:/var/www/html/wp-content/"
|
- "wordpress_content:/var/www/html/wp-content/"
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
- proxy
|
- proxy
|
||||||
environment:
|
environment:
|
||||||
- WORDPRESS_DB_HOST=db
|
WORDPRESS_CONFIG_EXTRA: |
|
||||||
- WORDPRESS_DB_USER=wordpress
|
define( 'AUTOMATIC_UPDATER_DISABLED', false );
|
||||||
- WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
|
define( 'WP_AUTO_UPDATE_CORE', false );
|
||||||
- WORDPRESS_DB_NAME=wordpress
|
${WORDPRESS_CONFIG_EXTRA}
|
||||||
- WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
|
PAGER: more
|
||||||
- PHP_EXTENSIONS
|
WORDPRESS_DB_HOST: db
|
||||||
|
WORDPRESS_DB_USER: wordpress
|
||||||
|
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
|
||||||
|
WORDPRESS_DB_NAME: wordpress
|
||||||
|
WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
|
||||||
|
PHP_EXTENSIONS: ${PHP_EXTENSIONS}
|
||||||
|
CORS_ALLOW_ALL:
|
||||||
|
COMPOSER:
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
configs:
|
configs:
|
||||||
@ -48,10 +55,13 @@ services:
|
|||||||
#- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
|
#- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+5.8.1"
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||||
|
- "backupbot.backup=true"
|
||||||
|
- "backupbot.backup.path=/var/www/html"
|
||||||
|
- "coop-cloud.${STACK_NAME}.version=2.6.3+6.4.2"
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: "mariadb:10.6"
|
image: "mariadb:11.2"
|
||||||
volumes:
|
volumes:
|
||||||
- "mariadb:/var/lib/mysql"
|
- "mariadb:/var/lib/mysql"
|
||||||
networks:
|
networks:
|
||||||
@ -64,6 +74,14 @@ services:
|
|||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
- db_root_password
|
- db_root_password
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
backupbot.backup: "true"
|
||||||
|
backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz'"
|
||||||
|
backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
|
||||||
|
backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
|
||||||
|
backupbot.restore: "true"
|
||||||
|
backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
backend:
|
backend:
|
||||||
|
|||||||
@ -3,3 +3,5 @@
|
|||||||
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm -rf /var/lib/apt/lists/*
|
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini
|
echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini
|
||||||
|
|
||||||
|
/docker-entrypoint.sh
|
||||||
|
|||||||
@ -4,6 +4,26 @@
|
|||||||
docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
|
docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
|
||||||
|
chmod +x /usr/local/bin/wp
|
||||||
|
|
||||||
|
{{ if eq (env "ENABLE_COMPOSER") "1" }}
|
||||||
|
mkdir -p /var/www/.composer
|
||||||
|
chown www-data:www-data /var/www/.composer /var/www/html/composer
|
||||||
|
|
||||||
|
curl https://getcomposer.org/installer -o /tmp/composer-setup.php
|
||||||
|
php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||||
|
php /tmp/composer-setup.php
|
||||||
|
rm /tmp/composer-setup.php
|
||||||
|
|
||||||
|
mv /var/www/html/composer.phar /usr/local/bin/composer
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "CORS_ALLOW_ALL") "1" }}
|
||||||
|
a2enmod headers
|
||||||
|
sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
if [ -n "$@" ]; then
|
if [ -n "$@" ]; then
|
||||||
"$@"
|
"$@"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -1,9 +1,13 @@
|
|||||||
account default
|
account default
|
||||||
host {{ env "SMTP_HOST" }}
|
host {{ env "SMTP_HOST" }}
|
||||||
from {{ env "MAIL_FROM" }}
|
from {{ env "MAIL_FROM" }}
|
||||||
user {{ env "MAIL_FROM" }}
|
user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
|
||||||
port {{ env "SMTP_PORT" }}
|
port {{ env "SMTP_PORT" }}
|
||||||
|
|
||||||
|
{{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
|
||||||
|
set_from_header on
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
{{ if eq (env "SMTP_AUTH") "on" }}
|
{{ if eq (env "SMTP_AUTH") "on" }}
|
||||||
auth {{ env "SMTP_AUTH" }}
|
auth {{ env "SMTP_AUTH" }}
|
||||||
passwordeval "cat /run/secrets/smtp_password"
|
passwordeval "cat /run/secrets/smtp_password"
|
||||||
|
|||||||
1
release/next
Normal file
1
release/next
Normal file
@ -0,0 +1 @@
|
|||||||
|
The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.
|
||||||
Reference in New Issue
Block a user