merge upstream

revert Merge pull request 'Improved README' (#68) from improve-readme into main

So sorry, that was a mistake!

Reviewed-on: coop-cloud/wordpress#68

.env.sample

@@ -16,13 +16,6 @@ LETS_ENCRYPT_ENV=production
 # Setup Wordpress settings on each deploy:
 #POST_DEPLOY_CMDS="app core_install"
 
-# Automatically install WordPress on first deploy (requires TITLE and ADMIN_EMAIL)
-#AUTO_INSTALL=1
-
-# Enable auto-updates for plugins and themes on install/deploy (default: on)
-# Set to 0 to disable automatic plugin/theme updates
-#AUTO_UPDATES=1
-
 # Optional settings, otherwise can be set in the installer
 # (Required for `app core_install`
 #TITLE="My Example Blog"
@@ -45,7 +38,6 @@ LETS_ENCRYPT_ENV=production
 
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
-SECRET_ADMIN_PASSWORD_VERSION=v1
 
 # Mostly for compatibility with existing database dumps...
 #WORDPRESS_TABLE_PREFIX=wp_
@@ -92,9 +84,6 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
 
-# Disable the WordPress web installer (useful when migrating/importing a DB dump)
-#DISABLE_WEB_INSTALLER=1
-
 # FTP
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
 #SECRET_FTP_PASS_VERSION=v1

README.md

@@ -25,55 +25,6 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
 * `abra app deploy <app-name>`
 * `abra app cmd <app-name> app core_install`
 
-### Admin password
-
-By default, WordPress generates a random admin password during `core_install` and prints it
-to the command output. To set a known password managed as a Docker secret:
-
-1. Uncomment `SECRET_ADMIN_PASSWORD_VERSION=v1` in your app config
-2. `abra app secret generate -a <app-name>` (creates a random password)
-3. `abra app deploy <app-name>`
-4. `abra app cmd <app-name> app core_install`
-
-The password is stored in `<app-name>_admin_password_v1` — you can view it with
-`abra app secret show <app-name> admin_password`.
-
-### Auto-install on first deploy
-
-To skip the manual `abra app cmd ... core_install` step, enable auto-install:
-
-1. Set `AUTO_INSTALL=1` in your app config
-2. Uncomment `TITLE` and `ADMIN_EMAIL` (also `LOCALE` if needed)
-3. (Optional) Uncomment `SECRET_ADMIN_PASSWORD_VERSION=v1` and run `abra app secret generate`
-4. `abra app deploy <app-name>`
-
-On first deploy, the container will wait for the database, then automatically run
-`wp core install` and configure the site. It only runs once — subsequent deploys detect
-WordPress is already installed and skip.
-
-### Plugin and theme auto-updates
-
-By default, plugin and theme auto-updates are enabled during install and deploy.
-To disable this:
-
-1. Set `AUTO_UPDATES=0` in your app config
-2. `abra app deploy <app-name>`
-
-This affects `abra app cmd <app-name> app core_install`, `abra app cmd <app-name> app update`,
-and the `AUTO_INSTALL` background process.
-
-## Disable the web installer
-
-When migrating a site (importing a DB dump from an existing install), the web-based
-WordPress installer at `wp-admin/install.php` is a security risk — someone could
-accidentally run it and overwrite your data. To block it:
-
-1. Set `DISABLE_WEB_INSTALLER=1` in your app config
-2. `abra app deploy <app-name>`
-
-Apache inside the container will deny all requests to `wp-admin/install.php`. The CLI-based
-`abra app cmd <app-name> app core_install` still works unaffected.
-
 ## Email
 
 There is a local or remote SMTP relay configuration available.

abra.sh

@@ -1,5 +1,5 @@
 export PHP_UPLOADS_CONF_VERSION=v4
-export ENTRYPOINT_CONF_VERSION=v10
+export ENTRYPOINT_CONF_VERSION=v9
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
 export HTACCESS_CONF_VERSION=v3
@@ -12,13 +12,9 @@ wp() {
 update() {
     wp "core update-db"
     wp "plugin update --all"
-    if [ "$AUTO_UPDATES" != "0" ]; then
-        wp "plugin auto-updates enable --all"
-    fi
+    wp "plugin auto-updates enable --all"
     wp "theme update --all"
-    if [ "$AUTO_UPDATES" != "0" ]; then
-        wp "theme auto-updates enable --all"
-    fi
+    wp "theme auto-updates enable --all"
     wp "language core update"
     wp "language plugin update --all"
     wp "language theme update --all"
@@ -31,12 +27,7 @@ core_install(){
         ADMIN=akadmin
     fi
     chown www-data:www-data -R /var/www/html/wp-content
-    ADMIN_PASSWORD=$(cat /run/secrets/admin_password 2>/dev/null | xargs || true)
-    ADMIN_PASS_ARG=""
-    if [ -n "$ADMIN_PASSWORD" ]; then
-        ADMIN_PASS_ARG="--admin_password=$ADMIN_PASSWORD"
-    fi
-    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email $ADMIN_PASS_ARG"
+    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
     wp "language core install $LOCALE"
     wp "site switch-language $LOCALE"
     wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
@@ -46,10 +37,8 @@ core_install(){
     else
         wp "option set default_role subscriber"
     fi
-    if [ "$AUTO_UPDATES" != "0" ]; then
-        wp "theme auto-updates enable --all"
-        wp 'plugin auto-updates enable --all' || true
-    fi
+    wp "theme auto-updates enable --all"
+    wp 'plugin auto-updates enable --all' || true
 }
 
 enable_auto_updates(){

compose.yml

@@ -22,14 +22,9 @@ services:
       WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
       PHP_EXTENSIONS: ${PHP_EXTENSIONS}
       CORS_ALLOW_ALL:
-      DISABLE_WEB_INSTALLER:
-      AUTO_INSTALL:
-      AUTO_UPDATES:
       COMPOSER:
-      SECRET_ADMIN_PASSWORD_VERSION:
     secrets:
       - db_password
-      - admin_password
     configs:
       - source: php_uploads_conf
         target: /usr/local/etc/php/conf.d/uploads.ini
@@ -106,9 +101,6 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-  admin_password:
-    external: true
-    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
 
 configs:
   entrypoint_conf:

entrypoint.sh.tmpl

@@ -24,14 +24,6 @@ a2enmod headers
 sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
 {{ end }}
 
-{{ if eq (getenv "DISABLE_WEB_INSTALLER") "1" }}
-cat > /etc/apache2/conf-enabled/disable-installer.conf <<'EOF'
-<LocationMatch "^/wp-admin/install\.php">
-    Require all denied
-</LocationMatch>
-EOF
-{{ end }}
-
 {{ if eq (getenv "MULTISITE") "enable" }}
 export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
 define('WP_CACHE', false);
@@ -64,64 +56,6 @@ fi
 
 chown -R --from=root:root www-data:www-data /var/www/html/wp-content/
 
-{{ if eq (getenv "AUTO_INSTALL") "1" }}
-(
-  DOMAIN="{{ getenv "DOMAIN" }}"
-  TITLE="{{ getenv "TITLE" }}"
-  ADMIN_EMAIL="{{ getenv "ADMIN_EMAIL" }}"
-  LOCALE="{{ getenv "LOCALE" }}"
-  DEFAULT_USER_ROLE="{{ getenv "DEFAULT_USER_ROLE" }}"
-  AUTO_UPDATES="{{ getenv "AUTO_UPDATES" }}"
-
-  # Wait for wp-config.php (created by upstream entrypoint)
-  for _ in $(seq 1 30); do
-    if [ -f /var/www/html/wp-config.php ]; then
-      break
-    fi
-    sleep 2
-  done
-
-  # Wait for DB to be reachable
-  for _ in $(seq 1 60); do
-    if su -p www-data -s /bin/bash -c "/usr/local/bin/wp db check" 2>/dev/null; then
-      break
-    fi
-    sleep 2
-  done
-
-  # Skip if already installed or required vars missing
-  if su -p www-data -s /bin/bash -c "/usr/local/bin/wp core is-installed" 2>/dev/null; then
-    exit 0
-  fi
-  if [ -z "$TITLE" ] || [ -z "$ADMIN_EMAIL" ]; then
-    exit 0
-  fi
-
-  ADMIN="admin"
-  ADMIN_PASSWORD=$(cat /run/secrets/admin_password 2>/dev/null | xargs || true)
-  ADMIN_PASS_ARG=""
-  if [ -n "$ADMIN_PASSWORD" ]; then
-    ADMIN_PASS_ARG="--admin_password=$ADMIN_PASSWORD"
-  fi
-
-  su -p www-data -s /bin/bash -c "/usr/local/bin/wp core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email $ADMIN_PASS_ARG"
-  if [ -n "$LOCALE" ]; then
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp language core install $LOCALE"
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp site switch-language $LOCALE"
-  fi
-  su -p www-data -s /bin/bash -c "/usr/local/bin/wp rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
-  if [ -n "$DEFAULT_USER_ROLE" ]; then
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp option set default_role $DEFAULT_USER_ROLE"
-  else
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp option set default_role subscriber"
-  fi
-  if [ "$AUTO_UPDATES" != "0" ]; then
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp theme auto-updates enable --all"
-    su -p www-data -s /bin/bash -c "/usr/local/bin/wp plugin auto-updates enable --all" || true
-  fi
-) &
-{{ end }}
-
 if [ $# -gt 0 ]; then
 	"$@"
 fi