fix db backup and restore

chore: publish 2.5.1+6.3.0 release
chore: publish 2.5.0+6.3.0 release
2023-11-06 21:13:53 +01:00 · 2023-10-24 16:54:44 +02:00 · 2023-10-23 12:51:12 +01:00 · 2023-10-23 12:50:45 +01:00 · 2023-10-23 12:50:31 +01:00 · 2023-10-23 12:49:47 +01:00
9 changed files with 110 additions and 39 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,15 +1,29 @@
 TYPE=wordpress
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
+COMPOSE_FILE="compose.yml"

 DOMAIN=wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 LETS_ENCRYPT_ENV=production

-TITLE="My Example Blog"
-LOCALE="en_US" # de_DE
-ADMIN_EMAIL=admin@example.com
+# Setup Wordpress settings on each deploy:
+#POST_DEPLOY_CMDS="app core_install"
+
+# Optional settings, otherwise can be set in the installer
+# (Required for `app core_install`
+#TITLE="My Example Blog"
+#LOCALE="en_US" # de_DE
+#ADMIN_EMAIL=admin@example.com
+
+# Every new user is per default subscriber, uncomment to change it
+#DEFAULT_USER_ROLE=administrator
+
+# Uncomment to install PHP Composer
+#COMPOSER=1
+
+#WORDPRESS_DEBUG=true

 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
@ -22,28 +36,39 @@ SECRET_DB_PASSWORD_VERSION=v1

 # Multisite
 #WORDPRESS_CONFIG_EXTRA="\
-#	define('WP_CACHE', false);\
-#	define('WP_ALLOW_MULTISITE', true );"
+#define('WP_CACHE', false);\
+#define('WP_ALLOW_MULTISITE', true );"

 # Multisite phase 2 (see README)
-# WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"

 # Local SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"

 # Remote SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
+#SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
+#SMTP_OVERRIDE_FROM=on  # force "From" to MAIL_FROM, usually necessary
 #SMTP_PORT=587
 #SMTP_AUTH=on
 #SMTP_TLS=on
 #SECRET_SMTP_PASSWORD_VERSION=v1

-# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
-# AUTHENTIK_DOMAIN=authentik.example.com
-# AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1  # the same as in authentik
-# AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authentik
-# LOGIN_TYPE='auto'
+# Authentik SSO
+#COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
+#AUTHENTIK_DOMAIN=authentik.example.com
+#SECRET_AUTHENTIK_SECRET_VERSION=v1
+#SECRET_AUTHENTIK_ID_VERSION=v1
+#LOGIN_TYPE='auto'
+
+# Allow remote connections to db
+# 🚩🚩 dangerous, use only for development sites!
+#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
+
+# Wide-open CORS
+# 🚩🚩 dangerous, use only for development sites!
+#CORS_ALLOW_ALL=1
--- a/abra.sh
+++ b/abra.sh
@ -1,7 +1,7 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v3
+export ENTRYPOINT_CONF_VERSION=v5
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
-export MSMTP_CONF_VERSION=v3
+export MSMTP_CONF_VERSION=v4

 wp() {
    su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
@ -9,15 +9,24 @@ wp() {

 core_install(){
    ADMIN=admin
-    if [ -n $AUTHENTIK_DOMAIN ]
+    if [ -n "$AUTHENTIK_DOMAIN" ]
    then
        ADMIN=akadmin
    fi
-    chown www-data:www-data /var/www/html/wp-content
+    chown www-data:www-data -R /var/www/html/wp-content
    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
    wp "language core install $LOCALE"
    wp "site switch-language $LOCALE"
    wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
+    wp "plugin install --activate disable-update-notifications"
+    wp 'option update dwcun_setting on' 
+    if [ -n "$DEFAULT_USER_ROLE" ]
+    then
+        wp "option set default_role $DEFAULT_USER_ROLE"
+    else
+        wp "option set default_role subscriber"
+    fi
+    wp 'plugin auto-updates enable --all' || exit 0
 }

 set_authentik(){
--- a/compose.authentik.yml
+++ b/compose.authentik.yml
@ -8,7 +8,7 @@ services:
 secrets:
  authentik_secret:
    external: true
-    name: ${AUTHENTIK_SECRET_NAME}
+    name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
  authentik_id:
    external: true
-    name: ${AUTHENTIK_ID_NAME}
+    name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
--- a/compose.public-db.yml
+++ b/compose.public-db.yml
@ -0,0 +1,9 @@
+---
+version: "3.8"
+
+services:
+  db:
+    ports:
+      - target: 3306
+        published: 3306
+        mode: host
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -6,11 +6,12 @@ services:
    secrets:
      - smtp_password
    environment:
-      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_HOST
      - SMTP_PORT=${SMTP_PORT:-25}
-      - SMTP_AUTH=${SMTP_AUTH}
-      - SMTP_TLS=${SMTP_TLS}
-      - MAIL_FROM=${MAIL_FROM}
+      - SMTP_AUTH
+      - SMTP_TLS
+      - MAIL_FROM
+      - SMTP_OVERRIDE_FROM

 secrets:
  smtp_password:
--- a/compose.yml
+++ b/compose.yml
@ -3,21 +3,26 @@ version: "3.8"

 services:
  app:
-    image: "wordpress:6.2.0"
+    image: "wordpress:6.3.0"
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    networks:
      - backend
      - proxy
    environment:
-      - PAGER=more
-      - WORDPRESS_DB_HOST=db
-      - WORDPRESS_DB_USER=wordpress
-      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
-      - WORDPRESS_DB_NAME=wordpress
-      - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
-      - WORDPRESS_TABLE_PREFIX
-      - PHP_EXTENSIONS
+      WORDPRESS_CONFIG_EXTRA: |
+            define( 'AUTOMATIC_UPDATER_DISABLED', false );
+            define( 'WP_AUTO_UPDATE_CORE', false );
+            ${WORDPRESS_CONFIG_EXTRA}
+      PAGER: more
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: wordpress
+      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
+      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
+      PHP_EXTENSIONS: ${PHP_EXTENSIONS}
+      CORS_ALLOW_ALL:
+      COMPOSER:
    secrets:
      - db_password
    configs:
@ -53,10 +58,10 @@ services:
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.3.2+6.2.0"
+        - "coop-cloud.${STACK_NAME}.version=2.5.1+6.3.0"

  db:
-    image: "mariadb:10.11"
+    image: "mariadb:11.0"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
@ -72,11 +77,11 @@ services:
    deploy:
      labels:
        backupbot.backup: "true"
-        backupbot.backup.path: "/tmp/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
-        backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
+        backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz'"
+        backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
        backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
+        backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"

 networks:
  backend:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -7,6 +7,23 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp

+{{ if eq (env "COMPOSER") "1" }}
+mkdir -p /var/www/.composer
+chown www-data:www-data /var/www/.composer
+
+curl https://getcomposer.org/installer -o /tmp/composer-setup.php
+php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+php /tmp/composer-setup.php
+rm /tmp/composer-setup.php
+
+mv /var/www/html/composer.phar /usr/local/bin/composer
+{{ end }}
+
+{{ if eq (env "CORS_ALLOW_ALL") "1" }}
+a2enmod headers
+sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
+{{ end }}
+
 if [ -n "$@" ]; then
 	"$@"
 fi
--- a/msmtp.conf.tmpl
+++ b/msmtp.conf.tmpl
@ -1,9 +1,13 @@
 account default
 host {{ env "SMTP_HOST" }}
 from {{ env "MAIL_FROM" }}
-user {{ env "MAIL_FROM" }}
+user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
 port {{ env "SMTP_PORT" }}

+{{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
+set_from_header on
+{{ end }}
+
 {{ if eq (env "SMTP_AUTH") "on" }}
 auth {{ env "SMTP_AUTH" }}
 passwordeval "cat /run/secrets/smtp_password"
--- a/release/next
+++ b/release/next
@ -0,0 +1 @@
+The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.
Author	SHA1	Message	Date
p4u1	ed77855e7d	fix db backup and restore	2023-11-06 21:13:53 +01:00
knoflook	1c70a89ed4	chore: publish 2.5.1+6.3.0 release	2023-10-24 16:54:44 +02:00
3wc	c6be9ecfcf	chore: publish 2.5.0+6.3.0 release	2023-10-23 12:51:12 +01:00
3wc	f2867c8359	Tidy up settings a little	2023-10-23 12:50:45 +01:00
3wc	4a7c468806	Add composer support	2023-10-23 12:50:31 +01:00
3wc	40d95417e9	Improve SMTP settings	2023-10-23 12:49:47 +01:00
Moritz	37aa0649b9	chore: publish 2.4.3+6.3.0 release	2023-10-20 00:06:09 +02:00
Moritz	5723405e51	fix backup label	2023-10-20 00:05:41 +02:00
3wc	650d531ed1	Add CORS_ALLOW_ALL for dev sites	2023-10-17 22:29:23 +01:00
3wc	9077d0aa86	chore: publish 2.4.2+6.3.0 release	2023-10-17 13:35:18 +01:00
3wc	952044e590	Exciting attempt at public db access	2023-10-17 13:28:42 +01:00
3wc	1c03d854b2	chore: publish 2.4.1+6.3.0 release	2023-10-16 13:51:11 +01:00
3wc	38bc51f516	Set default for WORDPRESS_TABLE_PREFIX instead of requiring it	2023-10-16 13:50:48 +01:00
3wc	40cbb7d689	Set default WORDPRESS_TABLE_PREFIX	2023-10-16 13:45:37 +01:00
Moritz	16ca5734d7	fix core_install	2023-08-24 11:34:01 +02:00
3wc	91335eac3a	chore: publish 2.4.0+6.3.0 release	2023-08-14 13:42:35 +02:00
Moritz	dfaa04131d	fix compose env variable	2023-07-09 15:05:08 +02:00
Moritz	b508b67752	use standalone authentik secrets	2023-07-08 04:31:03 +02:00
Moritz	8cc028fc00	set default user role per env	2023-06-08 16:00:19 +02:00
Moritz	55f00a482a	disable core updates, hide notifications, enable automatic plugin updates	2023-06-01 16:59:09 +02:00
knoflook	df821f5017	bump wordpress version	2023-05-29 15:10:39 +02:00
				`@ -0,0 +1 @@`
				`The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.`