use one env variable to controll the multisite feature

.env.sample

@@ -3,21 +3,26 @@ TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 COMPOSE_FILE="compose.yml"
 
-# Setup Wordpress settings on each deploy:
-#POST_DEPLOY_CMDS="app core_install"
-
 DOMAIN=wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 LETS_ENCRYPT_ENV=production
 
-TITLE="My Example Blog"
-LOCALE="en_US" # de_DE
-ADMIN_EMAIL=admin@example.com
+# Setup Wordpress settings on each deploy:
+#POST_DEPLOY_CMDS="app core_install"
+
+# Optional settings, otherwise can be set in the installer
+# (Required for `app core_install`
+#TITLE="My Example Blog"
+#LOCALE="en_US" # de_DE
+#ADMIN_EMAIL=admin@example.com
 
 # Every new user is per default subscriber, uncomment to change it
 #DEFAULT_USER_ROLE=administrator
 
+# Uncomment to install PHP Composer
+#COMPOSER=1
+
 #WORDPRESS_DEBUG=true
 
 ## Additional extensions
@@ -29,13 +34,8 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Mostly for compatibility with existing database dumps...
 #WORDPRESS_TABLE_PREFIX=wp_
 
-# Multisite
-#WORDPRESS_CONFIG_EXTRA="\
-#define('WP_CACHE', false);\
-#define('WP_ALLOW_MULTISITE', true );"
-
-# Multisite phase 2 (see README)
-#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+# Multisite (see README)
+#MULTISITE=enable # either 'enable', 'subdomain' or 'subfolder'
 
 # Local SMTP relay
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
@@ -46,6 +46,8 @@ SECRET_DB_PASSWORD_VERSION=v1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
+#SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
+#SMTP_OVERRIDE_FROM=on  # force "From" to MAIL_FROM, usually necessary
 #SMTP_PORT=587
 #SMTP_AUTH=on
 #SMTP_TLS=on
@@ -61,3 +63,7 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Allow remote connections to db
 # 🚩🚩 dangerous, use only for development sites!
 #COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
+
+# Wide-open CORS
+# 🚩🚩 dangerous, use only for development sites!
+#CORS_ALLOW_ALL=1

README.md

@@ -47,16 +47,12 @@ AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authen
 
 ## Network (Multi-site)
 
-_(Only tested using subdomains)_
-
 1. Set up as above
-2. `abra app config <app-name>`, and uncomment the first `# Multisite` section
+2. `abra app config <app-name>`, and uncomment `#MULTISITE=enable`
 3. `abra app deploy <app-name>`
 4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
 5. Don't worry about the suggested file changes
-6. `abra app config <app-name>` again - comment out the first `# Multisite`
-   section in `.envrc`, uncomment the `# Multisite phase 2` section, and add
-   your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..)
+6. `abra app config <app-name>` again and set `MULTISITE` to either `subdomain` or `subfolder` depending on your setup.
 7. `abra app deploy <app-name>`
 
 ## Installing a custom theme

abra.sh

@@ -1,7 +1,8 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v3
+export ENTRYPOINT_CONF_VERSION=v5
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
-export MSMTP_CONF_VERSION=v3
+export MSMTP_CONF_VERSION=v4
+export HTACCESS_CONF_VERSION=v1
 
 wp() {
     su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"

compose.smtp.yml

@@ -6,11 +6,12 @@ services:
     secrets:
       - smtp_password
     environment:
-      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_HOST
       - SMTP_PORT=${SMTP_PORT:-25}
-      - SMTP_AUTH=${SMTP_AUTH}
-      - SMTP_TLS=${SMTP_TLS}
-      - MAIL_FROM=${MAIL_FROM}
+      - SMTP_AUTH
+      - SMTP_TLS
+      - MAIL_FROM
+      - SMTP_OVERRIDE_FROM
 
 secrets:
   smtp_password:

compose.yml

@@ -21,6 +21,8 @@ services:
       WORDPRESS_DB_NAME: wordpress
       WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
       PHP_EXTENSIONS: ${PHP_EXTENSIONS}
+      CORS_ALLOW_ALL:
+      COMPOSER:
     secrets:
       - db_password
     configs:
@@ -29,6 +31,8 @@ services:
       - source: entrypoint_conf
         target: /docker-entrypoint.sh
         mode: 0555
+      - source: htaccess_conf
+        target: /var/www/html/.htaccess
     entrypoint: /docker-entrypoint.sh
     depends_on:
       - db
@@ -56,7 +60,7 @@ services:
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.4.2+6.3.0"
+        - "coop-cloud.${STACK_NAME}.version=2.5.1+6.3.0"
 
   db:
     image: "mariadb:11.0"
@@ -75,11 +79,10 @@ services:
     deploy:
       labels:
         backupbot.backup: "true"
-        backupbot.backup.path: "/tmp/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
-        backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
+        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
         backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
+        backupbot.restore.post-hook: "sh -c 'mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dbdump.sql && rm -f /var/lib/mysql/dbdump.sql'"
 
 networks:
   backend:
@@ -106,3 +109,7 @@ configs:
   php_uploads_conf:
     name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION}
     file: uploads.ini
+  htaccess_conf:
+    name: ${STACK_NAME}_htaccess_conf_${HTACCESS_CONF_VERSION}
+    file: htaccess.tmpl
+    template_driver: golang

entrypoint.sh.tmpl

@@ -7,6 +7,41 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp
 
+{{ if eq (env "COMPOSER") "1" }}
+mkdir -p /var/www/.composer
+chown www-data:www-data /var/www/.composer
+
+curl https://getcomposer.org/installer -o /tmp/composer-setup.php
+php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+php /tmp/composer-setup.php
+rm /tmp/composer-setup.php
+
+mv /var/www/html/composer.phar /usr/local/bin/composer
+{{ end }}
+
+{{ if eq (env "CORS_ALLOW_ALL") "1" }}
+a2enmod headers
+sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
+{{ end }}
+
+{{ if eq (env "MULTISITE") "enable" }}
+export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
+define('WP_CACHE', false);
+define('WP_ALLOW_MULTISITE', true );"
+{{ end }}
+
+{{ if or (eq (env "MULTISITE") "subdomain") (eq (env "MULTISITE") "subfolder") }}
+export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
+define('MULTISITE', true);
+define('SUBDOMAIN_INSTALL', true);
+define('DOMAIN_CURRENT_SITE', '${DOMAIN}');
+define('PATH_CURRENT_SITE', '/');
+define('SITE_ID_CURRENT_SITE', 1);
+define('BLOG_ID_CURRENT_SITE', 1);
+define('FORCE_SSL_ADMIN', true );
+define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+{{ end }}
+
 if [ -n "$@" ]; then
 	"$@"
 fi

htaccess.tmpl

@@ -0,0 +1,57 @@
+{{ if eq (env "MULTISITE") "" -}}
+# BEGIN WordPress
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.php [L]
+
+# END WordPress
+{{- end -}}
+
+{{- if eq (env "MULTISITE") "subfolder" -}}
+# BEGIN WordPress Multisite
+# Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+
+# add a trailing slash to /wp-admin
+RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
+
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
+RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
+RewriteRule . index.php [L]
+
+# END WordPress Multisite
+{{- end -}}
+
+{{- if eq (env "MULTISITE") "subdomain" -}}
+# BEGIN WordPress Multisite
+# Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite
+
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+
+# add a trailing slash to /wp-admin
+RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
+
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
+RewriteRule ^(.*\.php)$ $1 [L]
+RewriteRule . index.php [L]
+
+# END WordPress Multisite
+{{- end }}

msmtp.conf.tmpl

@@ -1,9 +1,13 @@
 account default
 host {{ env "SMTP_HOST" }}
 from {{ env "MAIL_FROM" }}
-user {{ env "MAIL_FROM" }}
+user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
 port {{ env "SMTP_PORT" }}
 
+{{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
+set_from_header on
+{{ end }}
+
 {{ if eq (env "SMTP_AUTH") "on" }}
 auth {{ env "SMTP_AUTH" }}
 passwordeval "cat /run/secrets/smtp_password"