docker/wordpress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to wordpress 5.9 and now based on alpine

Browse Source
This commit is contained in:
Deon George 2023-04-27 21:48:31 +10:00
parent aba2d0769a
commit fcead7736d
11 changed files with 126 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.gitlab-ci.yml
View File

@ -1,42 +1,31 @@
image: docker:latest
stages: stages:
- test
- build - build
- build-manifest
variables: variables:
VERSION: 5.4-fpm VERSION: 5.9
CACHETAG: build
DOCKER_HOST: tcp://docker:2375 DOCKER_HOST: tcp://docker:2375
VERSIONARCH: ${VERSION}-${ARCH}
cache:
key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
paths:
- build-cache
image: docker:latest
services: services:
- docker:dind - docker:dind
before_script: before_script:
- docker info - if [ ! -d build-cache ]; then mkdir build-cache; fi
- docker version - sed -i -e s'/https/http/' /etc/apk/repositories
- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
- docker info && docker version
# env|sort
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin - echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
test: include:
stage: test - .gitlab-docker-x86_64.yml
script: # .gitlab-docker-armv7l.yml
- cat /etc/hosts # .gitlab-docker-arm64.yml
- env|sort - .gitlab-docker-manifest.yml
- docker build -t ${CI_REGISTRY_IMAGE}:${VERSION} .
- docker images
only:
- debug
build:
stage: build
script:
- if [ -f init ]; then chmod 500 init; fi
- docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG} || true
- docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
- docker push ${CI_REGISTRY_IMAGE}:${VERSION}
- docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
tags:
- docker
- x86_64
only:
- master

10
.gitlab-docker-manifest.yml Normal file
View File

@ -0,0 +1,10 @@
x86_64:build-manifest:
stage: build-manifest
script:
- docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}-armv7l
- docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
tags:
- docker
- x86_64
only:
- master

16
.gitlab-docker-x86_64.yml Normal file
View File

@ -0,0 +1,16 @@
x86_64:build:
variables:
ARCH: x86_64
stage: build
script:
- if [ -f init ]; then chmod 500 init; fi
- ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
- rm build-cache/* || true
- docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
- docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
- docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
tags:
- docker
- x86_64
only:
- master

35
Dockerfile
View File

@ -1,28 +1,29 @@
# NAME leenooks/wordpress # NAME leenooks/wordpress
# VERSION 5.4-fpm # VERSION 5.9-fpm
FROM wordpress:5.4-fpm FROM wordpress:5.9-fpm-alpine
RUN apt-get update && apt-get install -y openssh-server msmtp nginx \ # Change to http respositories, so they we can cache the install packages
&& rm /etc/nginx/sites-enabled/default \ RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
&& apt-get -y autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN docker-php-ext-install -j$(nproc) opcache # Tune PHP
RUN useradd -c "Hosting Admin User" -u 1000 -g users -G www-data -d /var/www/html -M lamp
RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
COPY www.conf /usr/local/etc/php-fpm.d/
COPY nginx-app.conf /etc/nginx/conf.d/
COPY msmtprc /etc/
RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
RUN adduser -g "Hosting Admin User" -u 1000 -G www-data -h /var/www/html -HD lamp && mkdir /run/nginx
COPY sshd_config.patch /tmp # Base
RUN (cd / && patch -p0 ) < /tmp/sshd_config.patch && rm /tmp/sshd_config.patch RUN apk add --no-cache unzip zlib nginx msmtp
RUN curl -SLo /usr/local/bin/wait-for-it https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh && chmod +x /usr/local/bin/wait-for-it
EXPOSE 9000/tcp 22/tcp COPY msmtprc /etc/
COPY docker/www.conf /usr/local/etc/php-fpm.d/
COPY docker/nginx-app.conf /etc/nginx/http.d/default.conf
COPY init /sbin COPY docker/init /sbin/
COPY update /usr/local/sbin
RUN chmod 550 /sbin/init && chown 0:0 /sbin/init
WORKDIR /var/www/html
EXPOSE 80
ENTRYPOINT [ "/sbin/init" ] ENTRYPOINT [ "/sbin/init" ]
CMD [ "php-fpm" ] CMD [ "php-fpm" ]

26
docker/init Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
set -e
NGINX_START=${NGINX_START:-TRUE}
DB_PORT=3306
function nginx_start() {
# Start NGINX
if [ -x /usr/sbin/nginx -a "${NGINX_START}" == "TRUE" ]; then
echo "* Starting NGINX..."
/usr/sbin/nginx -g 'daemon on; master_process on;'
fi
}
if [ -n "${WORDPRESS_DB_HOST}" -a -n "${DB_PORT}" ]; then
while ! wait-for-it -h ${WORDPRESS_DB_HOST} -p ${DB_PORT} -t 5 -q; do
echo "? Waiting for database at ${WORDPRESS_DB_HOST}:${DB_PORT}"
sleep 1;
done
echo "- DB is active on ${WORDPRESS_DB_HOST}:${DB_PORT}"
fi
nginx_start
exec /usr/local/bin/docker-entrypoint.sh "$@"

26
nginx-app.conf → docker/nginx-app.conf
View File

@ -2,13 +2,17 @@ server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
access_log none; access_log off;
client_max_body_size 10m; client_max_body_size 64m;
error_log none; error_log /dev/stdout info;
fastcgi_buffers 16 16k; fastcgi_buffering off;
fastcgi_buffer_size 16k; fastcgi_request_buffering off;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/javascript;
index index.php index.html; index index.php index.html;
root /var/www/html/public; root /var/www/html;
server_tokens off; server_tokens off;
set $my_https "off"; set $my_https "off";
@ -25,11 +29,15 @@ server {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000; fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param HTTPS $my_https;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host; fastcgi_param SERVER_NAME $host;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS $my_https; fastcgi_read_timeout 600s;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path=/usr/sbin/sendmail -i -t"; fastcgi_send_timeout 600s;
} }
} }

0
www.conf → docker/www.conf
View File

21
init
View File

@ -1,21 +0,0 @@
#!/bin/bash
NO_NGINX=${NO_NGINX:-TRUE}
SSH_START=${SSH_START:-FALSE}
function nginx_start() {
# Start NGINX
if [ -x /usr/sbin/nginx -a "${NO_NGINX}" != "TRUE" ]; then
echo "* Starting NGINX..."
start-stop-daemon --start --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -g 'daemon on; master_process on;'
fi
}
if [ -x /usr/sbin/sshd -a "${SSH_START}" = "TRUE" ]; then
[ ! -d /var/run/sshd ] && mkdir /var/run/sshd
start-stop-daemon --start --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -p 22
fi
nginx_start
exec /usr/local/bin/docker-entrypoint.sh "$@"

16
msmtprc
View File

@ -1,18 +1,26 @@
# A system wide configuration file is optional. # A system wide configuration file is optional.
defaults
port 25
tls off
# If it exists, it usually defines a default account. # If it exists, it usually defines a default account.
# This allows msmtp to be used like /usr/sbin/sendmail. # This allows msmtp to be used like /usr/sbin/sendmail.
account default account default
# Authentication
auth off
# The SMTP smarthost # The SMTP smarthost
host smtp host smtp
# Envelope-from address # Envelope-from address
#from user@example.com from nobody@%H
domain example.com
# Sets the argument of the SMTP EHLO
domain web
# Construct envelope-from addresses of the form "user@oursite.example" # Construct envelope-from addresses of the form "user@oursite.example"
#auto_from on #allow_from_override on
#maildomain example.com
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER # Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL syslog LOG_MAIL

29
sshd_config.patch
View File

@ -1,29 +0,0 @@
--- /etc/ssh/sshd_config.orig 2017-12-17 13:08:18.460496574 +0000
+++ /etc/ssh/sshd_config 2017-12-17 13:10:01.093459593 +0000
@@ -15,8 +15,8 @@
#ListenAddress 0.0.0.0
#ListenAddress ::
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
@@ -30,6 +30,7 @@
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
+PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
@@ -54,6 +55,7 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
+PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with

8
update Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
apk add rsync
[ -d /var/www/html/wp-includes ] && rm -rf /var/www/html/wp-includes
[ -d /var/www/html/wp-admin ] && rm -rf /var/www/html/wp-admin
rsync -xaHvP /usr/src/wordpress/ /var/www/html/