Update to wordpress 5.9 and now based on alpine
This commit is contained in:
parent
aba2d0769a
commit
fcead7736d
@ -1,42 +1,31 @@
|
|||||||
image: docker:latest
|
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
|
||||||
- build
|
- build
|
||||||
|
- build-manifest
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
VERSION: 5.4-fpm
|
VERSION: 5.9
|
||||||
CACHETAG: build
|
|
||||||
DOCKER_HOST: tcp://docker:2375
|
DOCKER_HOST: tcp://docker:2375
|
||||||
|
VERSIONARCH: ${VERSION}-${ARCH}
|
||||||
|
|
||||||
|
cache:
|
||||||
|
key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
|
||||||
|
paths:
|
||||||
|
- build-cache
|
||||||
|
|
||||||
|
image: docker:latest
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:dind
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- docker info
|
- if [ ! -d build-cache ]; then mkdir build-cache; fi
|
||||||
- docker version
|
- sed -i -e s'/https/http/' /etc/apk/repositories
|
||||||
|
- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
|
||||||
|
- docker info && docker version
|
||||||
|
# env|sort
|
||||||
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
||||||
|
|
||||||
test:
|
include:
|
||||||
stage: test
|
- .gitlab-docker-x86_64.yml
|
||||||
script:
|
# .gitlab-docker-armv7l.yml
|
||||||
- cat /etc/hosts
|
# .gitlab-docker-arm64.yml
|
||||||
- env|sort
|
- .gitlab-docker-manifest.yml
|
||||||
- docker build -t ${CI_REGISTRY_IMAGE}:${VERSION} .
|
|
||||||
- docker images
|
|
||||||
only:
|
|
||||||
- debug
|
|
||||||
|
|
||||||
build:
|
|
||||||
stage: build
|
|
||||||
script:
|
|
||||||
- if [ -f init ]; then chmod 500 init; fi
|
|
||||||
- docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG} || true
|
|
||||||
- docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
|
|
||||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSION}
|
|
||||||
- docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
|
|
||||||
tags:
|
|
||||||
- docker
|
|
||||||
- x86_64
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
|
10
.gitlab-docker-manifest.yml
Normal file
10
.gitlab-docker-manifest.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
x86_64:build-manifest:
|
||||||
|
stage: build-manifest
|
||||||
|
script:
|
||||||
|
- docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}-armv7l
|
||||||
|
- docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||||
|
tags:
|
||||||
|
- docker
|
||||||
|
- x86_64
|
||||||
|
only:
|
||||||
|
- master
|
16
.gitlab-docker-x86_64.yml
Normal file
16
.gitlab-docker-x86_64.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
x86_64:build:
|
||||||
|
variables:
|
||||||
|
ARCH: x86_64
|
||||||
|
stage: build
|
||||||
|
script:
|
||||||
|
- if [ -f init ]; then chmod 500 init; fi
|
||||||
|
- ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
|
||||||
|
- rm build-cache/* || true
|
||||||
|
- docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
|
||||||
|
- docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
|
||||||
|
- docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
|
||||||
|
tags:
|
||||||
|
- docker
|
||||||
|
- x86_64
|
||||||
|
only:
|
||||||
|
- master
|
35
Dockerfile
35
Dockerfile
@ -1,28 +1,29 @@
|
|||||||
# NAME leenooks/wordpress
|
# NAME leenooks/wordpress
|
||||||
# VERSION 5.4-fpm
|
# VERSION 5.9-fpm
|
||||||
|
|
||||||
FROM wordpress:5.4-fpm
|
FROM wordpress:5.9-fpm-alpine
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y openssh-server msmtp nginx \
|
# Change to http respositories, so they we can cache the install packages
|
||||||
&& rm /etc/nginx/sites-enabled/default \
|
RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
|
||||||
&& apt-get -y autoremove \
|
|
||||||
&& apt-get clean \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
||||||
|
|
||||||
RUN docker-php-ext-install -j$(nproc) opcache
|
# Tune PHP
|
||||||
|
|
||||||
RUN useradd -c "Hosting Admin User" -u 1000 -g users -G www-data -d /var/www/html -M lamp
|
|
||||||
RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
|
RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
|
||||||
COPY www.conf /usr/local/etc/php-fpm.d/
|
|
||||||
COPY nginx-app.conf /etc/nginx/conf.d/
|
|
||||||
COPY msmtprc /etc/
|
|
||||||
RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
|
RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
|
||||||
|
RUN adduser -g "Hosting Admin User" -u 1000 -G www-data -h /var/www/html -HD lamp && mkdir /run/nginx
|
||||||
|
|
||||||
COPY sshd_config.patch /tmp
|
# Base
|
||||||
RUN (cd / && patch -p0 ) < /tmp/sshd_config.patch && rm /tmp/sshd_config.patch
|
RUN apk add --no-cache unzip zlib nginx msmtp
|
||||||
|
RUN curl -SLo /usr/local/bin/wait-for-it https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh && chmod +x /usr/local/bin/wait-for-it
|
||||||
|
|
||||||
EXPOSE 9000/tcp 22/tcp
|
COPY msmtprc /etc/
|
||||||
|
COPY docker/www.conf /usr/local/etc/php-fpm.d/
|
||||||
|
COPY docker/nginx-app.conf /etc/nginx/http.d/default.conf
|
||||||
|
|
||||||
COPY init /sbin
|
COPY docker/init /sbin/
|
||||||
|
COPY update /usr/local/sbin
|
||||||
|
RUN chmod 550 /sbin/init && chown 0:0 /sbin/init
|
||||||
|
|
||||||
|
WORKDIR /var/www/html
|
||||||
|
EXPOSE 80
|
||||||
ENTRYPOINT [ "/sbin/init" ]
|
ENTRYPOINT [ "/sbin/init" ]
|
||||||
CMD [ "php-fpm" ]
|
CMD [ "php-fpm" ]
|
||||||
|
26
docker/init
Executable file
26
docker/init
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
NGINX_START=${NGINX_START:-TRUE}
|
||||||
|
DB_PORT=3306
|
||||||
|
|
||||||
|
function nginx_start() {
|
||||||
|
# Start NGINX
|
||||||
|
if [ -x /usr/sbin/nginx -a "${NGINX_START}" == "TRUE" ]; then
|
||||||
|
echo "* Starting NGINX..."
|
||||||
|
/usr/sbin/nginx -g 'daemon on; master_process on;'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "${WORDPRESS_DB_HOST}" -a -n "${DB_PORT}" ]; then
|
||||||
|
while ! wait-for-it -h ${WORDPRESS_DB_HOST} -p ${DB_PORT} -t 5 -q; do
|
||||||
|
echo "? Waiting for database at ${WORDPRESS_DB_HOST}:${DB_PORT}"
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
echo "- DB is active on ${WORDPRESS_DB_HOST}:${DB_PORT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
nginx_start
|
||||||
|
|
||||||
|
exec /usr/local/bin/docker-entrypoint.sh "$@"
|
@ -2,13 +2,17 @@ server {
|
|||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
access_log none;
|
access_log off;
|
||||||
client_max_body_size 10m;
|
client_max_body_size 64m;
|
||||||
error_log none;
|
error_log /dev/stdout info;
|
||||||
fastcgi_buffers 16 16k;
|
fastcgi_buffering off;
|
||||||
fastcgi_buffer_size 16k;
|
fastcgi_request_buffering off;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_min_length 10240;
|
||||||
|
gzip_proxied expired no-cache no-store private auth;
|
||||||
|
gzip_types text/plain text/css application/javascript;
|
||||||
index index.php index.html;
|
index index.php index.html;
|
||||||
root /var/www/html/public;
|
root /var/www/html;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
set $my_https "off";
|
set $my_https "off";
|
||||||
@ -25,11 +29,15 @@ server {
|
|||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass 127.0.0.1:9000;
|
fastcgi_pass 127.0.0.1:9000;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
|
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
|
|
||||||
|
fastcgi_param HTTPS $my_https;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_param SERVER_NAME $host;
|
fastcgi_param SERVER_NAME $host;
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
fastcgi_param HTTPS $my_https;
|
fastcgi_read_timeout 600s;
|
||||||
fastcgi_param PHP_ADMIN_VALUE "sendmail_path=/usr/sbin/sendmail -i -t";
|
fastcgi_send_timeout 600s;
|
||||||
}
|
}
|
||||||
}
|
}
|
21
init
21
init
@ -1,21 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
NO_NGINX=${NO_NGINX:-TRUE}
|
|
||||||
SSH_START=${SSH_START:-FALSE}
|
|
||||||
|
|
||||||
function nginx_start() {
|
|
||||||
# Start NGINX
|
|
||||||
if [ -x /usr/sbin/nginx -a "${NO_NGINX}" != "TRUE" ]; then
|
|
||||||
echo "* Starting NGINX..."
|
|
||||||
start-stop-daemon --start --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -g 'daemon on; master_process on;'
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ -x /usr/sbin/sshd -a "${SSH_START}" = "TRUE" ]; then
|
|
||||||
[ ! -d /var/run/sshd ] && mkdir /var/run/sshd
|
|
||||||
start-stop-daemon --start --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -p 22
|
|
||||||
fi
|
|
||||||
|
|
||||||
nginx_start
|
|
||||||
|
|
||||||
exec /usr/local/bin/docker-entrypoint.sh "$@"
|
|
16
msmtprc
16
msmtprc
@ -1,18 +1,26 @@
|
|||||||
# A system wide configuration file is optional.
|
# A system wide configuration file is optional.
|
||||||
|
defaults
|
||||||
|
port 25
|
||||||
|
tls off
|
||||||
|
|
||||||
# If it exists, it usually defines a default account.
|
# If it exists, it usually defines a default account.
|
||||||
# This allows msmtp to be used like /usr/sbin/sendmail.
|
# This allows msmtp to be used like /usr/sbin/sendmail.
|
||||||
account default
|
account default
|
||||||
|
|
||||||
|
# Authentication
|
||||||
|
auth off
|
||||||
|
|
||||||
# The SMTP smarthost
|
# The SMTP smarthost
|
||||||
host smtp
|
host smtp
|
||||||
|
|
||||||
# Envelope-from address
|
# Envelope-from address
|
||||||
#from user@example.com
|
from nobody@%H
|
||||||
domain example.com
|
|
||||||
|
# Sets the argument of the SMTP EHLO
|
||||||
|
domain web
|
||||||
|
|
||||||
# Construct envelope-from addresses of the form "user@oursite.example"
|
# Construct envelope-from addresses of the form "user@oursite.example"
|
||||||
#auto_from on
|
#allow_from_override on
|
||||||
#maildomain example.com
|
|
||||||
|
|
||||||
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
|
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
|
||||||
syslog LOG_MAIL
|
syslog LOG_MAIL
|
||||||
|
@ -1,29 +0,0 @@
|
|||||||
--- /etc/ssh/sshd_config.orig 2017-12-17 13:08:18.460496574 +0000
|
|
||||||
+++ /etc/ssh/sshd_config 2017-12-17 13:10:01.093459593 +0000
|
|
||||||
@@ -15,8 +15,8 @@
|
|
||||||
#ListenAddress 0.0.0.0
|
|
||||||
#ListenAddress ::
|
|
||||||
|
|
||||||
-#HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
-#HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
+HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
+HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
|
|
||||||
# Ciphers and keying
|
|
||||||
@@ -30,6 +30,7 @@
|
|
||||||
|
|
||||||
#LoginGraceTime 2m
|
|
||||||
#PermitRootLogin prohibit-password
|
|
||||||
+PermitRootLogin no
|
|
||||||
#StrictModes yes
|
|
||||||
#MaxAuthTries 6
|
|
||||||
#MaxSessions 10
|
|
||||||
@@ -54,6 +55,7 @@
|
|
||||||
|
|
||||||
# To disable tunneled clear text passwords, change to no here!
|
|
||||||
#PasswordAuthentication yes
|
|
||||||
+PasswordAuthentication no
|
|
||||||
#PermitEmptyPasswords no
|
|
||||||
|
|
||||||
# Change to yes to enable challenge-response passwords (beware issues with
|
|
Loading…
Reference in New Issue
Block a user