Update to wordpress 5.9 and now based on alpine
This commit is contained in:
Deon George
parent
aba2d0769a
commit
fcead7736d
@ -1,42 +1,31 @@
|
||||
image: docker:latest
|
||||
|
||||
stages:
|
||||
- test
|
||||
- build
|
||||
- build-manifest
|
||||
|
||||
variables:
|
||||
VERSION: 5.4-fpm
|
||||
CACHETAG: build
|
||||
VERSION: 5.9
|
||||
DOCKER_HOST: tcp://docker:2375
|
||||
VERSIONARCH: ${VERSION}-${ARCH}
|
||||
|
||||
cache:
|
||||
key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
|
||||
paths:
|
||||
- build-cache
|
||||
|
||||
image: docker:latest
|
||||
services:
|
||||
- docker:dind
|
||||
|
||||
before_script:
|
||||
- docker info
|
||||
- docker version
|
||||
- if [ ! -d build-cache ]; then mkdir build-cache; fi
|
||||
- sed -i -e s'/https/http/' /etc/apk/repositories
|
||||
- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
|
||||
- docker info && docker version
|
||||
# env|sort
|
||||
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
||||
|
||||
test:
|
||||
stage: test
|
||||
script:
|
||||
- cat /etc/hosts
|
||||
- env|sort
|
||||
- docker build -t ${CI_REGISTRY_IMAGE}:${VERSION} .
|
||||
- docker images
|
||||
only:
|
||||
- debug
|
||||
|
||||
build:
|
||||
stage: build
|
||||
script:
|
||||
- if [ -f init ]; then chmod 500 init; fi
|
||||
- docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG} || true
|
||||
- docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
|
||||
tags:
|
||||
- docker
|
||||
- x86_64
|
||||
only:
|
||||
- master
|
||||
include:
|
||||
- .gitlab-docker-x86_64.yml
|
||||
# .gitlab-docker-armv7l.yml
|
||||
# .gitlab-docker-arm64.yml
|
||||
- .gitlab-docker-manifest.yml
|
||||
|
||||
10
.gitlab-docker-manifest.yml
Normal file
10
.gitlab-docker-manifest.yml
Normal file
@ -0,0 +1,10 @@
|
||||
x86_64:build-manifest:
|
||||
stage: build-manifest
|
||||
script:
|
||||
- docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}-armv7l
|
||||
- docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||
tags:
|
||||
- docker
|
||||
- x86_64
|
||||
only:
|
||||
- master
|
||||
16
.gitlab-docker-x86_64.yml
Normal file
16
.gitlab-docker-x86_64.yml
Normal file
@ -0,0 +1,16 @@
|
||||
x86_64:build:
|
||||
variables:
|
||||
ARCH: x86_64
|
||||
stage: build
|
||||
script:
|
||||
- if [ -f init ]; then chmod 500 init; fi
|
||||
- ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
|
||||
- rm build-cache/* || true
|
||||
- docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
|
||||
- docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
|
||||
tags:
|
||||
- docker
|
||||
- x86_64
|
||||
only:
|
||||
- master
|
||||
35
Dockerfile
35
Dockerfile
@ -1,28 +1,29 @@
|
||||
# NAME leenooks/wordpress
|
||||
# VERSION 5.4-fpm
|
||||
# VERSION 5.9-fpm
|
||||
|
||||
FROM wordpress:5.4-fpm
|
||||
FROM wordpress:5.9-fpm-alpine
|
||||
|
||||
RUN apt-get update && apt-get install -y openssh-server msmtp nginx \
|
||||
&& rm /etc/nginx/sites-enabled/default \
|
||||
&& apt-get -y autoremove \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
# Change to http respositories, so they we can cache the install packages
|
||||
RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
|
||||
|
||||
RUN docker-php-ext-install -j$(nproc) opcache
|
||||
|
||||
RUN useradd -c "Hosting Admin User" -u 1000 -g users -G www-data -d /var/www/html -M lamp
|
||||
# Tune PHP
|
||||
RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
|
||||
COPY www.conf /usr/local/etc/php-fpm.d/
|
||||
COPY nginx-app.conf /etc/nginx/conf.d/
|
||||
COPY msmtprc /etc/
|
||||
RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
|
||||
RUN adduser -g "Hosting Admin User" -u 1000 -G www-data -h /var/www/html -HD lamp && mkdir /run/nginx
|
||||
|
||||
COPY sshd_config.patch /tmp
|
||||
RUN (cd / && patch -p0 ) < /tmp/sshd_config.patch && rm /tmp/sshd_config.patch
|
||||
# Base
|
||||
RUN apk add --no-cache unzip zlib nginx msmtp
|
||||
RUN curl -SLo /usr/local/bin/wait-for-it https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh && chmod +x /usr/local/bin/wait-for-it
|
||||
|
||||
EXPOSE 9000/tcp 22/tcp
|
||||
COPY msmtprc /etc/
|
||||
COPY docker/www.conf /usr/local/etc/php-fpm.d/
|
||||
COPY docker/nginx-app.conf /etc/nginx/http.d/default.conf
|
||||
|
||||
COPY init /sbin
|
||||
COPY docker/init /sbin/
|
||||
COPY update /usr/local/sbin
|
||||
RUN chmod 550 /sbin/init && chown 0:0 /sbin/init
|
||||
|
||||
WORKDIR /var/www/html
|
||||
EXPOSE 80
|
||||
ENTRYPOINT [ "/sbin/init" ]
|
||||
CMD [ "php-fpm" ]
|
||||
|
||||
26
docker/init
Executable file
26
docker/init
Executable file
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
NGINX_START=${NGINX_START:-TRUE}
|
||||
DB_PORT=3306
|
||||
|
||||
function nginx_start() {
|
||||
# Start NGINX
|
||||
if [ -x /usr/sbin/nginx -a "${NGINX_START}" == "TRUE" ]; then
|
||||
echo "* Starting NGINX..."
|
||||
/usr/sbin/nginx -g 'daemon on; master_process on;'
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -n "${WORDPRESS_DB_HOST}" -a -n "${DB_PORT}" ]; then
|
||||
while ! wait-for-it -h ${WORDPRESS_DB_HOST} -p ${DB_PORT} -t 5 -q; do
|
||||
echo "? Waiting for database at ${WORDPRESS_DB_HOST}:${DB_PORT}"
|
||||
sleep 1;
|
||||
done
|
||||
echo "- DB is active on ${WORDPRESS_DB_HOST}:${DB_PORT}"
|
||||
fi
|
||||
|
||||
nginx_start
|
||||
|
||||
exec /usr/local/bin/docker-entrypoint.sh "$@"
|
||||
@ -2,13 +2,17 @@ server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
access_log none;
|
||||
client_max_body_size 10m;
|
||||
error_log none;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 16k;
|
||||
access_log off;
|
||||
client_max_body_size 64m;
|
||||
error_log /dev/stdout info;
|
||||
fastcgi_buffering off;
|
||||
fastcgi_request_buffering off;
|
||||
gzip_vary on;
|
||||
gzip_min_length 10240;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
gzip_types text/plain text/css application/javascript;
|
||||
index index.php index.html;
|
||||
root /var/www/html/public;
|
||||
root /var/www/html;
|
||||
server_tokens off;
|
||||
|
||||
set $my_https "off";
|
||||
@ -25,11 +29,15 @@ server {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param HTTPS $my_https;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SERVER_NAME $host;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS $my_https;
|
||||
fastcgi_param PHP_ADMIN_VALUE "sendmail_path=/usr/sbin/sendmail -i -t";
|
||||
|
||||
fastcgi_read_timeout 600s;
|
||||
fastcgi_send_timeout 600s;
|
||||
}
|
||||
}
|
||||
21
init
21
init
@ -1,21 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
NO_NGINX=${NO_NGINX:-TRUE}
|
||||
SSH_START=${SSH_START:-FALSE}
|
||||
|
||||
function nginx_start() {
|
||||
# Start NGINX
|
||||
if [ -x /usr/sbin/nginx -a "${NO_NGINX}" != "TRUE" ]; then
|
||||
echo "* Starting NGINX..."
|
||||
start-stop-daemon --start --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -g 'daemon on; master_process on;'
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -x /usr/sbin/sshd -a "${SSH_START}" = "TRUE" ]; then
|
||||
[ ! -d /var/run/sshd ] && mkdir /var/run/sshd
|
||||
start-stop-daemon --start --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -p 22
|
||||
fi
|
||||
|
||||
nginx_start
|
||||
|
||||
exec /usr/local/bin/docker-entrypoint.sh "$@"
|
||||
16
msmtprc
16
msmtprc
@ -1,18 +1,26 @@
|
||||
# A system wide configuration file is optional.
|
||||
defaults
|
||||
port 25
|
||||
tls off
|
||||
|
||||
# If it exists, it usually defines a default account.
|
||||
# This allows msmtp to be used like /usr/sbin/sendmail.
|
||||
account default
|
||||
|
||||
# Authentication
|
||||
auth off
|
||||
|
||||
# The SMTP smarthost
|
||||
host smtp
|
||||
|
||||
# Envelope-from address
|
||||
#from user@example.com
|
||||
domain example.com
|
||||
from nobody@%H
|
||||
|
||||
# Sets the argument of the SMTP EHLO
|
||||
domain web
|
||||
|
||||
# Construct envelope-from addresses of the form "user@oursite.example"
|
||||
#auto_from on
|
||||
#maildomain example.com
|
||||
#allow_from_override on
|
||||
|
||||
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
|
||||
syslog LOG_MAIL
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
--- /etc/ssh/sshd_config.orig 2017-12-17 13:08:18.460496574 +0000
|
||||
+++ /etc/ssh/sshd_config 2017-12-17 13:10:01.093459593 +0000
|
||||
@@ -15,8 +15,8 @@
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
-#HostKey /etc/ssh/ssh_host_rsa_key
|
||||
-#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
+HostKey /etc/ssh/ssh_host_rsa_key
|
||||
+HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# Ciphers and keying
|
||||
@@ -30,6 +30,7 @@
|
||||
|
||||
#LoginGraceTime 2m
|
||||
#PermitRootLogin prohibit-password
|
||||
+PermitRootLogin no
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
@@ -54,6 +55,7 @@
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
#PasswordAuthentication yes
|
||||
+PasswordAuthentication no
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
Loading…
Reference in New Issue
Block a user