casjaysdevdocker/wordpress
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/wordpress synced 2025-11-04 01:02:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

🦈🏠🐜 Initial Commit 🐜🦈🏠

Browse Source
This commit is contained in:
Jason
2022-06-24 14:04:55 -04:00
commit 7c5df1c10e
7 changed files with 326 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.gitignore vendored Normal file
View File

@@ -0,0 +1,19 @@
# gitignore created on 06/24/22 at 14:04
# Disable reminder in prompt
ignoredirmessage
# OS generated files
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
# Other
.installed
# ignore commit message
.gitcommit

70
Dockerfile Normal file
View File

@@ -0,0 +1,70 @@
FROM alpine:latest
ARG BUILD_DATE
ARG VCS_REF
LABEL maintainer="CasjaysDev <docker-admin@casjaysdev.com>" \
alpine-version="latest" \
nginx-version="latest" \
php-version="latest" \
wordpress-version="latest" \
build="24-June-2022" \
org.opencontainers.image.title="alpine-php-wordpress" \
org.opencontainers.image.description="Wordpress image running on Alpine Linux" \
org.opencontainers.image.authors="CasjaysDev <docker-admin@casjaysdev.com>" \
org.opencontainers.image.vendor="CasjaysDev" \
org.opencontainers.image.version="latest" \
org.opencontainers.image.url="https://hub.docker.com/r/casjaysdev/wordpress/" \
org.opencontainers.image.source="https://github.com/casjaysdev/wordpress" \
org.opencontainers.image.revision=$VCS_REF \
org.opencontainers.image.created=$BUILD_DATE
ENV TERM="xterm" \
DB_HOST="localhost" \
DB_NAME="wordpress" \
DB_USER="root"\
DB_PASS="wordpress_pass"
RUN apk -U upgrade && \
apk add --no-cache bash curl less vim nginx ca-certificates git tzdata zip \
libmcrypt-dev zlib-dev gmp-dev \
freetype-dev libjpeg-turbo-dev libpng-dev \
php-fpm php-json php-zlib php-xml php-xmlwriter \
php-simplexml php-pdo php-phar php-openssl \
php-pdo_mysql php-mysqli php-session \
php-gd php-iconv php-gmp php-zip \
php-curl php-opcache php-ctype \
php-intl php-bcmath php-dom php-mbstring php-xmlreader \
mysql-client mysql curl && \
apk add -u musl && \
rm -rf /var/cache/apk/* && \
ln -sf /usr/sbin/php-fpm8 /usr/bin/php-fpm
RUN /usr/bin/mysql_install_db --user=mysql --datadir=/var/lib/mysql && \
sed -i 's|skip-networking|#skip-networking|g' /etc/my.cnf && \
sed -i 's|#bind-address=.*|bind-address=127.0.0.1|g' /etc/my.cnf.d/mariadb-server.cnf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php8/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php8/php.ini && \
sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/usr:\/bin\/bash/g" /etc/passwd && \
sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/usr:\/bin\/bash/g" /etc/passwd- && \
echo "mysqld_safe --datadir=/var/lib/mysql --port=3306 &" > /tmp/config && \
echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config && \
echo "mysqladmin -u root password 'wordpress_pass'" >> /tmp/config && \
bash /tmp/config && \
rm -f /tmp/config
ADD files/nginx.conf /etc/nginx/
ADD files/php-fpm.conf /etc/php8/
ADD files/run.sh /usr/local/bin/entrypoint-wordpress.sh
RUN chmod +x /usr/local/bin/entrypoint-wordpress.sh && \
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && \
mv wp-cli.phar /usr/bin/wp-cli && \
chown nginx:nginx /usr/bin/wp-cli && \
chown -Rf mysql:mysql /var/lib/mysql /run/mysqld
EXPOSE 80
VOLUME ["/usr/html", "/var/lib/mysql"]
HEALTHCHECK CMD ["usr/local/bin/entrypoint-wordpress.sh", "healthcheck"]
ENTRYPOINT ["/usr/local/bin/entrypoint-wordpress.sh"]

13
LICENSE.md Normal file
View File

@@ -0,0 +1,13 @@
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2022 Jason Hempstead <git-admin@casjaysdev.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
1. You just DO WHAT THE FUCK YOU WANT TO.

43
README.md Normal file
View File

@@ -0,0 +1,43 @@
# 👋 wordpress Readme 👋
wordpress README
## Run container
### via command line
```shell
docker run -d \
--restart always \
--name wordpress \
--hostname wordpress \
-e TZ=${TIMEZONE:-America/New_York} \
-v $PWD/wordpress/data:/var/lib/mysql \
-v $PWD/wordpress/config:/usr/html \
-p 80:80 \
casjaysdev/wordpress:latest
```
### via docker-compose
```yaml
version: "2"
services:
wordpress:
image: casjaysdev/wordpress
container_name: wordpress
environment:
- TZ=America/New_York
- HOSTNAME=wordpress
volumes:
- $HOME/.local/share/docker/storage/wordpress/data:/var/lib/mysql
- $HOME/.local/share/docker/storage/wordpress/config:/usr/html
ports:
- 80:80
restart: always
```
## Authors
🤖 Casjay: [Github](https://github.com/casjay) [Docker](https://hub.docker.com/casjay) 🤖
⛵ CasjaysDev: [Github](https://github.com/casjaysdev) [Docker](https://hub.docker.com/casjaysdev) ⛵

102
files/nginx.conf Normal file
View File

@@ -0,0 +1,102 @@
daemon off;
error_log stderr notice;
pid /var/run/nginx/nginx.pid;
env DB_HOST;
env DB_NAME;
env DB_USER;
env DB_PASS;
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
include /etc/nginx/mime.types;
include /etc/nginx/fastcgi.conf;
default_type application/octet-stream;
access_log stdout;
tcp_nopush on;
client_body_temp_path /tmp/nginx/body 1 2;
fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
log_format blocked '$time_local: Blocked request from $http_x_real_ip $request';
log_format specialLog '$http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
client_max_body_size 512M;
server {
listen 80;
root /usr/html;
index index.php index.html index.htm;
access_log stdout;
error_log stderr notice;
disable_symlinks off;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
## Block SQL injections
location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
## Block common exploits
location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* \.\.\/ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
## Block file injections
location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
## wordpress security
location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
}
}

34
files/php-fpm.conf Normal file
View File

@@ -0,0 +1,34 @@
error_log = /usr/logs/php8/php-fpm.log
log_level = warning
[www]
user = nginx
group = nginx
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
pm = ondemand
; Total RAM dedicated to the web server / Max child process size
pm.max_children = 75
pm.process_idle_timeout = 10s
pm.max_requests = 500
chdir = /usr/html
php_flag[display_errors] = on
php_admin_value[memory_limit] = 128M
php_admin_value[upload_max_filesize] = 32M
php_admin_value[post_max_size] = 32M
php_admin_value[output_buffering] = 0
php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt
php_admin_value[openssl.capath] = /etc/ssl/certs
php_admin_value[max_input_nesting_level] = 256
php_admin_value[max_input_vars] = 10000
catch_workers_output = yes
; Database variables passed via -e argument on Docker
env["DB_HOST"] = "$DB_HOST"
env["DB_USER"] = "$DB_USER"
env["DB_PASS"] = "$DB_PASS"
env["DB_NAME"] = "$DB_NAME"

45
files/run.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/bash
if [ "$1" = "healthcheck" ]; then
curl -q -SIs "http://localhost:80" | grep -qE 'HTTP/[1,2]*' &&
ls var/run/php-fpm.sock /var/run/mysqld/mysqld.sock /var/run/nginx/nginx.pid &>/dev/null &&
exit 0 || exit 1
fi
[ -f /run-pre.sh ] && /run-pre.sh
if [ ! -d "/usr/html/wp-admin" ] && [ ! -f "/usr/html/wp-config.php" ]; then
echo "[i] Installing wordpress..."
cd /tmp || exit 1
wget https://wordpress.org/latest.tar.gz -O /tmp/latest.tar.gz &&
tar -xzf /tmp/latest.tar.gz &&
cp -Rf /tmp/wordpress/. /usr/html/ &&
rm -Rf /tmp/wordpress /tmp/latest.tar.gz &&
chown -Rf nginx:nginx /usr/html
else
echo "[i] Fixing permissions..."
chown -R nginx:nginx /usr/html
fi
mkdir -p /usr/logs/php8
mkdir -p /usr/logs/nginx
mkdir -p /tmp/nginx
chown -Rf nginx /tmp/nginx
chown -Rf mysql:mysql /var/lib/mysql /run/mysqld
/usr/bin/php-fpm &
mysqld_safe --datadir=/var/lib/mysql &
if [ ! -d "/var/lib/mysql/wordpress" ]; then
sleep 10
mysql -uroot -p$DB_PASS -e "CREATE DATABASE $DB_NAME"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO $DB_NAME@localhost IDENTIFIED BY '$DB_PASS'"
fi
[ -z "$DB_HOST" ] && echo "Database host: not set" || echo "Database host: $DB_HOST"
[ -z "$DB_NAME" ] && echo "Database name: not set" || echo "Database name: $DB_NAME"
[ -z "$DB_USER" ] && echo "Database user: not set" || echo "Database user: $DB_USER"
[ -z "$DB_PASS" ] && echo "Database pass: not set" || echo "Database pass: $DB_PASS"
nginx