🦈🏠🐜❗ Initial Commit ❗🐜🦈🏠

.gitignore

@@ -0,0 +1,19 @@
+# gitignore created on 06/24/22 at 14:04
+# Disable reminder in prompt
+ignoredirmessage
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Other
+.installed
+
+
+# ignore commit message
+.gitcommit

Dockerfile

@@ -0,0 +1,70 @@
+FROM alpine:latest
+
+ARG BUILD_DATE
+ARG VCS_REF
+
+LABEL maintainer="CasjaysDev <docker-admin@casjaysdev.com>" \
+  alpine-version="latest" \
+  nginx-version="latest" \
+  php-version="latest" \
+  wordpress-version="latest" \
+  build="24-June-2022" \
+  org.opencontainers.image.title="alpine-php-wordpress" \
+  org.opencontainers.image.description="Wordpress image running on Alpine Linux" \
+  org.opencontainers.image.authors="CasjaysDev <docker-admin@casjaysdev.com>" \
+  org.opencontainers.image.vendor="CasjaysDev" \
+  org.opencontainers.image.version="latest" \
+  org.opencontainers.image.url="https://hub.docker.com/r/casjaysdev/wordpress/" \
+  org.opencontainers.image.source="https://github.com/casjaysdev/wordpress" \
+  org.opencontainers.image.revision=$VCS_REF \
+  org.opencontainers.image.created=$BUILD_DATE
+
+ENV TERM="xterm" \
+  DB_HOST="localhost" \
+  DB_NAME="wordpress" \
+  DB_USER="root"\
+  DB_PASS="wordpress_pass"
+
+RUN apk -U upgrade && \ 
+  apk add --no-cache bash curl less vim nginx ca-certificates git tzdata zip \
+  libmcrypt-dev zlib-dev gmp-dev \
+  freetype-dev libjpeg-turbo-dev libpng-dev \
+  php-fpm php-json php-zlib php-xml php-xmlwriter \
+  php-simplexml php-pdo php-phar php-openssl \
+  php-pdo_mysql php-mysqli php-session \
+  php-gd php-iconv php-gmp php-zip \
+  php-curl php-opcache php-ctype \
+  php-intl php-bcmath php-dom php-mbstring php-xmlreader \
+  mysql-client mysql curl && \
+  apk add -u musl && \
+  rm -rf /var/cache/apk/* && \
+  ln -sf /usr/sbin/php-fpm8 /usr/bin/php-fpm
+
+RUN /usr/bin/mysql_install_db --user=mysql --datadir=/var/lib/mysql && \
+  sed -i 's|skip-networking|#skip-networking|g' /etc/my.cnf && \
+  sed -i 's|#bind-address=.*|bind-address=127.0.0.1|g' /etc/my.cnf.d/mariadb-server.cnf && \
+  sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php8/php.ini && \
+  sed -i 's/expose_php = On/expose_php = Off/g' /etc/php8/php.ini && \
+  sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/usr:\/bin\/bash/g" /etc/passwd && \
+  sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/usr:\/bin\/bash/g" /etc/passwd- && \
+  echo "mysqld_safe --datadir=/var/lib/mysql --port=3306 &" > /tmp/config && \
+  echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config && \
+  echo "mysqladmin -u root password 'wordpress_pass'" >> /tmp/config && \
+  bash /tmp/config && \
+  rm -f /tmp/config
+
+ADD files/nginx.conf /etc/nginx/
+ADD files/php-fpm.conf /etc/php8/
+ADD files/run.sh /usr/local/bin/entrypoint-wordpress.sh
+RUN chmod +x /usr/local/bin/entrypoint-wordpress.sh && \
+  curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
+  chmod +x wp-cli.phar && \
+  mv wp-cli.phar /usr/bin/wp-cli && \
+  chown nginx:nginx /usr/bin/wp-cli && \
+  chown -Rf mysql:mysql /var/lib/mysql /run/mysqld
+
+EXPOSE 80
+VOLUME ["/usr/html", "/var/lib/mysql"]
+
+HEALTHCHECK CMD ["usr/local/bin/entrypoint-wordpress.sh", "healthcheck"]
+ENTRYPOINT ["/usr/local/bin/entrypoint-wordpress.sh"]

LICENSE.md

@@ -0,0 +1,13 @@
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE  
+                    Version 2, December 2004  
+
+ Copyright (C) 2022 Jason Hempstead <git-admin@casjaysdev.com>  
+  
+ Everyone is permitted to copy and distribute verbatim or modified  
+ copies of this license document, and changing it is allowed as long  
+ as the name is changed.  
+  
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE  
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION  
+  
+  1. You just DO WHAT THE FUCK YOU WANT TO.  

README.md

@@ -0,0 +1,43 @@
+# 👋 wordpress Readme 👋
+
+wordpress README
+
+## Run container
+
+### via command line
+
+```shell
+docker run -d \
+--restart always \
+--name wordpress \
+--hostname wordpress \
+-e TZ=${TIMEZONE:-America/New_York} \
+-v $PWD/wordpress/data:/var/lib/mysql \
+-v $PWD/wordpress/config:/usr/html \
+-p 80:80 \
+casjaysdev/wordpress:latest
+```
+
+### via docker-compose
+
+```yaml
+version: "2"
+services:
+  wordpress:
+    image: casjaysdev/wordpress
+    container_name: wordpress
+    environment:
+      - TZ=America/New_York
+      - HOSTNAME=wordpress
+    volumes:
+      - $HOME/.local/share/docker/storage/wordpress/data:/var/lib/mysql
+      - $HOME/.local/share/docker/storage/wordpress/config:/usr/html
+    ports:
+      - 80:80
+    restart: always
+```
+
+## Authors  
+
+🤖 Casjay: [Github](https://github.com/casjay) [Docker](https://hub.docker.com/casjay) 🤖  
+⛵ CasjaysDev: [Github](https://github.com/casjaysdev) [Docker](https://hub.docker.com/casjaysdev) ⛵  

files/nginx.conf

@@ -0,0 +1,102 @@
+daemon off;
+
+error_log stderr notice;
+pid /var/run/nginx/nginx.pid;
+env DB_HOST;
+env DB_NAME;
+env DB_USER;
+env DB_PASS;
+
+worker_processes  1;
+events {
+    worker_connections  1024;
+}
+
+http {
+  sendfile on;
+  include    /etc/nginx/mime.types;
+  include    /etc/nginx/fastcgi.conf;
+  default_type application/octet-stream;
+  access_log stdout;
+  tcp_nopush   on;
+  client_body_temp_path /tmp/nginx/body 1 2;
+  fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
+
+  log_format blocked '$time_local: Blocked request from $http_x_real_ip $request';
+
+  log_format specialLog '$http_x_real_ip - $remote_user [$time_local]  '
+                        '"$request" $status $body_bytes_sent '
+                        '"$http_referer" "$http_user_agent"';
+
+  client_max_body_size 512M;
+
+  server {
+
+    listen       80;
+
+    root /usr/html;
+    index  index.php index.html index.htm;
+    access_log stdout;
+    error_log stderr notice;
+
+    disable_symlinks off;
+
+    location = /robots.txt {
+      allow all;
+      log_not_found off;
+      access_log off;
+    }
+
+    location / {
+      try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~* /(?:uploads|files)/.*\.php$ {
+    	deny all;
+    }
+
+    location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
+        access_log        off;
+        log_not_found     off;
+        expires           360d;
+    }
+
+    location ~ [^/]\.php(/|$) {
+      fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+      if (!-f $document_root$fastcgi_script_name) {
+        return 404;
+      }
+      fastcgi_pass unix:/var/run/php-fpm.sock;
+      fastcgi_index index.php;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include fastcgi_params;
+    }
+
+    ## Block SQL injections
+    location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+
+    ## Block common exploits
+    location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* \.\.\/  { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+
+    ## Block file injections
+    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+
+    ## wordpress security
+    location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+
+  }
+
+}

files/php-fpm.conf

@@ -0,0 +1,34 @@
+error_log = /usr/logs/php8/php-fpm.log
+log_level = warning
+
+[www]
+user = nginx
+group = nginx
+listen = /var/run/php-fpm.sock
+listen.owner = nginx
+listen.group = nginx
+pm = ondemand
+
+; Total RAM dedicated to the web server / Max child process size
+pm.max_children = 75
+
+pm.process_idle_timeout = 10s
+pm.max_requests = 500
+chdir = /usr/html
+php_flag[display_errors] = on
+php_admin_value[memory_limit] = 128M
+php_admin_value[upload_max_filesize] = 32M
+php_admin_value[post_max_size] = 32M
+php_admin_value[output_buffering] = 0
+php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt
+php_admin_value[openssl.capath] = /etc/ssl/certs
+php_admin_value[max_input_nesting_level] = 256
+php_admin_value[max_input_vars] = 10000
+
+catch_workers_output = yes
+
+; Database variables passed via -e argument on Docker
+env["DB_HOST"] = "$DB_HOST"
+env["DB_USER"] = "$DB_USER"
+env["DB_PASS"] = "$DB_PASS"
+env["DB_NAME"] = "$DB_NAME"

files/run.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+if [ "$1" = "healthcheck" ]; then
+  curl -q -SIs "http://localhost:80" | grep -qE 'HTTP/[1,2]*' &&
+    ls var/run/php-fpm.sock /var/run/mysqld/mysqld.sock /var/run/nginx/nginx.pid &>/dev/null &&
+    exit 0 || exit 1
+fi
+
+[ -f /run-pre.sh ] && /run-pre.sh
+
+if [ ! -d "/usr/html/wp-admin" ] && [ ! -f "/usr/html/wp-config.php" ]; then
+  echo "[i] Installing wordpress..."
+  cd /tmp || exit 1
+  wget https://wordpress.org/latest.tar.gz -O /tmp/latest.tar.gz &&
+    tar -xzf /tmp/latest.tar.gz &&
+    cp -Rf /tmp/wordpress/. /usr/html/ &&
+    rm -Rf /tmp/wordpress /tmp/latest.tar.gz &&
+    chown -Rf nginx:nginx /usr/html
+else
+  echo "[i] Fixing permissions..."
+  chown -R nginx:nginx /usr/html
+fi
+
+mkdir -p /usr/logs/php8
+mkdir -p /usr/logs/nginx
+mkdir -p /tmp/nginx
+
+chown -Rf nginx /tmp/nginx
+chown -Rf mysql:mysql /var/lib/mysql /run/mysqld
+
+/usr/bin/php-fpm &
+mysqld_safe --datadir=/var/lib/mysql &
+
+if [ ! -d "/var/lib/mysql/wordpress" ]; then
+  sleep 10
+  mysql -uroot -p$DB_PASS -e "CREATE DATABASE $DB_NAME"
+  mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO $DB_NAME@localhost IDENTIFIED BY '$DB_PASS'"
+fi
+
+[ -z "$DB_HOST" ] && echo "Database host: not set" || echo "Database host: $DB_HOST"
+[ -z "$DB_NAME" ] && echo "Database name: not set" || echo "Database name: $DB_NAME"
+[ -z "$DB_USER" ] && echo "Database user: not set" || echo "Database user: $DB_USER"
+[ -z "$DB_PASS" ] && echo "Database pass: not set" || echo "Database pass: $DB_PASS"
+
+nginx