WIP, changing the whole configuration setup

This commit is contained in:
Adrien Luxey 2020-03-31 10:55:25 +02:00
parent 37805f7a28
commit d7548f937e
14 changed files with 170 additions and 3 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*.retry

View file

@ -1,7 +1,30 @@
* [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/) * [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
* [securing server](security/) * [securing server](security/)
## How to package Wordpress
### Wordpress + PHP-FPM in Docker + nginx
* [Dockerise your PHP app with PHP-FPM and nginx](http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/)
nginx and PHP-FPM both need access to the files--at the same location. It's thus not easy to have a single nginx serving multiple PHP-FPM containers. You always need a webserver in the same container as PHP-FPM.
### Alternatives
* [WP multisite + Caddy](https://skippy.net/caddy-docker-php-wordpress): arguments against using the Wordpress Docker image, keeps the whole wp install outside the image, and instead focuses on properly configuring PHP-FPM. Has the advantage of being reusable for other PHP projects. Is well argumented.
#### Which webserver?
traefik does not support php-fpm, Caddy does. Not such a problem, we can keep Apache inside the container, who gives a shit.
### Wordpress security
* [File permissions](https://wordpress.org/support/article/changing-file-permissions/)
* [Sécu Wordpress (fr)](http://wptheme.fr/guide-creation-site-blog/securiser-et-nettoyer-theme-wordpress-virus/)
## TODO ## TODO
* review synapse nginx conf - seems incomplete * review synapse nginx conf - seems incomplete
laaaaaalallala

13
sites/arvuhez/README.md Normal file
View file

@ -0,0 +1,13 @@
## MySQL madness!
Wordpress's IP is configured to 172.26.0.2
Do the MySQL!
```mysql
select host, user, password from mysql.user order by user;
create user 'arvuhez'@'172.26.0.2' identified by 'kjhs';
grant all on arvuhez.* to 'arvuhez'@'172.26.0.2';
show grants for 'arvuhez'@'172.26.0.2';
```

View file

@ -0,0 +1,24 @@
version: '3'
services:
wp:
image: wordpress:apache
# build: wp/
restart: always
environment:
WORDPRESS_DB_HOST: 172.26.0.1
WORDPRESS_DB_USER: arvuhez
WORDPRESS_DB_PASSWORD: "xMnCfZzBs8F3y5pEUY8HWAJFu4DGdBFGJqAcbgJN"
WORDPRESS_DB_NAME: arvuhez
volumes:
- "/vault/www/arvuhez_wp-content/:/var/www/html/wp-content"
networks:
arvuheznet:
ipv4_address: 172.26.0.2
networks:
arvuheznet:
ipam:
driver: default
config:
- subnet: 172.26.0.0/16

View file

@ -0,0 +1,27 @@
version: '3'
# Generated by ansible for site lexperimental.fr
# At 172.100.0.2 on 172.100.0.0/24
services:
wp:
image: wordpress:apache
restart: always
environment:
WORDPRESS_DB_HOST: "172.100.0.1"
WORDPRESS_DB_USER: "lexperimental"
WORDPRESS_DB_PASSWORD: "c2nGCmaRfJfF3Ltw5hoVVXF63Gm2VsVGUTdr4eQT"
WORDPRESS_DB_NAME: "lexperimental"
volumes: ['/var/www/lexperimental/wp-content/:/var/www/html/wp-content']
networks:
net:
ipv4_address: "172.100.0.2"
networks:
net:
ipam:
driver: default
config:
- subnet: "172.100.0.0/24"

View file

@ -0,0 +1,44 @@
# Generated by ansible for site lexperimental.fr
# At 172.100.0.2 on 172.100.0.0/24
server {
listen 80;
listen [::]:80;
server_name lexperimental.fr www.lexperimental.fr;
rewrite ^ https://lexperimental.fr$request_uri permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name lexperimental.fr www.lexperimental.fr;
access_log /var/log/nginx/lexperimental-access.log;
error_log /var/log/nginx/error.log;
# Let's Encrypt
include snippets/letsencrypt.conf;
include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/lexperimental.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lexperimental.fr/privkey.pem;
if ($host = www.lexperimental.fr) {
rewrite ^ https://lexperimental.fr$request_uri permanent;
}
# Run by host
# root /var/www/lexperimental;
# include snippets/wordpress.conf;
# Run in Docker
include snippets/header-params_server.conf;
location / {
include snippets/header-params_location.conf;
proxy_pass http://172.100.0.2:80;
}
}

View file

@ -0,0 +1,13 @@
## MySQL madness!
Wordpress's IP is configured to 172.26.0.2
Do the MySQL!
```mysql
select host, user, password from mysql.user order by user;
create user 'rdb'@'172.26.0.2' identified by 'kjhs';
grant all on rdb.* to 'rdb'@'172.26.0.2';
show grants for 'rdb'@'172.26.0.2';
```

View file

@ -0,0 +1,24 @@
version: '3'
services:
wp:
image: wordpress:apache
# build: wp/
restart: always
environment:
WORDPRESS_DB_HOST: 172.27.0.1
WORDPRESS_DB_USER: rdb
WORDPRESS_DB_PASSWORD: "brEuC8KGQEPh4L9rYiwFaDxDB7FVdWLMB3TbgAcz"
WORDPRESS_DB_NAME: rdb
volumes:
- "/vault/www/rennes-des-bois_wp-content/:/var/www/html/wp-content"
networks:
rdbnet:
ipv4_address: 172.27.0.2
networks:
rdbnet:
ipam:
driver: default
config:
- subnet: 172.27.0.0/24

View file

@ -1 +0,0 @@
localhost

View file

@ -1 +0,0 @@
*