init

Author: lsl

.dockerignore

@@ -0,0 +1 @@
+.gitignore

.gitignore

@@ -0,0 +1,3 @@
+composer.lock
+vendor
+wp-content

Dockerfile

@@ -0,0 +1,115 @@
+FROM lslio/composer:latest as composer
+
+# Installs WordPress into /app/wordpress
+RUN composer-require johnpbloch/wordpress:^4.9
+
+# Delete hello dolly
+RUN rm /app/wordpress/wp-content/plugins/hello.php
+
+# Create uploads + mu-plugins dirs
+# Note: if you don't do this here, later when you
+# mount /uploads it will have root permissions
+# preventing uploads etc
+RUN mkdir /app/wordpress/wp-content/uploads
+RUN mkdir /app/wordpress/wp-content/mu-plugins
+
+# Fix write perms, ownership fixed on copy
+RUN find /app/wordpress -type d -exec chmod 755 {} \;
+RUN find /app/wordpress -type f -exec chmod 644 {} \;
+
+# Build image
+FROM alpine:3.7
+
+# Set user
+# Note: implicitly creates: /var/www, www group @ gid 1000
+# Previously using -G wheel (this might get reverted)
+RUN adduser -D -u 1000 -g 1000 -s /bin/sh -h /var/www www-data
+
+# PHP/FPM + Modules
+RUN apk add --no-cache --update \
+    php7 \
+    php7-apcu \
+    php7-bcmath \
+    php7-bz2 \
+    php7-ctype \
+    php7-curl \
+    php7-dom \
+    php7-fpm \
+    php7-ftp \
+    php7-gd \
+    php7-iconv \
+    php7-json \
+    php7-mbstring \
+    php7-mysqli \
+    php7-oauth \
+    php7-opcache \
+    php7-openssl \
+    php7-pcntl \
+    php7-pdo \
+    php7-pdo_mysql \
+    php7-phar \
+    php7-redis \
+    php7-session \
+    php7-simplexml \
+    php7-tokenizer \
+    php7-xdebug \
+    php7-xml \
+    php7-xmlwriter \
+    php7-zip \
+    php7-zlib
+
+# tini - 'cause zombies - see: https://github.com/ochinchina/supervisord/issues/60
+# gettext - nginx env substitution
+RUN apk add --no-cache --update \
+    tini \
+    gettext \
+    nginx && \
+    rm -rf /var/www/localhost
+
+# Fix nginx dirs/perms
+RUN mkdir -p /var/cache/nginx && \
+    chown -R www-data:www-data /var/cache/nginx && \
+    chown -R www-data:www-data /var/lib/nginx && \
+    chown -R www-data:www-data /var/tmp/nginx
+
+# Install a golang port of supervisord
+COPY --from=ochinchina/supervisord:latest /usr/local/bin/supervisord /usr/bin/supervisord
+
+# Runtime env vars are envstub'd into config during entrypoint
+# Defaults: proto: http, name: localhost, alias: ''
+ENV SERVER_PROTO='http'
+ENV SERVER_NAME='localhost'
+ENV SERVER_ALIAS=''
+
+# Wordpress config settings
+ENV DB_NAME='wordpress'
+ENV DB_USER='wordpress'
+ENV DB_PASSWORD='wordpress'
+ENV DB_HOST='mysql'
+ENV WP_DEBUG='false'
+
+# These need to be set in your extending Dockerfile
+# `docker run --rm lslio/wordpress salt`
+# (its a wrapper around https://api.wordpress.org/secret-key/1.1/salt/)
+ENV AUTH_KEY='set me'
+ENV SECURE_AUTH_KEY='set me'
+ENV LOGGED_IN_KEY='set me'
+ENV NONCE_KEY='set me'
+ENV AUTH_SALT='set me'
+ENV SECURE_AUTH_SALT='set me'
+ENV LOGGED_IN_SALT='set me'
+ENV NONCE_SALT='set me'
+
+COPY /manifest /
+
+COPY --from=composer --chown=www-data:www-data /app/wordpress /var/www/wordpress
+
+COPY --chown=www-data:www-data wp-config.php /var/www/wordpress/wp-config.php
+
+WORKDIR /var/www/wordpress
+
+EXPOSE 80
+
+ENTRYPOINT ["tini", "--"]
+CMD ["/docker-entrypoint.sh"]
+

README.md

@@ -0,0 +1,42 @@
+# WordPress + PHP-FPM7 + Nginx + Alpine Linux
+
+Simplifying WordPress deployment leveraging docker.
+
+.. That's the plan anyway.
+
+Current state comes with a lot of technical caveats.
+
+This is not a fork or replacement for the Official [WordPress](https://hub.docker.com/_/wordpress/) image.
+
+This image aims to solve the problems you face when deploying a single WordPress image over a k8's cluster or docker swarm.
+
+This image is *not* intended to be used stand-alone, while it comes with a working wordpress install it is intended as a base to install plugins and themes overtop. To use standalone you would need to mount your own wp-content folder into the container at runtime.
+
+Current limitations:
+- wp-content/uploads needs to be mounted to something like NFS for use on multi-server setups.
+- Plugins that leverage disk for caching need to be avoided (e.g. w3-total-cache, fvm, autoptimize.)
+- plugins and themes need to be pre-installed with composer.
+- wp-cli is out due to requiring an unattainable db connection.
+
+The nginx/php-fpm setup is based off of [lslio/nginx-php-fpm](https://github.com/lsl/docker-nginx-php-fpm) but does not extend from it so we have some room to make customizations for WordPress.
+
+To work around the limitations it is expected users either run a build step on their themes / plugins prior to building the docker image or make use of external services to handle minification and other optimizations.
+
+A potential addition to this project might be a pre-configured varnish image that is automatically aware / linked to this image.
+
+## [Quickstart example](https://github.com/lsl/docker-wordpress/tree/master/example)
+
+```
+    git clone [email protected]:lsl/docker-wordpress.git
+    cd docker-wordpress/example
+    docker-compose up -d
+    xdg-open http://example.localhost
+```
+
+## [Docker Pull](https://hub.docker.com/r/lslio/wordpress/)
+
+```
+    docker pull lslio/wordpress
+```
+
+

example/README.md

@@ -0,0 +1,27 @@
+# Example lslio/wordpress setup
+
+## Quickstart
+
+```
+    git clone https://github.com/lsl/docker-wordpress
+    cd docker-wordpress/example
+    docker-compose up -d
+    xdg-open http://example.localhost
+```
+
+This is a simple example of how you might use [lslio/wordpress](https://hub.docker.com/r/lslio/wordpress/) in a development environment.
+
+The docker-compose.yml contains a reverse proxy, wordpress, and mysql containers. The reverse proxy could be removed if you only have one wordpress install you want to manage through this file.
+
+## Salts
+
+site/Dockerfile is an example Dockerfile you might use to build your own WordPress image.
+
+Run `docker run --rm lslio/wordpress salt` and copy the output into site/Dockerfile
+
+
+## Secrets in Environment Variables
+
+Currently DB_PASSWORD is stored as an environment variable, along with AUTH_KEY and salts.
+
+Fixing this would probably take a decent chunk of time where anyone serious enough could easily solve the problem by dropping in a secrets mount over /var/www/wordpress/wp-config.php.

example/docker-compose.yml

@@ -0,0 +1,48 @@
+# https://docs.docker.com/compose/compose-file/compose-versioning/
+version: '3.6'
+
+# Use `docker-compose down --volumes` to clear.
+volumes:
+  mysql: # MySQL data dir
+  uploads: # wp-content/uploads dir
+
+services:
+  # Isn't required but nice to have if you're working on
+  # or modifying the main image.
+  base:
+    image: lslio/wordpress
+    build: ../
+    entrypoint: /bin/true
+
+  # Reverse proxy
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    ports:
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+
+  # Web service
+  web:
+    build: ./site
+    volumes:
+      - uploads:/var/www/wordpress/wp-content/uploads:rw
+    environment:
+      VIRTUAL_HOST: "example.localhost"
+      DB_NAME: wordpress
+      DB_USER: wordpress
+      DB_PASSWORD: wordpress
+      DB_HOST: mysql
+      WP_DEBUG: 'false'
+
+  # Database
+  mysql:
+    image: mariadb:10.3.5
+    volumes:
+      - mysql:/var/lib/mysql # Local volume mount for persistence
+    command: ["mysqld", "--default-time-zone=+00:00"]
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+      MYSQL_DATABASE: wordpress
+      MYSQL_USER: wordpress
+      MYSQL_PASSWORD: wordpress

example/site/.dockerignore

@@ -0,0 +1,2 @@
+vendor
+wp-content

example/site/.gitignore

@@ -0,0 +1,2 @@
+vendor
+wp-content

example/site/Dockerfile

@@ -0,0 +1,40 @@
+FROM lslio/composer:latest as composer
+
+COPY ./composer.* /app/
+RUN composer-install
+
+# Must use plugins (auto enable)
+RUN mv /app/wordpress/wp-content/plugins/all-in-one-wp-migration /app/wordpress/wp-content/mu-plugins/all-in-one-wp-migration
+RUN mv /app/wordpress/wp-content/plugins/lcache /app/wordpress/wp-content/mu-plugins/lcache
+
+# Final Build
+FROM lslio/wordpress:latest
+
+# Used by nginx + wordpress
+ENV SERVER_PROTO=https
+ENV SERVER_NAME=example.com
+ENV SERVER_ALIAS=www.example.com
+
+# Used by Wordpress
+ENV DB_NAME='wordpress'
+ENV DB_USER='wordpress'
+ENV DB_PASSWORD='wordpress'
+ENV DB_HOST='mysql'
+ENV WP_DEBUG='false'
+
+# Generate your own salts with docker run --rm lslio/wordpress salt
+ENV AUTH_KEY='-GM.Sk1gRDV2}D?+`beZ}Cty?v,#rZ|a--z.l?_7HgWMu)&8S(oC~2u.ECGC3+=X'
+ENV SECURE_AUTH_KEY='D_ADN1@kx`FWYv6IQ*UnnD!T]pIZT67U+HlX58/p(mSb~&]Gr->@Z%%l8@t-uyZ*'
+ENV LOGGED_IN_KEY='k0ap|!f*jL_S_0Ks5C-q9=mGN#BEr7h/m4`3!::5=5 [~:A>+F!qL2*jqlkOy`UB'
+ENV NONCE_KEY='`;dYKh+{K=>!;# 8-kt-Km>~1+s97L|-mUd5QC4q%}J}wW`.hIN~{/(={xUb{=Ro'
+ENV AUTH_SALT='Vs&/=u3`sG:uw0WDp8%b-Y6~ =_UJ+ Oc47BK##HAxL}8v3D,t_+L2A!=HU|SD`a'
+ENV SECURE_AUTH_SALT='?!LQjInJJf+HRBN!1mA7[iyRZICG=!lBW(]fC5|1Q52RzY>3-]Y3q*XBv2h)(Mg2'
+ENV LOGGED_IN_SALT='v2y2x%|cHs6v*thfr~MZG~[MNB-`r9Y~X_ ]f-Q9POmXu-3)p.Juo2-QC!hc^$IL'
+ENV NONCE_SALT='0zK_Ww(ljs]w?GHm}6as]w^_wP%!3Jc<~,Dt3pxS{`Rg$$9tsM[aRz$DL^KHW+Kp'
+
+COPY --from=composer --chown=www:www /app/wp-content /var/www/wordpress/wp-content
+
+# lcache needs some help
+USER www
+RUN ln -s /var/www/wordpress/wp-content/mu-plugins/wp-lcache/object-cache.php /var/www/wordpress/wp-content/object-cache.php
+USER root

example/site/README.md

@@ -0,0 +1,11 @@
+# Example Site Dockerfile
+
+This setup assumes you're in a position to pre-load plugins via composer and keep them up to date that way.
+
+This setup has been designed with two main approaches in mind. Using this folder as a project folder and doing everyhing here, or having devops maintain this Docker setup and importing existing theme/plugin projects via composer.
+
+Either approach should start with a run of composer update to setup your composer.lock file, this speeds up builds and lets others get up to speed quicker.
+
+The resulting vendor and wp-content dirs are gitignored and dockerignored intentionally but for development you can mount them via docker-compose.yml.
+
+If you need to make edits to specific 3rd party plugin you could check out their source tree into ./ and copy it in via the Dockerfile. I advise not to make random edits to things in vendor/wp-content and then commit them.