Repository: etopian/alpine-php-wordpress
Branch: master
Commit: 92ab724132f0
Files: 11
Total size: 14.3 KB
Directory structure:
gitextract_wqh4elk2/
├── Dockerfile
├── README.md
├── docker-build.sh
└── files/
├── fail2ban/
│ ├── filter.d/
│ │ ├── nginx-blocked.conf
│ │ └── wordpress-auth.conf
│ ├── jail.conf
│ └── mu-plugins/
│ └── fail2ban_login_failed.php
├── nginx.conf
├── php-fpm.conf
├── run.sh
└── wp-config-devoply.php
================================================
FILE CONTENTS
================================================
================================================
FILE: Dockerfile
================================================
FROM alpine:latest
MAINTAINER Etopian Inc. <contact@etopian.com>
LABEL devoply.type="site" \
devoply.cms="wordpress" \
devoply.framework="wordpress" \
devoply.language="php7" \
devoply.require="mariadb etopian/nginx-proxy" \
devoply.recommend="redis" \
devoply.description="WordPress on Nginx and PHP-FPM with WP-CLI." \
devoply.name="WordPress" \
devoply.params="docker run -d --name {container_name} -e VIRTUAL_HOST={virtual_hosts} -v /data/sites/{domain_name}:/DATA etopian/alpine-php7-wordpress"
RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories\
&& apk update \
&& apk add --no-cache \
bash \
less \
vim \
nginx \
ca-certificates \
php7-fpm \
php7-json \
php7-zlib \
php7-xml \
php7-pdo \
php7-phar \
php7-openssl \
php7-pdo_mysql \
php7-mysqli \
php7-session \
php7-gd \
php7-iconv \
php7-mcrypt \
php7-curl \
php7-opcache \
php7-ctype \
php7-apcu \
php7-intl \
php7-bcmath \
php7-mbstring \
php7-dom \
php7-xmlreader \
php7-simplexml \
mysql-client \
openssh-client \
git \
curl \
rsync \
musl \
&& apk --update --no-cache add tar
RUN rm -rf /var/cache/apk/*
ENV TERM="xterm" \
DB_HOST="172.17.0.1" \
DB_NAME="" \
DB_USER=""\
DB_PASS=""
ENV PATH /DATA/bin:$PATH
RUN sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/DATA:\/bin\/bash/g" /etc/passwd && \
sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/DATA:\/bin\/bash/g" /etc/passwd-
ADD files/nginx.conf /etc/nginx/
ADD files/php-fpm.conf /etc/php7/
ADD files/run.sh /
ADD files/wp-config-devoply.php /usr/bin/wp-config-devoply
RUN chmod +x /run.sh && chmod +x /usr/bin/wp-config-devoply
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli
EXPOSE 80
VOLUME ["/DATA"]
CMD ["/run.sh"]
================================================
FILE: README.md
================================================
# This image is DEPRECATED/DEAD.
See [https://github.com/devoply/wordpress](https://github.com/devoply/wordpress) for a newer image with a proper process manager.
### OLD INFO
Full documentation for this project can be found here: http://www.wordpressdocker.com/
We also have a development container: https://github.com/etopian/alpine-php-wordpress-dev
# Lightweight WordPress PHP7 PHP-FPM7 & Nginx Docker Production Image
Lightweight Docker image for the (latest) PHP-FPM and Nginx to run WordPress based on [AlpineLinux](http://alpinelinux.org)
* Image size only ~131MB !
* Very new packages (alpine:edge) 2016-07-21:
* [PHP](http://pkgs.alpinelinux.org/package/main/x86/php) 7.0.13
* [Nginx](http://pkgs.alpinelinux.org/package/main/x86/nginx) nginx/1.10.2
* Memory usage is around 50mb on a simple install.
## A simple example
### Say you want to run a single site on a VPS with Docker
```bash
mkdir -p /data/sites/etopian.com/htdocs
sudo docker run -e VIRTUAL_HOST=etopian.com,www.etopian.com -v /data/sites/etopian.com:/DATA -p 80:80 etopian/alpine-php-wordpress
```
The following user and group id are used, the files should be set to this:
User ID:
Group ID:
```bash
chown -R 100:101 /data/sites/etopian.com/htdocs
```
### Say you want to run a multiple WP sites on a VPS with Docker
```bash
sudo docker run -p 80:80 etopian/nginx-proxy
mkdir -p /data/sites/etopian.com/htdocs
sudo docker run -e VIRTUAL_HOST=etopian.com,www.etopian.com -v /data/sites/etopian.com:/DATA etopian/alpine-php-wordpress
mkdir -p /data/sites/etopian.net/htdocs
sudo docker run -e VIRTUAL_HOST=etopian.net,www.etopian.net -v /data/sites/etopian.net:/DATA etopian/alpine-php-wordpress
```
Populate /data/sites/etopian.com/htdocs and /data/sites/etopian.net/htdocs with your WP files. See http://www.wordpressdocker.com if you need help on how to configure your database.
The following user and group id are used, the files should be set to this:
User ID:
Group ID:
```bash
chown -R 100:101 /data/sites/etopian.com/htdocs
```
### Volume structure
* `htdocs`: Webroot
* `logs`: Nginx/PHP error logs
*
### WP-CLI
This image now includes [WP-CLI](wp-cli.org) baked in... So you can. Please `su nginx` before executing or else you can potentially compromise your host.
```
docker exec -it <container_name> bash
su nginx
cd /DATA/htdocs
wp-cli cli
```
### Multisite
For each multisite you need to give the domain as the -e VIRTUAL_HOST parameter. For instance VIRTUAL_HOST=site1.com,www.site1.com,site2.com,www.site2.com ... if you wish to add more sites you need to recreate the container.
### Upload limit
The upload limit is 2 gigabyte.
### Change php.ini value
modify files/php-fpm.conf
To modify php.ini variable, simply edit php-fpm.ini and add php_flag[variable] = value.
```
php_flag[display_errors] = on
```
Additional documentation on http://www.wordpressdocker.com
## Questions or Support
https://gitter.im/etopian/devoply
## Docker WordPress Control Panel
DEVOPly is a free hosting control panel which does everything taught in this tutorial automatically and much more, backups, staging/dev/prod, code editor, Github/Bitbucket deployments, DNS, WordPress Management. https://www.devoply.com
================================================
FILE: docker-build.sh
================================================
#!/bin/bash
docker build -t etopian/alpine-php-wordpress:latest .
================================================
FILE: files/fail2ban/filter.d/nginx-blocked.conf
================================================
# this file goes on the host in /etc/fail2ban/filter.d/nginx-blocked
[Definition]
failregex = ^.* Blocked request from <HOST>.*$
ignoreregex =
================================================
FILE: files/fail2ban/filter.d/wordpress-auth.conf
================================================
[Definition]
failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 403
================================================
FILE: files/fail2ban/jail.conf
================================================
# nginx blocks
# this file goes on the host in /etc/fail2ban/jail.conf
[nginx-blocked]
enabled = true
bantime = 600
maxretry = 3
backend = auto
findtime = 30
banaction = iptables-multiport
protocol = tcp
chain = INPUT
port = 80,443
filter = nginx-blocked
logpath = /data/sites/*/logs/nginx/blocked.log
[wordpress]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /data/sites/*/logs/nginx/access.log
maxretry = 3
bantime = 3600
================================================
FILE: files/fail2ban/mu-plugins/fail2ban_login_failed.php
================================================
<?php
# this file goes under <site_root>/wp-content/mu-plugins
function fail2ban_login_failed_403() {
status_header( 403 );
}
add_action( 'wp_login_failed', 'fail2ban_login_failed_403' );
================================================
FILE: files/nginx.conf
================================================
# run nginx in foreground
daemon off;
error_log /DATA/logs/nginx/error.log warn;
pid /var/run/nginx.pid;
env DB_HOST;
env DB_NAME;
env DB_USER;
env DB_PASS;
worker_processes auto;
events {
worker_connections 4096;
}
http {
sendfile on;
include /etc/nginx/mime.types;
include /etc/nginx/fastcgi.conf;
default_type application/octet-stream;
tcp_nopush on;
client_body_temp_path /tmp/nginx/body 1 2;
fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
#a new log format for detecting bad bots.
log_format blocked '$time_local: Blocked request from $http_x_real_ip $request';
## This log format makes it so we can see real requester's IP address \
## not just the reverse proxy server's IP address. Also note, that \
## "specialLog" can be replaced with any name you would like to \
## give to this log format.
log_format specialLog '$http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
client_max_body_size 2G;
server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
root /DATA/htdocs;
index index.php index.html index.htm;
access_log /DATA/logs/nginx/access.log specialLog;
error_log /DATA/logs/nginx/error.log;
disable_symlinks off;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# deny dot-files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
#Yoast SEO Sitemaps
location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
## this redirects sitemap.xml to /sitemap_index.xml
rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
## this makes the XML sitemaps work
rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
## The following lines are optional for the premium extensions
## News SEO
rewrite ^/news-sitemap.xml$ /index.php?sitemap=wpseo_news last;
## Local SEO
rewrite ^/locations.kml$ /index.php?sitemap=wpseo_local_kml last;
rewrite ^/geo-sitemap.xml$ /index.php?sitemap=wpseo_local last;
## Video SEO
rewrite ^/video-sitemap.xsl$ /index.php?xsl=video last;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
## Disable .htaccess and other hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
## Block SQL injections
location ~* union.*select.*\( { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* union.*all.*select.* { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* concat.*\( { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
## Block common exploits
location ~* (<|%3C).*script.*(>|%3E) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* base64_(en|de)code\(.*\) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* (%24&x) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* \.\.\/ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* ~$ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* proc/self/environ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* /\.(htaccess|htpasswd|svn) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
## Block file injections
location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
## wordpress security
location ~* wp-config.php { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* wp-admin/includes { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* wp-app\.log { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
location ~* (licence|readme|license)\.(html|txt) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; }
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
}
================================================
FILE: files/php-fpm.conf
================================================
error_log = /DATA/logs/php-fpm/php-fpm.log
log_level = warning
[www]
user = nginx
group = www-data
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = www-data
pm = ondemand
; Total RAM dedicated to the web server / Max child process size
pm.max_children = 75
pm.process_idle_timeout = 10s
pm.max_requests = 500
chdir = /DATA/htdocs
php_flag[display_errors] = on
php_admin_value[memory_limit] = 128M
php_admin_value[upload_max_filesize] = 2G
php_admin_value[post_max_size] = 2G
php_admin_value[output_buffering] = 0
php_admin_value[max_input_time] = 3600
php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt
php_admin_value[openssl.capath] = /etc/ssl/certs
php_admin_value[max_input_nesting_level] = 256
php_admin_value[max_input_vars] = 10000
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
catch_workers_output = yes
; Database variables passed via -e argument on Docker
env["DB_HOST"] = "$DB_HOST"
env["DB_USER"] = "$DB_USER"
env["DB_PASS"] = "$DB_PASS"
env["DB_NAME"] = "$DB_NAME"
================================================
FILE: files/run.sh
================================================
#!/bin/sh
[ -f /run-pre.sh ] && /run-pre.sh
chown -R nginx:nginx /DATA
if [ ! -d /DATA/htdocs ] ; then
mkdir -p /DATA/htdocs
# chown nginx:nginx /DATA/htdocs
fi
# start php-fpm
mkdir -p /DATA/logs/php-fpm
# start nginx
mkdir -p /DATA/logs/nginx
mkdir -p /tmp/nginx
chown nginx:nginx /tmp/nginx
chown -R nginx:nginx /DATA
if [ ! -d /DATA/bin ] ; then
mkdir /DATA/bin
chown nginx:nginx /DATA/bin
cp /usr/bin/wp-cli /DATA/bin/wp-cli
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
mv wp-cli.phar /DATA/bin/wp-cli
fi
php-fpm7
nginx
================================================
FILE: files/wp-config-devoply.php
================================================
#!/usr/bin/php
<?php
$filepath = '/DATA/htdocs/wp-config.php';
$define = "/** The Database Collate type. Don't change this if in doubt. */";
$ssl_content = <<<'EOF'
/** DEVOPly Settings */
if(isset(($_SERVER['HTTP_X_FORWARDED_PROTO'] )) ){
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){
if(!defined('WP_HOME')){
define('WP_HOME','https://'.$_SERVER["HTTP_HOST"]);
define('WP_SITEURL','https://'.$_SERVER["HTTP_HOST"]);
define('FORCE_SSL_ADMIN', true);
$_SERVER['HTTPS']='on';
define('WP_REDIS_HOST', DB_HOST);
define('WP_CACHE_KEY_SALT', DB_NAME);
}
}
}
/** The Database Collate type. Don't change this if in doubt. */
EOF;
$config = file_get_contents($filepath);
if(strpos($config, $ssl_content) !== false){
die();
}
$new_config = str_replace($define, $ssl_content, $config);
file_put_contents($filepath, $new_config);
gitextract_wqh4elk2/
├── Dockerfile
├── README.md
├── docker-build.sh
└── files/
├── fail2ban/
│ ├── filter.d/
│ │ ├── nginx-blocked.conf
│ │ └── wordpress-auth.conf
│ ├── jail.conf
│ └── mu-plugins/
│ └── fail2ban_login_failed.php
├── nginx.conf
├── php-fpm.conf
├── run.sh
└── wp-config-devoply.php
SYMBOL INDEX (1 symbols across 1 files)
FILE: files/fail2ban/mu-plugins/fail2ban_login_failed.php
function fail2ban_login_failed_403 (line 4) | function fail2ban_login_failed_403() {
Condensed preview — 11 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (16K chars).
[
{
"path": "Dockerfile",
"chars": 2212,
"preview": "FROM alpine:latest\nMAINTAINER Etopian Inc. <contact@etopian.com>\n\nLABEL devoply.type=\"site\" \\\n devoply.cms=\"wor"
},
{
"path": "README.md",
"chars": 3236,
"preview": "# This image is DEPRECATED/DEAD.\n\nSee [https://github.com/devoply/wordpress](https://github.com/devoply/wordpress) for a"
},
{
"path": "docker-build.sh",
"chars": 67,
"preview": "#!/bin/bash\n\ndocker build -t etopian/alpine-php-wordpress:latest .\n"
},
{
"path": "files/fail2ban/filter.d/nginx-blocked.conf",
"chars": 143,
"preview": "# this file goes on the host in /etc/fail2ban/filter.d/nginx-blocked\n[Definition]\nfailregex = ^.* Blocked request from <"
},
{
"path": "files/fail2ban/filter.d/wordpress-auth.conf",
"chars": 74,
"preview": "[Definition]\nfailregex = <HOST>.*POST.*(wp-login\\.php|xmlrpc\\.php).* 403 \n"
},
{
"path": "files/fail2ban/jail.conf",
"chars": 459,
"preview": "# nginx blocks \n# this file goes on the host in /etc/fail2ban/jail.conf\n[nginx-blocked]\nenabled = true\nbantime = 600\nm"
},
{
"path": "files/fail2ban/mu-plugins/fail2ban_login_failed.php",
"chars": 194,
"preview": "<?php\n# this file goes under <site_root>/wp-content/mu-plugins\n\nfunction fail2ban_login_failed_403() {\n status_header"
},
{
"path": "files/nginx.conf",
"chars": 5675,
"preview": "# run nginx in foreground\ndaemon off;\n\nerror_log /DATA/logs/nginx/error.log warn;\npid /var/run/nginx.pid;\nenv DB_HOST;\ne"
},
{
"path": "files/php-fpm.conf",
"chars": 1137,
"preview": "error_log = /DATA/logs/php-fpm/php-fpm.log \nlog_level = warning\n\n[www]\nuser = nginx\ngroup = www-data\nlisten = 127.0.0.1:"
},
{
"path": "files/run.sh",
"chars": 610,
"preview": "#!/bin/sh\n\n[ -f /run-pre.sh ] && /run-pre.sh\n\nchown -R nginx:nginx /DATA\n\nif [ ! -d /DATA/htdocs ] ; then\n mkdir -p /DA"
},
{
"path": "files/wp-config-devoply.php",
"chars": 841,
"preview": "#!/usr/bin/php\n<?php\n\n$filepath = '/DATA/htdocs/wp-config.php';\n\n$define = \"/** The Database Collate type. Don't change "
}
]
About this extraction
This page contains the full source code of the etopian/alpine-php-wordpress GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 11 files (14.3 KB), approximately 4.6k tokens, and a symbol index with 1 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.