Repository: etopian/alpine-php-wordpress Branch: master Commit: 92ab724132f0 Files: 11 Total size: 14.3 KB Directory structure: gitextract_wqh4elk2/ ├── Dockerfile ├── README.md ├── docker-build.sh └── files/ ├── fail2ban/ │ ├── filter.d/ │ │ ├── nginx-blocked.conf │ │ └── wordpress-auth.conf │ ├── jail.conf │ └── mu-plugins/ │ └── fail2ban_login_failed.php ├── nginx.conf ├── php-fpm.conf ├── run.sh └── wp-config-devoply.php ================================================ FILE CONTENTS ================================================ ================================================ FILE: Dockerfile ================================================ FROM alpine:latest MAINTAINER Etopian Inc. LABEL devoply.type="site" \ devoply.cms="wordpress" \ devoply.framework="wordpress" \ devoply.language="php7" \ devoply.require="mariadb etopian/nginx-proxy" \ devoply.recommend="redis" \ devoply.description="WordPress on Nginx and PHP-FPM with WP-CLI." \ devoply.name="WordPress" \ devoply.params="docker run -d --name {container_name} -e VIRTUAL_HOST={virtual_hosts} -v /data/sites/{domain_name}:/DATA etopian/alpine-php7-wordpress" RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories\ && apk update \ && apk add --no-cache \ bash \ less \ vim \ nginx \ ca-certificates \ php7-fpm \ php7-json \ php7-zlib \ php7-xml \ php7-pdo \ php7-phar \ php7-openssl \ php7-pdo_mysql \ php7-mysqli \ php7-session \ php7-gd \ php7-iconv \ php7-mcrypt \ php7-curl \ php7-opcache \ php7-ctype \ php7-apcu \ php7-intl \ php7-bcmath \ php7-mbstring \ php7-dom \ php7-xmlreader \ php7-simplexml \ mysql-client \ openssh-client \ git \ curl \ rsync \ musl \ && apk --update --no-cache add tar RUN rm -rf /var/cache/apk/* ENV TERM="xterm" \ DB_HOST="172.17.0.1" \ DB_NAME="" \ DB_USER=""\ DB_PASS="" ENV PATH /DATA/bin:$PATH RUN sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \ sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/DATA:\/bin\/bash/g" /etc/passwd && \ sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/DATA:\/bin\/bash/g" /etc/passwd- ADD files/nginx.conf /etc/nginx/ ADD files/php-fpm.conf /etc/php7/ ADD files/run.sh / ADD files/wp-config-devoply.php /usr/bin/wp-config-devoply RUN chmod +x /run.sh && chmod +x /usr/bin/wp-config-devoply RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli EXPOSE 80 VOLUME ["/DATA"] CMD ["/run.sh"] ================================================ FILE: README.md ================================================ # This image is DEPRECATED/DEAD. See [https://github.com/devoply/wordpress](https://github.com/devoply/wordpress) for a newer image with a proper process manager. ### OLD INFO Full documentation for this project can be found here: http://www.wordpressdocker.com/ We also have a development container: https://github.com/etopian/alpine-php-wordpress-dev # Lightweight WordPress PHP7 PHP-FPM7 & Nginx Docker Production Image Lightweight Docker image for the (latest) PHP-FPM and Nginx to run WordPress based on [AlpineLinux](http://alpinelinux.org) * Image size only ~131MB ! * Very new packages (alpine:edge) 2016-07-21: * [PHP](http://pkgs.alpinelinux.org/package/main/x86/php) 7.0.13 * [Nginx](http://pkgs.alpinelinux.org/package/main/x86/nginx) nginx/1.10.2 * Memory usage is around 50mb on a simple install. ## A simple example ### Say you want to run a single site on a VPS with Docker ```bash mkdir -p /data/sites/etopian.com/htdocs sudo docker run -e VIRTUAL_HOST=etopian.com,www.etopian.com -v /data/sites/etopian.com:/DATA -p 80:80 etopian/alpine-php-wordpress ``` The following user and group id are used, the files should be set to this: User ID: Group ID: ```bash chown -R 100:101 /data/sites/etopian.com/htdocs ``` ### Say you want to run a multiple WP sites on a VPS with Docker ```bash sudo docker run -p 80:80 etopian/nginx-proxy mkdir -p /data/sites/etopian.com/htdocs sudo docker run -e VIRTUAL_HOST=etopian.com,www.etopian.com -v /data/sites/etopian.com:/DATA etopian/alpine-php-wordpress mkdir -p /data/sites/etopian.net/htdocs sudo docker run -e VIRTUAL_HOST=etopian.net,www.etopian.net -v /data/sites/etopian.net:/DATA etopian/alpine-php-wordpress ``` Populate /data/sites/etopian.com/htdocs and /data/sites/etopian.net/htdocs with your WP files. See http://www.wordpressdocker.com if you need help on how to configure your database. The following user and group id are used, the files should be set to this: User ID: Group ID: ```bash chown -R 100:101 /data/sites/etopian.com/htdocs ``` ### Volume structure * `htdocs`: Webroot * `logs`: Nginx/PHP error logs * ### WP-CLI This image now includes [WP-CLI](wp-cli.org) baked in... So you can. Please `su nginx` before executing or else you can potentially compromise your host. ``` docker exec -it bash su nginx cd /DATA/htdocs wp-cli cli ``` ### Multisite For each multisite you need to give the domain as the -e VIRTUAL_HOST parameter. For instance VIRTUAL_HOST=site1.com,www.site1.com,site2.com,www.site2.com ... if you wish to add more sites you need to recreate the container. ### Upload limit The upload limit is 2 gigabyte. ### Change php.ini value modify files/php-fpm.conf To modify php.ini variable, simply edit php-fpm.ini and add php_flag[variable] = value. ``` php_flag[display_errors] = on ``` Additional documentation on http://www.wordpressdocker.com ## Questions or Support https://gitter.im/etopian/devoply ## Docker WordPress Control Panel DEVOPly is a free hosting control panel which does everything taught in this tutorial automatically and much more, backups, staging/dev/prod, code editor, Github/Bitbucket deployments, DNS, WordPress Management. https://www.devoply.com ================================================ FILE: docker-build.sh ================================================ #!/bin/bash docker build -t etopian/alpine-php-wordpress:latest . ================================================ FILE: files/fail2ban/filter.d/nginx-blocked.conf ================================================ # this file goes on the host in /etc/fail2ban/filter.d/nginx-blocked [Definition] failregex = ^.* Blocked request from .*$ ignoreregex = ================================================ FILE: files/fail2ban/filter.d/wordpress-auth.conf ================================================ [Definition] failregex = .*POST.*(wp-login\.php|xmlrpc\.php).* 403 ================================================ FILE: files/fail2ban/jail.conf ================================================ # nginx blocks # this file goes on the host in /etc/fail2ban/jail.conf [nginx-blocked] enabled = true bantime = 600 maxretry = 3 backend = auto findtime = 30 banaction = iptables-multiport protocol = tcp chain = INPUT port = 80,443 filter = nginx-blocked logpath = /data/sites/*/logs/nginx/blocked.log [wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /data/sites/*/logs/nginx/access.log maxretry = 3 bantime = 3600 ================================================ FILE: files/fail2ban/mu-plugins/fail2ban_login_failed.php ================================================ /wp-content/mu-plugins function fail2ban_login_failed_403() { status_header( 403 ); } add_action( 'wp_login_failed', 'fail2ban_login_failed_403' ); ================================================ FILE: files/nginx.conf ================================================ # run nginx in foreground daemon off; error_log /DATA/logs/nginx/error.log warn; pid /var/run/nginx.pid; env DB_HOST; env DB_NAME; env DB_USER; env DB_PASS; worker_processes auto; events { worker_connections 4096; } http { sendfile on; include /etc/nginx/mime.types; include /etc/nginx/fastcgi.conf; default_type application/octet-stream; tcp_nopush on; client_body_temp_path /tmp/nginx/body 1 2; fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; #a new log format for detecting bad bots. log_format blocked '$time_local: Blocked request from $http_x_real_ip $request'; ## This log format makes it so we can see real requester's IP address \ ## not just the reverse proxy server's IP address. Also note, that \ ## "specialLog" can be replaced with any name you would like to \ ## give to this log format. log_format specialLog '$http_x_real_ip - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; client_max_body_size 2G; server { #listen [::]:80; #uncomment for IPv6 support listen 80; root /DATA/htdocs; index index.php index.html index.htm; access_log /DATA/logs/nginx/access.log specialLog; error_log /DATA/logs/nginx/error.log; disable_symlinks off; location = /robots.txt { allow all; log_not_found off; access_log off; } # deny dot-files location ~ /\. { deny all; access_log off; log_not_found off; } #Yoast SEO Sitemaps location ~ ([^/]*)sitemap(.*).x(m|s)l$ { ## this redirects sitemap.xml to /sitemap_index.xml rewrite ^/sitemap.xml$ /sitemap_index.xml permanent; ## this makes the XML sitemaps work rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last; rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; ## The following lines are optional for the premium extensions ## News SEO rewrite ^/news-sitemap.xml$ /index.php?sitemap=wpseo_news last; ## Local SEO rewrite ^/locations.kml$ /index.php?sitemap=wpseo_local_kml last; rewrite ^/geo-sitemap.xml$ /index.php?sitemap=wpseo_local last; ## Video SEO rewrite ^/video-sitemap.xsl$ /index.php?xsl=video last; } location / { try_files $uri $uri/ /index.php?$args; } # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~* /(?:uploads|files)/.*\.php$ { deny all; } ## Disable .htaccess and other hidden files location ~ /\. { deny all; access_log off; log_not_found off; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { access_log off; log_not_found off; expires 360d; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } ## Block SQL injections location ~* union.*select.*\( { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* union.*all.*select.* { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* concat.*\( { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } ## Block common exploits location ~* (<|%3C).*script.*(>|%3E) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* base64_(en|de)code\(.*\) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* (%24&x) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* \.\.\/ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* ~$ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* proc/self/environ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* /\.(htaccess|htpasswd|svn) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } ## Block file injections location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } ## wordpress security location ~* wp-config.php { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* wp-admin/includes { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* wp-app\.log { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } location ~* (licence|readme|license)\.(html|txt) { access_log /DATA/logs/nginx/blocked.log blocked; deny all; } gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; } } ================================================ FILE: files/php-fpm.conf ================================================ error_log = /DATA/logs/php-fpm/php-fpm.log log_level = warning [www] user = nginx group = www-data listen = 127.0.0.1:9000 listen.owner = nginx listen.group = www-data pm = ondemand ; Total RAM dedicated to the web server / Max child process size pm.max_children = 75 pm.process_idle_timeout = 10s pm.max_requests = 500 chdir = /DATA/htdocs php_flag[display_errors] = on php_admin_value[memory_limit] = 128M php_admin_value[upload_max_filesize] = 2G php_admin_value[post_max_size] = 2G php_admin_value[output_buffering] = 0 php_admin_value[max_input_time] = 3600 php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt php_admin_value[openssl.capath] = /etc/ssl/certs php_admin_value[max_input_nesting_level] = 256 php_admin_value[max_input_vars] = 10000 ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Default Value: no catch_workers_output = yes ; Database variables passed via -e argument on Docker env["DB_HOST"] = "$DB_HOST" env["DB_USER"] = "$DB_USER" env["DB_PASS"] = "$DB_PASS" env["DB_NAME"] = "$DB_NAME" ================================================ FILE: files/run.sh ================================================ #!/bin/sh [ -f /run-pre.sh ] && /run-pre.sh chown -R nginx:nginx /DATA if [ ! -d /DATA/htdocs ] ; then mkdir -p /DATA/htdocs # chown nginx:nginx /DATA/htdocs fi # start php-fpm mkdir -p /DATA/logs/php-fpm # start nginx mkdir -p /DATA/logs/nginx mkdir -p /tmp/nginx chown nginx:nginx /tmp/nginx chown -R nginx:nginx /DATA if [ ! -d /DATA/bin ] ; then mkdir /DATA/bin chown nginx:nginx /DATA/bin cp /usr/bin/wp-cli /DATA/bin/wp-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar mv wp-cli.phar /DATA/bin/wp-cli fi php-fpm7 nginx ================================================ FILE: files/wp-config-devoply.php ================================================ #!/usr/bin/php