Create an image for WP frontend nginx

ARG nginx_version=latest

FROM nginx:${nginx_version}

LABEL uk.org.kodo.maintainer = "Dom Sekotill <dom.sekotill@kodo.org.uk>"

COPY nginx.conf /etc/nginx/conf.d/default.conf

#!/bin/bash

get_latest() { :; }

get_version() {

	docker run --rm $1 nginx -V 2>&1 |

    sed -n '/nginx version:/s/.*nginx\///p'

}

build() {

	docker_build \

		${UPSTREAM_VERSION:+--build-arg nginx_version="${UPSTREAM_VERSION}"} \

		--tag $1

}

map $http_x_forwarded_proto $forwarded_https {

	default off;

	https on;

}

server {

	listen 80;

	server_name _;

	root /app;

	set_real_ip_from 10.0.0.0/8;

	real_ip_header X-Forwarded-For;

	location ~ \.php$ {

		include fastcgi_params;

		fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name;

		fastcgi_param DOCUMENT_ROOT /app;

		fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;

		fastcgi_param HTTPS $forwarded_https;

		fastcgi_param SERVER_ADDR $http_x_forwarded_host;

		fastcgi_param SERVER_PORT $http_x_forwarded_port;

		fastcgi_pass localhost:9000;

	}

	# block the XMLRPC script

	location = /xmlrpc.php {

		return 404;

	}

	# allow the new JSON REST API

	location /wp-json/ {

		try_files /non-existant /index.php$is_args$args;

	}

	# use /index.php as a front controller if the base of the URI path does

	# not exist

	location / {

		try_files $uri /index.php$is_args$args;

		add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800";

	}

	# serve only static files from wp-includes

	location ^~ /wp-includes/ {

		add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800";

	}

	# wp-admin uses lots of directly accessed PHP scripts, unfortunately

	location = /admin/ {

		rewrite ^ /wp-admin/ permanent;

	}

	location /wp-admin/ {

		try_files $uri $uri/index.php;

		add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800";

	}

	# serve only static files from wp-content

	location ^~ /wp-content/ {

		add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800";

		# don't serve PHP source code from plugins, etc

		location ~ \.php {

			return 404;

		}

		# limit the usefulness of malicious HTML/JS hosted in 

		# /wp-content/uploads by serving only media & common data files with 

		# their correct mime-type

		location /wp-content/uploads/ {

			default_type application/octet-stream;

			types {

				# images #

				image/gif                    gif;

				image/jpeg                   jpeg jpg;

				image/png                    png;

				image/tiff                   tif tiff;

				image/vnd.wap.wbmp           wbmp;

				image/x-icon                 ico;

				image/x-jng                  jng;

				image/x-ms-bmp               bmp;

				# audio #

				application/ogg              ogx;

				audio/midi                   mid midi kar;

				audio/mpeg                   mpga mpega mp2 mp3 m4a;

				audio/ogg                    oga ogg spx;

				audio/x-realaudio            ra;

				audio/webm                   weba;

				# video #

				video/3gpp                   3gpp 3gp;

				video/mp4                    mp4;

				video/mpeg                   mpeg mpg mpe;

				video/ogg                    ogv;

				video/quicktime              mov;

				video/webm                   webm;

				video/x-flv                  flv;

				video/x-mng                  mng;

				video/x-ms-asf               asx asf;

				video/x-ms-wmv               wmv;

				video/x-msvideo              avi;

				# archives #

				application/x-tar            tar;

				application/x-gtar           tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz;

				application/zip              zip zipx;

				application/x-7z-compressed  7z s7z ace;

				application/x-rar-compressed rar;

			}

		}

	}

}