From 4e022f812d464517056f6961d2eb51c99f72fd1f Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Fri, 16 Oct 2020 19:40:18 +0100 Subject: [PATCH 01/12] Extend nginx config to a full config The new config relies on no pre-existing configuration files. --- Dockerfile | 5 +- data/{ => nginx}/502.html | 0 .../cache-bust.conf} | 0 .../fastcgi.conf} | 0 data/nginx/mime.types | 96 +++++++++++++++++++ data/nginx/nginx.conf | 26 +++++ data/nginx/safe.types | 41 ++++++++ data/{nginx.conf => nginx/server.conf} | 51 +--------- 8 files changed, 168 insertions(+), 51 deletions(-) rename data/{ => nginx}/502.html (100%) rename data/{cache-bust.nginx.conf => nginx/cache-bust.conf} (100%) rename data/{fastcgi.nginx.conf => nginx/fastcgi.conf} (100%) create mode 100644 data/nginx/mime.types create mode 100644 data/nginx/nginx.conf create mode 100644 data/nginx/safe.types rename data/{nginx.conf => nginx/server.conf} (60%) diff --git a/Dockerfile b/Dockerfile index 6c38af4..9778c7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,10 +3,7 @@ ARG nginx_version=latest FROM nginx:${nginx_version} as nginx LABEL uk.org.kodo.maintainer = "Dom Sekotill " -COPY data/nginx.conf /etc/nginx/conf.d/default.conf -COPY data/fastcgi.nginx.conf /etc/nginx/fastcgi.conf -COPY data/cache-bust.nginx.conf /etc/nginx/cache-bust.conf -COPY data/5*.html /app/html/ +COPY data/nginx /etc/nginx ARG php_version= diff --git a/data/502.html b/data/nginx/502.html similarity index 100% rename from data/502.html rename to data/nginx/502.html diff --git a/data/cache-bust.nginx.conf b/data/nginx/cache-bust.conf similarity index 100% rename from data/cache-bust.nginx.conf rename to data/nginx/cache-bust.conf diff --git a/data/fastcgi.nginx.conf b/data/nginx/fastcgi.conf similarity index 100% rename from data/fastcgi.nginx.conf rename to data/nginx/fastcgi.conf diff --git a/data/nginx/mime.types b/data/nginx/mime.types new file mode 100644 index 0000000..bb78bf2 --- /dev/null +++ b/data/nginx/mime.types @@ -0,0 +1,96 @@ +# vim:ft=nginx + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/data/nginx/nginx.conf b/data/nginx/nginx.conf new file mode 100644 index 0000000..bd069a7 --- /dev/null +++ b/data/nginx/nginx.conf @@ -0,0 +1,26 @@ +# vim:ft=nginx + +user nginx; +worker_processes 1; +error_log /dev/stderr warn; +pid /dev/null; + +events { + worker_connections 1024; +} + +http { + include mime.types; + include server.conf; + + log_format main '[$time_iso8601] $remote_addr ' + '$request_method $request_uri $status ' + ' sent=$body_bytes_sent bytes;' + ' referrer=$http_referer;' + ' user-agent=$http_user_agent'; + access_log /dev/stdout main; + + gzip on; + sendfile on; + keepalive_timeout 65; +} diff --git a/data/nginx/safe.types b/data/nginx/safe.types new file mode 100644 index 0000000..0e21a41 --- /dev/null +++ b/data/nginx/safe.types @@ -0,0 +1,41 @@ +# vim:ft=nginx + +types { + # images # + image/gif gif; + image/jpeg jpeg jpg; + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + # audio # + application/ogg ogx; + audio/midi mid midi kar; + audio/mpeg mpga mpega mp2 mp3 m4a; + audio/ogg oga ogg spx; + audio/x-realaudio ra; + audio/webm weba; + + # video # + video/3gpp 3gpp 3gp; + video/mp4 mp4; + video/mpeg mpeg mpg mpe; + video/ogg ogv; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + + # archives # + application/x-tar tar; + application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; + application/zip zip zipx; + application/x-7z-compressed 7z s7z ace; + application/x-rar-compressed rar; +} diff --git a/data/nginx.conf b/data/nginx/server.conf similarity index 60% rename from data/nginx.conf rename to data/nginx/server.conf index ebf21c5..b5ca962 100644 --- a/data/nginx.conf +++ b/data/nginx/server.conf @@ -1,14 +1,10 @@ +# vim:ft=nginx + map $http_x_forwarded_proto $forwarded_https { default off; https on; } -log_format clear '[$time_iso8601] $remote_addr ' - '$request_method $request_uri $status ' - ' sent=$body_bytes_sent bytes;' - ' referrer=$http_referer;' - ' user-agent=$http_user_agent'; - fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=ERR:1m inactive=1d; fastcgi_cache_key "$scheme$request_method$host$request_uri"; @@ -16,7 +12,6 @@ server { listen 80; server_name _; root /app/static; - access_log /dev/stdout clear; # Consider all private IP addresses safe sources for X-Forwarded-For set_real_ip_from 10.0.0.0/8; @@ -32,8 +27,8 @@ server { error_page 502 /errors/502.html; location /errors { - alias /app/html; internal; + alias /etc/nginx/html; location /errors/404 { include fastcgi.conf; @@ -104,45 +99,7 @@ server { location /media/ { root /app; try_files $uri =404; + include safe.types; default_type application/octet-stream; - types { - # images # - image/gif gif; - image/jpeg jpeg jpg; - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - # audio # - application/ogg ogx; - audio/midi mid midi kar; - audio/mpeg mpga mpega mp2 mp3 m4a; - audio/ogg oga ogg spx; - audio/x-realaudio ra; - audio/webm weba; - - # video # - video/3gpp 3gpp 3gp; - video/mp4 mp4; - video/mpeg mpeg mpg mpe; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - - # archives # - application/x-tar tar; - application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; - application/zip zip zipx; - application/x-7z-compressed 7z s7z ace; - application/x-rar-compressed rar; - } } } -- GitLab From 80ead544c220f9b758f53eb481d5e5f2d54fc6b6 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Fri, 16 Oct 2020 19:42:35 +0100 Subject: [PATCH 02/12] Adjust nginx's error configuration --- data/nginx/server.conf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/data/nginx/server.conf b/data/nginx/server.conf index b5ca962..8747d2f 100644 --- a/data/nginx/server.conf +++ b/data/nginx/server.conf @@ -1,13 +1,13 @@ # vim:ft=nginx +fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=ERR:1m inactive=1d; +fastcgi_cache_key "$scheme$request_method$host$request_uri"; + map $http_x_forwarded_proto $forwarded_https { default off; https on; } -fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=ERR:1m inactive=1d; -fastcgi_cache_key "$scheme$request_method$host$request_uri"; - server { listen 80; server_name _; @@ -23,19 +23,19 @@ server { # Add Cache-Control headers for static files, removed in *.php location add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; - error_page 404 /errors/404; + error_page 404 @not-found; error_page 502 /errors/502.html; location /errors { internal; alias /etc/nginx/html; + } - location /errors/404 { - include fastcgi.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; - fastcgi_cache ERR; - fastcgi_cache_valid 404 1d; - } + location @not-found { + include fastcgi.conf; + fastcgi_param SCRIPT_FILENAME /app/index.php; + fastcgi_cache ERR; + fastcgi_cache_valid 404 1d; } location @index { -- GitLab From ffe9cd06fb73180aaab286a32fc36978f95b7056 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Thu, 6 May 2021 20:32:11 +0100 Subject: [PATCH 03/12] Ensure the SCRIPT_NAME value is correctly set This seems to be the root cause of missing URLs somehow morphing into redirects. --- data/nginx/fastcgi-script.conf | 4 ++++ data/nginx/fastcgi.conf | 4 +++- data/nginx/server.conf | 7 ++----- 3 files changed, 9 insertions(+), 6 deletions(-) create mode 100644 data/nginx/fastcgi-script.conf diff --git a/data/nginx/fastcgi-script.conf b/data/nginx/fastcgi-script.conf new file mode 100644 index 0000000..5943224 --- /dev/null +++ b/data/nginx/fastcgi-script.conf @@ -0,0 +1,4 @@ +include fastcgi.conf; + +fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; diff --git a/data/nginx/fastcgi.conf b/data/nginx/fastcgi.conf index 321efe2..2a6f9b0 100644 --- a/data/nginx/fastcgi.conf +++ b/data/nginx/fastcgi.conf @@ -1,11 +1,13 @@ fastcgi_pass upstream:9000; +fastcgi_param SCRIPT_FILENAME /app/index.php; +fastcgi_param SCRIPT_NAME index.php; + fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT /app; diff --git a/data/nginx/server.conf b/data/nginx/server.conf index 8747d2f..2e83d75 100644 --- a/data/nginx/server.conf +++ b/data/nginx/server.conf @@ -33,7 +33,6 @@ server { location @not-found { include fastcgi.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; fastcgi_cache ERR; fastcgi_cache_valid 404 1d; } @@ -41,7 +40,6 @@ server { location @index { include fastcgi.conf; include cache-bust.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; } location = /.probe { @@ -66,7 +64,6 @@ server { location /wp-json/ { include fastcgi.conf; include cache-bust.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; } # use /index.php as a front controller if the base of the URI path does @@ -76,7 +73,7 @@ server { } location = /wp-login.php { - include fastcgi.conf; + include fastcgi-script.conf; include cache-bust.conf; } @@ -88,7 +85,7 @@ server { try_files $uri $uri/index.php; location ~ \.php$ { - include fastcgi.conf; + include fastcgi-script.conf; include cache-bust.conf; } } -- GitLab From e09344aa119fa6f9b2efa4d845cb63e3fc7fb02f Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Thu, 6 May 2021 22:47:00 +0100 Subject: [PATCH 04/12] Update default theme to Wordpress latest --- scripts/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 3a7779b..196f131 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -13,7 +13,7 @@ shopt -s nullglob globstar extglob enable -f /usr/lib/bash/head head enable -f /usr/lib/bash/unlink unlink -declare -r DEFAULT_THEME=twentynineteen +declare -r DEFAULT_THEME=twentytwentyone declare -r WORKER_USER=www-data declare DB_HOST DB_NAME DB_USER DB_PASS -- GitLab From 482f166193e849fa467ecd0d548e5ad749b24bf7 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Thu, 6 May 2021 23:01:20 +0100 Subject: [PATCH 05/12] Clear potential sensitive settings from the environment --- scripts/entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 196f131..2f34fe1 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -68,6 +68,9 @@ create_config() ${DB_HOST+--dbhost="${DB_HOST}"} \ ${DB_PASS+--dbpass="${DB_PASS}"} + # Clear potentialy sensitive information from environment lest it leaks + unset ${!DB_*} + local site_url=${SITE_URL? Please set SITE_URL} local site_path=${site_url##*://*([^/])} local home_url=${HOME_URL:-${site_url%$site_path}} @@ -89,6 +92,9 @@ setup_database() { --admin_email="${SITE_ADMIN_EMAIL:-admin@$domain}" \ ${SITE_ADMIN_PASSWORD+--admin_password="${SITE_ADMIN_PASSWORD}"} + # Clear potentialy sensitive information from environment lest it leaks + unset ${!SITE_ADMIN*} + # Start with a pretty, restful permalink structure, instead of the plain, # ugly default. The user can change this as they please through the admin # dashboard. @@ -133,6 +139,9 @@ setup_s3() { local contents=( media/* ) [[ ${#contents[*]} -gt 0 ]] && wp s3-uploads upload-directory media + + # Clear potentialy sensitive information from environment lest it leaks + unset ${!S3_ENDPOINT_*} } setup_components() { -- GitLab From 5da02083789fdc4e36317b71f3edecc97a3313e1 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Thu, 6 May 2021 23:03:38 +0100 Subject: [PATCH 06/12] Remove an old bit of config long past it's expiry --- data/nginx/server.conf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/data/nginx/server.conf b/data/nginx/server.conf index 8747d2f..0d7fc75 100644 --- a/data/nginx/server.conf +++ b/data/nginx/server.conf @@ -80,10 +80,6 @@ server { include cache-bust.conf; } - # wp-admin uses lots of directly accessed PHP scripts, unfortunately - location = /admin/ { - rewrite ^ /wp-admin/ permanent; - } location /wp-admin/ { try_files $uri $uri/index.php; -- GitLab From ab9228b78584ceef46481e6707e1faf3a5ac3978 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Fri, 7 May 2021 19:26:56 +0100 Subject: [PATCH 07/12] Add pre-commit config with some general QA settings --- .editorconfig | 11 ++++++++++ .gitlint | 7 ++++++ .pre-commit-config.yaml | 47 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 .editorconfig create mode 100644 .gitlint create mode 100644 .pre-commit-config.yaml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..caa4371 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +indent_style = tab + +[*.{yml,yaml}] +indent_style = space +indent_size = 2 diff --git a/.gitlint b/.gitlint new file mode 100644 index 0000000..b95ed56 --- /dev/null +++ b/.gitlint @@ -0,0 +1,7 @@ +[general] +ignore=body-trailing-whitespace,body-is-missing + +[author-valid-email] +regex=.*@[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](\.[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9])+ + +# vim:ft=cfg diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..52f815c --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,47 @@ +repos: + +- repo: meta + hooks: + - id: check-hooks-apply + +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.4.0 + hooks: + - id: check-added-large-files + stages: [commit] + - id: check-case-conflict + stages: [commit] + - id: check-merge-conflict + stages: [commit] + - id: check-yaml + args: [--allow-multiple-documents] + stages: [commit] + - id: destroyed-symlinks + stages: [commit] + - id: end-of-file-fixer + stages: [commit] + - id: fix-byte-order-marker + stages: [commit] + - id: mixed-line-ending + args: [--fix=lf] + stages: [commit] + - id: trailing-whitespace + exclude_types: [markdown, plain-text] + stages: [commit] + +- repo: https://github.com/jorisroovers/gitlint + rev: v0.15.0 + hooks: + - id: gitlint + +- repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 2.1.5 + hooks: + - id: protect-first-parent + +- repo: https://code.kodo.org.uk/dom/pre-commit-hooks + rev: v0.5.1 + hooks: + - id: check-for-squash + - id: copyright-notice + exclude: ^data/ -- GitLab From 73bcd941dfd91c538ddd9fa4b9f405ca72130fc7 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Fri, 7 May 2021 19:27:45 +0100 Subject: [PATCH 08/12] Remove trailing whitespace from comment blocks --- data/wp-config.php | 2 +- scripts/entrypoint.sh | 8 ++++---- scripts/wp.sh | 12 +++++++++--- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/data/wp-config.php b/data/wp-config.php index a9cdd92..4a6a728 100644 --- a/data/wp-config.php +++ b/data/wp-config.php @@ -11,7 +11,7 @@ define('DISABLE_WP_CRON', true); /** - * Move the uploads volume/directory into the top of the Wordpress + * Move the uploads volume/directory into the top of the Wordpress * installation. **/ define('UPLOADS', 'media'); diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 2f34fe1..9aa63c4 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2019 Dominik Sekotill +# Copyright 2019-2021 Dominik Sekotill # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -95,8 +95,8 @@ setup_database() { # Clear potentialy sensitive information from environment lest it leaks unset ${!SITE_ADMIN*} - # Start with a pretty, restful permalink structure, instead of the plain, - # ugly default. The user can change this as they please through the admin + # Start with a pretty, restful permalink structure, instead of the plain, + # ugly default. The user can change this as they please through the admin # dashboard. wp rewrite structure /posts/%postname% } @@ -188,7 +188,7 @@ get_media_dir() setup_media() { - # UID values change on every run, ensure the owner and group are set + # UID values change on every run, ensure the owner and group are set # correctly on the media directory/volume. get_media_dir chown -R ${WORKER_USER}:${WORKER_USER} "${MEDIA}" diff --git a/scripts/wp.sh b/scripts/wp.sh index 1e70eab..0021371 100755 --- a/scripts/wp.sh +++ b/scripts/wp.sh @@ -1,6 +1,12 @@ #!/bin/sh -# Lets not beat about the bush, preventing the tool which installs WP from -# installing it as root is idiocy. WP needs to be installed owned by a user -# seperate from the server's user. 'root' is available for such, besides which +# Copyright 2019-2021 Dominik Sekotill +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Lets not beat about the bush, preventing the tool which installs WP from +# installing it as root is idiocy. WP needs to be installed owned by a user +# seperate from the server's user. 'root' is available for such, besides which # root in a container is not really root. exec php -d memory_limit=512M /usr/local/lib/wp-cli.phar --allow-root "$@" -- GitLab From 6d65f52fb4fdcd8a1678c998f0d3ed4dae82aa68 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sat, 8 May 2021 11:58:23 +0100 Subject: [PATCH 09/12] Perform entrypoint config loading from config base dir --- scripts/entrypoint.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 9aa63c4..6161a32 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -15,6 +15,8 @@ enable -f /usr/lib/bash/unlink unlink declare -r DEFAULT_THEME=twentytwentyone declare -r WORKER_USER=www-data +declare -r CONFIG_DIR=/etc/wordpress +declare -r WORK_DIR=${PWD} declare DB_HOST DB_NAME DB_USER DB_PASS declare HOME_URL SITE_URL @@ -41,7 +43,7 @@ declare -a PHP_DIRECTIVES=( ) declare -a WP_CONFIGS=( ${WP_CONFIGS-} - /etc/wordpress/*config.php + ${CONFIG_DIR}/*config.php ) @@ -63,8 +65,8 @@ create_config() wp config create \ --extra-php \ --skip-check \ - --dbname="${DB_NAME? Please set DB_NAME in /etc/wordpress/}" \ - --dbuser="${DB_USER? Please set DB_USER in /etc/wordpress/}" \ + --dbname="${DB_NAME? Please set DB_NAME in ${CONFIG_DIR}/}" \ + --dbuser="${DB_USER? Please set DB_USER in ${CONFIG_DIR}/}" \ ${DB_HOST+--dbhost="${DB_HOST}"} \ ${DB_PASS+--dbpass="${DB_PASS}"} @@ -241,17 +243,19 @@ run_background_cron() )& } -for file in /etc/wordpress/**/*.conf; do +mkdir -p ${CONFIG_DIR} +cd ${CONFIG_DIR} +for file in **/*.conf; do source "${file}" done -if [[ -e ${PLUGINS_LIST:=/etc/wordpress/plugins.txt} ]]; then +if [[ -e ${PLUGINS_LIST:=${CONFIG_DIR}/plugins.txt} ]]; then PLUGINS+=( $(<"${PLUGINS_LIST}") ) fi -if [[ -e ${THEMES_LIST:=/etc/wordpress/themes.txt} ]]; then +if [[ -e ${THEMES_LIST:=${CONFIG_DIR}/themes.txt} ]]; then THEMES+=( $(<"${THEMES_LIST}") ) fi -if [[ -e ${LANGUAGES_LIST:=/etc/wordpress/languages.txt} ]]; then +if [[ -e ${LANGUAGES_LIST:=${CONFIG_DIR}/languages.txt} ]]; then LANGUAGES+=( $(<"${LANGUAGES_LIST}") ) fi @@ -261,6 +265,7 @@ for directive in "${PHP_DIRECTIVES[@]}"; do extra_args+=( -d "${directive}" ) done +cd ${WORK_DIR} case "$1" in collect-static) create_config && setup_components && collect_static ;; run-cron) create_config && run_cron ;; -- GitLab From 5ff28d523bb7666a528c31ea4a19a70210d2d394 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sat, 8 May 2021 12:01:53 +0100 Subject: [PATCH 10/12] Deactivate removed plugins before startup This adds a new dependency to the image: jq Closes #11 --- scripts/entrypoint.sh | 16 ++++++++++++++++ scripts/install-deps.sh | 7 +++++++ 2 files changed, 23 insertions(+) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 6161a32..8ab4ad0 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -171,6 +171,8 @@ setup_components() { [[ $(wp theme list --status=active --format=count) -eq 0 ]] && wp theme activate $(wp theme list --field=name | head -n1) + deactivate_missing_plugins + setup_s3 return 0 @@ -221,6 +223,20 @@ collect_static() . static/ } +deactivate_missing_plugins() +{ + local plugin + wp option get active_plugins --format=json | + jq -r '.[]' | + while read plugin; do + test -e wp-content/plugins/$plugin && + echo $plugin || + echo >&2 "Deactivating removed plugin: $(dirname $plugin)" + done | + jq -R '[[.],[inputs]]|add' | + wp option update active_plugins --format=json +} + next_cron() { echo $(($(wp cron event list --field=time|sort|head -n1) - $(date +%s))) diff --git a/scripts/install-deps.sh b/scripts/install-deps.sh index e6b4d75..51d0f81 100755 --- a/scripts/install-deps.sh +++ b/scripts/install-deps.sh @@ -1,4 +1,10 @@ #!/bin/sh +# Copyright 2019-2021 Dominik Sekotill +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + set -eux # Install packaged dependencies @@ -6,6 +12,7 @@ apk update apk add \ bash \ imagemagick-libs \ + jq \ libgmpxx \ libjpeg \ libpng \ -- GitLab From 0c112efba448781635e7950f968d8771e7ae9fd7 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sat, 8 May 2021 14:52:18 +0100 Subject: [PATCH 11/12] Fix deactivate_missing_plugins() when the result is empty --- scripts/entrypoint.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 8ab4ad0..e6ca661 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -225,7 +225,6 @@ collect_static() deactivate_missing_plugins() { - local plugin wp option get active_plugins --format=json | jq -r '.[]' | while read plugin; do @@ -233,7 +232,7 @@ deactivate_missing_plugins() echo $plugin || echo >&2 "Deactivating removed plugin: $(dirname $plugin)" done | - jq -R '[[.],[inputs]]|add' | + jq -nR '[inputs]' | wp option update active_plugins --format=json } -- GitLab From 08843fd88318a8060912968e03106de98850247f Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sat, 8 May 2021 14:52:41 +0100 Subject: [PATCH 12/12] Add some comments to deactivate_missing_plugins() --- scripts/entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index e6ca661..6f32da8 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -225,14 +225,23 @@ collect_static() deactivate_missing_plugins() { + # Output active plugin entrypoints as a JSON array wp option get active_plugins --format=json | + + # Convert to lines of raw strings jq -r '.[]' | + + # Filter out plugin entrypoints that don't exist in wp-content/plugins while read plugin; do test -e wp-content/plugins/$plugin && echo $plugin || echo >&2 "Deactivating removed plugin: $(dirname $plugin)" done | + + # Convert raw lines back into a JSON array jq -nR '[inputs]' | + + # Update the active plugin entrypoints wp option update active_plugins --format=json } -- GitLab