From 769d0e0a8a23f65c66dd99bbd892bad81c23bd5c Mon Sep 17 00:00:00 2001 From: ray Date: Sun, 8 Mar 2020 17:21:12 +0000 Subject: [PATCH] set up docker containers on host --- .gitignore | 2 +- dev/config | 1 + docker-compose.yml | 42 ++++++++++++++++++++++++++++++ production/config/nginx.conf | 37 +++++++++++++------------- production/docker-compose.yml | 13 ++++----- production/export-to-production.sh | 37 ++++++++++++++++++++++++++ 6 files changed, 107 insertions(+), 25 deletions(-) create mode 120000 dev/config create mode 100644 docker-compose.yml create mode 100755 production/export-to-production.sh diff --git a/.gitignore b/.gitignore index e0db0b1..5461627 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -config +/config notes.txt remote-temp/ diff --git a/dev/config b/dev/config new file mode 120000 index 0000000..288d285 --- /dev/null +++ b/dev/config @@ -0,0 +1 @@ +config-example \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..c61d8be --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,42 @@ + +version: "3" + +networks: + web: + external: true + internal: + external: false + +services: + blog: + image: wordpress:latest + container_name: blog + environment: + WORDPRESS_DB_PASSWORD: dklfm904mg-uiojn + labels: + - "traefik.enable=true" + - "traefik.http.routers.blog.entrypoints=http" + - "traefik.http.routers.blog.rule=Host(`blog.wptest.isnet.uk`)" + - "traefik.http.middlewares.blog.redirectscheme.scheme=https" + - "traefik.http.routers.blog.middlewares=blog" + - "traefik.http.routers.blog.entrypoints=https" + - "traefik.http.routers.blog.rule=Host(`blog.wptest.isnet.uk`)" + - "traefik.http.routers.blog.tls=true" + - "traefik.http.routers.blog.tls.certresolver=http" + - "traefik.http.services.blog.loadbalancer.server.port=80" + - "traefik.http.routers.blog.service=blog" + - "traefik.docker.network=web" + networks: + - internal + - web + depends_on: + - mysql + mysql: + image: mysql:5.7 + environment: + MYSQL_ROOT_PASSWORD: dklfm904mg-uiojn + networks: + - internal + labels: + - traefik.enable=false + diff --git a/production/config/nginx.conf b/production/config/nginx.conf index 2349ac7..2201a5e 100644 --- a/production/config/nginx.conf +++ b/production/config/nginx.conf @@ -28,7 +28,7 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$request_time $upstream_response_time $pipe $upstream_cache_status' - '$document_root$fastcgi_script_name > $request'; + '$document_root$fastcgi_script_name > $request'; access_log /dev/stdout main_timed; @@ -54,7 +54,7 @@ http { open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; - open_log_file_cache max=10000 inactive=30s min_uses=2; + open_log_file_cache max=10000 inactive=30s min_uses=2; server { listen [::]:80 default_server; @@ -72,13 +72,13 @@ http { root /usr/share/nginx/html; index index.php; - include /etc/nginx/includes/*.conf; - - location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; } - location ~ /(\.DS_Store|wp-config.php|wp-config-sample.php|readme.html.gz|readme.txt.gz|readme.html|readme.txt|error_log|license.txt|changelog|changelog.txt) { access_log off; log_not_found off; deny all; } - location = /robots.txt { access_log off; log_not_found off; } - location = /favicon.ico { access_log off; log_not_found off; expires 30d; } - location ~ ~$ { access_log off; log_not_found off; deny all; } + include /etc/nginx/includes/*.conf; + + location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; } + location ~ /(\.DS_Store|wp-config.php|wp-config-sample.php|readme.html.gz|readme.txt.gz|readme.html|readme.txt|error_log|license.txt|changelog|changelog.txt) { access_log off; log_not_found off; deny all; } + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; expires 30d; } + location ~ ~$ { access_log off; log_not_found off; deny all; } location /wp-content { root /usr/share/nginx/html/wp-content; @@ -93,19 +93,20 @@ http { location ~ [^/]\.php(/|$) { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - fastcgi_buffer_size 64k; - fastcgi_buffers 4 64k; - fastcgi_busy_buffers_size 128k; - fastcgi_temp_file_write_size 128k; - fastcgi_intercept_errors on; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + fastcgi_buffer_size 64k; + fastcgi_buffers 4 64k; + fastcgi_busy_buffers_size 128k; + fastcgi_temp_file_write_size 128k; + fastcgi_intercept_errors on; fastcgi_index index.php; - fastcgi_pass wordpress:9000; + fastcgi_pass __HOST__-wordpress:9000; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # TODO is hardcoded document root safe??? fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name; include fastcgi_params; } diff --git a/production/docker-compose.yml b/production/docker-compose.yml index bfad53d..7fbe9bf 100644 --- a/production/docker-compose.yml +++ b/production/docker-compose.yml @@ -4,6 +4,7 @@ networks: web: external: true backend: + external: false driver: bridge services: @@ -12,7 +13,7 @@ services: image: 'bitnami/redis:5.0' networks: - backend - container_name: redis + container_name: ${HOST}-redis restart: unless-stopped environment: - ALLOW_EMPTY_PASSWORD=yes @@ -25,7 +26,7 @@ services: db: image: mariadb:10.4 - container_name: mysql + container_name: ${HOST}-mysql command: --default-authentication-plugin=mysql_native_password networks: - backend @@ -46,7 +47,7 @@ services: image: nginx:1.17-alpine depends_on: - wordpress - container_name: nginx-wp-stack + container_name: ${HOST}-nginx networks: - backend - web @@ -55,8 +56,8 @@ services: - ./wordpress:/usr/share/nginx/html:ro labels: - "traefik.enable=true" - - "traefik.http.routers.nginx-wp-stack.entrypoints=http" - - "traefik.http.routers.nginx-wp-stack.rule=Host(`wp-stack.wptest.isnet.uk`)" + - "traefik.http.routers.nginx-${HOST}.entrypoints=http" + - "traefik.http.routers.nginx-${HOST}.rule=Host(`${HOST}.${DOMAIN}`)" - "traefik.docker.network=web" wordpress: @@ -64,7 +65,7 @@ services: - db networks: - backend - container_name: wordpress + container_name: ${HOST}-wordpress # env_file: # - .env build: ./ diff --git a/production/export-to-production.sh b/production/export-to-production.sh new file mode 100755 index 0000000..3de77a3 --- /dev/null +++ b/production/export-to-production.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +_docker_user="ray" + +_host="wp-stack-two" +_domain="wptest.isnet.uk" +_docker_base_dir="/var/docker" +_docker_dir="$_docker_base_dir/$_host" + +# _cmd_wp_export="wp db export --dbuser=wordpress --dbpass=$_wp_db_passwd --add-drop-table data.sql" +_ssh_cmd="ssh root@$_host.$_domain" +_scp_to_base="root@$_host.$_domain:$_docker_dir" + +echo "HOST=$_host" > .env +echo "DOMAIN=$_domain" >> .env + +$_ssh_cmd "mkdir -p $_docker_dir" + +scp -r config "$_scp_to_base"/config +scp Dockerfile "$_scp_to_base"/Dockerfile +scp entrypoint.sh "$_scp_to_base"/entrypoint.sh +scp .env "$_scp_to_base"/.env +scp docker-compose.yml "$_scp_to_base"/docker-compose.yml + +$_ssh_cmd "sed -i 's/__HOST__/$_host/g' $_docker_dir/config/nginx.conf" +$_ssh_cmd "chown -R $_docker_user: $_docker_dir" + +# export wordpress directory + +# import database + +# set correct URLS + +# ensure HTTP_X_FORWARDED_PROTO header is set in wp-config.php + +rm .env +