From 81f58e0da72d73764c05fdd9c30d6069cf8fb2a2 Mon Sep 17 00:00:00 2001
From: ray <gitea@rayelliott.dev>
Date: Mon, 9 Mar 2020 20:14:10 +0000
Subject: [PATCH] ssl working

---
 .../config/wp-config-forward-headers.php      |  5 +++
 production/docker-compose.yml                 |  8 +++++
 production/export-to-production.sh            | 31 ++++++++++++-------
 3 files changed, 33 insertions(+), 11 deletions(-)
 create mode 100644 production/config/wp-config-forward-headers.php

diff --git a/production/config/wp-config-forward-headers.php b/production/config/wp-config-forward-headers.php
new file mode 100644
index 0000000..925bca3
--- /dev/null
+++ b/production/config/wp-config-forward-headers.php
@@ -0,0 +1,5 @@
+<?php
+if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+        $_SERVER['HTTPS'] = 'on';
+}
+?>
diff --git a/production/docker-compose.yml b/production/docker-compose.yml
index fd25b01..5b2bf45 100644
--- a/production/docker-compose.yml
+++ b/production/docker-compose.yml
@@ -57,6 +57,14 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.nginx-${HOST}.entrypoints=http"
       - "traefik.http.routers.nginx-${HOST}.rule=Host(`${HOST}.${DOMAIN}`)"
+      - "traefik.http.middlewares.nginx-${HOST}-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.nginx-${HOST}.middlewares=nginx-${HOST}-https-redirect"
+      - "traefik.http.routers.nginx-${HOST}-secure.entrypoints=https"
+      - "traefik.http.routers.nginx-${HOST}-secure.rule=Host(`${HOST}.${DOMAIN}`)"
+      - "traefik.http.routers.nginx-${HOST}-secure.tls=true"
+      - "traefik.http.routers.nginx-${HOST}-secure.tls.certresolver=http"
+      - "traefik.http.services.nginx-${HOST}.loadbalancer.server.port=80"
+      - "traefik.http.routers.nginx-${HOST}-secure.service=nginx-${HOST}"
       - "traefik.docker.network=web"
 
   wordpress:
diff --git a/production/export-to-production.sh b/production/export-to-production.sh
index 25963b5..a48b484 100755
--- a/production/export-to-production.sh
+++ b/production/export-to-production.sh
@@ -5,12 +5,13 @@ _docker_dir="$_docker_base_dir/$_remote_host"
 _ssh_cmd="ssh root@$_remote_host.$_domain"
 _scp_to_base="root@$_remote_host.$_domain:$_docker_dir"
 
-echo "HOST=$_remote_host" > .env
-echo "DOMAIN=$_domain" >> .env
-echo "MYSQL_ROOT_PASSWD=$_mysql_root_passwd" >> .env
-echo "MYSQL_USER=wordpress" >> .env
-echo "MYSQL_PASSWORD=wordpress" >> .env
-echo "MYSQL_DATABASE=wordpress" >> .env
+_tmp_env_file=$(mktemp)
+
+echo "HOST=$_remote_host" > "$_tmp_env_file"
+echo "MYSQL_ROOT_PASSWD=$_mysql_root_passwd" >> "$_tmp_env_file"
+echo "MYSQL_USER=wordpress" >> "$_tmp_env_file"
+echo "MYSQL_PASSWORD=wordpress" >> "$_tmp_env_file"
+echo "MYSQL_DATABASE=wordpress" >> "$_tmp_env_file"
 
 $_ssh_cmd "mkdir -p $_docker_dir/wordpress"
 
@@ -18,7 +19,7 @@ echo "Copying files ..."
 scp -r production/config "$_scp_to_base"/config
 scp production/Dockerfile "$_scp_to_base"/Dockerfile
 scp production/entrypoint.sh "$_scp_to_base"/entrypoint.sh
-scp ./.env "$_scp_to_base"/.env
+scp "$_tmp_env_file" "$_scp_to_base"/.env
 scp production/docker-compose.yml "$_scp_to_base"/docker-compose.yml
 
 scp wordpress.tar.gz "$_scp_to_base"/wordpress.tar.gz
@@ -28,6 +29,7 @@ echo "Configuring files ..."
 $_ssh_cmd "sed -i 's/__HOST__/$_remote_host/g' $_docker_dir/config/nginx.conf"
 # TODO make this  more robust than just substituting localhost
 $_ssh_cmd "sed -i 's/localhost/$_remote_host-mysql/g' $_docker_dir/wordpress/wp-config.php"
+$_ssh_cmd "cat $_docker_dir/config/wp-config-forward-headers.php $_docker_dir/wordpress/wp-config.php >/tmp/out.tmp && mv /tmp/out.tmp $_docker_dir/wordpress/wp-config.php"
 $_ssh_cmd "chown -R $_docker_user: $_docker_dir"
 # The 82 comes from the Dockerfile addgroup and adduser commands
 $_ssh_cmd "chown -R 82:82 $_docker_dir/wordpress"
@@ -58,17 +60,24 @@ _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin
 echo "$_ssh_cmd $_cmd_docker_exec"
 $_ssh_cmd "$_cmd_docker_exec"
 
-# TODO correct URLS
+# _cmd_wp="wp user create $_wp_admin_user"
+# _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
+# echo "$_ssh_cmd $_cmd_docker_exec"
+# $_ssh_cmd "$_cmd_docker_exec"
+
 # TODO move this into helper script
 # wp search-replace 'example.dev' 'example.com' --skip-columns=guid
 # Or, if you only want to change the option, you can do:
 # wp option update home 'http://example.com'
 # wp option update siteurl 'http://example.com';
+_cmd_wp="wp search-replace 'http://$_local_hostname.$_local_domain' 'https://$_local_hostname.$_local_domain' --skip-columns=guid"
+_cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
+echo "$_ssh_cmd $_cmd_docker_exec"
+$_ssh_cmd "$_cmd_docker_exec"
+
 _cmd_wp="wp search-replace '$_local_hostname.$_local_domain' '$_remote_host.$_domain' --skip-columns=guid"
 _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
 echo "$_ssh_cmd $_cmd_docker_exec"
 $_ssh_cmd "$_cmd_docker_exec"
 
-# TODO ensure HTTP_X_FORWARDED_PROTO header is set in wp-config.php
-
-# TODO 3m .env
+rm "$_tmp_env_file"