ssl working

This commit is contained in:
Ray Elliott 2020-03-09 20:14:10 +00:00
parent 5154af3a52
commit 81f58e0da7
3 changed files with 33 additions and 11 deletions

View File

@ -0,0 +1,5 @@
<?php
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
?>

View File

@ -57,6 +57,14 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.nginx-${HOST}.entrypoints=http" - "traefik.http.routers.nginx-${HOST}.entrypoints=http"
- "traefik.http.routers.nginx-${HOST}.rule=Host(`${HOST}.${DOMAIN}`)" - "traefik.http.routers.nginx-${HOST}.rule=Host(`${HOST}.${DOMAIN}`)"
- "traefik.http.middlewares.nginx-${HOST}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.nginx-${HOST}.middlewares=nginx-${HOST}-https-redirect"
- "traefik.http.routers.nginx-${HOST}-secure.entrypoints=https"
- "traefik.http.routers.nginx-${HOST}-secure.rule=Host(`${HOST}.${DOMAIN}`)"
- "traefik.http.routers.nginx-${HOST}-secure.tls=true"
- "traefik.http.routers.nginx-${HOST}-secure.tls.certresolver=http"
- "traefik.http.services.nginx-${HOST}.loadbalancer.server.port=80"
- "traefik.http.routers.nginx-${HOST}-secure.service=nginx-${HOST}"
- "traefik.docker.network=web" - "traefik.docker.network=web"
wordpress: wordpress:

View File

@ -5,12 +5,13 @@ _docker_dir="$_docker_base_dir/$_remote_host"
_ssh_cmd="ssh root@$_remote_host.$_domain" _ssh_cmd="ssh root@$_remote_host.$_domain"
_scp_to_base="root@$_remote_host.$_domain:$_docker_dir" _scp_to_base="root@$_remote_host.$_domain:$_docker_dir"
echo "HOST=$_remote_host" > .env _tmp_env_file=$(mktemp)
echo "DOMAIN=$_domain" >> .env
echo "MYSQL_ROOT_PASSWD=$_mysql_root_passwd" >> .env echo "HOST=$_remote_host" > "$_tmp_env_file"
echo "MYSQL_USER=wordpress" >> .env echo "MYSQL_ROOT_PASSWD=$_mysql_root_passwd" >> "$_tmp_env_file"
echo "MYSQL_PASSWORD=wordpress" >> .env echo "MYSQL_USER=wordpress" >> "$_tmp_env_file"
echo "MYSQL_DATABASE=wordpress" >> .env echo "MYSQL_PASSWORD=wordpress" >> "$_tmp_env_file"
echo "MYSQL_DATABASE=wordpress" >> "$_tmp_env_file"
$_ssh_cmd "mkdir -p $_docker_dir/wordpress" $_ssh_cmd "mkdir -p $_docker_dir/wordpress"
@ -18,7 +19,7 @@ echo "Copying files ..."
scp -r production/config "$_scp_to_base"/config scp -r production/config "$_scp_to_base"/config
scp production/Dockerfile "$_scp_to_base"/Dockerfile scp production/Dockerfile "$_scp_to_base"/Dockerfile
scp production/entrypoint.sh "$_scp_to_base"/entrypoint.sh scp production/entrypoint.sh "$_scp_to_base"/entrypoint.sh
scp ./.env "$_scp_to_base"/.env scp "$_tmp_env_file" "$_scp_to_base"/.env
scp production/docker-compose.yml "$_scp_to_base"/docker-compose.yml scp production/docker-compose.yml "$_scp_to_base"/docker-compose.yml
scp wordpress.tar.gz "$_scp_to_base"/wordpress.tar.gz scp wordpress.tar.gz "$_scp_to_base"/wordpress.tar.gz
@ -28,6 +29,7 @@ echo "Configuring files ..."
$_ssh_cmd "sed -i 's/__HOST__/$_remote_host/g' $_docker_dir/config/nginx.conf" $_ssh_cmd "sed -i 's/__HOST__/$_remote_host/g' $_docker_dir/config/nginx.conf"
# TODO make this more robust than just substituting localhost # TODO make this more robust than just substituting localhost
$_ssh_cmd "sed -i 's/localhost/$_remote_host-mysql/g' $_docker_dir/wordpress/wp-config.php" $_ssh_cmd "sed -i 's/localhost/$_remote_host-mysql/g' $_docker_dir/wordpress/wp-config.php"
$_ssh_cmd "cat $_docker_dir/config/wp-config-forward-headers.php $_docker_dir/wordpress/wp-config.php >/tmp/out.tmp && mv /tmp/out.tmp $_docker_dir/wordpress/wp-config.php"
$_ssh_cmd "chown -R $_docker_user: $_docker_dir" $_ssh_cmd "chown -R $_docker_user: $_docker_dir"
# The 82 comes from the Dockerfile addgroup and adduser commands # The 82 comes from the Dockerfile addgroup and adduser commands
$_ssh_cmd "chown -R 82:82 $_docker_dir/wordpress" $_ssh_cmd "chown -R 82:82 $_docker_dir/wordpress"
@ -58,17 +60,24 @@ _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin
echo "$_ssh_cmd $_cmd_docker_exec" echo "$_ssh_cmd $_cmd_docker_exec"
$_ssh_cmd "$_cmd_docker_exec" $_ssh_cmd "$_cmd_docker_exec"
# TODO correct URLS # _cmd_wp="wp user create $_wp_admin_user"
# _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
# echo "$_ssh_cmd $_cmd_docker_exec"
# $_ssh_cmd "$_cmd_docker_exec"
# TODO move this into helper script # TODO move this into helper script
# wp search-replace 'example.dev' 'example.com' --skip-columns=guid # wp search-replace 'example.dev' 'example.com' --skip-columns=guid
# Or, if you only want to change the option, you can do: # Or, if you only want to change the option, you can do:
# wp option update home 'http://example.com' # wp option update home 'http://example.com'
# wp option update siteurl 'http://example.com'; # wp option update siteurl 'http://example.com';
_cmd_wp="wp search-replace 'http://$_local_hostname.$_local_domain' 'https://$_local_hostname.$_local_domain' --skip-columns=guid"
_cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
echo "$_ssh_cmd $_cmd_docker_exec"
$_ssh_cmd "$_cmd_docker_exec"
_cmd_wp="wp search-replace '$_local_hostname.$_local_domain' '$_remote_host.$_domain' --skip-columns=guid" _cmd_wp="wp search-replace '$_local_hostname.$_local_domain' '$_remote_host.$_domain' --skip-columns=guid"
_cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'" _cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp'"
echo "$_ssh_cmd $_cmd_docker_exec" echo "$_ssh_cmd $_cmd_docker_exec"
$_ssh_cmd "$_cmd_docker_exec" $_ssh_cmd "$_cmd_docker_exec"
# TODO ensure HTTP_X_FORWARDED_PROTO header is set in wp-config.php rm "$_tmp_env_file"
# TODO 3m .env