tidy up code

.gitignore

@@ -1,3 +1,3 @@
-config
+/config
 notes.txt
 remote-temp/

config-example

@@ -0,0 +1,31 @@
+# rename to `config` and assign suitable values.
+
+# local configuration
+
+export _local_hostname="wp-now"
+export _local_domain="home"
+
+export _user_www='www-data'
+export _passwd_www='www-data'
+
+export _wp_title="WP Test"
+export _wp_admin_user="admin"
+export _wp_password="admin"
+export _wp_email="$_local_hostname@isnet.uk"
+export _wp_db_passwd="wordpress"
+
+export _wp_theme_active="twentytwenty"
+export _wp_themes_additional="twentynineteen twentyseventeen"
+
+export _wp_plugins="better-wp-security wp-fastest-cache autodescription google-analytics-for-wordpress"
+export _wp_plugins_active="elementor wp-mail-smtp gdpr-cookie-compliance regenerate-thumbnails"
+
+
+# remote configuration
+
+export _docker_user="ray"
+
+export _remote_host="wp-stack-four"
+export _domain="wptest.isnet.uk"
+export _docker_base_dir="/var/docker"
+export _mysql_root_passwd="db"

dev/config-example

@@ -1,16 +0,0 @@
-# rename to `config` and assign suitable values.
-
-_user_www='www-data'
-_passwd_www='www-data'
-
-_wp_title="WP Test"
-_wp_admin_user="admin"
-_wp_password="admin"
-_wp_email="admin@$_host"
-_wp_db_passwd="wordpress"
-
-_wp_theme_active="twentytwenty"
-_wp_themes_additional="twentynineteen twentyseventeen"
-
-_wp_plugins="better-wp-security wp-fastest-cache autodescription google-analytics-for-wordpress"
-_wp_plugins_active="elementor wp-mail-smtp gdpr-cookie-compliance regenerate-thumbnails"

dev/container-create.sh

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if [ -z "$1"  ] ; then
-  echo "Must supply container name as argument"
-  exit 1
-fi
-
-. ./config
-
-_host="$1.home"
+_host="$_local_hostname.$_local_domain"
 _user_root='root'
 _ssh_cmd_root="ssh $_user_root@$_host"
 

dev/download-data.sh

@@ -1,13 +1,13 @@
 #!/bin/sh
 
-if [ -z "$1"  ] ; then
-  echo "Must supply container name as argument"
-  exit 1
+if [ -z "$1" ] ; then
+  _target_filename='.'
+else
+  _target_filename="$1"
 fi
 
-. ./config
-
-_host="$1.home"
+_host="$_local_hostname.$_local_domain"
+echo "$_host"
 
 _cmd_wp_export="wp db export --dbuser=wordpress --dbpass=$_wp_db_passwd --add-drop-table data.sql"
 _ssh_cmd="sshpass -p$_passwd_www ssh $_user_www@$_host"
@@ -16,5 +16,5 @@ _scp_cmd="sshpass -p$_passwd_www scp $_user_www@$_host:/tmp/wordpress.tar.gz"
 $_ssh_cmd "cd /var/www/html/wordpress &&" $_cmd_wp_export
 $_ssh_cmd 'cd /var/www/html/wordpress && tar czf /tmp/wordpress.tar.gz .'
 $_ssh_cmd "rm /var/www/html/wordpress/data.sql"
-$_scp_cmd "."
+$_scp_cmd "$_target_filename"
 $_ssh_cmd 'rm /tmp/wordpress.tar.gz'

docker-compose.yml

@@ -0,0 +1,42 @@
+
+version: "3"
+
+networks:
+  web:
+    external: true
+  internal:
+    external: false
+
+services:
+  blog:
+    image: wordpress:latest
+    container_name: blog
+    environment:
+      WORDPRESS_DB_PASSWORD: dklfm904mg-uiojn
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blog.entrypoints=http"
+      - "traefik.http.routers.blog.rule=Host(`blog.wptest.isnet.uk`)"
+      - "traefik.http.middlewares.blog.redirectscheme.scheme=https"
+      - "traefik.http.routers.blog.middlewares=blog"
+      - "traefik.http.routers.blog.entrypoints=https"
+      - "traefik.http.routers.blog.rule=Host(`blog.wptest.isnet.uk`)"
+      - "traefik.http.routers.blog.tls=true"
+      - "traefik.http.routers.blog.tls.certresolver=http"
+      - "traefik.http.services.blog.loadbalancer.server.port=80"
+      - "traefik.http.routers.blog.service=blog"
+      - "traefik.docker.network=web"
+    networks:
+      - internal
+      - web
+    depends_on:
+      - mysql
+  mysql:
+    image: mysql:5.7
+    environment:
+      MYSQL_ROOT_PASSWORD: dklfm904mg-uiojn
+    networks:
+      - internal
+    labels:
+      - traefik.enable=false
+

production/config/nginx.conf

@@ -28,7 +28,7 @@ http {
                             '$status $body_bytes_sent "$http_referer" '
                             '"$http_user_agent" "$http_x_forwarded_for" '
                             '$request_time $upstream_response_time $pipe $upstream_cache_status'
-			    '$document_root$fastcgi_script_name > $request';
+                '$document_root$fastcgi_script_name > $request';
 
 
     access_log /dev/stdout main_timed;
@@ -72,13 +72,13 @@ http {
 
         root /usr/share/nginx/html;
         index index.php;
-	include /etc/nginx/includes/*.conf;
+    include /etc/nginx/includes/*.conf;
 
-	location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }
-    	location ~ /(\.DS_Store|wp-config.php|wp-config-sample.php|readme.html.gz|readme.txt.gz|readme.html|readme.txt|error_log|license.txt|changelog|changelog.txt) { access_log off; log_not_found off; deny all; }
-    	location = /robots.txt  { access_log off; log_not_found off; }
-    	location = /favicon.ico { access_log off; log_not_found off; expires 30d; }
-    	location ~ ~$           { access_log off; log_not_found off; deny all; }
+    location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }
+        location ~ /(\.DS_Store|wp-config.php|wp-config-sample.php|readme.html.gz|readme.txt.gz|readme.html|readme.txt|error_log|license.txt|changelog|changelog.txt) { access_log off; log_not_found off; deny all; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+        location = /favicon.ico { access_log off; log_not_found off; expires 30d; }
+        location ~ ~$           { access_log off; log_not_found off; deny all; }
 
         location /wp-content {
             root /usr/share/nginx/html/wp-content;
@@ -93,19 +93,20 @@ http {
         location ~ [^/]\.php(/|$) {
             try_files $uri =404;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
-			fastcgi_connect_timeout 300;
-			fastcgi_send_timeout 300;
-			fastcgi_read_timeout 300;
-			fastcgi_buffer_size 64k;
-			fastcgi_buffers 4 64k;
-			fastcgi_busy_buffers_size 128k;
-			fastcgi_temp_file_write_size 128k;
-			fastcgi_intercept_errors on;
+            fastcgi_connect_timeout 300;
+            fastcgi_send_timeout 300;
+            fastcgi_read_timeout 300;
+            fastcgi_buffer_size 64k;
+            fastcgi_buffers 4 64k;
+            fastcgi_busy_buffers_size 128k;
+            fastcgi_temp_file_write_size 128k;
+            fastcgi_intercept_errors on;
 
             fastcgi_index index.php;
-            fastcgi_pass wordpress:9000;
+            fastcgi_pass __HOST__-wordpress:9000;
 
             # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            # TODO is hardcoded document root safe???
             fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
             include fastcgi_params;
         }

production/deploy-to-container.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+_docker_service_name="blog"
+_mysql_root_passwd="dklfm904mg-uiojn"
+_wordpress_tag="latest"
+_mariadb_tag="10.5"
+_site_domain="blog.wptest.isnet.uk"
+
+echo "
+version: \"3\"
+
+networks:
+  web:
+    external: true
+  internal:
+    external: false
+
+services:
+# TODO this needs to be just an apache or php container or whatever with a persistent 
+# html volume
+  $_docker_service_name:
+    image: wordpress:$_wordpress_tag
+    container_name: $_docker_service_name
+    environment:
+      WORDPRESS_DB_PASSWORD: $_mysql_root_passwd
+    labels:
+      - \"traefik.enable=true\"
+      - \"traefik.http.routers.$_docker_service_name.entrypoints=http\"
+      - \"traefik.http.routers.$_docker_service_name.rule=Host(\`$_site_domain\`)\"
+      - \"traefik.http.middlewares.$_docker_service_name.redirectscheme.scheme=https\"
+      - \"traefik.http.routers.$_docker_service_name.middlewares=$_docker_service_name\"
+      - \"traefik.http.routers.$_docker_service_name.entrypoints=https\"
+      - \"traefik.http.routers.$_docker_service_name.rule=Host(\`$_site_domain\`)\"
+      - \"traefik.http.routers.$_docker_service_name.tls=true\"
+      - \"traefik.http.routers.$_docker_service_name.tls.certresolver=http\"
+      - \"traefik.http.services.$_docker_service_name.loadbalancer.server.port=80\"
+      - \"traefik.http.routers.$_docker_service_name.service=$_docker_service_name\"
+      - \"traefik.docker.network=web\"
+    networks:
+      - internal
+      - web
+    depends_on:
+      - mysql
+  mariadb:
+    image: mariadb:$_mariadb_tag
+    environment:
+      MYSQL_ROOT_PASSWORD: $_mysql_root_passwd
+    networks:
+      - internal
+    labels:
+      - traefik.enable=false
+" > docker-compose.yml

production/docker-compose.yml

@@ -4,6 +4,7 @@ networks:
   web:
     external: true
   backend:
+    external: false
     driver: bridge
 
 services:
@@ -12,12 +13,10 @@ services:
     image: 'bitnami/redis:5.0'
     networks:
       - backend
-    container_name: redis
+    container_name: ${HOST}-redis
     restart: unless-stopped
     environment:
       - ALLOW_EMPTY_PASSWORD=yes
-    ports:
-      - '127.0.0.1:6379:6379'
 #    volumes:
 #      - 'redis-data:/bitnami/redis/data'
     labels:
@@ -25,7 +24,7 @@ services:
 
   db:
     image: mariadb:10.4
-    container_name: mysql
+    container_name: ${HOST}-mysql
     command: --default-authentication-plugin=mysql_native_password
     networks:
       - backend
@@ -35,10 +34,11 @@ services:
     volumes:
 #      - ./wp-db:/var/lib/mysql
       - ./config/my.cnf:/etc/mysql/conf.d/zzz_my.cnf
-    ports:
-      - "127.0.0.1:3306:3306"
     environment:
-      - MYSQL_ROOT_PASSWORD=db
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWD}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
     labels:
       - "traefik.enable=false"
 
@@ -46,7 +46,7 @@ services:
     image: nginx:1.17-alpine
     depends_on:
       - wordpress
-    container_name: nginx-wp-stack
+    container_name: ${HOST}-nginx
     networks:
       - backend
       - web
@@ -55,22 +55,20 @@ services:
       - ./wordpress:/usr/share/nginx/html:ro
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.nginx-wp-stack.entrypoints=http"
-      - "traefik.http.routers.nginx-wp-stack.rule=Host(`wp-stack.wptest.isnet.uk`)"
+      - "traefik.http.routers.nginx-${HOST}.entrypoints=http"
+      - "traefik.http.routers.nginx-${HOST}.rule=Host(`${HOST}.${DOMAIN}`)"
       - "traefik.docker.network=web"
 
   wordpress:
     depends_on:
       - db
+      - redis
     networks:
       - backend
-    container_name: wordpress
+    container_name: ${HOST}-wordpress
 #    env_file:
 #      - .env
     build: ./
-    ports:
-      - "127.0.0.1:8081:80"
-      - "127.0.0.1:9000:9000"
     volumes:
       - ./wordpress:/var/www/wordpress
     labels:

production/export-to-production.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+
+_docker_dir="$_docker_base_dir/$_remote_host"
+
+_ssh_cmd="ssh root@$_remote_host.$_domain"
+_scp_to_base="root@$_remote_host.$_domain:$_docker_dir"
+
+echo "HOST=$_remote_host" > .env
+echo "DOMAIN=$_domain" >> .env
+echo "MYSQL_ROOT_PASSWD=$_mysql_root_passwd" >> .env
+echo "MYSQL_USER=wordpress" >> .env
+echo "MYSQL_PASSWORD=wordpress" >> .env
+echo "MYSQL_DATABASE=wordpress" >> .env
+
+$_ssh_cmd "mkdir -p $_docker_dir/wordpress"
+
+scp -r production/config "$_scp_to_base"/config
+scp production/Dockerfile "$_scp_to_base"/Dockerfile
+scp production/entrypoint.sh "$_scp_to_base"/entrypoint.sh
+scp ./.env "$_scp_to_base"/.env
+scp production/docker-compose.yml "$_scp_to_base"/docker-compose.yml
+
+scp wordpress.tar.gz "$_scp_to_base"/wordpress.tar.gz
+$_ssh_cmd "tar -xf $_docker_dir/wordpress.tar.gz -C $_docker_dir/wordpress && rm $_docker_dir/wordpress.tar.gz"
+
+$_ssh_cmd "sed -i 's/__HOST__/$_remote_host/g' $_docker_dir/config/nginx.conf"
+# TODO make this  more robust than just changing any old localhost
+$_ssh_cmd "sed -i 's/localhost/$_remote_host-mysql/g' $_docker_dir/wordpress/wp-config.php"
+$_ssh_cmd "chown -R $_docker_user: $_docker_dir"
+
+$_ssh_cmd "cd $_docker_dir && docker-compose up -d --build"
+
+# TODO - need to wait for mysql to initialise
+# temporary
+echo "waiting for mysql to initialise ..."
+sleep 10
+echo "still waiting for mysql to initialise ..."
+sleep 10
+echo "waiting a little bit longer for mysql to initialise ..."
+sleep 5
+
+# TODO does docker always assign ips in range 172.% ????
+_ssh_shell_cmd='echo "GRANT ALL PRIVILEGES ON wordpress."*" TO \"wordpress\"@\"172.%\" IDENTIFIED BY \"wordpress\";" | mysql -uroot -pdb'
+# _ssh_shell_cmd='echo "'"$_mysql_cmd"'" | mysql -uroot -pdb'
+echo "$_ssh_shell_cmd"
+_cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-mysql /bin/sh -c '$_ssh_shell_cmd'"
+
+echo "$_ssh_cmd -- $_cmd_docker_exec"
+$_ssh_cmd $_cmd_docker_exec
+
+
+_cmd_wp_import="wp db import --dbuser=wordpress --dbpass=$_wp_db_passwd data.sql"
+_cmd_docker_exec="cd $_docker_dir && docker exec -t $_remote_host-wordpress /bin/sh -c '$_cmd_wp_import'"
+$_ssh_cmd "echo '$_wp_db_passwd' && $_cmd_docker_exec"
+
+# set correct URLS
+
+# ensure HTTP_X_FORWARDED_PROTO header is set in wp-config.php
+
+# rm .env
+

publish.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+. ./config
+
+./dev/download-data.sh
+
+./production/export-to-production.sh
+
+
+