initial commit

.gitignore

+.idea/
+certs/
+certs-data/
+logs/
+mysql/
+wordpress/
\ No newline at end of file

Dockerfile

+FROM php:7.2-fpm
+
+# install the PHP extensions we need
+RUN set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        libjpeg-dev \
+        libpng-dev \
+    ; \
+    \
+    docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr; \
+    docker-php-ext-install gd mysqli opcache zip; \
+    \
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark; \
+    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+        | awk '/=>/ { print $3 }' \
+        | sort -u \
+        | xargs -r dpkg-query -S \
+        | cut -d: -f1 \
+        | sort -u \
+        | xargs -rt apt-mark manual; \
+    \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    rm -rf /var/lib/apt/lists/*
+
+# set recommended PHP.ini settings
+# see https://secure.php.net/manual/en/opcache.installation.php
+RUN { \
+        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.interned_strings_buffer=8'; \
+        echo 'opcache.max_accelerated_files=4000'; \
+        echo 'opcache.revalidate_freq=2'; \
+        echo 'opcache.fast_shutdown=1'; \
+        echo 'opcache.enable_cli=1'; \
+    } > /usr/local/etc/php/conf.d/opcache-recommended.ini
+
+VOLUME /var/www/html
+
+ENV WORDPRESS_VERSION 4.9.8
+ENV WORDPRESS_SHA1 0945bab959cba127531dceb2c4fed81770812b4f
+
+RUN set -ex; \
+    curl -o wordpress.tar.gz -fSL "https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz"; \
+    echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -; \
+# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
+    tar -xzf wordpress.tar.gz -C /usr/src/; \
+    rm wordpress.tar.gz; \
+    chown -R www-data:www-data /usr/src/wordpress
+
+COPY docker-entrypoint.sh /usr/local/bin/
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["php-fpm"]

README.md

+# wordpress-nginx-docker
+
+Docker compose installation of a single site Wordpress instance using Nginx as the web server and MariaDB as the database.
+
+Let's Encrypt SSL enabled option using [https://hub.docker.com/r/certbot/certbot/](https://hub.docker.com/r/certbot/certbot/)
+
+Work inspired by: [Dockerizing Wordpress with Nginx and PHP-FPM on Ubuntu 16.04](https://www.howtoforge.com/tutorial/dockerizing-wordpress-with-nginx-and-php-fpm/)
+
+## Installation
+
+Review the [Optional configuration](#opt_config) options and determine if you'd like to apply any.
+
+### Create directories on host
+
+Directories are created on the host to persist data for the containers to volume mount from the host.
+
+- **mysql**: The database files for MariaDB
+- **wordpress**: The WordPress media files
+- **logs/nginx**: The Nginx log files (error.log, access.log)
+- **certs**: SSL certificate files (LetsEncrypt)
+- **certs-data**: SSL challenge/response area (LetsEncrypt)
+
+From the top level of the cloned repository, create the directories that will be used for managing the data on the host.
+
+```
+$ cd wordpress-nginx-docker/
+# mkdir -p certs/ certs-data/ logs/nginx/ mysql/ wordpress/
+```
+
+### HTTP
+
+If you plan to run your WordPress site over http on port 80, then do the following.
+
+1. Change the name of `nginx/wordpress.conf.example` to `nginx/wordpress.conf` 
+2. Update the `DOMAIN_NAME` in `nginx/wordpress.conf` to be that of your domain
+3. Run `$ docker-compose up -d`
+4. Navigate to [http://DOMAIN_NAME]() in a browser where `DOMAIN_NAME` is the name of your site
+
+### HTTPS with SSL Certificates
+
+If you plan to run your WordPress site over https on port 443, then do the following.
+
+**Choose a method for SSL certificates**
+
+- **Let's Encrypt**
+
+	If you plan on using SSL certificates from [Let's Encrypt](https://letsencrypt.org) it is important that your public domain is already registered and reachable.
+	
+	Run: `./letsencrypt/letsencrypt-init.sh DOMAIN_NAME`, where `DOMAIN_NAME` is the publicly registered domain name of your host.
+	
+	```
+	$ ./letsencrypt-init.sh example.com
+	mysql uses an image, skipping
+	wordpress uses an image, skipping
+	nginx uses an image, skipping
+	Creating mysql ...
+	Creating mysql ... done
+	Creating wordpress ...
+	Creating wordpress ... done
+	Creating nginx ...
+	Creating nginx ... done
+	Reloading nginx: nginx.
+	Saving debug log to /var/log/letsencrypt/letsencrypt.log
+	Plugins selected: Authenticator webroot, Installer None
+	Enter email address (used for urgent renewal and security notices) (Enter 'c' to
+	cancel): mjstealey@gmail.com
+	
+	-------------------------------------------------------------------------------
+	Please read the Terms of Service at
+	https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
+	in order to register with the ACME server at
+	https://acme-v01.api.letsencrypt.org/directory
+	-------------------------------------------------------------------------------
+	(A)gree/(C)ancel: a
+	
+	-------------------------------------------------------------------------------
+	Would you be willing to share your email address with the Electronic Frontier
+	Foundation, a founding partner of the Let's Encrypt project and the non-profit
+	organization that develops Certbot? We'd like to send you email about EFF and
+	our work to encrypt the web, protect its users and defend digital rights.
+	-------------------------------------------------------------------------------
+	(Y)es/(N)o: y
+	Obtaining a new certificate
+	Performing the following challenges:
+	http-01 challenge for example.com
+	http-01 challenge for www.example.com
+	Using the webroot path /data/letsencrypt for all unmatched domains.
+	Waiting for verification...
+	Cleaning up challenges
+	
+	IMPORTANT NOTES:
+	    ssl                       on;
+	 - Congratulations! Your certificate and chain have been saved at:
+	   /etc/letsencrypt/live/example.com/fullchain.pem
+	   Your key file has been saved at:
+	   /etc/letsencrypt/live/example.com/privkey.pem
+	   Your cert will expire on 2018-02-06. To obtain a new or tweaked
+	   version of this certificate in the future, simply run certbot
+	   again. To non-interactively renew *all* of your certificates, run
+	   "certbot renew"
+	 - Your account credentials have been saved in your Certbot
+	   configuration directory at /etc/letsencrypt. You should make a
+	   secure backup of this folder now. This configuration directory will
+	   also contain certificates and private keys obtained by Certbot so
+	   making regular backups of this folder is ideal.
+	 - If you like Certbot, please consider supporting our work by:
+	
+	   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+	   Donating to EFF:                    https://eff.org/donate-le
+	
+	Stopping nginx     ... done
+	Stopping wordpress ... done
+	Stopping mysql     ... done
+	Going to remove nginx, wordpress, mysql
+	Removing nginx     ... done
+	Removing wordpress ... done
+	Removing mysql     ... done
+	INFO: update the nginx/wordpress_ssl.conf file
+	-  4:   server_name example.com;
+	- 19:   server_name               example.com www.example.com;
+	- 46:   ssl_certificate           /etc/letsencrypt/live/example.com/fullchain.pem;
+	- 47:   ssl_certificate_key       /etc/letsencrypt/live/example.com/privkey.pem;
+	- 48:   ssl_trusted_certificate   /etc/letsencrypt/live/example.com/chain.pem;
+	```
+- **Self signed**
+
+	If you plan on using self signed SSL certificates, run: `./letsencrypt/self-signed-init.sh DOMAIN_NAME`, where `DOMAIN_NAME` is the `CN` you want to assign to the host (commonly `localhost`).
+	
+	```
+	$ cd letsencrypt/
+	$ ./self-signed-init.sh localhost
+	INFO: making certs directory
+	Generating a 4096 bit RSA private key
+	................................................................................................................................................................................................................................................++
+	....................................................++
+	writing new private key to 'key.pem'
+	-----
+	INFO: update the nginx/wordpress_ssl.conf file
+	-  4:   server_name localhost;
+	- 19:   server_name               localhost www.localhost;
+	- 46:   ssl_certificate           /etc/letsencrypt/live/localhost/cert.pem;
+	- 47:   ssl_certificate_key       /etc/letsencrypt/live/localhost/privkey.pem;
+	- 48:   #ssl_trusted_certificate   /etc/letsencrypt/live/DOMAIN_NAME/chain.pem; <-- COMMENT OUT OR REMOVE
+	```
+
+- **Bring your own**
+
+	If you plan to use pre-existing certificates you will need to update the `nginx/wordpress_ssl.conf` file with the appropriate settings to the kind of certificates you have.
+
+**Finally**
+
+1. Change the name of `nginx/wordpress_ssl.conf.example` to `nginx/wordpress_ssl.conf` 
+2. Update the `DOMAIN_NAME` in `nginx/wordpress_ssl.conf` to be that of your domain
+3. Run `$ docker-compose up -d`
+4. Navigate to [https://DOMAIN_NAME]() in a browser where `DOMAIN_NAME` is the name of your site
+
+## <a name="opt_config"></a>Optional Configuration
+
+### Environment Varialbles
+
+WordPress environment variables. See the [official image](https://hub.docker.com/_/wordpress/) for additional information.
+
+- `WORDPRESS_DB_NAME`: Name of database used for WordPress in MariaDB
+- `WORDPRESS_TABLE_PREFIX`: Prefix appended to all WordPress related tables in the `WORDPRESS_DB_NAME` database
+- `WORDPRESS_DB_HOST `: Hostname of the database server / container
+- `WORDPRESS_DB_PASSWORD `: Database password for the `WORDPRESS_DB_USER`. By default 'root' is the `WORDPRESS_DB_USER`.
+
+```yaml
+    environment:
+      - WORDPRESS_DB_NAME=wordpress
+      - WORDPRESS_TABLE_PREFIX=wp_
+      - WORDPRESS_DB_HOST=mysql
+      - WORDPRESS_DB_PASSWORD=password
+```
+
+MySQL environment variables.
+
+- If you've altered the `WORDPRESS_DB_PASSWORD` you should also set the `MYSQL_ROOT_PASSWORD ` to be the same as they will both be associated with the user 'root'.
+
+```yaml
+    environment:
+      - MYSQL_ROOT_PASSWORD=password
+```
+
+### Port Mapping
+
+Neither the **mysql** container nor the **wordpress** container have publicly exposed ports. They are running on the host using a docker defined network named `wp_network` which provides the containers with access to each others ports, but not from the host.
+
+If you wish to expose the ports to the host, you'd need to alter the stanzas for each in the `docker-compose.yaml` file.
+
+For the `mysql` stanza, add
+
+```
+    ports:
+      - '3306:3306'
+```
+
+For the `wordpress` stanza, add
+
+```
+    ports:
+      - '9000:9000'
+```
+
+## Clean up / Removal
+
+Removing all related containers
+
+```
+$ cd wordpress-nginx-docker/
+$ docker-compose stop
+$ docker-compose rm -f
+```
+
+Removing all related directories
+
+```
+$ cd wordpress-nginx-docker/
+$ rm -rf certs/ certs-data/ logs/ mysql/ wordpress/
+```

docker-compose.yml

+version: '0.0.0'
+
+services:
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - ./nginx:/etc/nginx/conf.d
+      - ./logs/nginx:/var/log/nginx
+      - ./wordpress:/var/www/html
+      - ./certs:/etc/letsencrypt
+      - ./certs-data:/data/letsencrypt
+    links:
+      - wordpress
+    restart: always
+
+  mysql:
+    image: mariadb:10.3
+    container_name: mysql
+    volumes:
+      - ./docker/mariadb:/docker-entrypoint-initdb.d/
+      - ./var/mariadb:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=IiIjnsLi2wR9i1kWVbVpUAzP
+    command:
+      'mysqld --innodb-flush-method=fsync'
+    restart: always
+
+  wordpress:
+    image: wordpress:php7.2-fpm
+    container_name: wordpress
+    volumes:
+      - ./wordpress:/var/www/html
+    environment:
+      - WORDPRESS_DB_NAME=wordpress
+      - WORDPRESS_TABLE_PREFIX=wp_
+      - WORDPRESS_DB_HOST=mysql
+      - WORDPRESS_DB_PASSWORD=IiIjnsLi2wR9i1kWVbVpUAzP
+    links:
+      - mysql
+    restart: always
+

nginx/wordpress_ssl.conf

+server {
+    listen      80;
+    listen [::]:80;
+    server_name DOMAIN_NAME;
+
+    location / {
+        rewrite ^ https://$host$request_uri? permanent;
+    }
+
+    location ^~ /.well-known {
+        allow all;
+        root  /data/letsencrypt/;
+    }
+}
+
+server {
+    listen      443           ssl http2;
+    listen [::]:443           ssl http2;
+    server_name               DOMAIN_NAME www.DOMAIN_NAME;
+
+    # ssl                       on;
+
+    add_header                Strict-Transport-Security "max-age=31536000" always;
+
+    ssl_session_cache         shared:SSL:20m;
+    ssl_session_timeout       10m;
+
+    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
+
+    ssl_stapling              on;
+    ssl_stapling_verify       on;
+    resolver                  8.8.8.8 8.8.4.4;
+
+    root /var/www/html;
+    index index.php;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ssl_certificate           /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
+    ssl_trusted_certificate   /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass wordpress:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+}