release 1.15.0

.env

@@ -2,14 +2,13 @@ PROJECT=biuro-staging
 
 IMAGE_NGINX=fholzer/nginx-brotli
 IMAGE_MYSQL=mariadb:10.3
-IMAGE_WORDPRESS=biuro/web:1.14.0
-IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
+IMAGE_WORDPRESS=biuro/web:1.15.0
+IMAGE_WORDPRESS_CLI=wordpress:cli-php7.4
 
 DB_NAME=staging_biuro
 DB_HOST=mysql
 DB_USERNAME=staging_user
 DB_PASSWORD=qzl8pMNV^gZ&c1!7ebVsXqQh
-DB_ROOT_PASSWORD=#w1ML4QfWaR*8dBYRL7aZJI$
 
 UID=33
 GID=33

certs/conf/options-ssl-nginx.conf

+# This file contains important security parameters. If you modify this file
+# manually, Certbot will be unable to automatically provide future security
+# updates. Instead, Certbot will print and log an error message with a path to
+# the up-to-date file that you will need to refer to when manually updating
+# this file.
+
+ssl_session_cache shared:le_nginx_SSL:10m;
+ssl_session_timeout 1440m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

certs/conf/ssl-dhparams.pem

+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----

certs/fullchain.pem

+-----BEGIN CERTIFICATE-----
+MIIFfjCCBGagAwIBAgISA6DjDgrqV3WdXgKIezVIk6c/MA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMTIwODEzMTFaFw0y
+MDAzMTEwODEzMTFaMBsxGTAXBgNVBAMTEHN0YWdpbmcuYml1cm8ubHQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvYJE4JHQja6HIwlqzPtWSUtrKf7Gg
+J+uwCp7vkTrLtjlnnqwchdt4UXg+u80d1CrtPNxbkAd6kMAr6KutmGduGsVU0sam
+RUucmurRnr23a5u7Q1ZvI52oBt1OhJ96IgFSqTyVBV9JysXShDnssyF4zeAG23cb
++xQesQv4FO++aVk0iYYIAKC334CZPNWszLowDpqLT4lJS24K1yIBroB1cBfOtNuJ
+tuOwhZMIXcbtsYp0aHrSvfkxQXlnSlsviUpOhZJ7CyDVLktuOUmtQfke/lfIEMx+
+zhbkLQsBX1Lh1OHUM1BSHdFq4bcSxE9YsyBgGRX8hhP9actzSUO5fi9NAgMBAAGj
+ggKLMIIChzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHvyuc5MgY83LuYKJUAYEnCD
+yEDSMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
+BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZy8wPwYDVR0RBDgwNoIQc3RhZ2luZy5iaXVyby5lZYIQc3RhZ2luZy5iaXVy
+by5sdIIQc3RhZ2luZy5iaXVyby5sdjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
+BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
+Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AF6nc/nfVsDntTZIfdBJ4DJ6
+kZoMhKESEoQYdZaBcUVYAAABbvliLJsAAAQDAEgwRgIhALmXMMboGpCYKHqUCjmn
+7nZXeFdoCLqHhnu0plsft892AiEA87Aqvf8ZXkd/1g0gGHvT+98FmgFcDf2/BrqH
+QnVfCkcAdwCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW75YiyG
+AAAEAwBIMEYCIQCR823AGzBe3kgtHeWctrkvMEEXQLXbme6Q2irdiiPrqAIhAPhE
+jslMrWVlUsbDyVezHZZ8RAHaDd0DCbibRwp4IAV0MA0GCSqGSIb3DQEBCwUAA4IB
+AQBzDxnUclSvZTKC3g+xPGFhxXTP4v+CvUTbR9IwDe4TzLFTLe9qgMAb8AluS+vv
+45HfIKRAmap0EP9zPQSFHeUCsaiDXEEYCwt6oF+D5z818fdubFwB/ZSnnDdr9MCH
+GEk9bsfT57AI+rvqeC919m1X5w8PBO1eXApKHfsGiqsnDO4uNCuSZpfKgqsJs5oX
+RlfCr/P0CDBcWT3YcCdFIQlhGDX+rU0b5BhCWDwNMKbzjm9VqW5SGCU1Uar18o1X
+KgqnqAqp96472WsF8G51qsIeA/OZqsQ/0X95FK9zlmZ09dBMqvoTdAhSeyDqU+yf
+L715kNY07E2sy093TmUmu25+
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

certs/private.key

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvYJE4JHQja6HI
+wlqzPtWSUtrKf7GgJ+uwCp7vkTrLtjlnnqwchdt4UXg+u80d1CrtPNxbkAd6kMAr
+6KutmGduGsVU0samRUucmurRnr23a5u7Q1ZvI52oBt1OhJ96IgFSqTyVBV9JysXS
+hDnssyF4zeAG23cb+xQesQv4FO++aVk0iYYIAKC334CZPNWszLowDpqLT4lJS24K
+1yIBroB1cBfOtNuJtuOwhZMIXcbtsYp0aHrSvfkxQXlnSlsviUpOhZJ7CyDVLktu
+OUmtQfke/lfIEMx+zhbkLQsBX1Lh1OHUM1BSHdFq4bcSxE9YsyBgGRX8hhP9actz
+SUO5fi9NAgMBAAECggEAImwOjMmw5uvfBQ/KrCBi3HW5PmI6W7BCNRscj3J+qxHA
+6irtZqrKRS8ebhe/3oEwjMBzkuAt65tiMKwaGDhP4r9L6IZ3WZbDzMDmYo7o90me
+dy60FhvUO7DfOqRSxe7LOi1/99LmXU44rkVoNiKBqRulg0sLsZkCHbUL351CYimo
+x+UBfe40ft2dk6pP0K7lDWZgCnUt0OOTYnRYf73lJbfFfC1ntxzDpTS7A/3ARbqP
+hDZJfsdms31xK7Xe2HoNdON5mQJBTQThMusazZRC4qRiBTAExYNvslwjQeONKL7R
+S+RnA7SZDWfqjpvj/FhXX0j00NnuGgBz1+hAgVKXMQKBgQD0AsiijQILB1O+CCbg
+FIDYNPAGR1FUcIKcJPL1wO+TwMVuhYt7TIDIaITsuGNp25fq9+V16ao0a6IxNgc9
+xtDXKBXLuiSMMrg48BaL6EirgkeGOke6LtAzrhPU6R6Q9sHFU3nCbS0+VbS+sHZo
+dVGooz/NO+aSpDR227wztrF/EQKBgQC3/n77Ri528K6KELjo19A4FuxrEAKtya+s
+d6V+Vy1Uzx4Yx+cNApEJfqerf1Ldr4FwqYxVgYGOePK9yxOHZfxuItc8RKXLZ0uD
+X7wfuglelxdwGVhUVy6bi2Z44RMOrtkEf0xC3i0JHo9XBBDmxOKH1zEob5vFCQ2m
+TREyRSjkfQKBgQCA2M909hx0EmRn3goZHPqEMD/mMNaDTf3J0cDxf/WCAbK/D4l9
+jAIc0QQPs7Xa+feYPVpPDxmvIH6+mZbtSgSQ+Du6HgqadVXNywk8y2VEG0EFYdTq
+PTn3cB5MuORJC+N5/QA4aEoRtlQAtVFxCzIZaEqSZuTz3f1OHe2dKQVE4QKBgFvT
+xAQcLqxlynZVijOLIfwcVLnKL8wUUHy+6fV4BMPC6r5rZkDz+vbGI2BQF0dUhEF6
+HPO/wq0cZ+mZJJH6sFU3Rjxp9mThlKpoaTdcXbi7p5Lm01KkgDpZBDdn/V7inKTF
+84Wb5NYcTmWbPeQudvBc0cfgi9l2fz10URTJt3LxAoGAPl4H/b/tNDhL/yq26P04
+/9EPTc6sQSG1iTG2GGAQT9/egchXVpRXjfqhgccH/jNOov2UssVanrQ4WacP/tJn
+suRMrB0486EqbvOUxKsXSvi88SVT386W07B5yjMgnbsvH1jOaUULUlqeuSQ6I7Z0
+NdHFSWtD6oXQdOBAMVV4t90=
+-----END PRIVATE KEY-----

docker-compose.yml

@@ -10,7 +10,7 @@ services:
             - ./docker/mariadb:/docker-entrypoint-initdb.d/
             - ./var/mariadb:/var/lib/mysql
         environment:
-            - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
+            - MYSQL_ROOT_PASSWORD=${DB_PASSWORD}
             - MYSQL_DATABASE=${DB_NAME}
             - MYSQL_USER=${DB_USERNAME}
             - MYSQL_PASSWORD=${DB_PASSWORD}
@@ -78,6 +78,18 @@ services:
         links:
             - wordpress
         restart: always
+        command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+
+    certbot:
+        image: certbot/certbot
+        restart: unless-stopped
+        container_name: "${PROJECT}-certbot"
+        networks:
+            - "back"
+        volumes:
+            - ./certs:/etc/letsencrypt
+            - ./certs-data:/data/letsencrypt
+        entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
 
     wordpress-cli:
         image: ${IMAGE_WORDPRESS_CLI}
@@ -94,20 +106,8 @@ services:
             - ./wordpress:/var/www/html
 
             - './wp-init.sh:/usr/local/bin/wp-init.sh'
-        command: >
-            /bin/sh -c '
-                sleep 15;
-                echo "WP CLI init";
-
-                wp core update --force;
-                wp core update-db --network;
-
-                wp language core update;
-                wp language theme update --all;
-                wp language plugin update --all;
-
-                echo "WP CLI done. Ready to use.";
-            '
+        command:
+            - wp-init.sh
 
 networks:
     front:

init-letsencrypt.sh

+#!/bin/bash
+
+if ! [ -x "$(command -v docker-compose)" ]; then
+  echo 'Error: docker-compose is not installed.' >&2
+  exit 1
+fi
+
+# domains=(example.org www.example.org)
+domains=(staging.biuro.lt staging.biuro.lv staging.biuro.ee)
+rsa_key_size=4096
+# data_path="./data/certbot"
+data_path="./certs"
+email="simonas.cereska@biuro.eu" # Adding a valid address is strongly recommended
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+
+if [ -d "$data_path" ]; then
+  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
+  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
+    exit
+  fi
+fi
+
+
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "$data_path/conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  echo
+fi
+
+echo "### Creating dummy certificate for $domains ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$data_path/conf/live/$domains"
+docker-compose run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:1024 -days 1\
+    -keyout '$path/privkey.pem' \
+    -out '$path/fullchain.pem' \
+    -subj '/CN=localhost'" certbot
+echo
+
+
+echo "### Starting nginx ..."
+docker-compose up --force-recreate -d nginx
+echo
+
+echo "### Deleting dummy certificate for $domains ..."
+docker-compose run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/$domains && \
+  rm -Rf /etc/letsencrypt/archive/$domains && \
+  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+echo
+
+
+echo "### Requesting Let's Encrypt certificate for $domains ..."
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+# Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+# Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /data/letsencrypt \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+echo
+
+echo "### Reloading nginx ..."
+docker-compose exec nginx nginx -s reload

nginx/conf.d/server-shared.conf

@@ -13,8 +13,8 @@ include h5bp/cross-origin/requests.conf;
 root /var/www/html;
 index index.php;
 
-ssl_certificate                 /etc/letsencrypt/staging.biuro/fullchain.pem;
-ssl_certificate_key          /etc/letsencrypt/staging.biuro/private.key;
+ssl_certificate                 /etc/letsencrypt/live/staging.biuro.lt/fullchain.pem;
+ssl_certificate_key          /etc/letsencrypt/live/staging.biuro.lt/privkey.pem;
 
 location / {
     try_files $uri $uri/ /index.php?$args;

wp-init.sh

-sleep 60;
+sleep 15;
+echo "WP CLI init";
 
-echo "WP CLI init"
+wp core update --force;
+wp core update-db --network;
+wp core language update;
 
-# !/usr/bin/env sh
+wp language core update;
+wp language theme update --all;
+wp language plugin update --all;
 
-# Install WordPress.
-# wp core install \
-#     --path="/var/www/html"\
-#     --title="Biuro" \
-#     --admin_user="biuro" \
-#     --admin_password="laikinas2587" \
-#     --admin_email="info@biuro.eu" \
-#     --url="https://dev.biuro.lt" \
-#     --skip-email
-
-# https://www.exove.com/blog/developing-with-wordpress-part-4-wp-cli-basics/
-
-# https://developer.wordpress.org/cli/commands/
-
-# WP update
-wp core update --force
-wp core update-db --network
-
-# Update permalink structure.
-wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins
-# wp option update timezone_string "Europe/Vilnius"
-# wp option update date_format "Y-m-d"
-wp option update time_format "H:i"
-
-# Install plugins
-# wp plugin install permalink-manager --force --activate-network
-wp plugin install pods --activate-network
-wp plugin install polylang --activate-network
-wp plugin install wordpress-seo --activate-network
-wp plugin install loco-translate --activate-network;
-wp plugin install google-sitemap-generator --activate-network;
-
-# Update all plugins
-wp plugin update --all
-
-# Activate plugin.
-wp plugin activate akismet --network
-
-wp plugin activate biuro-contacts --network
-wp plugin activate biuro-feedbacks --network
-wp plugin activate biuro-html --network
-wp plugin activate biuro-sections --network
-wp plugin activate biuro-services --network
-wp plugin activate biuro-values --network
-
-wp plugin activate cookies-warning --network
-wp plugin activate data-controller --network
-wp plugin activate jobs-importer --network
-
-# WP themes
-wp theme update --all
-wp theme activate biuro
-
-# Update translations
-wp language core update
-wp language theme update --all
-wp language plugin update --all
-
-echo "WP CLI done. Ready to use."
+echo "WP CLI done. Ready to use.";