I have a Wordpress instance on Azure App Service. I release it as an Azure Docker Container. I use a single DockerFile. My release process is working as expected but it's updating my wp-content folder after each release. I'm missing my new media files.
How can I secure them? Or can I download all media items via any plugins etc?
DockerFile
FROM wordpress:5.9.2-php7.3-apache
COPY html /var/www/html
# ssh
ENV SSH_PASSWD "root:Docker!"
RUN apt-get update \
&& apt-get install -y --no-install-recommends dialog \
&& apt-get update \
&& apt-get install -y --no-install-recommends openssh-server \
&& echo "$SSH_PASSWD" | chpasswd
COPY sshd_config /etc/ssh/
COPY init.sh /usr/local/bin/
RUN chmod u+x /usr/local/bin/init.sh
EXPOSE 8000 2222
ENTRYPOINT ["init.sh"]
init.sh
#!/bin/bash
set -e
echo "Starting SSH ..."
service ssh start
chown -R www-data:www-data /var/www/html/
chown -R www-data:www-data /var/www/html/wp-content/
chmod -R 775 /var/www/html/
chmod -R 775 /var/www/html/wp-content/
apache2-foreground
Thanks.
Related
I'm building a website using docker-compose and 3 docker containers (mariadb/nginx/wordpress) and I want to install wordpress in a script, so my wordpress Dockerfile looks like this
from debian:buster
run apt-get update -y;\
apt-get install -y curl mariadb-client\
php php7.3 php7.3-fpm php7.3-mysql php-common php7.3-cli\
php7.3-common php7.3-json php7.3-opcache php7.3-readline\
php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc\
php-zip
run mkdir -p /var/www/html;\
cd /var/www/html
add conf/php-fpm.conf /etc/php/7.3/fpm/pool.d/www.conf
add conf/init_wp.sh /tmp
run mkdir -p /var/run /run/php
run curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
run chmod +x wp-cli.phar
run mv wp-cli.phar /usr/local/bin/wp
workdir /var/www/html
run wp core download --allow-root
run chown -R www-data:www-data /var/www/html
cmd [ "sh", "/tmp/init_wp.sh" ]
and my entrypoint script looks like this
FILE=/var/www/html/.exist
if [ ! -f "$FILE" ]
then
echo "Setting up wordpress"
rm -rf /var/www/html/wp-config.php
wp config create --dbname=$DB_NAME --dbuser=$WP_USER --dbpass=$WP_PASSWORD --dbhost="mariadb" --path="/var/www/html/" --allow-root --skip-check
wp core install --url="localhost" --title="inception" --admin_user=$ADMIN_USER --admin_password=$ADMIN_PASSWORD --admin_email=$ADMIN_EMAIL --path="/var/www/html/" --allow-root
wp user create testuser testuser#student.42.fr --role=author --user_pass="abc123" --allow-root
touch /var/www/html/.exist
fi
echo "Wordpress setup done"
exec php-fpm7.3 -F -R
but when I load the website for the first time I still get redirected to the wordpress installation page, shouldn't wp config create and wp core install do this for me ?
What did I do wrong?
mariadb works fine after the wordpress installation so the problem doesn't seem to come from here, so am I missing an element in the install script ?
I deployed a dockerized Laravel project to Google Cloud Run. The CSS works great locally. When I go to the page that is hosted, there are no styles applied. When I inspect the page, I see that the CSS has been found and is correct, but the styles are not applied.
Here is my dockerfile
FROM php:7.4-fpm-alpine
RUN apk add --no-cache nginx wget
RUN mkdir -p /run/nginx
COPY docker/nginx.conf /etc/nginx/nginx.conf
RUN mkdir -p /app
COPY . /app
RUN sh -c "wget http://getcomposer.org/composer.phar && chmod a+x composer.phar && mv composer.phar /usr/local/bin/composer"
RUN cd /app && \
/usr/local/bin/composer install --no-dev
RUN chown -R www-data: /app
CMD sh /app/docker/startup.sh
I'm trying to create a Dockerfile which runs as non-root user.
When i building this all works fine, but nginx cannot write the log file because it dosen't have enough permissions. Can I, when building a Docker, give root permissions only for nginx?
I'm trying chmod, chown for blocked directories. Doesn't work
FROM php:7.1-fpm-alpine
RUN apk add --no-cache shadow
RUN apk add --no-cache --virtual .ext-deps \
openssl \
unzip \
libjpeg-turbo-dev \
libwebp-dev \
libpng-dev \
freetype-dev \
libmcrypt-dev \
imagemagick-dev \
nodejs-npm \
nginx \
git \
inkscape
# imagick
RUN apk add --update --no-cache autoconf g++ imagemagick-dev libtool make pcre-dev \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& apk del autoconf g++ libtool make pcre-dev
# Install Blackfire
RUN version=$(php -r "echo PHP_MAJOR_VERSION.PHP_MINOR_VERSION;") \
&& curl -A "Docker" -o /tmp/blackfire-probe.tar.gz -D - -L -s https://blackfire.io/api/v1/releases/probe/php/linux/amd64/$version \
&& tar zxpf /tmp/blackfire-probe.tar.gz -C /tmp \
&& mv /tmp/blackfire-*.so $(php -r "echo ini_get('extension_dir');")/blackfire.so \
&& printf "extension=blackfire.so\nblackfire.agent_socket=tcp://blackfire:8707\n" > $PHP_INI_DIR/conf.d/blackfire.ini
RUN apk add -y icu-dev \
&& docker-php-ext-configure intl \
&& docker-php-ext-install intl
RUN docker-php-ext-configure pdo_mysql && \
docker-php-ext-configure opcache && \
docker-php-ext-configure exif && \
docker-php-ext-configure pdo && \
docker-php-ext-configure zip && \
docker-php-ext-configure gd \
--with-jpeg-dir=/usr/include --with-png-dir=/usr/include --with-webp-dir=/usr/include --with-freetype-dir=/usr/include && \
docker-php-ext-configure sockets && \
docker-php-ext-configure mcrypt
RUN docker-php-ext-install pdo zip pdo_mysql opcache exif gd sockets mcrypt && \
docker-php-source delete
RUN ln -s /usr/bin/php7 /usr/bin/php && \
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
mkdir -p /run/nginx
COPY ./init.sh /
COPY ./default.conf /etc/nginx/conf.d/default.conf
COPY ./.env /
RUN chmod +x /init.sh
EXPOSE 80
RUN addgroup -g 1001 node \
&& adduser -u 1001 -G node -s /bin/sh -D node
ARG UID=1001
ARG GID=1001
ENV UID=${UID}
ENV GID=${GID}
RUN usermod -u $UID node \
&& groupmod -g $GID node
RUN chown 1001:1001 /var/lib/nginx -R
RUN mkdir -p /var/tmp/nginx
RUN chown 1001:1001 /var/tmp/nginx -R
USER node
ENTRYPOINT [ "/init.sh" ]
There are quite a few unknowns in your question, for example, the contents of your default.conf file. By default the nginx logs are stored in /var/log/nginx, but I'll assume you're overriding that in the configuration.
The next thing is that the master process of nginx needs to be run as root if you wan't it to be able to bind to system ports (0 - 1023) so in case you are using nginx as a web server and intend to use ports 80 and 443 you should stick with running the nginx process as root.
In case you plan to use other ports and are set on the idea of running the master process as non-root, then you can check this answer for suggestions on how to do that - https://stackoverflow.com/a/42329561/5359953
I am using the term master process a lot here, because nginx spawns worker processes to handle the actual requests and those can be run as a different user (Defined in the nginx configuration file)
I found the solution. I just changed RUN chown 1001:1001 /var/lib/nginx -R to RUN chown -R 1001:1001 /var/. Thats works fine
RUN chown -R 1001:1001 /var/
sometimes it's will be actually bad decision.
u can try add permissions like this
RUN chown -R 1001:1001 /var/tmp/nginx
RUN chown -R 1001:1001 /var/lib/nginx
RUN chown -R 1001:1001 /var/log/nginx
RUN chown -R 1001:1001 /run/nginx
I guess RUN chown 1001:1001 /var/lib/nginx -R work wrong because I set the flag -R too late
Is it possible to create a dependency on a program outside of the project? e.g. I'm trying
composer: /usr/local/bin/composer
sudo wget --no-check-certificate https://getcomposer.org/composer.phar -O /usr/local/bin/composer && sudo chmod +x /usr/local/bin/composer
But when I set this as a dependency for another target it always runs even though the file is there.
I think this works:
COMPOSER_BIN = $(shell command -v composer || command -v /usr/bin/composer || echo "___composer___")
$(COMPOSER_BIN):
sudo wget --no-check-certificate https://getcomposer.org/composer.phar --output-document /usr/local/bin/composer && sudo chmod +x /usr/local/bin/composer
I'm just not sure about the fallback command...
Dockerfile
FROM wordpress
ENV REFRESHED_AT 2015-08-12
ADD \
composer.json /var/www/html
ADD \
composer.lock /var/www/html
# install the PHP extensions
RUN \
apt-get -qq update && \
apt-get -y upgrade && \
apt-get install -y vim wget && \
rm -rf /var/lib/apt/lists/*
# Symlink User's "wp-content" folder into the newly installed Wordpress
RUN \
rm -rf /usr/src/wordpress/wp-content/plugins/* && \
rm -rf /usr/src/wordpress/wp-content/themes/* && \
cp -fr /usr/src/wordpress/* /var/www/html/ && \
chown -R www-data:www-data /var/www/html/
# volume for mysql database and wordpress install
VOLUME ["/var/www/html/wp-content/plugins", "/var/www/html/wp-content/themes"]
# Define working directory.
WORKDIR /var/www/html/
EXPOSE 80 3306
CMD ["apache2-foreground"]
Docker Compose File
wordpress:
build: .
links:
- mysql
- composer
volumes:
- wp-content/plugins/:/var/www/html/wp-content/plugins
- wp-content/themes/:/var/www/html/wp-content/themes
environment:
- WORDPRESS_DB_PASSWORD=__WORDPRESS_DB_PASSWORD__
- WORDPRESS_DB_NAME=__WORDPRESS_DB_NAME__
# - WORDPRESS_DB_USER=__WORDPRESS_DB_USER__
ports:
- "9888:80"
mysql:
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=__WORDPRESS_DB_PASSWORD__
- MYSQL_DATABASE=__WORDPRESS_DB_NAME__
composer:
image: composer/composer
Question details
I'm able to ADD the composer.json and composer.lock files to the working directory. I can confirm that these two files are in the working directory.
What I need is for the Dockerfile (or wherever) to also automatically install the dependencies into the working directory.
According to Docker Hub, https://hub.docker.com/r/composer/composer/,
I should be able to docker run -v $(pwd):/app composer/composer install to install the dependencies but how do I do this in Dockerfile?
Also I'm confused because the -v flag, https://docs.docker.com/engine/userguide/dockervolumes/, has to do with mounting the specified host directory into the a container but I've already ADDed the necessary files to the working directory. All I want to do is install the dependencies.
Thank you for your help.
You just need to mount the current directory to /app when running your composer container. I've put together a simple example to illustrate this working at https://gist.github.com/andyshinn/e2c428f2cd234b718239.
The key parts here are the volumes for the composer part of the application and the restart: 'yes' on the primary PHP application (the application likely will not run until Composer has run so you will want it to restart).