Failed to open stream when fetching URL in docker container - wordpress

I have local docker setup with nginx as reverse proxy, self-signed SSL certs, mariadb, and wordpress.
Everything works well except when fetching resources on the local domain.
Let's say the domain name is myapp.local. I have added this in the /etc/hosts and the site is loading on this domain over https.
Problem occurs when php functions like file_get_contents() or simplexml_load_file() are fetching local assets.
For an example: file_get_contents('https://myapp.local/icon.svg');
Then I get a warning:
Failed to open stream: Connection refused
Here is my docker-compose file:
${DOMAIN} is set to myapp.local in .env file.
version: '3.6'
services:
nginx:
container_name: myapp-nginx
image: nginx:latest
ports:
- 80:80
- 443:443
volumes:
- ./config/nginx.conf:/tmp/default.template
- ./certs:/etc/certs
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- wordpress
restart: always
entrypoint: /bin/bash -c 'cat /tmp/default.template | sed "s/\\\$$domain/${DOMAIN}/g" > /etc/nginx/conf.d/default.conf && nginx -g "daemon off;"'
networks:
webnet:
aliases:
- myapp.local
mysql:
container_name: myapp-mysql
image: mariadb:latest
volumes:
- ./db_data:/var/lib/mysql
- ./config/db.cnf:/etc/mysql/conf.d/db.cnf
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: root
MYSQL_PASSWORD: root
MYSQL_DATABASE: myapp
restart: always
ports:
- 3306:3306
networks:
- webnet
wordpress:
container_name: myapp-wordpress
image: wordpress:php8.0-fpm
volumes:
- ./config/php.ini:/usr/local/etc/php/conf.d/php.ini
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- mysql
restart: always
environment:
WORDPRESS_DB_NAME: myapp
WORDPRESS_TABLE_PREFIX: wp_
WORDPRESS_DB_HOST: mysql
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: root
WORDPRESS_DEBUG: 1
networks:
- webnet
extra_hosts:
- "myapp.local:127.0.0.1"
networks:
webnet:
external: true
driver: bridge
volumes:
db_data: {}
wp_data: {}
nginx conf:
server {
listen 80;
listen [::]:80;
server_name $domain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $domain www.$domain;
ssl_certificate /etc/certs/$domain.pem;
ssl_certificate_key /etc/certs/$domain-key.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_types text/plain application/javascript text/css text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype;
client_max_body_size 100M;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I'm struggling with this for weeks. I've tried numerous options and I'm stuck. What am I missing here? Any help is appreciated.
p.s.: rewriting/swapping functions isn't an option since these are coming from third-party plugins.

Related

Huge performance lacks wordpress in docker including NGINX in server

I have own dedicated server with 4CPU, 16GB RAM ... I installed docker there with following docker-compose configurations:
version: '3.2'
services:
wordpress:
build:
context: './'
dockerfile: Dockerfile.wordpress
container_name: my-test-page-wp
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
working_dir: /var/www/html
volumes:
- ./wp:/var/www/html
- ./config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- ./config/.htaccess:/var/www/html/.htaccess
- ./config/ads.txt:/var/www/html/ads.txt
- ./plugins:/var/www/html/wp-content/plugins
- ./data:/var/www/html/wp-content/uploads
- ./themes:/var/www/html/wp-content/themes
environment:
- WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
- WORDPRESS_DB_NAME=${MYSQL_DATABASE}
- WORDPRESS_DB_USER=${MYSQL_USER}
- WORDPRESS_DB_PASSWORD=${MYSQL_PASSWORD}
- WORDPRESS_CONFIG_EXTRA=
define('WP_REDIS_HOST', 'redis' );
define('WP_REDIS_PORT', 6379);
mysqldb:
image: mysql:8
container_name: my-test-page-db
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
volumes:
- ./db_data:/var/lib/mysql
command:
- '--default-authentication-plugin=mysql_native_password'
nginx:
container_name: nginx
image: nginx:latest
restart: unless-stopped
env_file:
- .env
depends_on:
- wordpress
environment:
- "DOMAIN=${DOMAIN}"
networks:
- wordpress
ports:
- 80:80
- 443:443
volumes:
- "./nginx/conf/:/etc/nginx/conf.d/"
- ./certbot/conf:/etc/nginx/ssl
- ./wp:/var/www/html
- ./config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- ./config/.htaccess:/var/www/html/.htaccess
- ./config/ads.txt:/var/www/html/ads.txt
- ./plugins:/var/www/html/wp-content/plugins
- ./data:/var/www/html/wp-content/uploads
- ./themes:/var/www/html/wp-content/themes
certbot:
container_name: certbot
depends_on:
- wordpress
networks:
- wordpress
image: certbot/certbot:latest
command: certonly --webroot --webroot-path=/var/www/html --email test#test.com --agree-tos --no-eff-email -d my-test-page.games -d www.my-test-page.games --keep-until-expiring
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/logs:/var/log/letsencrypt
- ./certbot/data:/var/www/html
redis:
image: 'redis:latest'
ports:
- '6379:6379'
restart: always
networks:
- wordpress
expose:
- '6379'
networks:
wordpress:
driver: bridge
I'm using following configuration for NGINX:
server {
listen 80;
listen [::]:80;
server_name my-test-page.games www.my-test-page.games;
return 301 https://my-test-page.games$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.my-test-page.games;
# update ssl files as required by your deployment
ssl_certificate /etc/nginx/ssl/live/my-test-page.games/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my-test-page.games/privkey.pem;
return 301 https://my-test-page.games$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my-test-page.games;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
client_max_body_size 75M;
# update ssl files as required by your deployment
ssl_certificate /etc/nginx/ssl/live/my-test-page.games/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my-test-page.games/privkey.pem;
# logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(eot|otf|woff|woff2|ttf|rss|atom|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Media: images, icons, video, audio send expires headers.
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript send expires headers.
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# HTML send expires headers.
location ~* \.(html)$ {
expires 7d;
access_log off;
add_header Cache-Control "public";
}
# Browser caching of static assets.
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
add_header Cache-Control "public, no-transform";
}
# Enable Gzip compression in NGNIX.
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
# Setup var defaults
set $no_cache "";
# If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
if ($request_method !~ ^(GET|HEAD)$) {
set $no_cache "1";
}
# Don't cache logged in users or commenters
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_|wp-settings-|wp-resetpass-|woocommerce_" ) {
set $no_cache "1";
}
# Don't cache admin URLs
if ($request_uri ~* "/(wp-admin/|wp-login.php)") {
set $no_cache "1";
}
# Don't cache WooCommerce dynamic content
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*|/administrator.*|/resetpass.*|\?(add-to-cart|wc-api|wc-ajax=get_refreshed_fragments)=") {
set $no_cache "1";
}
# Drop no cache cookie if need be
# (for some reason, add_header fails if included in prior if-block)
if ($no_cache = "1") {
add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
add_header X-Microcachable "0";
}
# Bypass cache if no-cache cookie is set
if ($http_cookie ~* "_mcnc") {
set $no_cache "1";
}
# Bypass cache if flag is set
fastcgi_no_cache $no_cache;
fastcgi_cache_bypass $no_cache;
fastcgi_cache_valid 404 30s;
fastcgi_cache_valid 200 10s;
fastcgi_max_temp_file_size 1M;
#Use stale cache items while updating in the background
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_cache_lock on;
fastcgi_cache_lock_timeout 10s;
fastcgi_read_timeout 300;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
# Ignore headers set by WordPress
fastcgi_ignore_headers Cache-Control Expires;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass wordpress:9000;
}
}
Everything works as expected, perfect performance without any issue, fast loading (~50-100ms)... Problem is when I switch DNS of my website to this server, (where I have ~300 users mer minute) whole performance goes down, meaning, that loading of website is ~20-50seconds(!!!) extremely. .. I tried to use caching (I'm using that but without success) ... Weird completely is that load of my server is ~ 20-30%, not more ...
Maybe (not sure if it has impact) a reason is limit of IO Operations? In ./data there is ~30gb of data...

Nginx wordpress website loading on /blog domain but files not loading

Im trying to containerize my Wordpress installation.
Although Wordpress is installed in the root directory, I need to server it on www.example.com/blog domain.
Setup:
Following is my docker-compose file (I'm loading variables using an .env file):
version: '3.9'
services:
wordpress:
# default port 9000 (FastCGI)
image: wordpress:6.1.1-fpm
container_name: wp-wordpress
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
depends_on:
- database
volumes:
- ${WORDPRESS_LOCAL_HOME}:/var/www/html
- ${WORDPRESS_UPLOADS_CONFIG}:/usr/local/etc/php/conf.d/uploads.ini
environment:
- WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
- WORDPRESS_DB_NAME=${WORDPRESS_DB_NAME}
- WORDPRESS_DB_USER=${WORDPRESS_DB_USER}
- WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD}
database:
# default port 3306
image: mysql:8
container_name: wp-database
ports:
- 3306:3306
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
volumes:
- ${MYSQL_LOCAL_HOME}:/var/lib/mysql
command:
- '--default-authentication-plugin=mysql_native_password'
nginx:
# default ports 80, 443 - expose mapping as needed to host
image: nginx:1
container_name: wp-nginx
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
depends_on:
- wordpress
ports:
- "8080:80" # http
- "443:443" # https
volumes:
- ${WORDPRESS_LOCAL_HOME}:/var/www/html
- ${NGINX_CONF}:/etc/nginx/conf.d/default.conf
- ${NGINX_SSL_CERTS}:/etc/ssl:ro
- ${NGINX_LOGS}:/var/log/nginx
networks:
wordpress:
name: wp-wordpress
driver: bridge
Following is my nginx config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
client_max_body_size 75M;
# update ssl files as required by your deployment
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
# logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
# some security headers ( optional )
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location /blog {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /favicon.svg {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
What is working:
The blog is accessible on https://www.example.com/blog
What is not working:
The blog tries to load files at https://www.example.com/blog/wp-content/themes/my-theme/images/sprite.webp
This returns as 404
The file is accessible on the url without /blog (https://www.example.com/wp-content/themes/my-theme/images/sprite.webp)
I think it should only be a tweek in nginx conf to get the files to load, but Im unable to figure that out.

wordpress page, post url on nginx inside docker container automatically redirect to root domain with 301 status

I have successfully setup a wordpress site running on a dockerized nginx. When the wordpress site is up and running, I can go to the home page: https://my_domain.com or any links or at after wp-admin/... without any problem.
But when I go to https://my_domain.com/sample-page or https://my_domain.com/post-id it immediately redirects to the root domain http://my_domain.com
wordpress nginx post, page url automatically redirects to root domain
with exception route /wp-admin/ when accessed redirects correctly to https://my_domain.com/wp-admin/login.php if not logged in and to https://my_domain.com/wp-admin/ if logged in
Here is my nginx config at /nginx/default.conf:
server {
listen 80;
listen [::]:80;
server_name my_domain.com www.my_domain.com;
location / {
return 301 https://my_domain.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my_domain.com www.my_domain.com;
index index.php index.html index.htm;
root /var/www/html/wordpress;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/my_domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my_domain.com/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
location / {
try_files $uri $uri/ /index.php$is_args$args;
proxy_pass http://wordpress_host:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_pass http://wordpress_host:80;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I also config at wp-config.php:
define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
define('WP_SITEURL', 'https://www.my_domain.com/');
define('WP_HOME', 'https://www.my_domain.com/');
Update:
Here the docker compose file:
version: '3';
services:
nginx:
image: nginx:stable-alpine
ports:
- "80:80" # nginx listen on 80
- "443:443"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./wordpress/app:/var/www/html/wordpress
db:
image: mysql:8.0
container_name: db-example
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- MYSQL_DATABASE=example
volumes:
- ./wordpress/dbdata:/var/lib/mysql
#- ./wordpress/db/db.sql:/docker-entrypoint-initdb.d/install_wordpress.sql #if you have db.sql of project input here
command: '--default-authentication-plugin=mysql_native_password'
wordpress_host:
depends_on:
- db
image: wordpress
container_name: wordpress_host
ports:
- "8080:80"
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=root
- WORDPRESS_DB_PASSWORD=root
- WORDPRESS_DB_NAME=example
volumes:
- ./wordpress/app:/var/www/html/wordpress
volumes:
wordpress-host:
dbdata
:
.env file:
MYSQL_ROOT_PASSWORD=root
MYSQL_USER=example
MYSQL_PASSWORD=password

How to config dockerized wordpress nginx that using 'different domain per language' of WPML?

Now here is a domain that cool.XXXXXX.com in use.
I want to show my Japanese version with domain called jp-cool.XXXXXX.com
I set the SSL with letencrypt
certbot certonly --standalone -d jp-cool.XXXXXX.com --staple-ocsp -m root#jp-cool.XXXXXX.com --agree-tos
docker-compose.yml
version: "3.3"
services:
XXXXweb-db:
image: mysql:5.7.26
restart: always
container_name: XXXXweb-db
environment:
MYSQL_HOST: XXXXweb-db
MYSQL_DATABASE: ${DB_NAME}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASS}
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
volumes:
- ./data:/var/lib/mysql:delegated
- ./logs/mysql:/var/log/mysql:delegated
- ./conf/mysql.cnf:/etc/mysql/my.cnf:delegated
ports:
- "3306:3306"
expose:
- 3306
security_opt:
- seccomp:unconfined
XXXXweb-nginx:
image: nginx:1.17.1-alpine
restart: always
ports:
- "80:80"
- "443:443"
expose:
- 80
- 443
volumes:
- ./logs:/var/log/nginx:delegated
- ./conf/${NGINX_CONFIG_NAME}:/etc/nginx/nginx.conf:delegated
- ${CERT_PATH}:/etc/letsencrypt:delegated
- ./:/wwwroot:delegated
depends_on:
- XXXXweb-db
- XXXXweb-php
logging:
driver: "json-file"
options:
max-size: "100m"
XXXXweb-php:
image: php-XXXX
restart: always
ports:
- "9000:9000"
expose:
- 9000
volumes:
- ./logs:/var/log:delegated
- ./:/wwwroot:delegated
healthcheck:
test: ["CMD-SHELL", "pidof php-fpm"]
interval: 5s
retries: 12
logging:
driver: "json-file"
options:
max-size: "100m"
nginx-server.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log on;
sendfile on;
keepalive_timeout 65;
client_max_body_size 100M;
server {
listen 80;
server_name cool.XXXXXX.com;
return 301 https://cool.XXXXXX.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
## Your website name goes here.
server_name cool.XXXXXX.com;
## Your only path reference.
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
}
After I add
server {
listen 80;
server_name jp-cool.XXXXXX.com;
return 301 https://jp-cool.XXXXXX.com$request_uri;
}
It works for http insecure connection.
However after I add a jp-cool.XXXXXX.com duplicate part of cool.XXXXXX.com, just one of them could work.
And I got invalid on the WPML panel when setting 'different domain per language'.
Without docker, I could setting different domain in local nginx /etc/nginx/site-available
But I can't set it up with dockerized nginx.
If you have no wildcard certificate your only option is to duplicate server block per certificate. Here's how you can do it:
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
server_name cool.XXXXXX.com;
include common;
}
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/jp-cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jp-cool.XXXXXX.com/privkey.pem;
server_name jp-cool.XXXXXX.com;
include common;
}
To follow DRY principle, put the rest of the server block into a separate file. I've used 'common' as a name for that file, you need to place it in /etc/nginx/ or you'd have to change path in blocks above. /etc/nginx/common:
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
Also you can do HTTPS redirects with one server:
server {
listen 80;
server_name cool.XXXXXX.com;
server_name jp-cool.XXXXXX.com;
return 301 https://$host$request_uri;
}

WP Docker container fails Connection Error: (2002)

I'm launching the following docker-compose:
version: '2'
services:
wp_db:
image: mysql:5.7
container_name: imaxinaria_mysql2
volumes:
- "./.data/db:/var/lib/mysql"
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: password
wp_web:
image: nginx
restart: always
ports:
- 80:80
- 443:443
#log_driver: syslog
links:
- wordpress
volumes:
- ./wp:/var/www/html
- ./etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./var/log/nginx:/var/log/nginx
- ./etc/letsencrypt:/etc/letsencrypt
- ./etc/nginx/certs/dhparam.pem:/etc/nginx/certs/dhparam.pem
wordpress:
depends_on:
- wp_db
image: wordpress:latest
container_name: imaxinaria2
volumes:
- "./wp:/var/www/html"
- "./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini"
links:
- wp_db:mysql
expose:
- 80
- 443
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD: password
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_NAME: wordpress
And getting the following ERROR on WP continer log:
Warning: mysqli::mysqli(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in - on line 10
Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
my nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server {
listen 80;
server_name lab.imaxinaria.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/lab.imaxinaria.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lab.imaxinaria.org/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/certs/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/lab.imaxinaria.org/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=86400;
root /var/www/html;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
root /var/www/html;
fastcgi_pass wp_db:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}
}
}
Could you help me to solve this? Anyway my goal is to launch several wp with persistence behind a Nginx proxy with SSL. If there is a better way let me know.
Thanks in advance.
UPDATE: I tried to use this image as well https://github.com/docker-library/wordpress but getting same results.
Also checked wp-config.php and everything seems alright with DB_USER, DB_PASSWORD and DB_HOST.
Also found that this error could be a bad linking between mysql and wp containers, but they are supposed to be linked as the rule is given on docker-compose.yml
Solved erasing WORDPRESS_DB_HOST: db:3306 from docker-compose.yml

Resources