I have local docker setup with nginx as reverse proxy, self-signed SSL certs, mariadb, and wordpress.
Everything works well except when fetching resources on the local domain.
Let's say the domain name is myapp.local. I have added this in the /etc/hosts and the site is loading on this domain over https.
Problem occurs when php functions like file_get_contents() or simplexml_load_file() are fetching local assets.
For an example: file_get_contents('https://myapp.local/icon.svg');
Then I get a warning:
Failed to open stream: Connection refused
Here is my docker-compose file:
${DOMAIN} is set to myapp.local in .env file.
version: '3.6'
services:
nginx:
container_name: myapp-nginx
image: nginx:latest
ports:
- 80:80
- 443:443
volumes:
- ./config/nginx.conf:/tmp/default.template
- ./certs:/etc/certs
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- wordpress
restart: always
entrypoint: /bin/bash -c 'cat /tmp/default.template | sed "s/\\\$$domain/${DOMAIN}/g" > /etc/nginx/conf.d/default.conf && nginx -g "daemon off;"'
networks:
webnet:
aliases:
- myapp.local
mysql:
container_name: myapp-mysql
image: mariadb:latest
volumes:
- ./db_data:/var/lib/mysql
- ./config/db.cnf:/etc/mysql/conf.d/db.cnf
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: root
MYSQL_PASSWORD: root
MYSQL_DATABASE: myapp
restart: always
ports:
- 3306:3306
networks:
- webnet
wordpress:
container_name: myapp-wordpress
image: wordpress:php8.0-fpm
volumes:
- ./config/php.ini:/usr/local/etc/php/conf.d/php.ini
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- mysql
restart: always
environment:
WORDPRESS_DB_NAME: myapp
WORDPRESS_TABLE_PREFIX: wp_
WORDPRESS_DB_HOST: mysql
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: root
WORDPRESS_DEBUG: 1
networks:
- webnet
extra_hosts:
- "myapp.local:127.0.0.1"
networks:
webnet:
external: true
driver: bridge
volumes:
db_data: {}
wp_data: {}
nginx conf:
server {
listen 80;
listen [::]:80;
server_name $domain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $domain www.$domain;
ssl_certificate /etc/certs/$domain.pem;
ssl_certificate_key /etc/certs/$domain-key.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_types text/plain application/javascript text/css text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype;
client_max_body_size 100M;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I'm struggling with this for weeks. I've tried numerous options and I'm stuck. What am I missing here? Any help is appreciated.
p.s.: rewriting/swapping functions isn't an option since these are coming from third-party plugins.
Related
I have own dedicated server with 4CPU, 16GB RAM ... I installed docker there with following docker-compose configurations:
version: '3.2'
services:
wordpress:
build:
context: './'
dockerfile: Dockerfile.wordpress
container_name: my-test-page-wp
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
working_dir: /var/www/html
volumes:
- ./wp:/var/www/html
- ./config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- ./config/.htaccess:/var/www/html/.htaccess
- ./config/ads.txt:/var/www/html/ads.txt
- ./plugins:/var/www/html/wp-content/plugins
- ./data:/var/www/html/wp-content/uploads
- ./themes:/var/www/html/wp-content/themes
environment:
- WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
- WORDPRESS_DB_NAME=${MYSQL_DATABASE}
- WORDPRESS_DB_USER=${MYSQL_USER}
- WORDPRESS_DB_PASSWORD=${MYSQL_PASSWORD}
- WORDPRESS_CONFIG_EXTRA=
define('WP_REDIS_HOST', 'redis' );
define('WP_REDIS_PORT', 6379);
mysqldb:
image: mysql:8
container_name: my-test-page-db
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
volumes:
- ./db_data:/var/lib/mysql
command:
- '--default-authentication-plugin=mysql_native_password'
nginx:
container_name: nginx
image: nginx:latest
restart: unless-stopped
env_file:
- .env
depends_on:
- wordpress
environment:
- "DOMAIN=${DOMAIN}"
networks:
- wordpress
ports:
- 80:80
- 443:443
volumes:
- "./nginx/conf/:/etc/nginx/conf.d/"
- ./certbot/conf:/etc/nginx/ssl
- ./wp:/var/www/html
- ./config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- ./config/.htaccess:/var/www/html/.htaccess
- ./config/ads.txt:/var/www/html/ads.txt
- ./plugins:/var/www/html/wp-content/plugins
- ./data:/var/www/html/wp-content/uploads
- ./themes:/var/www/html/wp-content/themes
certbot:
container_name: certbot
depends_on:
- wordpress
networks:
- wordpress
image: certbot/certbot:latest
command: certonly --webroot --webroot-path=/var/www/html --email test#test.com --agree-tos --no-eff-email -d my-test-page.games -d www.my-test-page.games --keep-until-expiring
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/logs:/var/log/letsencrypt
- ./certbot/data:/var/www/html
redis:
image: 'redis:latest'
ports:
- '6379:6379'
restart: always
networks:
- wordpress
expose:
- '6379'
networks:
wordpress:
driver: bridge
I'm using following configuration for NGINX:
server {
listen 80;
listen [::]:80;
server_name my-test-page.games www.my-test-page.games;
return 301 https://my-test-page.games$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.my-test-page.games;
# update ssl files as required by your deployment
ssl_certificate /etc/nginx/ssl/live/my-test-page.games/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my-test-page.games/privkey.pem;
return 301 https://my-test-page.games$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my-test-page.games;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
client_max_body_size 75M;
# update ssl files as required by your deployment
ssl_certificate /etc/nginx/ssl/live/my-test-page.games/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my-test-page.games/privkey.pem;
# logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(eot|otf|woff|woff2|ttf|rss|atom|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Media: images, icons, video, audio send expires headers.
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript send expires headers.
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# HTML send expires headers.
location ~* \.(html)$ {
expires 7d;
access_log off;
add_header Cache-Control "public";
}
# Browser caching of static assets.
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
add_header Cache-Control "public, no-transform";
}
# Enable Gzip compression in NGNIX.
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
# Setup var defaults
set $no_cache "";
# If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
if ($request_method !~ ^(GET|HEAD)$) {
set $no_cache "1";
}
# Don't cache logged in users or commenters
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_|wp-settings-|wp-resetpass-|woocommerce_" ) {
set $no_cache "1";
}
# Don't cache admin URLs
if ($request_uri ~* "/(wp-admin/|wp-login.php)") {
set $no_cache "1";
}
# Don't cache WooCommerce dynamic content
if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*|/administrator.*|/resetpass.*|\?(add-to-cart|wc-api|wc-ajax=get_refreshed_fragments)=") {
set $no_cache "1";
}
# Drop no cache cookie if need be
# (for some reason, add_header fails if included in prior if-block)
if ($no_cache = "1") {
add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
add_header X-Microcachable "0";
}
# Bypass cache if no-cache cookie is set
if ($http_cookie ~* "_mcnc") {
set $no_cache "1";
}
# Bypass cache if flag is set
fastcgi_no_cache $no_cache;
fastcgi_cache_bypass $no_cache;
fastcgi_cache_valid 404 30s;
fastcgi_cache_valid 200 10s;
fastcgi_max_temp_file_size 1M;
#Use stale cache items while updating in the background
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_cache_lock on;
fastcgi_cache_lock_timeout 10s;
fastcgi_read_timeout 300;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
# Ignore headers set by WordPress
fastcgi_ignore_headers Cache-Control Expires;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass wordpress:9000;
}
}
Everything works as expected, perfect performance without any issue, fast loading (~50-100ms)... Problem is when I switch DNS of my website to this server, (where I have ~300 users mer minute) whole performance goes down, meaning, that loading of website is ~20-50seconds(!!!) extremely. .. I tried to use caching (I'm using that but without success) ... Weird completely is that load of my server is ~ 20-30%, not more ...
Maybe (not sure if it has impact) a reason is limit of IO Operations? In ./data there is ~30gb of data...
Im trying to containerize my Wordpress installation.
Although Wordpress is installed in the root directory, I need to server it on www.example.com/blog domain.
Setup:
Following is my docker-compose file (I'm loading variables using an .env file):
version: '3.9'
services:
wordpress:
# default port 9000 (FastCGI)
image: wordpress:6.1.1-fpm
container_name: wp-wordpress
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
depends_on:
- database
volumes:
- ${WORDPRESS_LOCAL_HOME}:/var/www/html
- ${WORDPRESS_UPLOADS_CONFIG}:/usr/local/etc/php/conf.d/uploads.ini
environment:
- WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
- WORDPRESS_DB_NAME=${WORDPRESS_DB_NAME}
- WORDPRESS_DB_USER=${WORDPRESS_DB_USER}
- WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD}
database:
# default port 3306
image: mysql:8
container_name: wp-database
ports:
- 3306:3306
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
volumes:
- ${MYSQL_LOCAL_HOME}:/var/lib/mysql
command:
- '--default-authentication-plugin=mysql_native_password'
nginx:
# default ports 80, 443 - expose mapping as needed to host
image: nginx:1
container_name: wp-nginx
env_file:
- .env
restart: unless-stopped
networks:
- wordpress
depends_on:
- wordpress
ports:
- "8080:80" # http
- "443:443" # https
volumes:
- ${WORDPRESS_LOCAL_HOME}:/var/www/html
- ${NGINX_CONF}:/etc/nginx/conf.d/default.conf
- ${NGINX_SSL_CERTS}:/etc/ssl:ro
- ${NGINX_LOGS}:/var/log/nginx
networks:
wordpress:
name: wp-wordpress
driver: bridge
Following is my nginx config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
client_max_body_size 75M;
# update ssl files as required by your deployment
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
# logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
# some security headers ( optional )
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location /blog {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /favicon.svg {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
What is working:
The blog is accessible on https://www.example.com/blog
What is not working:
The blog tries to load files at https://www.example.com/blog/wp-content/themes/my-theme/images/sprite.webp
This returns as 404
The file is accessible on the url without /blog (https://www.example.com/wp-content/themes/my-theme/images/sprite.webp)
I think it should only be a tweek in nginx conf to get the files to load, but Im unable to figure that out.
I have successfully setup a wordpress site running on a dockerized nginx. When the wordpress site is up and running, I can go to the home page: https://my_domain.com or any links or at after wp-admin/... without any problem.
But when I go to https://my_domain.com/sample-page or https://my_domain.com/post-id it immediately redirects to the root domain http://my_domain.com
wordpress nginx post, page url automatically redirects to root domain
with exception route /wp-admin/ when accessed redirects correctly to https://my_domain.com/wp-admin/login.php if not logged in and to https://my_domain.com/wp-admin/ if logged in
Here is my nginx config at /nginx/default.conf:
server {
listen 80;
listen [::]:80;
server_name my_domain.com www.my_domain.com;
location / {
return 301 https://my_domain.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my_domain.com www.my_domain.com;
index index.php index.html index.htm;
root /var/www/html/wordpress;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/my_domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my_domain.com/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
location / {
try_files $uri $uri/ /index.php$is_args$args;
proxy_pass http://wordpress_host:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_pass http://wordpress_host:80;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I also config at wp-config.php:
define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
define('WP_SITEURL', 'https://www.my_domain.com/');
define('WP_HOME', 'https://www.my_domain.com/');
Update:
Here the docker compose file:
version: '3';
services:
nginx:
image: nginx:stable-alpine
ports:
- "80:80" # nginx listen on 80
- "443:443"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./wordpress/app:/var/www/html/wordpress
db:
image: mysql:8.0
container_name: db-example
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- MYSQL_DATABASE=example
volumes:
- ./wordpress/dbdata:/var/lib/mysql
#- ./wordpress/db/db.sql:/docker-entrypoint-initdb.d/install_wordpress.sql #if you have db.sql of project input here
command: '--default-authentication-plugin=mysql_native_password'
wordpress_host:
depends_on:
- db
image: wordpress
container_name: wordpress_host
ports:
- "8080:80"
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=root
- WORDPRESS_DB_PASSWORD=root
- WORDPRESS_DB_NAME=example
volumes:
- ./wordpress/app:/var/www/html/wordpress
volumes:
wordpress-host:
dbdata
:
.env file:
MYSQL_ROOT_PASSWORD=root
MYSQL_USER=example
MYSQL_PASSWORD=password
Now here is a domain that cool.XXXXXX.com in use.
I want to show my Japanese version with domain called jp-cool.XXXXXX.com
I set the SSL with letencrypt
certbot certonly --standalone -d jp-cool.XXXXXX.com --staple-ocsp -m root#jp-cool.XXXXXX.com --agree-tos
docker-compose.yml
version: "3.3"
services:
XXXXweb-db:
image: mysql:5.7.26
restart: always
container_name: XXXXweb-db
environment:
MYSQL_HOST: XXXXweb-db
MYSQL_DATABASE: ${DB_NAME}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASS}
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
volumes:
- ./data:/var/lib/mysql:delegated
- ./logs/mysql:/var/log/mysql:delegated
- ./conf/mysql.cnf:/etc/mysql/my.cnf:delegated
ports:
- "3306:3306"
expose:
- 3306
security_opt:
- seccomp:unconfined
XXXXweb-nginx:
image: nginx:1.17.1-alpine
restart: always
ports:
- "80:80"
- "443:443"
expose:
- 80
- 443
volumes:
- ./logs:/var/log/nginx:delegated
- ./conf/${NGINX_CONFIG_NAME}:/etc/nginx/nginx.conf:delegated
- ${CERT_PATH}:/etc/letsencrypt:delegated
- ./:/wwwroot:delegated
depends_on:
- XXXXweb-db
- XXXXweb-php
logging:
driver: "json-file"
options:
max-size: "100m"
XXXXweb-php:
image: php-XXXX
restart: always
ports:
- "9000:9000"
expose:
- 9000
volumes:
- ./logs:/var/log:delegated
- ./:/wwwroot:delegated
healthcheck:
test: ["CMD-SHELL", "pidof php-fpm"]
interval: 5s
retries: 12
logging:
driver: "json-file"
options:
max-size: "100m"
nginx-server.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log on;
sendfile on;
keepalive_timeout 65;
client_max_body_size 100M;
server {
listen 80;
server_name cool.XXXXXX.com;
return 301 https://cool.XXXXXX.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
## Your website name goes here.
server_name cool.XXXXXX.com;
## Your only path reference.
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
}
After I add
server {
listen 80;
server_name jp-cool.XXXXXX.com;
return 301 https://jp-cool.XXXXXX.com$request_uri;
}
It works for http insecure connection.
However after I add a jp-cool.XXXXXX.com duplicate part of cool.XXXXXX.com, just one of them could work.
And I got invalid on the WPML panel when setting 'different domain per language'.
Without docker, I could setting different domain in local nginx /etc/nginx/site-available
But I can't set it up with dockerized nginx.
If you have no wildcard certificate your only option is to duplicate server block per certificate. Here's how you can do it:
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
server_name cool.XXXXXX.com;
include common;
}
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/jp-cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jp-cool.XXXXXX.com/privkey.pem;
server_name jp-cool.XXXXXX.com;
include common;
}
To follow DRY principle, put the rest of the server block into a separate file. I've used 'common' as a name for that file, you need to place it in /etc/nginx/ or you'd have to change path in blocks above. /etc/nginx/common:
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
Also you can do HTTPS redirects with one server:
server {
listen 80;
server_name cool.XXXXXX.com;
server_name jp-cool.XXXXXX.com;
return 301 https://$host$request_uri;
}
I'm launching the following docker-compose:
version: '2'
services:
wp_db:
image: mysql:5.7
container_name: imaxinaria_mysql2
volumes:
- "./.data/db:/var/lib/mysql"
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: password
wp_web:
image: nginx
restart: always
ports:
- 80:80
- 443:443
#log_driver: syslog
links:
- wordpress
volumes:
- ./wp:/var/www/html
- ./etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./var/log/nginx:/var/log/nginx
- ./etc/letsencrypt:/etc/letsencrypt
- ./etc/nginx/certs/dhparam.pem:/etc/nginx/certs/dhparam.pem
wordpress:
depends_on:
- wp_db
image: wordpress:latest
container_name: imaxinaria2
volumes:
- "./wp:/var/www/html"
- "./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini"
links:
- wp_db:mysql
expose:
- 80
- 443
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD: password
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_NAME: wordpress
And getting the following ERROR on WP continer log:
Warning: mysqli::mysqli(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in - on line 10
Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
my nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server {
listen 80;
server_name lab.imaxinaria.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/lab.imaxinaria.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lab.imaxinaria.org/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/certs/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/lab.imaxinaria.org/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=86400;
root /var/www/html;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
root /var/www/html;
fastcgi_pass wp_db:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}
}
}
Could you help me to solve this? Anyway my goal is to launch several wp with persistence behind a Nginx proxy with SSL. If there is a better way let me know.
Thanks in advance.
UPDATE: I tried to use this image as well https://github.com/docker-library/wordpress but getting same results.
Also checked wp-config.php and everything seems alright with DB_USER, DB_PASSWORD and DB_HOST.
Also found that this error could be a bad linking between mysql and wp containers, but they are supposed to be linked as the rule is given on docker-compose.yml
Solved erasing WORDPRESS_DB_HOST: db:3306 from docker-compose.yml