Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2024-11-10 04:07:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add files

Browse Source 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2022-11-24 13:32:59 +01:00
parent d61c8ccb89
commit 20d8f9efb7
No known key found for this signature in database
GPG Key ID: D00C6B1021747EED
20 changed files with 707 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.env

80
Makefile Normal file
View File

@ -0,0 +1,80 @@
#//////////////////////////////////////////////////////////////
#// ____ //
#// | __ ) ___ _ __ ___ _ _ _ __ ___ _ __ _ __ ___ //
#// | _ \ / _ \ '_ \/ __| | | | '_ \ / _ \ '__| '_ \ / __| //
#// | |_) | __/ | | \__ \ |_| | |_) | __/ | | |_) | (__ //
#// |____/ \___|_| |_|___/\__,_| .__/ \___|_| | .__/ \___| //
#// |_| |_| //
#//////////////////////////////////////////////////////////////
#// //
#// Script, 2022 //
#// Created: 14, April, 2022 //
#// Modified: 19, June, 2022 //
#// file: - //
#// - //
#// Source: //
#// OS: ALL //
#// CPU: ALL //
#// //
#//////////////////////////////////////////////////////////////
DOCKER := docker
PROFILE := db wordpress webserver certbot phpmyadmin flask
PROFILE_CMD := $(addprefix --profile ,$(PROFILE))
COMPOSE_FILE := docker-compose.yml
AUTHOR := bensuperpc
IMAGE_NAME := wordpress:6.1.1-php8.1-fpm mariadb:10.10.2 nginx:1.23 certbot/certbot:v1.32.0 phpmyadmin:5.2.0
#IMAGE_AUTHOR := $(addprefix itzg/, $(IMAGE_NAME))
#IMAGE_FULL_NAME := $(addsuffix :latest, $(IMAGE_AUTHOR))
.PHONY: build all
all: start
.PHONY: build
build:
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) build
.PHONY: start
start:
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up -d
start-at:
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up
.PHONY: stop
stop: down
.PHONY: down
down:
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down
.PHONY: restart
restart: stop start
.PHONY: logs
logs:
docker-compose -f $(COMPOSE_FILE) logs
.PHONY: state
state:
docker-compose -f $(COMPOSE_FILE) ps
docker-compose -f $(COMPOSE_FILE) top
.PHONY: update
update:
git pull --recurse-submodules --all --progress
echo $(IMAGE_NAME) | xargs -n1 docker pull
.PHONY: clean
clean:
$(DOCKER) images --filter=reference='bensuperpc/*' --format='{{.Repository}}:{{.Tag}}' | xargs -r $(DOCKER) rmi -f
.PHONY: purge
purge:
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down -v --rmi all

80
README.md Normal file
View File

@ -0,0 +1,80 @@
# wordpress
_My wordpress test_
## About
This is my test wordpress project.
Many configuration files are from [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose).
## Features
- [x] Certbot
- [x] Nginx
- [x] Wordpress
- [x] Docker
- [ ] RSS integration
## Screenshots
## Installation
### Requirements
- [Docker](https://docs.docker.com/install/)
- [Docker Compose](https://docs.docker.com/compose/install/)
### Clone and config
Clone this repository to your local machine using:
```sh
git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/wordpress.git
```
Go to the folder
```sh
cd wordpress
```
### Run with docker
Start the website with:
```sh
make start
```
And go to: [https://127.0.0.1:80/](https://127.0.0.1:80/) or [https://localhost:80/](https://localhost:80/)
Access to the pgadmin with: [https://127.0.0.1:5050/](https://127.0.0.1:5050/) or [https://localhost:5050/](https://localhost:5050/)
Stop the website with:
```sh
make stop
```
Get the logs with:
```sh
make logs
```
## Build with
- [Wordpress](https://wordpress.org/)
- [Gnu Make](https://www.gnu.org/software/make/)
- [Github API](https://docs.github.com/en/rest)
- [Github Actions](https://docs.github.com/en/actions)
- [Docker](https://www.docker.com/)
- [Docker Compose](https://docs.docker.com/compose/)
- [Docker Hub](https://hub.docker.com/)
- [Digital Ocean](https://www.digitalocean.com/)
- [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
- [PGAmin](https://www.pgadmin.org/)
## License
[License](LICENSE)

101
docker-compose.yml Normal file
View File

@ -0,0 +1,101 @@
version: "3.8"
services:
db:
image: mariadb:10.10.2
container_name: db
profiles:
- db
restart: unless-stopped
env_file: .env
volumes:
- dbdata:/var/lib/mysql
networks:
- app-network
wordpress:
depends_on:
- db
image: wordpress:6.1.1-php8.1-fpm
container_name: wordpress
profiles:
- wordpress
restart: unless-stopped
env_file: .env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=$MARIADB_USER
- WORDPRESS_DB_PASSWORD=$MARIADB_PASSWORD
- WORDPRESS_DB_NAME=$MARIADB_DATABASE
volumes:
- wordpress:/var/www/html
networks:
- app-network
flask_website:
build:
context: ./flask
dockerfile: Dockerfile
container_name: flask_website
profiles:
- flask
volumes:
- ./flask:/app:rw
restart: unless-stopped
networks:
- app-network
webserver:
depends_on:
- wordpress
image: nginx:1.23
container_name: webserver
profiles:
- webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- wordpress:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt:ro
networks:
- app-network
certbot:
depends_on:
- webserver
image: certbot/certbot:v1.32.0
container_name: certbot
profiles:
- certbot
volumes:
- certbot-etc:/etc/letsencrypt
- wordpress:/var/www/html
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org
command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
phpmyadmin:
image: phpmyadmin:5.2.0
container_name: phpmyadmin
profiles:
- phpmyadmin
restart: unless-stopped
env_file: .env
environment:
- MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
- MYSQL_USER=$MARIADB_USER
- MYSQL_PASSWORD=$MARIADB_PASSWORD
- PMA_HOST=db
depends_on:
- db
networks:
- app-network
volumes:
certbot-etc: {}
wordpress: {}
dbdata: {}
networks:
app-network:
driver: bridge

12
flask/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
ARG DOCKER_IMAGE=python:3.11-buster
FROM $DOCKER_IMAGE
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip install --no-cache-dir -r requirements.txt
EXPOSE 5000
CMD ["uwsgi", "app.ini"]

BIN
flask/__pycache__/website.cpython-311.pyc Normal file
View File

Binary file not shown.

20
flask/app.ini Normal file
View File

@ -0,0 +1,20 @@
[uwsgi]
plugins = python
wsgi-file = wsgi.py
callable = app
# Or: module = wsgi:app
socket = :8080
# Or: socket = flask_server.sock
chmod-socket = 660
processes = 8
threads = 2
master = true
vacuum = true
die-on-term = true
# enable-threads = true #enable threads support
env = LANG=en_US.UTF-8

12
flask/requirements.txt Normal file
View File

@ -0,0 +1,12 @@
requests
flask
flask-babel
flask-login
flask-sqlalchemy
flask-assets
flask-wtf
flask-mail
uwsgi

9
flask/website.py Normal file
View File

@ -0,0 +1,9 @@
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello():
return "<h1 style='color:blue'>Hello There!</h1>"
if __name__ == "__main__":
app.run(host='0.0.0.0')

4
flask/wsgi.py Normal file
View File

@ -0,0 +1,4 @@
from website import app
if __name__ == "__main__":
app.run(host="0.0.0.0")

44
nginx-conf-old/default.conf.old Normal file
View File

@ -0,0 +1,44 @@
server {
listen 80;
listen [::]:80;
server_name bensuperpc.org www.bensuperpc.org;
index index.php index.html index.htm;
root /var/www/html;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}

39
nginx-conf/flask_wsgi.conf Normal file
View File

@ -0,0 +1,39 @@
include /etc/nginx/conf.d/sub/cache-uwsgi.conf;
upstream flask_server {
# ip_hash;
server flask_website:8080;
# server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s;
# Or: server unix:/app/flask_server.sock;
}
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name flask.bensuperpc.org www.flask.bensuperpc.org;
include /etc/nginx/conf.d/sub/gzip.conf;
location / { try_files $uri @flask_app; }
location @flask_app {
include uwsgi_params;
uwsgi_pass flask_server;
uwsgi_cache UWSGI;
uwsgi_cache_valid 200 302 10m;
uwsgi_cache_valid 301 1h;
uwsgi_cache_valid any 1m;
uwsgi_cache_lock on;
#uwsgi_ignore_headers Vary;
#uwsgi_hide_header Vary;
add_header X-cache $upstream_cache_status;
}
}

43
nginx-conf/phpmyadmin.conf Normal file
View File

@ -0,0 +1,43 @@
include /etc/nginx/conf.d/sub/cache-proxy.conf;
upstream phpmyadmin_server {
# ip_hash;
server phpmyadmin:80;
# server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s;
}
# PHPmyadmin
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
include /etc/nginx/conf.d/sub/gzip.conf;
location / {
proxy_pass http://phpmyadmin_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache PROXY;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_cache_lock on;
proxy_ignore_headers Vary;
proxy_hide_header Vary;
add_header X-cache $upstream_cache_status;
}
# resolver 8.8.8.8;
}

23
nginx-conf/sub/cache-fastcgi.conf Normal file
View File

@ -0,0 +1,23 @@
# The path to store the cache files, limit the folder to 100MB
fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
fastcgi_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
fastcgi_cache_revalidate on;
# Minimum time to store an item in the cache
fastcgi_cache_min_uses 3;
# Cache everything for 1 day
fastcgi_cache_valid 1d;
# Don't use the following headers to define the cache variables
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
# Some parts of this file are from
# https://gist.github.com/TrafeX/6d582b6d040702088722

20
nginx-conf/sub/cache-proxy.conf Normal file
View File

@ -0,0 +1,20 @@
# The path to store the cache files, limit the folder to 100MB
proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
proxy_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
proxy_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
proxy_cache_revalidate on;
# Minimum time to store an item in the cache
proxy_cache_min_uses 3;
# Cache everything for 1 day
proxy_cache_valid 1d;
# Don't use the following headers to define the cache variables
proxy_ignore_headers Cache-Control Expires Set-Cookie;

20
nginx-conf/sub/cache-uwsgi.conf Normal file
View File

@ -0,0 +1,20 @@
# The path to store the cache files, limit the folder to 100MB
uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
uwsgi_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
uwsgi_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
uwsgi_cache_revalidate on;
# Minimum time to store an item in the cache
uwsgi_cache_min_uses 3;
# Cache everything for 1 day
uwsgi_cache_valid 1d;
# Don't use the following headers to define the cache variables
uwsgi_ignore_headers Cache-Control Expires Set-Cookie;

13
nginx-conf/sub/gzip.conf Normal file
View File

@ -0,0 +1,13 @@
# Compression config
gzip on;
gunzip on;
gzip_static on;
gzip_min_length 1000;
gzip_buffers 4 32k;
# gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_vary on;
gzip_comp_level 6;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";

13
nginx-conf/sub/options-ssl-nginx.conf Normal file
View File

@ -0,0 +1,13 @@
# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

16
nginx-conf/test.conf Normal file
View File

@ -0,0 +1,16 @@
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name test.bensuperpc.org www.test.bensuperpc.org;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
return 301 https://www.bensuperpc.org$request_uri;
}
}

157
nginx-conf/wordpress.conf Normal file
View File

@ -0,0 +1,157 @@
include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
# All upstream serveur
upstream wordpress_server {
# ip_hash;
server wordpress:9000;
# server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
}
# Redirect all http requests to the main server wordpress_server
server {
listen 80;
listen [::]:80;
server_name bensuperpc.org www.bensuperpc.org;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
# Main server wordpress_server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bensuperpc.org www.bensuperpc.org;
root /var/www/html;
index index.php index.html index.htm;
# Keepalive for 70 seconds
keepalive_timeout 70;
# Number of requests per connection
keepalive_requests 100;
reset_timedout_connection on;
# Increase proxy buffers for large requests
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# Upload limit
client_max_body_size 50m;
client_body_buffer_size 128k;
# Initialize the variable that specified to skip the cache
set $skip_cache 0;
# POST requests and url's with a query string should always skip cache
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache url's containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
server_tokens off;
include /etc/nginx/conf.d/sub/gzip.conf;
# All things related to SSL
ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem;
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
# Logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
location / {
try_files $uri $uri/ /index.php$is_args$args;
# try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress_server;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_intercept_errors on;
# Don't cache when $skip_cache is true
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Use the WORDPRESS zone
fastcgi_cache WORDPRESS;
}
# Don't write to accesslog for these files
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Media files with one of these extensions should be cached by the browser
location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
}
# Deny access to .* files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Add cache status header for easy debugging
add_header X-cache $upstream_cache_status;
# From cat /etc/resolv.conf
resolver 8.8.8.8;
# Some parts of this file are from
# https://gist.github.com/TrafeX/6d582b6d040702088722
}