mirror of
				https://github.com/bensuperpc/infrastructure.git
				synced 2025-10-25 23:36:20 +02:00 
			
		
		
		
	
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| .env | ||||
							
								
								
									
										80
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										80
									
								
								Makefile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,80 @@ | ||||
| #////////////////////////////////////////////////////////////// | ||||
| #//   ____                                                   // | ||||
| #//  | __ )  ___ _ __  ___ _   _ _ __   ___ _ __ _ __   ___  // | ||||
| #//  |  _ \ / _ \ '_ \/ __| | | | '_ \ / _ \ '__| '_ \ / __| // | ||||
| #//  | |_) |  __/ | | \__ \ |_| | |_) |  __/ |  | |_) | (__  // | ||||
| #//  |____/ \___|_| |_|___/\__,_| .__/ \___|_|  | .__/ \___| // | ||||
| #//                             |_|             |_|          // | ||||
| #////////////////////////////////////////////////////////////// | ||||
| #//                                                          // | ||||
| #//  Script, 2022                                            // | ||||
| #//  Created: 14, April, 2022                                // | ||||
| #//  Modified: 19, June, 2022                                // | ||||
| #//  file: -                                                 // | ||||
| #//  -                                                       // | ||||
| #//  Source:                                                 // | ||||
| #//  OS: ALL                                                 // | ||||
| #//  CPU: ALL                                                // | ||||
| #//                                                          // | ||||
| #////////////////////////////////////////////////////////////// | ||||
|  | ||||
| DOCKER := docker | ||||
|  | ||||
| PROFILE := db wordpress webserver certbot phpmyadmin flask | ||||
| PROFILE_CMD := $(addprefix --profile ,$(PROFILE)) | ||||
|  | ||||
| COMPOSE_FILE := docker-compose.yml | ||||
|  | ||||
| AUTHOR := bensuperpc | ||||
|  | ||||
| IMAGE_NAME := wordpress:6.1.1-php8.1-fpm mariadb:10.10.2 nginx:1.23 certbot/certbot:v1.32.0 phpmyadmin:5.2.0 | ||||
|  | ||||
| #IMAGE_AUTHOR := $(addprefix itzg/, $(IMAGE_NAME)) | ||||
|  | ||||
| #IMAGE_FULL_NAME := $(addsuffix :latest, $(IMAGE_AUTHOR)) | ||||
|  | ||||
| .PHONY: build all | ||||
| all: start | ||||
|  | ||||
| .PHONY: build | ||||
| build: | ||||
| 	docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) build | ||||
|  | ||||
| .PHONY: start | ||||
| start: | ||||
| 	docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up -d | ||||
|  | ||||
| start-at: | ||||
| 	docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up | ||||
|  | ||||
| .PHONY: stop | ||||
| stop: down | ||||
|  | ||||
| .PHONY: down | ||||
| down: | ||||
| 	docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down | ||||
|  | ||||
| .PHONY: restart | ||||
| restart: stop start | ||||
|  | ||||
| .PHONY: logs | ||||
| logs: | ||||
| 	docker-compose -f $(COMPOSE_FILE) logs | ||||
|  | ||||
| .PHONY: state | ||||
| state: | ||||
| 	docker-compose -f $(COMPOSE_FILE) ps | ||||
| 	docker-compose -f $(COMPOSE_FILE) top | ||||
|  | ||||
| .PHONY: update | ||||
| update: | ||||
| 	git pull --recurse-submodules --all --progress | ||||
| 	echo $(IMAGE_NAME) | xargs -n1 docker pull | ||||
|  | ||||
| .PHONY: clean | ||||
| clean: | ||||
| 	$(DOCKER) images --filter=reference='bensuperpc/*' --format='{{.Repository}}:{{.Tag}}' | xargs -r $(DOCKER) rmi -f | ||||
|  | ||||
| .PHONY: purge | ||||
| purge: | ||||
| 	docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down -v --rmi all | ||||
							
								
								
									
										80
									
								
								README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										80
									
								
								README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,80 @@ | ||||
| # wordpress | ||||
|  | ||||
| _My wordpress test_ | ||||
|  | ||||
| ## About | ||||
|  | ||||
| This is my test wordpress project. | ||||
| Many configuration files are from [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose). | ||||
|  | ||||
| ## Features | ||||
|  | ||||
| - [x] Certbot | ||||
| - [x] Nginx | ||||
| - [x] Wordpress | ||||
| - [x] Docker | ||||
| - [ ] RSS integration | ||||
|  | ||||
| ## Screenshots | ||||
|  | ||||
| ## Installation | ||||
|  | ||||
| ### Requirements | ||||
|  | ||||
| - [Docker](https://docs.docker.com/install/) | ||||
| - [Docker Compose](https://docs.docker.com/compose/install/) | ||||
|  | ||||
| ### Clone and config | ||||
|  | ||||
| Clone this repository to your local machine using: | ||||
|  | ||||
| ```sh | ||||
| git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/wordpress.git | ||||
| ``` | ||||
|  | ||||
| Go to the folder | ||||
|  | ||||
| ```sh | ||||
| cd wordpress | ||||
| ``` | ||||
|  | ||||
| ### Run with docker | ||||
|  | ||||
| Start the website with: | ||||
|  | ||||
| ```sh | ||||
| make start | ||||
| ``` | ||||
|  | ||||
| And go to: [https://127.0.0.1:80/](https://127.0.0.1:80/) or [https://localhost:80/](https://localhost:80/) | ||||
|  | ||||
| Access to the pgadmin with: [https://127.0.0.1:5050/](https://127.0.0.1:5050/) or [https://localhost:5050/](https://localhost:5050/) | ||||
|  | ||||
| Stop the website with: | ||||
|  | ||||
| ```sh | ||||
| make stop | ||||
| ``` | ||||
|  | ||||
| Get the logs with: | ||||
|  | ||||
| ```sh | ||||
| make logs | ||||
| ``` | ||||
|  | ||||
| ## Build with | ||||
|  | ||||
| - [Wordpress](https://wordpress.org/) | ||||
| - [Gnu Make](https://www.gnu.org/software/make/) | ||||
| - [Github API](https://docs.github.com/en/rest) | ||||
| - [Github Actions](https://docs.github.com/en/actions) | ||||
| - [Docker](https://www.docker.com/) | ||||
| - [Docker Compose](https://docs.docker.com/compose/) | ||||
| - [Docker Hub](https://hub.docker.com/) | ||||
| - [Digital Ocean](https://www.digitalocean.com/) | ||||
| - [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose) | ||||
| - [PGAmin](https://www.pgadmin.org/) | ||||
|  | ||||
| ## License | ||||
|  | ||||
| [License](LICENSE) | ||||
							
								
								
									
										101
									
								
								docker-compose.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										101
									
								
								docker-compose.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,101 @@ | ||||
| version: "3.8" | ||||
|  | ||||
| services: | ||||
|   db: | ||||
|     image: mariadb:10.10.2 | ||||
|     container_name: db | ||||
|     profiles: | ||||
|       - db | ||||
|     restart: unless-stopped | ||||
|     env_file: .env | ||||
|     volumes:  | ||||
|       - dbdata:/var/lib/mysql | ||||
|     networks: | ||||
|       - app-network | ||||
|  | ||||
|   wordpress: | ||||
|     depends_on:  | ||||
|       - db | ||||
|     image: wordpress:6.1.1-php8.1-fpm | ||||
|     container_name: wordpress | ||||
|     profiles: | ||||
|       - wordpress | ||||
|     restart: unless-stopped | ||||
|     env_file: .env | ||||
|     environment: | ||||
|       - WORDPRESS_DB_HOST=db:3306 | ||||
|       - WORDPRESS_DB_USER=$MARIADB_USER | ||||
|       - WORDPRESS_DB_PASSWORD=$MARIADB_PASSWORD | ||||
|       - WORDPRESS_DB_NAME=$MARIADB_DATABASE | ||||
|     volumes: | ||||
|       - wordpress:/var/www/html | ||||
|     networks: | ||||
|       - app-network | ||||
|  | ||||
|   flask_website: | ||||
|     build: | ||||
|       context: ./flask | ||||
|       dockerfile: Dockerfile | ||||
|     container_name: flask_website | ||||
|     profiles: | ||||
|       - flask | ||||
|     volumes: | ||||
|       - ./flask:/app:rw | ||||
|     restart: unless-stopped | ||||
|     networks: | ||||
|       - app-network | ||||
|   webserver: | ||||
|     depends_on: | ||||
|       - wordpress | ||||
|     image: nginx:1.23 | ||||
|     container_name: webserver | ||||
|     profiles: | ||||
|       - webserver | ||||
|     restart: unless-stopped | ||||
|     ports: | ||||
|       - "80:80" | ||||
|       - "443:443" | ||||
|     volumes: | ||||
|       - wordpress:/var/www/html | ||||
|       - ./nginx-conf:/etc/nginx/conf.d | ||||
|       - certbot-etc:/etc/letsencrypt:ro | ||||
|     networks: | ||||
|       - app-network | ||||
|  | ||||
|   certbot: | ||||
|     depends_on: | ||||
|       - webserver | ||||
|     image: certbot/certbot:v1.32.0 | ||||
|     container_name: certbot | ||||
|     profiles: | ||||
|       - certbot | ||||
|     volumes: | ||||
|       - certbot-etc:/etc/letsencrypt | ||||
|       - wordpress:/var/www/html | ||||
|     #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org | ||||
|     #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org | ||||
|     command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org | ||||
|   phpmyadmin: | ||||
|     image: phpmyadmin:5.2.0 | ||||
|     container_name: phpmyadmin | ||||
|     profiles: | ||||
|       - phpmyadmin | ||||
|     restart: unless-stopped | ||||
|     env_file: .env | ||||
|     environment: | ||||
|       - MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD | ||||
|       - MYSQL_USER=$MARIADB_USER | ||||
|       - MYSQL_PASSWORD=$MARIADB_PASSWORD | ||||
|       - PMA_HOST=db | ||||
|     depends_on: | ||||
|       - db | ||||
|     networks: | ||||
|       - app-network | ||||
| volumes: | ||||
|   certbot-etc: {} | ||||
|   wordpress: {} | ||||
|   dbdata: {} | ||||
|  | ||||
| networks: | ||||
|   app-network: | ||||
|     driver: bridge | ||||
							
								
								
									
										12
									
								
								flask/Dockerfile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								flask/Dockerfile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| ARG DOCKER_IMAGE=python:3.11-buster | ||||
| FROM $DOCKER_IMAGE | ||||
|  | ||||
| WORKDIR /app | ||||
|  | ||||
| COPY requirements.txt requirements.txt | ||||
|  | ||||
| RUN pip install --no-cache-dir -r requirements.txt | ||||
|  | ||||
| EXPOSE 5000 | ||||
|  | ||||
| CMD ["uwsgi", "app.ini"] | ||||
							
								
								
									
										
											BIN
										
									
								
								flask/__pycache__/website.cpython-311.pyc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								flask/__pycache__/website.cpython-311.pyc
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										20
									
								
								flask/app.ini
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								flask/app.ini
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| [uwsgi] | ||||
| plugins = python | ||||
|  | ||||
| wsgi-file = wsgi.py | ||||
| callable = app | ||||
| # Or: module = wsgi:app | ||||
|  | ||||
| socket = :8080 | ||||
| # Or: socket = flask_server.sock | ||||
| chmod-socket = 660 | ||||
|  | ||||
| processes = 8 | ||||
| threads = 2  | ||||
| master = true | ||||
|  | ||||
| vacuum = true | ||||
| die-on-term = true | ||||
| # enable-threads = true #enable threads support | ||||
|  | ||||
| env = LANG=en_US.UTF-8 | ||||
							
								
								
									
										12
									
								
								flask/requirements.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								flask/requirements.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| requests | ||||
|  | ||||
| flask | ||||
| flask-babel | ||||
| flask-login | ||||
| flask-sqlalchemy | ||||
| flask-assets | ||||
| flask-wtf | ||||
| flask-mail | ||||
|  | ||||
|  | ||||
| uwsgi | ||||
							
								
								
									
										9
									
								
								flask/website.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								flask/website.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| from flask import Flask | ||||
| app = Flask(__name__) | ||||
|  | ||||
| @app.route("/") | ||||
| def hello(): | ||||
|     return "<h1 style='color:blue'>Hello There!</h1>" | ||||
|  | ||||
| if __name__ == "__main__": | ||||
|     app.run(host='0.0.0.0') | ||||
							
								
								
									
										4
									
								
								flask/wsgi.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								flask/wsgi.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| from website import app | ||||
|  | ||||
| if __name__ == "__main__": | ||||
|     app.run(host="0.0.0.0") | ||||
							
								
								
									
										44
									
								
								nginx-conf-old/default.conf.old
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										44
									
								
								nginx-conf-old/default.conf.old
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,44 @@ | ||||
| server { | ||||
|         listen 80; | ||||
|         listen [::]:80; | ||||
|  | ||||
|         server_name bensuperpc.org www.bensuperpc.org; | ||||
|  | ||||
|         index index.php index.html index.htm; | ||||
|  | ||||
|         root /var/www/html; | ||||
|  | ||||
|         location ~ /.well-known/acme-challenge { | ||||
|                 allow all; | ||||
|                 root /var/www/html; | ||||
|         } | ||||
|  | ||||
|         location / { | ||||
|                 try_files $uri $uri/ /index.php$is_args$args; | ||||
|         } | ||||
|  | ||||
|         location ~ \.php$ { | ||||
|                 try_files $uri =404; | ||||
|                 fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||||
|                 fastcgi_pass wordpress:9000; | ||||
|                 fastcgi_index index.php; | ||||
|                 include fastcgi_params; | ||||
|                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||||
|                 fastcgi_param PATH_INFO $fastcgi_path_info; | ||||
|         } | ||||
|  | ||||
|         location ~ /\.ht { | ||||
|                 deny all; | ||||
|         } | ||||
|          | ||||
|         location = /favicon.ico {  | ||||
|                 log_not_found off; access_log off;  | ||||
|         } | ||||
|         location = /robots.txt {  | ||||
|                 log_not_found off; access_log off; allow all;  | ||||
|         } | ||||
|         location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { | ||||
|                 expires max; | ||||
|                 log_not_found off; | ||||
|         } | ||||
| } | ||||
							
								
								
									
										39
									
								
								nginx-conf/flask_wsgi.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								nginx-conf/flask_wsgi.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,39 @@ | ||||
| include /etc/nginx/conf.d/sub/cache-uwsgi.conf; | ||||
|  | ||||
| upstream flask_server { | ||||
|         # ip_hash; | ||||
|         server flask_website:8080; | ||||
|         # server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s; | ||||
|  | ||||
|         # Or: server unix:/app/flask_server.sock; | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|         listen 80; | ||||
|         listen [::]:80; | ||||
|         #listen 443; | ||||
|         #listen [::]:443; | ||||
|  | ||||
|         server_name flask.bensuperpc.org www.flask.bensuperpc.org; | ||||
|  | ||||
|         include /etc/nginx/conf.d/sub/gzip.conf; | ||||
|  | ||||
|         location / { try_files $uri @flask_app; } | ||||
|  | ||||
|         location @flask_app { | ||||
|                 include uwsgi_params; | ||||
|                 uwsgi_pass flask_server; | ||||
|  | ||||
|                 uwsgi_cache UWSGI; | ||||
|                 uwsgi_cache_valid 200 302 10m; | ||||
|                 uwsgi_cache_valid 301 1h; | ||||
|                 uwsgi_cache_valid any 1m; | ||||
|                 uwsgi_cache_lock on; | ||||
|  | ||||
|                 #uwsgi_ignore_headers Vary; | ||||
|                 #uwsgi_hide_header Vary; | ||||
|  | ||||
|                 add_header X-cache $upstream_cache_status; | ||||
|         } | ||||
| } | ||||
							
								
								
									
										43
									
								
								nginx-conf/phpmyadmin.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								nginx-conf/phpmyadmin.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| include /etc/nginx/conf.d/sub/cache-proxy.conf; | ||||
|  | ||||
| upstream phpmyadmin_server { | ||||
|         # ip_hash; | ||||
|         server phpmyadmin:80; | ||||
|         # server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s; | ||||
| } | ||||
|  | ||||
| # PHPmyadmin | ||||
| server { | ||||
|         listen 80; | ||||
|         listen [::]:80; | ||||
|         #listen 443; | ||||
|         #listen [::]:443; | ||||
|  | ||||
|         server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org; | ||||
|  | ||||
|         include /etc/nginx/conf.d/sub/gzip.conf; | ||||
|  | ||||
|         location / { | ||||
|                 proxy_pass http://phpmyadmin_server; | ||||
|                 proxy_redirect off; | ||||
|                 proxy_set_header Host $host; | ||||
|                 proxy_set_header X-Real-IP $remote_addr; | ||||
|                 proxy_set_header X-Forwarded-Proto $scheme; | ||||
|                 proxy_set_header X-Forwarded-Host $host:$server_port; | ||||
|                 proxy_set_header X-Forwarded-Server $host; | ||||
|                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|  | ||||
|                 proxy_cache PROXY; | ||||
|                 proxy_cache_valid 200 302 10m; | ||||
|                 proxy_cache_valid 301 1h; | ||||
|                 proxy_cache_valid any 1m; | ||||
|                 proxy_cache_lock on; | ||||
|  | ||||
|                 proxy_ignore_headers Vary; | ||||
|                 proxy_hide_header Vary; | ||||
|  | ||||
|                 add_header X-cache $upstream_cache_status; | ||||
|         } | ||||
|  | ||||
|         # resolver 8.8.8.8; | ||||
| } | ||||
							
								
								
									
										23
									
								
								nginx-conf/sub/cache-fastcgi.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								nginx-conf/sub/cache-fastcgi.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # The path to store the cache files, limit the folder to 100MB | ||||
| fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off; | ||||
|  | ||||
| # A unique request is defined by this cache key | ||||
| fastcgi_cache_key "$scheme$request_method$host$request_uri"; | ||||
|  | ||||
| # Show the cached version if upstream gives a timeout or a HTTP 500 error | ||||
| fastcgi_cache_use_stale error timeout invalid_header http_500; | ||||
|  | ||||
| # Revalidate items in the cache if they are update  | ||||
| fastcgi_cache_revalidate on; | ||||
|  | ||||
| # Minimum time to store an item in the cache | ||||
| fastcgi_cache_min_uses 3; | ||||
|  | ||||
| # Cache everything for 1 day | ||||
| fastcgi_cache_valid 1d; | ||||
|  | ||||
| # Don't use the following headers to define the cache variables | ||||
| fastcgi_ignore_headers Cache-Control Expires Set-Cookie; | ||||
|  | ||||
| # Some parts of this file are from | ||||
| # https://gist.github.com/TrafeX/6d582b6d040702088722 | ||||
							
								
								
									
										20
									
								
								nginx-conf/sub/cache-proxy.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								nginx-conf/sub/cache-proxy.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| # The path to store the cache files, limit the folder to 100MB | ||||
| proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off; | ||||
|  | ||||
| # A unique request is defined by this cache key | ||||
| proxy_cache_key "$scheme$request_method$host$request_uri"; | ||||
|  | ||||
| # Show the cached version if upstream gives a timeout or a HTTP 500 error | ||||
| proxy_cache_use_stale error timeout invalid_header http_500; | ||||
|  | ||||
| # Revalidate items in the cache if they are update  | ||||
| proxy_cache_revalidate on; | ||||
|  | ||||
| # Minimum time to store an item in the cache | ||||
| proxy_cache_min_uses 3; | ||||
|  | ||||
| # Cache everything for 1 day | ||||
| proxy_cache_valid 1d; | ||||
|  | ||||
| # Don't use the following headers to define the cache variables | ||||
| proxy_ignore_headers Cache-Control Expires Set-Cookie; | ||||
							
								
								
									
										20
									
								
								nginx-conf/sub/cache-uwsgi.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								nginx-conf/sub/cache-uwsgi.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| # The path to store the cache files, limit the folder to 100MB | ||||
| uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off; | ||||
|  | ||||
| # A unique request is defined by this cache key | ||||
| uwsgi_cache_key "$scheme$request_method$host$request_uri"; | ||||
|  | ||||
| # Show the cached version if upstream gives a timeout or a HTTP 500 error | ||||
| uwsgi_cache_use_stale error timeout invalid_header http_500; | ||||
|  | ||||
| # Revalidate items in the cache if they are update  | ||||
| uwsgi_cache_revalidate on; | ||||
|  | ||||
| # Minimum time to store an item in the cache | ||||
| uwsgi_cache_min_uses 3; | ||||
|  | ||||
| # Cache everything for 1 day | ||||
| uwsgi_cache_valid 1d; | ||||
|  | ||||
| # Don't use the following headers to define the cache variables | ||||
| uwsgi_ignore_headers Cache-Control Expires Set-Cookie; | ||||
							
								
								
									
										13
									
								
								nginx-conf/sub/gzip.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								nginx-conf/sub/gzip.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| # Compression config | ||||
| gzip on; | ||||
| gunzip on; | ||||
|  | ||||
| gzip_static on; | ||||
| gzip_min_length 1000; | ||||
| gzip_buffers 4 32k; | ||||
| # gzip_http_version 1.1; | ||||
| gzip_proxied any; | ||||
| gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; | ||||
| gzip_vary on; | ||||
| gzip_comp_level 6; | ||||
| gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | ||||
							
								
								
									
										13
									
								
								nginx-conf/sub/options-ssl-nginx.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								nginx-conf/sub/options-ssl-nginx.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| # generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration | ||||
| # https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6 | ||||
|  | ||||
| ssl_session_cache shared:le_nginx_SSL:10m; | ||||
| ssl_session_timeout 1440m; | ||||
| ssl_session_tickets off; | ||||
|  | ||||
| ssl_protocols TLSv1.3; | ||||
| ssl_prefer_server_ciphers off; | ||||
|  | ||||
| # OCSP stapling | ||||
| ssl_stapling on; | ||||
| ssl_stapling_verify on; | ||||
							
								
								
									
										16
									
								
								nginx-conf/test.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								nginx-conf/test.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| server { | ||||
|         listen 80; | ||||
|         listen [::]:80; | ||||
|         #listen 443; | ||||
|         #listen [::]:443; | ||||
|         server_name test.bensuperpc.org www.test.bensuperpc.org; | ||||
|  | ||||
|         location ~ /.well-known/acme-challenge { | ||||
|                 allow all; | ||||
|                 root /var/www/html; | ||||
|         } | ||||
|  | ||||
|         location / { | ||||
|                 return 301 https://www.bensuperpc.org$request_uri; | ||||
|         } | ||||
| } | ||||
							
								
								
									
										157
									
								
								nginx-conf/wordpress.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										157
									
								
								nginx-conf/wordpress.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,157 @@ | ||||
| include /etc/nginx/conf.d/sub/cache-fastcgi.conf; | ||||
|  | ||||
| # All upstream serveur | ||||
| upstream wordpress_server { | ||||
|         # ip_hash; | ||||
|         server wordpress:9000; | ||||
|         # server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s; | ||||
| } | ||||
|  | ||||
| # Redirect all http requests to the main server wordpress_server | ||||
| server { | ||||
|         listen 80; | ||||
|         listen [::]:80; | ||||
|  | ||||
|         server_name bensuperpc.org www.bensuperpc.org; | ||||
|  | ||||
|         location ~ /.well-known/acme-challenge { | ||||
|                 allow all; | ||||
|                 root /var/www/html; | ||||
|         } | ||||
|  | ||||
|         location / { | ||||
|                 return 301 https://$host$request_uri; | ||||
|         } | ||||
| } | ||||
|  | ||||
| # Main server wordpress_server | ||||
| server { | ||||
|         listen 443 ssl http2; | ||||
|         listen [::]:443 ssl http2; | ||||
|         server_name bensuperpc.org www.bensuperpc.org; | ||||
|  | ||||
|         root /var/www/html; | ||||
|         index index.php index.html index.htm; | ||||
|  | ||||
|         # Keepalive for 70 seconds | ||||
|         keepalive_timeout 70; | ||||
|  | ||||
|         # Number of requests per connection | ||||
|         keepalive_requests 100; | ||||
|  | ||||
|         reset_timedout_connection on; | ||||
|  | ||||
|         # Increase proxy buffers for large requests | ||||
|         proxy_buffer_size 128k; | ||||
|         proxy_buffers 4 256k; | ||||
|         proxy_busy_buffers_size 256k; | ||||
|  | ||||
|         fastcgi_buffer_size 128k; | ||||
|         fastcgi_buffers 256 16k; | ||||
|         fastcgi_busy_buffers_size 256k; | ||||
|         fastcgi_temp_file_write_size 256k; | ||||
|  | ||||
|         # Upload limit | ||||
|         client_max_body_size 50m; | ||||
|         client_body_buffer_size 128k; | ||||
|  | ||||
|         # Initialize the variable that specified to skip the cache | ||||
|         set $skip_cache 0; | ||||
|  | ||||
|         # POST requests and url's with a query string should always skip cache | ||||
|         if ($request_method = POST) { | ||||
|                 set $skip_cache 1; | ||||
|         } | ||||
|         if ($query_string != "") { | ||||
|                 set $skip_cache 1; | ||||
|         } | ||||
|  | ||||
|         # Don't cache url's containing the following segments | ||||
|         if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { | ||||
|                 set $skip_cache 1; | ||||
|         } | ||||
|  | ||||
|         # Don't use the cache for logged in users or recent commenters | ||||
|         if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { | ||||
|                 set $skip_cache 1; | ||||
|         } | ||||
|  | ||||
|         server_tokens off; | ||||
|  | ||||
|         include /etc/nginx/conf.d/sub/gzip.conf; | ||||
|          | ||||
|         # All things related to SSL | ||||
|         ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem; | ||||
|         ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem; | ||||
|         ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem; | ||||
|  | ||||
|         include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; | ||||
|  | ||||
|         # Logging | ||||
|         access_log /var/log/nginx/wordpress.access.log; | ||||
|         error_log  /var/log/nginx/wordpress.error.log; | ||||
|  | ||||
|         add_header X-Frame-Options "SAMEORIGIN" always; | ||||
|         add_header X-XSS-Protection "1; mode=block" always; | ||||
|         add_header X-Content-Type-Options "nosniff" always; | ||||
|         add_header Referrer-Policy "no-referrer-when-downgrade" always; | ||||
|         add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; | ||||
|         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; | ||||
|  | ||||
|         location / { | ||||
|                 try_files $uri $uri/ /index.php$is_args$args; | ||||
|                 #  try_files $uri $uri/ /index.php?$args; | ||||
|         } | ||||
|  | ||||
|         location ~ \.php$ { | ||||
|                 try_files $uri =404; | ||||
|                 fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||||
|                 fastcgi_pass wordpress_server; | ||||
|                 fastcgi_index index.php; | ||||
|                 include fastcgi_params; | ||||
|                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||||
|                 fastcgi_param PATH_INFO $fastcgi_path_info; | ||||
|                  | ||||
|                 fastcgi_intercept_errors on; | ||||
|  | ||||
|                 # Don't cache when $skip_cache is true | ||||
|                 fastcgi_cache_bypass $skip_cache; | ||||
|                 fastcgi_no_cache $skip_cache; | ||||
|  | ||||
|                 # Use the WORDPRESS zone | ||||
|                 fastcgi_cache WORDPRESS; | ||||
|         } | ||||
|  | ||||
|         # Don't write to accesslog for these files | ||||
|         location = /favicon.ico { | ||||
|                 log_not_found off; | ||||
|                 access_log off; | ||||
|         } | ||||
|         location = /robots.txt { | ||||
|                 allow all; | ||||
|                 log_not_found off; | ||||
|                 access_log off; | ||||
|         } | ||||
|  | ||||
|         # Media files with one of these extensions should be cached by the browser | ||||
|         location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { | ||||
|                 expires max; | ||||
|                 log_not_found off; | ||||
|         } | ||||
|  | ||||
|         # Deny access to .* files | ||||
|         location ~ /\. { | ||||
|                 deny all; | ||||
|                 access_log off; | ||||
|                 log_not_found off; | ||||
|         } | ||||
|          | ||||
|         # Add cache status header for easy debugging | ||||
|         add_header X-cache $upstream_cache_status; | ||||
|  | ||||
|         # From cat /etc/resolv.conf | ||||
|         resolver 8.8.8.8; | ||||
|  | ||||
|         # Some parts of this file are from | ||||
|         # https://gist.github.com/TrafeX/6d582b6d040702088722 | ||||
| } | ||||
		Reference in New Issue
	
	Block a user