initial commit for ubuntu-docker-wordpress

LICENSE

@@ -0,0 +1,8 @@
+The MIT License (MIT)
+Copyright (c) 2016 Geniem Oy
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,141 @@
+# Lightweight PHP-FPM & Nginx Docker Image for WordPress
+[![devgeniem/alpine-wordpress docker image](http://dockeri.co/image/devgeniem/wordpress-server)](https://registry.hub.docker.com/u/devgeniem/wordpress-server/)
+
+[![License](https://img.shields.io/:license-mit-blue.svg?style=flat-square)](http://badges.mit-license.org)
+
+This is maintained repository. We use this project in production and recommend this for your projects too. This container doesn't have mysql or email, you need to provide them from elsewhere. This can be other container or your host machine.
+
+I tried to include all build, test and project tools in [docker-alpine-wordpress](https://github.com/devgeniem/docker-alpine-wordpress) image. I think that more modular design is better for docker and security as well.
+
+This project tries to be as minimal as possible and doesn't include anything that we don't absolutely need in the runtime.
+
+## Aren't you only supposed to run one process per container?
+We think that docker container should be small set of processes which provide one service rather than one clumsy process. This container uses [s6-overlay](https://github.com/just-containers/s6-overlay) in order to run php-fpm and nginx together.
+
+## Container layout
+Mount your wordpress project into:
+```
+/var/www/project
+```
+
+Your project should define web root in:
+```
+/var/www/project/web
+```
+This is the place where nginx will serve requests. This is compatible with [bedrock layout](https://github.com/roots/bedrock).
+
+### Override project path
+You can use `OVERRIDE_PROJECT_ROOT` variable to change project path with symlink.
+
+For example in `Drone CI` all mounts are done into `/drone/src` folder and we use `OVERRIDE_PROJECT_ROOT=/drone/src/project` in our testing.
+
+Container creates a symlink from /var/www/project into `$OVERRIDE_PROJECT_ROOT` which allows us to use custom path.
+
+## User permissions
+You can use `WP_GID` and `WP_UID` env to change web user and group.
+
+If these are not set container will look for owner:group from files mounted in `/var/www/project/web/`.
+
+If these files are owned by root user or root group the container will automatically use 100:101 as permissions instead. This is so that we won't never run nginx and php-fpm as root.
+
+## Nginx includes
+You can have custom nginx includes in your project mount `/var/www/project/nginx`.
+
+**Include into http {} block:**
+`/var/www/project/nginx/http/*.conf`
+
+**Include into server {} block:**
+`/var/www/project/nginx/server/*.conf`
+
+See more in our [wp-project template](https://github.com/devgeniem/wp-project).
+
+## Cron jobs
+You can place cron file in `/var/www/project/tasks.cron`. This is symlinked to crond and run as user `wordpress`.
+
+For example:
+```
+# do daily/weekly/monthly maintenance
+*       *       *       *       *       echo "test log from: $(whoami)..." >> /tmp/test.log
+```
+
+## Environment Variables
+
+### Timezone
+This sets timezone for the environment and php. See candidates here: http://php.net/manual/en/timezones.php
+```
+TZ     # Default: 'Europe/Helsinki'
+```
+
+### Development/Production
+
+```
+WP_ENV # Default: '' Options: development,testing,production,pretty-much-anything-you-want
+```
+
+### Database variables (mysql/mariadb)
+
+```
+DB_NAME     # Default: ''
+DB_PASSWORD # Default: ''
+DB_USER     # Default: ''
+DB_HOST     # Default: ''
+DB_PORT     # Default: ''
+```
+
+Remember to set `DB_NAME`, `DB_PASSWORD` and `DB_USER` and use these variables in your wp-config.php. These are automatically added as envs in php context.
+
+### Email variables
+
+```
+SMTP_HOST
+```
+
+This variable changes the host where container tries to send mail from. By default this is docker host `172.17.0.1`.
+
+```
+SMTP_PORT
+```
+
+This variable changes the port where container tries to connect in order to send mail. By default this is `25`.
+
+```
+SMTP_TLS
+```
+
+If this is provided use username in authenticating to mail server. Default: null
+```
+SMTP_USER
+```
+
+If this is provided use password in authenticating to mail server. Default: null
+```
+SMTP_PASSWORD
+```
+
+If this is `on` mail will use username/password authentication in connections to smtp server.
+This will automatically activate if you use `SMTP_USER` and `SMTP_PASSWORD`. Default: `off`
+```
+SMTP_AUTH
+```
+
+See more about these variables in [msmtp docs](http://msmtp.sourceforge.net/doc/msmtp.html#Authentication).
+
+### PHP and Nginx Variables
+You can change following env to change php configs:
+
+```
+# Variables and default values
+PHP_MEMORY_LIMIT=128M
+NGINX_MAX_BODY_SIZE=64M
+NGINX_FASTCGI_TIMEOUT=30
+```
+
+## What's inside container:
+### For running WordPress
+- php7
+- php-fpm7
+- nginx
+- wp-cli
+
+### For sending emails with smtp server
+- msmtp

docker-compose.yml

@@ -0,0 +1,30 @@
+# Use this if you're testing/debugging the build locally on OSX
+web56:
+  build: ./php5.6/
+  command: /init
+  ports:
+    - 80
+  volumes:
+    - ./web:/var/www/project/web
+  environment:
+    WP_UID: 100
+    WP_GID: 101
+
+    # For testing with gdev
+    VIRTUAL_HOST: php56.test
+    PORT: 80
+
+web70:
+  build: ./php7.0/
+  command: /init
+  ports:
+    - 80
+  volumes:
+    - ./web:/var/www/project/web
+  environment:
+    WP_UID: 100
+    WP_GID: 101
+
+    # For testing with gdev
+    VIRTUAL_HOST: php70.test
+    PORT: 80

ubuntu-7.1/.dockerignore

@@ -0,0 +1,12 @@
+# These files are ignored from being uploaded to docker build context
+
+# Git is not needed in docker image building
+.git
+
+# No OSX rubbish
+.DS_Store
+
+# Development stuff
+docker-compose.yml
+.dockerignore
+Dockerfile

ubuntu-7.1/Dockerfile

@@ -0,0 +1,182 @@
+FROM ci.gpilvi.com:5000/devgeniem/docker-openresty-pagespeed-ubuntu
+MAINTAINER Ville Pietarinen - Geniem Oy <[email protected]>
+
+##
+# Only use these during installation
+##
+ARG LANG=C.UTF-8
+ARG DEBIAN_FRONTEND=noninteractive
+
+##
+# Install php7 packages from dotdeb.org
+# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers
+##
+RUN \
+    apt-get update \
+&& apt-get -y install software-properties-common \
+    && add-apt-repository ppa:ondrej/php \
+    && apt-get -y --no-install-recommends install \
+        apt-utils \
+        curl \
+        nano \
+        ca-certificates \
+        git \
+        mysql-client \
+        postfix \
+        netcat \
+        less \
+        libmcrypt-dev \
+    && apt-get update \
+    && apt-get -y install php7.1 \
+    && apt-get -y --no-install-recommends install \
+        php7.1-cli \
+        php7.1-common \
+        php7.1-apcu \
+        php7.1-apcu-bc \
+        php7.1-curl \
+        php7.1-json \
+        php7.1-mcrypt \
+        php7.1-opcache \
+        php7.1-readline \
+        php7.1-xml \
+        php7.1-zip \
+        php7.1-fpm \
+        php7.1-redis \
+        php7.1-mongodb \
+        php7.1-mysqli \
+        php7.1-intl \
+        php7.1-gd \
+        php7.1-mbstring \
+        php7.1-soap \
+        php7.1-bcmath \
+        php7.1-curl \
+        php7.1-ldap \
+        php7.1-mcrypt \
+    # Force install only cron without extra mailing dependencies
+    && cd /tmp \
+    && apt-get download cron \
+    && dpkg --force-all -i cron*.deb \
+    && mkdir -p /var/spool/cron/crontabs \
+    # Cleanup
+    && apt-get clean \
+    && apt-get autoremove \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log
+
+
+# Install helpers
+RUN \
+    ##
+    # Install composer
+    ##
+    curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
+    && composer global require hirak/prestissimo \
+
+    ##
+    # Install wp-cli
+    # source: http://wp-cli.org/
+    ##
+    && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \
+    && chmod +rx /usr/local/bin/wp-cli \
+    # Symlink it to /usr/bin as well so that cron can find this script with limited PATH
+    && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \
+
+    ##
+    # Install cronlock for running cron correctly with multi container setups
+    # https://github.com/kvz/cronlock
+    ##
+    && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \
+    && chmod +rx /usr/local/bin/cronlock \
+    # Symlink it to /usr/bin as well so that cron can find this script with limited PATH
+    && ln -s /usr/local/bin/cronlock /usr/bin/cronlock
+
+##
+# Add Project files like nginx and php-fpm processes and configs
+# Also custom scripts and bashrc
+##
+COPY rootfs/ /
+
+# Run small fixes
+RUN set -x \
+    && mkdir -p /var/www/uploads \
+    && mkdir -p /dev/cache \
+    && mkdir -p /tmp/php-opcache \
+    && ln -sf /usr/sbin/php-fpm7.1 /usr/sbin/php-fpm \
+    && ln -sf /usr/bin/wp /usr/local/bin/wp
+# This is for your project root
+ENV PROJECT_ROOT="/var/www/project"
+
+ENV \
+    # Add interactive term
+    TERM="xterm" \
+    # Set defaults which can be overriden
+    MYSQL_PORT="3306" \
+    # Use default web port in nginx but allow it to be overridden
+    # This also works correctly with flynn:
+    # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457
+    PORT="8080" \
+    # Use custom users for nginx and php-fpm
+    WEB_USER="wordpress" \
+    WEB_GROUP="web" \
+    WEB_UID=1000 \
+    WEB_GID=1001 \
+    # Set defaults for redis
+    REDIS_PORT="6379" \
+    REDIS_DATABASE="0" \
+    REDIS_PASSWORD="" \
+    REDIS_SCHEME="tcp" \
+    # Set defaults for NGINX redis cache
+    # This variable uses seconds by default
+    # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes).
+    NGINX_REDIS_CACHE_TTL_DEFAULT="900" \
+    NGINX_REDIS_CACHE_TTL_MAX="4h" \
+    # Cronlock is used to stop simultaneous cronjobs in clusterised environments
+    CRONLOCK_HOST="" \
+    # This is used by nginx and php-fpm
+    WEB_ROOT="${PROJECT_ROOT}/web" \
+    # This is used automatically by wp-cli
+    WP_CORE="${PROJECT_ROOT}/web/wp" \
+    # Nginx include files
+    NGINX_INCLUDE_DIR="/var/www/project/nginx" \
+    # Allow bigger file uploads
+    NGINX_MAX_BODY_SIZE="10M" \
+    # Allow storing bigger body in memory
+    NGINX_BODY_BUFFER_SIZE="32k" \
+    # Have sane fastcgi timeout by default
+    NGINX_FASTCGI_TIMEOUT="30" \
+    # Have sane fastcgi timeout by default
+    NGINX_ERROR_LEVEL="warn" \
+    # Have sane fastcgi timeout by default
+    NGINX_ERROR_LOG="stderr" \
+    # Have sane fastcgi timeout by default
+    NGINX_ACCESS_LOG="/dev/stdout" \
+    # Default cache key for nginx http cache
+    NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \
+    # PHP settings
+    PHP_MEMORY_LIMIT="128M" \
+    PHP_MAX_INPUT_VARS="1000" \
+    PHP_ERROR_LOG="/proc/self/fd/1" \
+    PHP_ERROR_LOG_LEVEL="warning" \
+    PHP_ERROR_LOG_MAX_LEN="8192" \
+    PHP_SESSION_REDIS_DB="0" \
+    PHP_SESSION_HANDLER="files" \
+    # You should count the *.php files in your project and set this number to be bigger
+    # $ find . -type f -print | grep php | wc -l
+    PHP_OPCACHE_MAX_FILES="8000" \
+    # Amount of memory in MB to allocate for opcache
+    PHP_OPCACHE_MAX_MEMORY="128" \
+    # Use host machine as default SMTP_HOST
+    SMTP_HOST="172.17.1.1" \
+    # This folder is used to mount files into host machine
+    # You should use this path for your uploads since everything else should be ephemeral
+    UPLOADS_ROOT="/var/www/uploads" \
+    # This can be overidden by you, it's just default for us
+    TZ="Europe/Helsinki"
+# Setup $TZ. Remember to run this again in your own build
+    # Make sure that all files here have execute permissions
+RUN dpkg-reconfigure tzdata && \
+    chmod +x /etc/cont-init.d/*
+# Set default path to project folder for easier running commands in project
+WORKDIR ${PROJECT_ROOT}
+EXPOSE ${PORT}
+ENTRYPOINT ["/init"]
+

ubuntu-7.1/rootfs/etc/ImageMagick

@@ -0,0 +1,11 @@
+<policymap>
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
+</policymap>