wordpress/Dockerfile at main · augwit/wordpress · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
ARG DEBIAN_VERSION=bookworm
ARG PHP_VERSION=8.4.16

FROM php:$PHP_VERSION-fpm-$DEBIAN_VERSION

# Add environment variables for domain and port
ENV DOMAIN_NAME="localhost"
ENV HTTPS_ENABLED="false"
ENV LETSENCRYPT_ENABLED="true"

ENV WP_DB_HOST="hub.docker.internal"
ENV WP_DB_USER="wordpress"
ENV WP_DB_PASSWORD="password"
ENV WP_DB_NAME="wordpress"

# Add Debian Bookworm repositories and install necessary tools
# persistent dependencies
RUN set -eux; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
		lsb-release \
	; \
	echo "deb http://security.debian.org/debian-security $(lsb_release -cs)-security main" >> /etc/apt/sources.list \
	; \
	echo "deb-src http://security.debian.org/debian-security $(lsb_release -cs)-security main" >> /etc/apt/sources.list \
	; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
	# Ghostscript is required for rendering PDF previews
		ghostscript \
		vim curl unzip gnupg2 ca-certificates \
	; \
	rm -rf /var/lib/apt/lists/*

RUN set -eux; \
# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions)
	savedAptMark="$(apt-mark showmanual)"; \
	\
	apt-get update; \
	apt-get install -y --no-install-recommends \
		libfreetype6-dev \
                libicu-dev \
		libjpeg-dev \
		libmagickwand-dev \
		libpng-dev \
		libwebp-dev \
		libzip-dev \
	; \
	\
	docker-php-ext-configure gd \
		--with-freetype \
		--with-jpeg \
		--with-webp \
	; \
	docker-php-ext-install -j "$(nproc)" \
		bcmath \
		exif \
		gd \
		intl \
		mysqli \
		zip \
	; \
	pecl install imagick-3.8.0; \
	docker-php-ext-enable imagick; \
	rm -r /tmp/pear; \
	\
# some misbehaving extensions end up outputting to stdout 🙈 (https://github.com/docker-library/wordpress/issues/669#issuecomment-993945967)
	out="$(php -r 'exit(0);')"; \
	[ -z "$out" ]; \
	err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \
	[ -z "$err" ]; \
	\
	extDir="$(php -r 'echo ini_get("extension_dir");')"; \
	[ -d "$extDir" ]; \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
	apt-mark auto '.*' > /dev/null; \
	apt-mark manual $savedAptMark; \
	ldd "$extDir"/*.so \
		| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
		| sort -u \
		| xargs -r dpkg-query --search \
		| cut -d: -f1 \
		| sort -u \
		| xargs -rt apt-mark manual; \
	\
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*; \
	\
	! { ldd "$extDir"/*.so | grep 'not found'; }; \
# check for output like "PHP Warning:  PHP Startup: Unable to load dynamic library 'foo' (tried: ...)
	err="$(php --version 3>&1 1>&2 2>&3)"; \
	[ -z "$err" ]

# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN set -eux; \
	docker-php-ext-enable opcache; \
	{ \
		echo 'opcache.memory_consumption=128'; \
		echo 'opcache.interned_strings_buffer=8'; \
		echo 'opcache.max_accelerated_files=4000'; \
		echo 'opcache.revalidate_freq=2'; \
	} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
		echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
		echo 'display_errors = Off'; \
		echo 'display_startup_errors = Off'; \
		echo 'log_errors = On'; \
		echo 'error_log = /dev/stderr'; \
		echo 'log_errors_max_len = 1024'; \
		echo 'ignore_repeated_errors = On'; \
		echo 'ignore_repeated_source = Off'; \
		echo 'html_errors = Off'; \
	} > /usr/local/etc/php/conf.d/error-logging.ini


#RUN mv "/usr/src/php//php.ini-production" "$PHP_INI_DIR/php.ini"

# Install nginx
RUN curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - \
	; \
RUN set -ex; \
	echo "deb http://nginx.org/packages/debian/ $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list \
	; \
	apt-get update; \
	\
	apt-get install -y --no-install-recommends \
		nginx \
	; \
        rm -rf /var/lib/apt/lists/*

# Install Certbot using the package manager
RUN set -eux; \
    apt-get update; \
    apt-get install -y --no-install-recommends certbot python3-certbot-nginx cron

# Add a cron job for Certbot auto-renewal
RUN echo "0 0,12 * * * certbot renew --quiet" | crontab -

# Update Nginx to run as www-data
RUN sed -i 's/user  nginx;/user  www-data;/' /etc/nginx/nginx.conf
RUN usermod -a -G nginx www-data
# Change owner of the web folder
RUN chown -R www-data /var/www/html

# Copy default configuration files of nginx
RUN mkdir /usr/src/nginx-defaults
COPY ./nginx/default.conf /usr/src/nginx-defaults/default.conf
COPY ./nginx/default_ssl.conf /usr/src/nginx-defaults/default_ssl.conf
COPY ./nginx/wordpress.conf.include /usr/src/nginx-defaults/wordpress.conf.include
COPY ./nginx/custom.conf.include /usr/src/nginx-defaults/custom.conf.include
RUN mkdir -p /etc/nginx/ssl
COPY ./nginx/options-ssl-nginx.conf /etc/nginx/ssl/options-ssl-nginx.conf
# Generate the Diffie-Hellman certificate
RUN openssl dhparam -out /etc/nginx/ssl/ssl-dhparams.pem 2048
# Create a directory for SSL certificates when certbot is disabled
RUN mkdir "/var/ssl";
# Remove the default Nginx configuration file, later we will generate new one
RUN rm -f /etc/nginx/conf.d/default.conf

# Expose the default Nginx ports
EXPOSE 80
EXPOSE 443

COPY ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]