feat: enhance Docker setup with SSL configuration (#5)

Author: iconben

.gitignore

@@ -1 +1,5 @@
 .DS_Store
+tests/volumes
+tests/ssl
+tests/www
+tests/nginx

Dockerfile

@@ -3,8 +3,14 @@ ARG PHP_VERSION=7.4.33
 
 FROM php:$PHP_VERSION-fpm-$DEBIAN_VERSION
 
-ENV SSL_ENABLED="false";
-RUN mkdir "/var/ssl";
+# Add environment variables for domain and port
+ENV SERVER_NAME="example.com"
+ENV SSL_ENABLED="false"
+
+ENV WP_DB_HOST="db"
+ENV WP_DB_USER="root"
+ENV WP_DB_PASSWORD="password"
+ENV WP_DB_NAME="wordpress"
 
 # Add Debian Bookworm repositories and install necessary tools
 # persistent dependencies
@@ -107,6 +113,14 @@ RUN set -ex; \
 	; \
         rm -rf /var/lib/apt/lists/*
 
+# Install Certbot using the package manager
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends certbot python3-certbot-nginx cron
+
+# Add a cron job for Certbot auto-renewal
+RUN echo "0 0,12 * * * certbot renew --quiet" | crontab -
+
 # Update Nginx to run as www-data
 RUN sed -i 's/user nginx;/user www-data;/' /etc/nginx/nginx.conf
 RUN usermod -a -G nginx www-data
@@ -115,15 +129,20 @@ RUN usermod -a -G nginx www-data
 RUN mkdir /usr/src/nginx-defaults
 COPY ./nginx/default.conf /usr/src/nginx-defaults/default.conf
 COPY ./nginx/wordpress.conf.include /usr/src/nginx-defaults/wordpress.conf.include
-COPY ./nginx/default_ssl.conf /usr/src/nginx-defaults/default_ssl.conf
-COPY ./nginx/options-ssl-nginx.conf /usr/src/nginx-defaults/options-ssl-nginx.conf
+# COPY ./nginx/default_ssl.conf /usr/src/nginx-defaults/default_ssl.conf
+# COPY ./nginx/options-ssl-nginx.conf /usr/src/nginx-defaults/options-ssl-nginx.conf
+# RUN mkdir "/var/ssl";
 
 # Expose the default Nginx port
 EXPOSE 80
-EXPOSE 443
+# Expose the default Nginx SSL port if SSL is enabled
+RUN if [ "$SSL_ENABLED" = "true" ]; then \
+	echo "EXPOSE 443"; \
+	fi
 
 COPY ./entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 

README.md

@@ -14,21 +14,25 @@ Example of docker-compose, using this image and mysql image:
 version: '3'
 services:
     web:
-        image: augwit/wordpress:7.4.33-ALPHA.2
+        image: augwit/wordpress:7.4.33-BETA.1
         restart: always
         container_name: wordpress
         ports:
             - 80:80
             - 443:443
         environment:
+            - SERVER_NAME=localhost
             - SSL_ENABLED=false
+            - WP_DB_HOST=db
+            - WP_DB_USER=root
+            - WP_DB_PASSWORD=password
+            - WP_DB_NAME=wordpress
         volumes:
             - ./www:/var/www/html
             - ./nginx/log:/var/log/nginx
             - ./ssl:/var/ssl
     db:
         image: mysql/mysql-server:8.0.30
-        container_name: mysql
         restart: always
         environment:
             MYSQL_USER: root

entrypoint.sh

@@ -2,17 +2,34 @@
 cp /usr/src/nginx-defaults/wordpress.conf.include /etc/nginx/conf.d/;
 cp /usr/src/nginx-defaults/default.conf /etc/nginx/conf.d/;
 
-if [ "$SSL_ENABLED" = "true" ]; then 
-    cp /usr/src/nginx-defaults/options-ssl-nginx.conf /var/ssl;
-    cp /usr/src/nginx-defaults/default_ssl.conf /etc/nginx/conf.d/;
+# if [ "$SSL_ENABLED" = "true" ]; then 
+#     cp /usr/src/nginx-defaults/options-ssl-nginx.conf /var/ssl;
+#     cp /usr/src/nginx-defaults/default_ssl.conf /etc/nginx/conf.d/;
+# fi
+
+# Update entrypoint to configure Nginx and acquire SSL certificates
+sed -i "s/server_name localhost;/server_name $SERVER_NAME;/" /etc/nginx/conf.d/default.conf
+
+if [ "$SSL_ENABLED" = "true" ]; then
+    certbot --nginx -d $SERVER_NAME --non-interactive --agree-tos --register-unsafely-without-email -m admin@$SERVER_NAME
+    service nginx stop
 fi
 
 # Download the latest wordpress
-curl https://wordpress.org/latest.zip -o /var/www/wordpress_latest.zip
-unzip /var/www/wordpress_latest.zip -d /var/www/
-rm -f /var/www/wordpress_latest.zip
-cp -r /var/www/wordpress/* /var/www/html/
-rm -rf /var/www/wordpress
+if [ ! -f /var/www/html/index.php ]; then
+    curl https://wordpress.org/latest.zip -o /var/www/wordpress_latest.zip
+    unzip /var/www/wordpress_latest.zip -d /var/www/
+    rm -f /var/www/wordpress_latest.zip
+    cp -r /var/www/wordpress/* /var/www/html/
+    rm -rf /var/www/wordpress
+fi
+
+# Copy wp-config-sample.php to wp-config.php and update database configuration
+cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
+sed -i "s/database_name_here/${WP_DB_NAME}/" /var/www/html/wp-config.php
+sed -i "s/username_here/${WP_DB_USER}/" /var/www/html/wp-config.php
+sed -i "s/password_here/${WP_DB_PASSWORD}/" /var/www/html/wp-config.php
+sed -i "s/localhost/${WP_DB_HOST}/" /var/www/html/wp-config.php
 
 # Change owner of the web folder
 chown -R www-data /var/www/html

nginx/default.conf

@@ -1,5 +1,6 @@
 server {
-    listen 80 default_server;
+    server_name localhost;
+    listen 80;
     root /var/www/html/;
 
     include conf.d/wordpress.conf.include;

tests/docker-compose.yml

@@ -1,28 +1,32 @@
-version: '3'
 services:
-  #    db:
-  #      image: mysql/mysql-server:8.0.30
-  #      container_name: mysql8
-  #      restart: always
-  #      environment:
-  #          MYSQL_USER: root
-  #          MYSQL_ALLOW_EMPTY_PASSWORD: 'no'
-  #          MYSQL_PASSWORD: QWE123rt!
-  #      ports:
-  #          - 3306:3306
-  #      volumes:
-  #          - ./volumes/mysql/data:/var/lib/mysql
     web:
-        image: augwit/wordpress:7.4.33-ALPHA.1
+        image: augwit/wordpress:7.4.33-BETA.1
         restart: always
         container_name: wordpress 
         ports:
             - 80:80
             - 443:443
         environment:
+            - SERVER_NAME=localhost
             - SSL_ENABLED=false
+            - WP_DB_HOST=db
+            - WP_DB_USER=root
+            - WP_DB_PASSWORD=QWE123rt!
+            - WP_DB_NAME=wordpress
         volumes:
             - ./www:/var/www/html
             - ./nginx/log:/var/log/nginx
             - ./ssl:/var/ssl
+    db:
+      image: mysql/mysql-server:8.0.30
+      restart: always
+      environment:
+          MYSQL_USER: root
+          MYSQL_ALLOW_EMPTY_PASSWORD: 'no'
+          MYSQL_PASSWORD: QWE123rt!
+          MYSQL_DATABASE: wordpress
+      ports:
+          - 3306:3306
+      volumes:
+          - ./volumes/mysql/data:/var/lib/mysql