commit ec5120ed78770347df06877c1789ece6d73d68c1 Author: Slof, Didier Date: Fri Jan 26 19:16:39 2024 +0100 init diff --git a/README.md b/README.md new file mode 100644 index 0000000..7da9c12 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Stack + +This is the stack used by CDDN to host the wordpress backed website. \ No newline at end of file diff --git a/README.nl.md b/README.nl.md new file mode 100644 index 0000000..44415d3 --- /dev/null +++ b/README.nl.md @@ -0,0 +1,3 @@ +# Stack + +Dit is de stack die wordt gebruikt om CDDN te draaien. \ No newline at end of file diff --git a/custom/nginx/Dockerfile b/custom/nginx/Dockerfile new file mode 100644 index 0000000..6bb5b49 --- /dev/null +++ b/custom/nginx/Dockerfile @@ -0,0 +1,13 @@ +FROM nginx:alpine + +RUN apk add \ + certbot \ + certbot-nginx + +COPY content /usr/share/nginx/html +COPY conf.d/ /etc/nginx/conf.d/ +COPY nginx.conf /etc/nginx/nginx.conf + +COPY entrypoint.sh /entrypoint +ENTRYPOINT [ "sh", "/entrypoint" ] +CMD [ "nginx", "-g", "daemon off;" ] \ No newline at end of file diff --git a/custom/nginx/conf.d/wordpress.conf b/custom/nginx/conf.d/wordpress.conf new file mode 100644 index 0000000..301e371 --- /dev/null +++ b/custom/nginx/conf.d/wordpress.conf @@ -0,0 +1,23 @@ +server { + listen 80; + server_name cddn.ixvd.net; + + # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically! + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Is-Reverse-Proxy "true"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + client_max_body_size 0; + + location / { + proxy_redirect off; + proxy_pass http://cddn-site; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/custom/nginx/content/index.html b/custom/nginx/content/index.html new file mode 100644 index 0000000..c66cf70 --- /dev/null +++ b/custom/nginx/content/index.html @@ -0,0 +1,26 @@ + + + + + Welcome to nginx! + + + + +

Welcome to nginx!

+
+ If you're seeing this, it means the admin was too lazy to remove this page.
+ Expected something here? contact the admin: webmaster@ixvd.net + + + \ No newline at end of file diff --git a/custom/nginx/entrypoint.sh b/custom/nginx/entrypoint.sh new file mode 100755 index 0000000..df5fa5c --- /dev/null +++ b/custom/nginx/entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +trap exit TERM + +if [ -n "${CERTBOT_DOMAINS}" ]; then + echo "registering..." + if ! certbot show_account; then + certbot register -n \ + --agree-tos \ + -m "${CERTBOT_EMAIL}" + fi + + for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do + echo "requesting for $d..." + certbot --nginx -n --keep -d "$d" + done + + while :; do + echo "renewing domains..." + certbot --nginx --keep -n renew + sleep 12h & + wait $! + done & +else + echo "skipping certbot due to no domains!" +fi & + +exec "$@" \ No newline at end of file diff --git a/custom/nginx/nginx.conf b/custom/nginx/nginx.conf new file mode 100644 index 0000000..1b9fc07 --- /dev/null +++ b/custom/nginx/nginx.conf @@ -0,0 +1,36 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # docker resolver and quad9; + resolver 127.0.0.11 9.9.9.9 ipv6=off; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + gzip on; + http2 on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker-compose.wordpress.yml b/docker-compose.wordpress.yml new file mode 100644 index 0000000..9d3ca71 --- /dev/null +++ b/docker-compose.wordpress.yml @@ -0,0 +1,29 @@ +version: "2.2" + +services: + cddn-db: + image: mysql:5.7 + environment: + MYSQL_ROOT_PASSWORD: "root" + MYSQL_DATABASE: "wordpress" + volumes: + - /srv/cddn/mysql/data:/var/lib/mysql + networks: + - internal + + cddn-site: + image: wordpress:latest + depends_on: + - cddn-db + volumes: + - /srv/cddn/wordpress/data:/var/www/html + - /srv/cddn/wordpress/other/plugins:/var/www/html/wp-content/plugins + restart: always + environment: + WORDPRESS_DB_HOST: "cddn-db:3306" + WORDPRESS_DB_USER: "root" + WORDPRESS_DB_PASSWORD: "root" + WORDPRESS_DB_NAME: "wordpress" + networks: + - proxy + - internal diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..3f574e6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +# I'm very comfortable in this version, therefore it's the standard +version: '2.2' + +services: + # default nginx setup + nginx: + build: custom/nginx + environment: + CERTBOT_EMAIL: "webmaster@cddnwebwinkel.nl" + CERTBOT_DOMAINS: "cddn-webwinkel.nl,cddn.ixvd.net" + volumes: + - /srv/certbot/data:/etc/letsencrypt + - /srv/certbot/other/www:/var/www/certbot + ports: + - 80:80 + - 443:443 + networks: + - proxy + + faulty-web: + build: custom/web + networks: + - proxy + +# Here the default networks are defined +networks: + proxy: + external: true + internal: + external: true +