init

README.md

@@ -0,0 +1,3 @@
+# Stack
+
+This is the stack used by CDDN to host the wordpress backed website.

README.nl.md

@@ -0,0 +1,3 @@
+# Stack
+
+Dit is de stack die wordt gebruikt om CDDN te draaien.

custom/nginx/Dockerfile

@@ -0,0 +1,13 @@
+FROM nginx:alpine
+
+RUN apk add \
+    certbot \
+    certbot-nginx
+
+COPY content /usr/share/nginx/html
+COPY conf.d/ /etc/nginx/conf.d/
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /entrypoint
+ENTRYPOINT [ "sh", "/entrypoint" ]
+CMD [ "nginx", "-g", "daemon off;" ]

custom/nginx/conf.d/wordpress.conf

@@ -0,0 +1,23 @@
+server {
+    listen 80;
+    server_name cddn.ixvd.net;
+
+    # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
+
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Is-Reverse-Proxy "true";
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    client_max_body_size 0;
+
+    location / {
+	    proxy_redirect off;
+	    proxy_pass http://cddn-site;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+}

custom/nginx/content/index.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Welcome to nginx!</title>
+    <style>
+        html {
+            color-scheme: light dark;
+        }
+
+        body {
+            width: 35em;
+            margin: 0 auto;
+            font-family: Tahoma, Verdana, Arial, sans-serif;
+        }
+    </style>
+</head>
+
+<body>
+    <h1>Welcome to nginx!</h1>
+    <hr/>
+    <span>If you're seeing this, it means the admin was too lazy to remove this page.</span><br/>
+    <span>Expected something here? contact the admin: webmaster@ixvd.net</span>
+</body>
+
+</html>

custom/nginx/entrypoint.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+trap exit TERM
+
+if [ -n "${CERTBOT_DOMAINS}" ]; then
+    echo "registering..."
+    if ! certbot show_account; then
+        certbot register -n \
+            --agree-tos \
+            -m "${CERTBOT_EMAIL}"
+    fi
+
+    for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
+        echo "requesting for $d..."
+        certbot --nginx -n --keep -d "$d"
+    done
+
+    while :; do
+        echo "renewing domains..."
+        certbot --nginx --keep -n renew
+        sleep 12h &
+        wait $!
+    done &
+else
+    echo "skipping certbot due to no domains!"
+fi &
+
+exec "$@"

custom/nginx/nginx.conf

@@ -0,0 +1,36 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # docker resolver and quad9;
+    resolver 127.0.0.11 9.9.9.9 ipv6=off;
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip on;
+    http2 on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

docker-compose.wordpress.yml

@@ -0,0 +1,29 @@
+version: "2.2"
+
+services:
+  cddn-db:
+    image: mysql:5.7
+    environment:
+      MYSQL_ROOT_PASSWORD: "root"
+      MYSQL_DATABASE: "wordpress"
+    volumes:
+      - /srv/cddn/mysql/data:/var/lib/mysql
+    networks:
+      - internal
+
+  cddn-site:
+    image: wordpress:latest
+    depends_on:
+      - cddn-db
+    volumes:
+      - /srv/cddn/wordpress/data:/var/www/html
+      - /srv/cddn/wordpress/other/plugins:/var/www/html/wp-content/plugins
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: "cddn-db:3306"
+      WORDPRESS_DB_USER: "root"
+      WORDPRESS_DB_PASSWORD: "root"
+      WORDPRESS_DB_NAME: "wordpress"
+    networks:
+      - proxy
+      - internal

docker-compose.yml

@@ -0,0 +1,31 @@
+# I'm very comfortable in this version, therefore it's the standard
+version: '2.2'
+
+services:
+  # default nginx setup
+  nginx:
+    build: custom/nginx
+    environment:
+      CERTBOT_EMAIL: "webmaster@cddnwebwinkel.nl"
+      CERTBOT_DOMAINS: "cddn-webwinkel.nl,cddn.ixvd.net"
+    volumes:
+      - /srv/certbot/data:/etc/letsencrypt
+      - /srv/certbot/other/www:/var/www/certbot
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - proxy
+
+  faulty-web:
+    build: custom/web
+    networks:
+      - proxy
+
+# Here the default networks are defined
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+