rija / docker-nginx-fpm-caches-wordpress Goto Github PK
View Code? Open in Web Editor NEWWordpress (no DB server included) running with Nginx in a Docker container with caching and encryption enabled
License: Other
Wordpress (no DB server included) running with Nginx in a Docker container with caching and encryption enabled
License: Other
The calls to nginx
and service
in the wordpress.cron cronjob fail because the default bash shell's environment variables are not accessible to cronjob.
This is because cron doesn't use /bin/bash
but /bin/sh
which links to /bin/dash
on Ubuntu.
The call to letsencrypt/certbot script in the same cronjob file succeeds because it is on the path known by /bin/sh
.
The fix is to use absolute path for nginx
and service
, i.e: /usr/sbin/nginx
and /usr/sbin/service
.
Errors preventing SSL handshake caused web site to become suddenly unavailable:
2017/07/15 00:16:20 [error] 44#44: OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, respond
er: ocsp.int-x3.letsencrypt.org
The certificate is not expired and Let's Encrypt OSCP server responds to ping and resolve with dig
openssl s_client -connect <website>:443 -tls1 -tlsextdebug -status
return handshake errors.
Temporary workaround is to force renew the certificate again.
Whenever I load a page in my browser that is not the home page, the page is served from the server instead of from the cache, always. The response header contains:
X-Cache-Status:BYPASS
After enabling debug level:
error_log /var/log/nginx/error.log debug;
I can see this:
2015/08/05 07:05:11 [debug] 115#0: *371 http script var: "q=/en/my-page/&"
2015/08/05 07:05:11 [debug] 115#0: *371 http script value: ""
2015/08/05 07:05:11 [debug] 115#0: *371 http script not equal
2015/08/05 07:05:11 [debug] 115#0: *371 http script if
2015/08/05 07:05:11 [debug] 115#0: *371 http script value: "1"
2015/08/05 07:05:11 [debug] 115#0: *371 http script set $skip_cache
Not sure if I missed a step here, but on a fresh installation of Ubuntu 16.04 + docker, running the docker run command gives me "No such container: wordpressfiles".
Further, if I exclude the line "--volumes-from wordpressfiles," the container starts normally but accessing my domain redirects to "https://server_fqdn/." docker logs doesn't show anything suspicious either.
Did I miss something?
For example to push the web site from Test to Production, or to build a Live-like version of the web site on your development machine.
Starting point: Working Wordpress install with real content deployed as shown in "Deploying Wordpress in a Docker container" and "Deploying Mysql in a Docker container".
On Test:
On Production:
Notes:
cron cannot be stopped or started again after initial launch by supervisord.
$ supervisorctl
supervisor> status
cron FATAL Exited too quickly (process log may have details)
nginx RUNNING pid 27, uptime 0:00:21
php5-fpm RUNNING pid 29, uptime 0:00:21
php5-fpm-log RUNNING pid 28, uptime 0:00:21
stdout RUNNING pid 25, uptime 0:00:21
$ tail -f /tmp/supervisord.log
2016-01-30 14:41:24,161 INFO gave up: cron entered FATAL state, too many start retries too quickly
2016-01-30 14:41:29,167 INFO spawned: 'cron' with pid 57
2016-01-30 14:41:29,172 INFO exited: cron (exit status 1; not expected)
2016-01-30 14:41:30,178 INFO spawned: 'cron' with pid 58
2016-01-30 14:41:30,184 INFO exited: cron (exit status 1; not expected)
2016-01-30 14:41:32,193 INFO spawned: 'cron' with pid 59
2016-01-30 14:41:32,199 INFO exited: cron (exit status 1; not expected)
2016-01-30 14:41:35,206 INFO spawned: 'cron' with pid 60
2016-01-30 14:41:35,211 INFO exited: cron (exit status 1; not expected)
2016-01-30 14:41:35,212 INFO gave up: cron entered FATAL state, too many start retries too quickly
The supervisord configuration for cron:
[program:cron]
command=/usr/sbin/cron
stdout_events_enabled=true
stderr_events_enabled=true
I've been playing around with this repo lately and like it a lot. I made a few tweaks (like don't use https b/c my reverse proxy does the ssl handling, serve static files created by a caching plugin if they exist, ...), but changing those things was super easy. Kudos!
The one thing I struggle though is the question on how to deal with the uploads. I can use the admin backend to alter pages and posts. Those changes get stored into the DB and a backup is created automatically. But what about media uploads? One solution is to simply not do media uploads but instead deploy a new stateless image. That works great, but is a bit tedious/complicated for somebody not familiar with docker. Another option seems to be a plugin like wp-stateless.
How do you recommend dealing with uploads?
I'm currently preparing release 2 for this project.
Release content (headlines):
Status:
I need to finish the last point regarding Supervisord as ID 1 process, use the Docker image on a staging site for testing and then tag a new release.
When deploying a Wordpress install with a database dump supplied, the data is not loaded in the database server.
The docker logs show the following error:
install_wordpress stdout | this is an existing Wordpress web site, loading the database dump if not loaded already ...
install_wordpress stderr | ERROR install_wordpress stderr | 2003 (HY000) install_wordpress stderr | : Can't connect to MySQL server on 'dbs' (111)
2018-04-27 16:18:14,558 INFO exited: install_wordpress (exit status 1; not expected)
For security reasons, php-fpm and nginx run under different users so Nginx-Cache and Nginx-Helper plugins cannot delete the cache on the filesystem.
This is not desirable anyway because it creates an attack opportunity on the filesystems form Wordpress.
A better approach is to use a location-based approach, something like:
location ~ /purge(/.*) {
allow 127.0.0.1;
deny all;
fastcgi_cache_purge tmpcache $1$is_args$args;
}
nginx is already compile with ngx_cache_purge.
Only Nginx-Helper supports this in theory but last time I tried it wasn't reliable.
when opening a terminal in the wordpress container, using 'service nginx start' or 'service nginx restart' hangs. The only way to get nginx restarted is by restarting the container.
the created backup file only contains:
Usage: mysqldump [OPTIONS] database [tables]
OR mysqldump [OPTIONS] --databases [OPTIONS] DB1 [DB2 DB3...]
OR mysqldump [OPTIONS] --all-databases [OPTIONS]
For more options, use mysqldump --help
Given, all env variables are set up correctly, it most likely indicates that the cron line:
@daily ( date ; mv /root/sql/wordpress.sql /root/sql/wordpress.sql.old ; mysqldump -h $DB_HOSTNAME -u $DB_USER -p$DB_PASSWORD
doesn't recognize the env variables.
Corresponding stack overflow discussion:
https://stackoverflow.com/questions/2229825/where-can-i-set-environment-variables-that-crontab-will-use#10657111
Why are theme and plugin/file modifications disabled by default? Is the expected way to install themes/plugins through the wp cli or something?
How can I change DISALLOW_FILE_MODS to false in a way that will persist between docker container restarts?
Thanks - great work on this btw!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.