add: wordpress stack

2025-12-29 17:27:05 -03:00
parent 8f22c03dac
commit c41d942244
11 changed files with 345 additions and 0 deletions
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -0,0 +1,10 @@
+ARG NGINX_VERSION=stable
+
+FROM nginx:${NGINX_VERSION}-alpine
+
+RUN rm -rf /etc/nginx/conf.d/default.conf
+
+COPY --chmod=755 /scripts/docker-entrypoint.d/* /docker-entrypoint.d
+COPY templates /etc/nginx/templates
+
+EXPOSE 80
--- a/docker/nginx/scripts/docker-entrypoint.d/10-example-script.sh
+++ b/docker/nginx/scripts/docker-entrypoint.d/10-example-script.sh
@@ -0,0 +1,2 @@
+#! /bin/sh
+echo RUNNING EXAMPLE SCRIPT...;
--- a/docker/nginx/templates/global/restrictions.conf.template
+++ b/docker/nginx/templates/global/restrictions.conf.template
@@ -0,0 +1,25 @@
+# Global restrictions configuration file.
+# Designed to be included in any server {} block.
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~ /\. {
+    deny all;
+}
+
+# Deny access to any files with a .php extension in the uploads directory
+# Works in sub-directory installs and also in multisite network
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~* /(?:uploads|files)/.*\.php$ {
+    deny all;
+}
--- a/docker/nginx/templates/wordpress-regular-site.conf.template
+++ b/docker/nginx/templates/wordpress-regular-site.conf.template
@@ -0,0 +1,48 @@
+# WordPress single site rules.
+# Designed to be included in any server {} block.
+# Upstream to abstract backend connection(s) for php
+upstream php {
+    server unix:/tmp/php-cgi.socket;
+    server app:9000;
+}
+
+server {
+
+    listen 80;
+    listen [::]:80;
+    
+    server_name _;
+    root /var/www/html;
+    index index.php index.html;
+
+    access_log /dev/stdout;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        # This is cool because no php is touched for static content.
+        # include the "?$args" part so non-default permalinks doesn't break when using query string
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ \.php$ {
+        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+        include fastcgi.conf;
+        fastcgi_intercept_errors on;
+        fastcgi_pass php;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+        expires max;
+        log_not_found off;
+    }
+}